Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: switch to node-lts chainguard image #716

Merged
merged 1 commit into from
Apr 4, 2024
Merged

fix: switch to node-lts chainguard image #716

merged 1 commit into from
Apr 4, 2024

Conversation

jeff-mccoy
Copy link
Member

Chainguard stopped publishing versioned images outside of latest last fall and so dependabot never picked up a newer version. Thanks to @eddiezane pointing this out, we were using a very stale image. This switches the upstream image to the equivalent lts version of Node, which will change version in the next couple of months, but matches our current NodeJS compatibility for Pepr.

@jeff-mccoy jeff-mccoy changed the title switch to node-lts chainguard image fix: switch to node-lts chainguard image Apr 4, 2024
@jeff-mccoy
Copy link
Member Author

@cmwylie19 we should probably add grype to our CI as it would have caught this too.

@jeff-mccoy
Copy link
Member Author

See the diff from the current image and the udpated lts image below.

old image:

grype cgr.dev/chainguard/node:20@sha256:f30d39c6980f0a50119f2aa269498307a80c2654928d8e23bb25431b9cbbdc4f
 ✔ Vulnerability DB                [no update available]
 ✔ Loaded image                                                                                                                                  cgr.dev/chainguard/node:20@sha256:f30d39c6980f0a50119f2aa269498307a80c2654928d8e23bb25431b9cbbdc4f
 ✔ Parsed image                                                                                                                                                             sha256:d4470a8d18997cdfadd75aeffcebe437b0528ab5ee1e4ce9345355d2d2a5c91d
 ✔ Cataloged contents                                                                                                                                                              26cc773ef8322c1ea33cc0f8e4f00f0d5b5dc3e7c17a7323e2dda171b1459f8e
   ├── ✔ Packages                        [287 packages]
   ├── ✔ File digests                    [1,901 files]
   ├── ✔ File metadata                   [1,901 locations]
   └── ✔ Executables                     [61 executables]
 ✔ Scanned for vulnerabilities     [84 vulnerability matches]
   ├── by severity: 3 critical, 24 high, 18 medium, 0 low, 0 negligible (39 unknown)
   └── by status:   82 fixed, 2 not-fixed, 0 ignored

new image:

grype cgr.dev/chainguard/node-lts@sha256:cc860c41bc65df04dc0f2baba355fc4305bf52fc50ff19facb48fcfc879e0413

 ✔ Vulnerability DB                [no update available]
 ✔ Loaded image                                                                                                                                 cgr.dev/chainguard/node-lts@sha256:cc860c41bc65df04dc0f2baba355fc4305bf52fc50ff19facb48fcfc879e0413
 ✔ Parsed image                                                                                                                                                             sha256:1c1db4dd1ef290bb48e3adfaf011a4eb90beb7ee4dc208af39f97a61d8febeb5
 ✔ Cataloged contents                                                                                                                                                              b77f0afdf7427a8759161857273785abd2534856d727901febf10dc7157ea983
   ├── ✔ Packages                        [247 packages]
   ├── ✔ File digests                    [1,679 files]
   ├── ✔ File metadata                   [1,679 locations]
   └── ✔ Executables                     [63 executables]
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]
   ├── by severity: 0 critical, 0 high, 0 medium, 0 low, 0 negligible
   └── by status:   0 fixed, 0 not-fixed, 0 ignored
No vulnerabilities found

@cmwylie19
Copy link
Collaborator

@cmwylie19 we should probably add grype to our CI as it would have caught this too.

great idea, was considering this a few weeks ago too. Added an issue and we will get this prioritized #717

@cmwylie19 cmwylie19 merged commit 0f39851 into main Apr 4, 2024
11 of 12 checks passed
@cmwylie19 cmwylie19 deleted the update-chainguard-base-image branch April 4, 2024 11:56
@cmwylie19 cmwylie19 mentioned this pull request Apr 4, 2024
Merged
5 tasks
btlghrants pushed a commit that referenced this pull request Apr 4, 2024
@cmwylie19
chore: vulnerability scan (#718)
e246cbd 
## Description

Chainguard stopped publishing versioned images outside of `latest` last
fall and so dependabot never picked up a newer version. This led to a
stale Pepr Controller image that had vulnerabilities from not being
maintained. This step in CI will fail if there are high vulnerabilities
in the `pepr:dev` image which is the candidate image for release. If
there are vulnerabilities it will trigger our team to research why the
vulnerabilities are there, ie checking to ensure we have the latest and
correct images.

