diff --git a/.github/workflows/openshift-test.yaml b/.github/workflows/openshift-test.yaml index 4f8b8156..a04b4da8 100644 --- a/.github/workflows/openshift-test.yaml +++ b/.github/workflows/openshift-test.yaml @@ -114,6 +114,15 @@ jobs: env: KUBECONFIG: ./tmp/kubeconfig + - name: Update to rc image if needed + if: ${{ github.event.pull_request.base.ref == 'rc5x' || github.ref_name == 'rc5x' }} + run: | + echo "Branch: ${{ github.event.pull_request.head.ref }}" + echo 'image: "docker.io/anchore/enterprise-dev:rc"' >> stable/enterprise/ci/openshift-test.yaml + echo 'ui:' >> stable/enterprise/ci/openshift-test.yaml + echo ' image: "docker.io/anchore/anchore-on-prem-ui-dev:rc"' >> stable/enterprise/ci/openshift-test.yaml + echo "Appended to stable/enterprise/ci/openshift-test.yaml" + - name: Run chart-testing if: steps.list-changed.outputs.CHANGED == 'true' run: | diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index fea35c7c..f30703a9 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -97,6 +97,15 @@ jobs: helm install engine anchore/anchore-engine --namespace anchore --wait kubectl --namespace anchore get pods + - name: Update to rc image if needed + if: ${{ github.event.pull_request.base.ref == 'rc5x' || github.ref_name == 'rc5x' }} + run: | + echo "Branch: ${{ github.event.pull_request.head.ref }}" + echo 'image: "docker.io/anchore/enterprise-dev:rc"' >> stable/enterprise/ci/rc-values.yaml + echo 'ui:' >> stable/enterprise/ci/rc-values.yaml + echo ' image: "docker.io/anchore/anchore-on-prem-ui-dev:rc"' >> stable/enterprise/ci/rc-values.yaml + echo "Appended to stable/enterprise/ci/rc-values.yaml" + - name: Run chart-testing if: steps.list-changed.outputs.CHANGED == 'true' run: ct install --config ct-config.yaml --helm-extra-args "--timeout 600s" diff --git a/stable/enterprise/Chart.yaml b/stable/enterprise/Chart.yaml index de783cca..1123d933 100644 --- a/stable/enterprise/Chart.yaml +++ b/stable/enterprise/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: enterprise -version: "3.2.3" -appVersion: "5.12.0" +version: "3.3.0" +appVersion: "5.13.0" kubeVersion: 1.23.x - 1.31.x || 1.23.x-x - 1.31.x-x description: | Anchore Enterprise is a complete container security workflow solution for professional teams. Easily integrating with CI/CD systems, diff --git a/stable/enterprise/README.md b/stable/enterprise/README.md index 6f4cfb27..643e87a8 100644 --- a/stable/enterprise/README.md +++ b/stable/enterprise/README.md @@ -639,12 +639,11 @@ To restore your deployment to using your previous driver configurations: | `global.fullnameOverride` | overrides the fullname set on resources | `""` | | `global.nameOverride` | overrides the name set on resources | `""` | - ### Common Resource Parameters | Name | Description | Value | | --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------- | -| `image` | Image used for all Anchore Enterprise deployments, excluding Anchore UI | `docker.io/anchore/enterprise:v5.12.0` | +| `image` | Image used for all Anchore Enterprise deployments, excluding Anchore UI | `docker.io/anchore/enterprise:v5.13.0` | | `imagePullPolicy` | Image pull policy used by all deployments | `IfNotPresent` | | `imagePullSecretName` | Name of Docker credentials secret for access to private repos | `anchore-enterprise-pullcreds` | | `useExistingPullCredSecret` | forgoes pullcred secret creation and uses the secret defined in imagePullSecretName | `true` | @@ -694,7 +693,6 @@ To restore your deployment to using your previous driver configurations: | `scripts` | Collection of helper scripts usable in all anchore enterprise pods | `{}` | | `domainSuffix` | domain suffix for appending to the ANCHORE_ENDPOINT_HOSTNAME. If blank, domainSuffix will be "namespace.svc.cluster.local". | `""` | - ### Anchore Configuration Parameters | Name | Description | Value | @@ -824,7 +822,6 @@ To restore your deployment to using your