feat: add unicorn flavor (#34)

* feat: add unicorn flavor * add unicorn to workflows * revert create config * swap back curl * bump back curl * rollback tuf server
defenseunicorns · Oct 29, 2024 · e175c32 · e175c32
1 parent a41da64
commit e175c32
Show file tree

Hide file tree

Showing 18 changed files with 199 additions and 14 deletions.
diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml
@@ -17,7 +17,7 @@ jobs:
     strategy:
       matrix:
         type: [install, upgrade]
-        flavor: [upstream]
+        flavor: [upstream, unicorn]
     uses: defenseunicorns/uds-common/.github/workflows/callable-ci-docs-shim.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2
     with:
       flavor: ${{ matrix.flavor }}

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -36,7 +36,7 @@ jobs:
     if: ${{ needs.tag-new-version.outputs.release_created == 'true' }}
     strategy:
       matrix:
-        flavor: [upstream]
+        flavor: [upstream, unicorn]
         architecture: [amd64, arm64]
         exclude:
           - flavor: registry1

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -55,7 +55,7 @@ jobs:
       fail-fast: true
       matrix:
         type: [install, upgrade]
-        flavor: [upstream]
+        flavor: [upstream, unicorn]
     uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2
     with:
       upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }}

diff --git a/src/ctlog/chart/templates/uds-package.yaml b/src/ctlog/chart/templates/uds-package.yaml
@@ -23,18 +23,18 @@ spec:
         remoteNamespace: trillian-system
         remoteSelector:
           app.kubernetes.io/component: log-server
-      
+
       # allow ctlog to talk to the fulcio log server
       - direction: Egress
         remoteNamespace: fulcio-system
         remoteSelector:
           app.kubernetes.io/name: fulcio
         port: 5555
-      
+
       # allow fulcio to talk to ctlog
       - direction: Ingress
         remoteNamespace: fulcio-system
-        remoteselector:
+        remoteSelector:
           app.kubernetes.io/name: fulcio
 
       # Custom rules to allow clients to connect

diff --git a/src/ctlog/values/unicorn-values.yaml b/src/ctlog/values/unicorn-values.yaml
@@ -0,0 +1,27 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+server:
+  image:
+    registry: cgr.dev
+    repository: du-uds-defenseunicorns/ctlog-trillian-ctserver-fips
+    version: "1.2.1"
+
+createtree:
+  image:
+    registry: cgr.dev
+    repository: du-uds-defenseunicorns/sigstore-scaffolding-trillian-createtree-fips
+    version: "0.7.13"
+
+createctconfig:
+  initContainerImage:
+    curl:
+      registry: docker.io
+      repository: curlimages/curl
+      # renovate: datasource=docker depName=curlimages/curl versioning=semver
+      version: "8.10.1"
+
+  image:
+    registry: cgr.dev
+    repository: du-uds-defenseunicorns/sigstore-scaffolding-ctlog-createctconfig-fips
+    version: "0.7.11"
diff --git a/src/ctlog/zarf.yaml b/src/ctlog/zarf.yaml
@@ -33,3 +33,19 @@ components:
       - ghcr.io/sigstore/scaffolding/createctconfig:v0.7.13
       - ghcr.io/sigstore/scaffolding/createtree:v0.7.13
       - ghcr.io/sigstore/scaffolding/ct_server:v0.7.13
+
+  - name: ctlog
+    required: true
+    only:
+      flavor: unicorn
+    import:
+      path: common
+    charts:
+      - name: ctlog
+        valuesFiles:
+          - ./values/unicorn-values.yaml
+    images:
+      - docker.io/curlimages/curl:8.10.1
+      - cgr.dev/du-uds-defenseunicorns/sigstore-scaffolding-ctlog-createctconfig-fips:0.7.11
+      - cgr.dev/du-uds-defenseunicorns/sigstore-scaffolding-trillian-createtree-fips:0.7.13
+      - cgr.dev/du-uds-defenseunicorns/ctlog-trillian-ctserver-fips:1.2.1
diff --git a/src/fulcio/values/unicorn-values.yaml b/src/fulcio/values/unicorn-values.yaml
@@ -0,0 +1,8 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+server:
+  image:
+    registry: cgr.dev
+    repository: du-uds-defenseunicorns/fulcio-fips
+    version: "1.6.5"
diff --git a/src/fulcio/values/upstream-values.yaml b/src/fulcio/values/upstream-values.yaml
@@ -6,9 +6,3 @@ server:
     registry: gcr.io
     repository: projectsigstore/fulcio
     version: v1.6.5
-
-createcerts:
-  image:
-    registry: ghcr.io
-    repository: sigstore/scaffolding/createcerts
-    version: v0.7.13
diff --git a/src/fulcio/zarf.yaml b/src/fulcio/zarf.yaml
@@ -26,3 +26,16 @@ components:
           - ./values/upstream-values.yaml
     images:
       - gcr.io/projectsigstore/fulcio:v1.6.5
+
+  - name: fulcio
+    required: true
+    only:
+      flavor: unicorn
+    import:
+      path: common
+    charts:
+      - name: fulcio
+        valuesFiles:
+          - ./values/unicorn-values.yaml
+    images:
+      - cgr.dev/du-uds-defenseunicorns/fulcio-fips:1.6.5
diff --git a/src/rekor/values/unicorn-values.yaml b/src/rekor/values/unicorn-values.yaml
@@ -0,0 +1,27 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+initContainerImage:
+  curl:
+    registry: docker.io
+    repository: curlimages/curl
+    # renovate: datasource=docker depName=curlimages/curl versioning=semver
+    version: "8.10.1"
+
+redis:
+  image:
+    registry: cgr.dev
+    repository: du-uds-defenseunicorns/valkey-fips
+    version: "8.0.1"
+
+server:
+  image:
+    registry: cgr.dev
+    repository: du-uds-defenseunicorns/rekor-server-fips
+    version: "1.3.6"
+
+createtree:
+  image:
+    registry: ghcr.io
+    repository: sigstore/scaffolding/createtree
+    version: v0.7.13
diff --git a/src/rekor/values/upstream-values.yaml b/src/rekor/values/upstream-values.yaml
@@ -12,7 +12,7 @@ redis:
   image:
     registry: docker.io
     repository: valkey/valkey
-    version: 7.2.5-alpine3.19
+    version: 8.0.1-alpine
 