previous driver configurations: | `anchoreConfig.ui.dbUser` | allows overriding and separation of the ui database user. | `""` | | `anchoreConfig.ui.dbPassword` | allows overriding and separation of the ui database user authentication | `""` | - ### Anchore Analyzer k8s Deployment Parameters | Name | Description | Value | @@ -842,7 +839,6 @@ To restore your deployment to using your previous driver configurations: | `analyzer.serviceAccountName` | Service account name for Anchore API pods | `""` | | `analyzer.scratchVolume.details` | Details for the k8s volume to be created for Anchore Analyzer scratch space | `{}` | - ### Anchore API k8s Deployment Parameters | Name | Description | Value | @@ -865,7 +861,6 @@ To restore your deployment to using your previous driver configurations: | `api.affinity` | Affinity for Anchore API pod assignment | `{}` | | `api.serviceAccountName` | Service account name for Anchore API pods | `""` | - ### Anchore Catalog k8s Deployment Parameters | Name | Description | Value | @@ -889,7 +884,6 @@ To restore your deployment to using your previous driver configurations: | `catalog.serviceAccountName` | Service account name for Anchore Catalog pods | `""` | | `catalog.scratchVolume.details` | Details for the k8s volume to be created for Anchore Catalog scratch space | `{}` | - ### Anchore DataSyncer k8s Deployment Parameters | Name | Description | Value | @@ -913,7 +907,6 @@ To restore your deployment to using your previous driver configurations: | `dataSyncer.serviceAccountName` | Service account name for Anchore DataSyncer pods | `""` | | `dataSyncer.scratchVolume.details` | Details for the k8s volume to be created for Anchore DataSyncer scratch space | `{}` | - ### Anchore Notifications Parameters | Name | Description | Value | @@ -936,7 +929,6 @@ To restore your deployment to using your previous driver configurations: | `notifications.affinity` | Affinity for Anchore Notifications pod assignment | `{}` | | `notifications.serviceAccountName` | Service account name for Anchore Notifications pods | `""` | - ### Anchore Policy Engine k8s Deployment Parameters | Name | Description | Value | @@ -960,7 +952,6 @@ To restore your deployment to using your previous driver configurations: | `policyEngine.serviceAccountName` | Service account name for Anchore Policy Engine pods | `""` | | `policyEngine.scratchVolume.details` | Details for the k8s volume to be created for Anchore Policy Engine scratch space | `{}` | - ### Anchore Reports Parameters | Name | Description | Value | @@ -984,7 +975,6 @@ To restore your deployment to using your previous driver configurations: | `reports.serviceAccountName` | Service account name for Anchore Reports pods | `""` | | `reports.scratchVolume.details` | Details for the k8s volume to be created for Anchore Reports scratch space | `{}` | - ### Anchore Reports Worker Parameters | Name | Description | Value | @@ -1007,7 +997,6 @@ To restore your deployment to using your previous driver configurations: | `reportsWorker.affinity` | Affinity for Anchore Reports Worker pod assignment | `{}` | | `reportsWorker.serviceAccountName` | Service account name for Anchore Reports Worker pods | `""` | - ### Anchore Simple Queue Parameters | Name | Description | Value | @@ -1030,12 +1019,11 @@ To restore your deployment to using your previous driver configurations: | `simpleQueue.affinity` | Affinity for Anchore Simple Queue pod assignment | `{}` | | `simpleQueue.serviceAccountName` | Service account name for Anchore Simple Queue pods | `""` | - ### Anchore UI Parameters | Name | Description | Value | | ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------- | -| `ui.image` | Image used for the Anchore UI container | `docker.io/anchore/enterprise-ui:v5.12.0` | +| `ui.image` | Image used for the Anchore UI container | `docker.io/anchore/enterprise-ui:v5.13.0` | | `ui.imagePullPolicy` | Image pull policy for Anchore UI image | `IfNotPresent` | | `ui.existingSecretName` | Name of an existing secret to be used for Anchore UI DB and Redis endpoints | `anchore-enterprise-ui-env` | | `ui.ldapsRootCaCertName` | Name of the custom CA certificate file store in `.Values.certStoreSecretName` | `""` | @@ -1057,7 +1045,6 @@ To restore your deployment to using your previous driver configurations: | `ui.affinity` | Affinity for Anchore ui pod assignment | `{}` | | `ui.serviceAccountName` | Service account name for Anchore UI pods | `""` | - ### Anchore Upgrade Job Parameters | Name | Description | Value | @@ -1076,7 +1063,6 @@ To restore your deployment to using your previous driver configurations: | `upgradeJob.labels` | Labels for the Anchore upgrade job | `{}` | | `upgradeJob.ttlSecondsAfterFinished` | The time period in seconds the upgrade job, and it's related pods should be retained for | `-1` | - ### Ingress Parameters | Name | Description | Value | @@ -1091,7 +1077,6 @@ To restore your deployment to using your previous driver configurations: | `ingress.tls` | Configure tls for the ingress resource | `[]` | | `ingress.ingressClassName` | sets the ingress class name. As of k8s v1.18, this should be nginx | `nginx` | - ### Google CloudSQL DB Parameters | Name | Description | Value | @@ -1105,7 +1090,6 @@ To restore your deployment to using your previous driver configurations: | `cloudsql.serviceAccJsonName` | | `""` | | `cloudsql.extraArgs` | a list of extra arguments to be passed into the cloudsql container command. eg | `[]` | - ### Anchore UI Redis Parameters | Name | Description | Value | @@ -1119,7 +1103,6 @@ To restore your deployment to using your previous driver configurations: | `ui-redis.image.repository` | Specifies the image repository to use for this chart. | `bitnami/redis` | | `ui-redis.image.tag` | Specifies the image to use for this chart. | `7.0.12-debian-11-r0` | - ### Anchore Database Parameters | Name | Description | Value | @@ -1138,7 +1121,6 @@ To restore your deployment to using your previous driver configurations: | `postgresql.image.registry` | Specifies the image registry to use for this chart. | `docker.io` | | `postgresql.image.tag` | Specifies the image to use for this chart. | `13.11.0-debian-11-r15` | - ### Anchore Object Store and Analysis Archive Migration | Name | Description | Value | @@ -1171,6 +1153,11 @@ For the latest updates and features in Anchore Enterprise, see the official [Rel - **Minor Chart Version Change (e.g., v0.1.2 -> v0.2.0)**: Indicates a significant change to the deployment that does not require manual intervention. - **Patch Chart Version Change (e.g., v0.1.2 -> v0.1.3)**: Indicates a backwards-compatible bug fix or documentation update. +### V3.3.x + +- Deploys Anchore Enterprise v5.13.x. See the [Release Notes](https://docs.anchore.com/current/docs/releasenotes/5130/) for more information. +- Updates the malware scanning internal timeout from 2 minutes to 30 minutes for each 2 gig chunck + ### V3.2.x - Deploys Anchore Enterprise v5.12.x. See the [Release Notes](https://docs.anchore.com/current/docs/releasenotes/5120/) for more information. diff --git a/stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap b/stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap index 0649e3d8..b108bf38 100644 --- a/stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap +++ b/stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap @@ -8,6 +8,7 @@ should render the configmaps: clamav: db_update_enabled: true enabled: + max_scan_time: 180000 retrieve_files: file_list: - /etc/passwd diff --git a/stable/enterprise/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap b/stable/enterprise/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap index ecd6cb38..f5edd98f 100644 --- a/stable/enterprise/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap +++ b/stable/enterprise/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap @@ -26,7 +26,7 @@ migration job should match snapshot: name: test-release-enterprise-config-env-vars - secretRef: name: test-release-enterprise - image: docker.io/anchore/enterprise:v5.12.0 + image: docker.io/anchore/enterprise:v5.13.0 imagePullPolicy: IfNotPresent name: migrate-analysis-archive volumeMounts: @@ -89,7 +89,7 @@ migration job should match snapshot: valueFrom: fieldRef: fieldPath: metadata.name - image: docker.io/anchore/enterprise:v5.12.0 + image: docker.io/anchore/enterprise:v5.13.0 imagePullPolicy: IfNotPresent name: wait-for-db restartPolicy: Never @@ -148,7 +148,7 @@ migration job should match snapshot analysisArchiveMigration and objectStoreMigr name: test-release-enterprise-config-env-vars - secretRef: name: test-release-enterprise - image: docker.io/anchore/enterprise:v5.12.0 + image: docker.io/anchore/enterprise:v5.13.0 imagePullPolicy: IfNotPresent name: migrate-analysis-archive volumeMounts: @@ -211,7 +211,7 @@ migration job should match snapshot analysisArchiveMigration and objectStoreMigr valueFrom: fieldRef: fieldPath: metadata.name - image: docker.io/anchore/enterprise:v5.12.0 + image: docker.io/anchore/enterprise:v5.13.0 imagePullPolicy: IfNotPresent name: wait-for-db restartPolicy: Never @@ -268,7 +268,7 @@ migration job should match snapshot analysisArchiveMigration to true: name: test-release-enterprise-config-env-vars - secretRef: name: test-release-enterprise - image: docker.io/anchore/enterprise:v5.12.0 + image: docker.io/anchore/enterprise:v5.13.0 imagePullPolicy: IfNotPresent name: migrate-analysis-archive volumeMounts: @@ -331,7 +331,7 @@ migration job should match snapshot analysisArchiveMigration to true: valueFrom: fieldRef: fieldPath: metadata.name - image: docker.io/anchore/enterprise:v5.12.0 + image: docker.io/anchore/enterprise:v5.13.0 imagePullPolicy: IfNotPresent name: wait-for-db restartPolicy: Never @@ -387,7 +387,7 @@ migration job should match snapshot objectStoreMigration to true: name: test-release-enterprise-config-env-vars - secretRef: name: test-release-enterprise - image: docker.io/anchore/enterprise:v5.12.0 + image: docker.io/anchore/enterprise:v5.13.0 imagePullPolicy: IfNotPresent name: migrate-analysis-archive volumeMounts: @@ -450,7 +450,7 @@ migration job should match snapshot objectStoreMigration to true: valueFrom: fieldRef: fieldPath: metadata.name - image: docker.io/anchore/enterprise:v5.12.0 + image: docker.io/anchore/enterprise:v5.13.0 imagePullPolicy: IfNotPresent name: wait-for-db restartPolicy: Never @@ -621,6 +621,6 @@ should render proper initContainers: valueFrom: fieldRef: fieldPath: metadata.name - image: docker.io/anchore/enterprise:v5.12.0 + image: docker.io/anchore/enterprise:v5.13.0 imagePullPolicy: IfNotPresent name: wait-for-db diff --git a/stable/enterprise/values.yaml b/stable/enterprise/values.yaml index 39b28722..e06dbf0e 100644 --- a/stable/enterprise/values.yaml +++ b/stable/enterprise/values.yaml @@ -19,7 +19,7 @@ global: ## @param image Image used for all Anchore Enterprise deployments, excluding Anchore UI ## -image: docker.io/anchore/enterprise:v5.12.0 +image: docker.io/anchore/enterprise:v5.13.0 ## @param imagePullPolicy Image pull policy used by all deployments ## ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy @@ -503,6 +503,8 @@ anchoreConfig: clamav: enabled: "" # false db_update_enabled: true + # Maximum time in milliseconds that a ClamAV scan is allowed to run + max_scan_time: 180000 catalog: ## @param anchoreConfig.catalog.cycle_timers.image_watcher Interval (seconds) to check for an update to a tag @@ -1433,7 +1435,7 @@ simpleQueue: ui: ## @param ui.image Image used for the Anchore UI container ## - image: docker.io/anchore/enterprise-ui:v5.12.0 + image: docker.io/anchore/enterprise-ui:v5.13.0 ## @param ui.imagePullPolicy Image pull policy for Anchore UI image ##