 server:
   image:

diff --git a/src/rekor/zarf.yaml b/src/rekor/zarf.yaml
@@ -20,6 +20,22 @@ components:
           - ./values/upstream-values.yaml
     images:
       - docker.io/curlimages/curl:8.10.1
-      - docker.io/valkey/valkey:7.2.5-alpine3.19
+      - docker.io/valkey/valkey:8.0.1-alpine
       - gcr.io/projectsigstore/rekor-server:v1.3.6
       - ghcr.io/sigstore/scaffolding/createtree:v0.7.13
+
+  - name: rekor
+    required: true
+    only:
+      flavor: unicorn
+    import:
+      path: common
+    charts:
+      - name: rekor
+        valuesFiles:
+          - ./values/unicorn-values.yaml
+    images:
+      - docker.io/curlimages/curl:8.10.1
+      - cgr.dev/du-uds-defenseunicorns/valkey-fips:8.0.1
+      - cgr.dev/du-uds-defenseunicorns/rekor-server-fips:1.3.6
+      - ghcr.io/sigstore/scaffolding/createtree:v0.7.13
diff --git a/src/trillian/values/unicorn-values.yaml b/src/trillian/values/unicorn-values.yaml
@@ -0,0 +1,26 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+initContainerImage:
+  netcat:
+    registry: cgr.dev
+    repository: chainguard/netcat
+    version: latest
+
+mysql:
+  image:
+    registry: gcr.io
+    repository: trillian-opensource-ci/db_server
+    version: v1.5.3
+
+logServer:
+  image:
+    registry: cgr.dev
+    repository: du-uds-defenseunicorns/trillian-logserver-fips
+    version: "1.6.1"
+
+logSigner:
+  image:
+    registry: cgr.dev
+    repository: du-uds-defenseunicorns/trillian-logsigner-fips
+    version: "1.6.1"
diff --git a/src/trillian/zarf.yaml b/src/trillian/zarf.yaml
@@ -23,3 +23,19 @@ components:
       - gcr.io/trillian-opensource-ci/db_server:v1.5.3
       - ghcr.io/sigstore/scaffolding/trillian_log_server:v1.6.1
       - ghcr.io/sigstore/scaffolding/trillian_log_signer:v1.6.1
+
+  - name: trillian
+    required: true
+    only:
+      flavor: unicorn
+    import:
+      path: common
+    charts:
+      - name: trillian
+        valuesFiles:
+          - ./values/unicorn-values.yaml
+    images:
+      - cgr.dev/chainguard/netcat:latest
+      - gcr.io/trillian-opensource-ci/db_server:v1.5.3
+      - cgr.dev/du-uds-defenseunicorns/trillian-logserver-fips:1.6.1
+      - cgr.dev/du-uds-defenseunicorns/trillian-logsigner-fips:1.6.1
diff --git a/src/tsa/values/unicorn-values.yaml b/src/tsa/values/unicorn-values.yaml
@@ -0,0 +1,8 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+server:
+  image:
+    registry: cgr.dev
+    repository: du-uds-defenseunicorns/timestamp-authority-server
+    version: "1.2.3"
diff --git a/src/tsa/zarf.yaml b/src/tsa/zarf.yaml
@@ -26,3 +26,16 @@ components:
           - ./values/upstream-values.yaml
     images:
       - ghcr.io/sigstore/timestamp-server:v1.2.3
+
+  - name: tsa
+    required: true
+    only:
+      flavor: unicorn
+    import:
+      path: common
+    charts:
+      - name: tsa
+        valuesFiles:
+          - ./values/unicorn-values.yaml
+    images:
+      - cgr.dev/du-uds-defenseunicorns/timestamp-authority-server:1.2.3
diff --git a/src/tuf/values/unicorn-values.yaml b/src/tuf/values/unicorn-values.yaml
@@ -0,0 +1,8 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+deployment:
+  registry: ghcr.io
+  repository: sigstore/scaffolding/server
+  # renovate: datasource=docker depName=ghcr.io/sigstore/scaffolding/server versioning=semver
+  version: v0.7.13
diff --git a/src/tuf/zarf.yaml b/src/tuf/zarf.yaml
@@ -39,3 +39,16 @@ components:
           - ./values/upstream-values.yaml
     images:
       - ghcr.io/sigstore/scaffolding/server:v0.7.13
+
+  - name: tuf
+    required: true
+    only:
+      flavor: unicorn
+    import:
+      path: common
+    charts:
+      - name: tuf
+        valuesFiles:
+          - ./values/unicorn-values.yaml
+    images:
+      - ghcr.io/sigstore/scaffolding/server:v0.7.13