CC: Thanks @eddiezane @jeff-mccoy for pointing it out 

## Related Issue

Fixes #
<!-- or -->
Relates to #716 

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [x] Other (security config, docs update, etc)

## Checklist before merging

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor Guide
Steps](https://docs.pepr.dev/main/contribute/contributor-guide/#submitting-a-pull-request)
followed

---------

Signed-off-by: Case Wylie <cmwylie19@defenseunicorns.com>
mjnagel pushed a commit to defenseunicorns/uds-core that referenced this pull request Apr 11, 2024
@renovate
chore(deps): update pepr (#324)
2ef0f96 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change | Age | Adoption | Passing |
Confidence |
|---|---|---|---|---|---|---|---|
|
[defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common)
| | patch | `v0.3.2` -> `v0.3.10` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/defenseunicorns%2fuds-common/v0.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/defenseunicorns%2fuds-common/v0.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/defenseunicorns%2fuds-common/v0.3.2/v0.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/defenseunicorns%2fuds-common/v0.3.2/v0.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [pepr](https://github.com/defenseunicorns/pepr) | dependencies |
minor | [`0.28.7` ->
`0.29.0`](https://renovatebot.com/diffs/npm/pepr/0.28.7/0.29.0) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/pepr/0.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/pepr/0.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/pepr/0.28.7/0.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/pepr/0.28.7/0.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[registry1.dso.mil/ironbank/opensource/defenseunicorns/pepr/controller](https://github.com/defenseunicorns/pepr)
([source](https://repo1.dso.mil/dsop/opensource/defenseunicorns/pepr/controller))
| | minor | `v0.28.7` -> `v0.29.0` |
[![age](https://developer.mend.io/api/mc/badges/age/docker/registry1.dso.mil%2fironbank%2fopensource%2fdefenseunicorns%2fpepr%2fcontroller/v0.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/registry1.dso.mil%2fironbank%2fopensource%2fdefenseunicorns%2fpepr%2fcontroller/v0.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/registry1.dso.mil%2fironbank%2fopensource%2fdefenseunicorns%2fpepr%2fcontroller/v0.28.7/v0.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/registry1.dso.mil%2fironbank%2fopensource%2fdefenseunicorns%2fpepr%2fcontroller/v0.28.7/v0.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>defenseunicorns/uds-common
(defenseunicorns/uds-common)</summary>

###
[`v0.3.10`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.10)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.9...v0.3.10)

##### Miscellaneous

- add a full uds task and inputs
([#&#8203;95](https://github.com/defenseunicorns/uds-common/issues/95))
([7e15fd2](https://github.com/defenseunicorns/uds-common/commit/7e15fd2ba4629ee1fae31e87f946ca32138df73c))
- add latest-bundle-release task
([#&#8203;97](https://github.com/defenseunicorns/uds-common/issues/97))
([2662f6a](https://github.com/defenseunicorns/uds-common/commit/2662f6a697a97b2a202a128040a487f2d2e117d7))
- attempt to fix renovate
([#&#8203;98](https://github.com/defenseunicorns/uds-common/issues/98))
([8155ecc](https://github.com/defenseunicorns/uds-common/commit/8155ecc62968e342110b0598a2d57de17b5e3914))
- **deps:** update uds common support dependencies
([#&#8203;101](https://github.com/defenseunicorns/uds-common/issues/101))
([dfdf927](https://github.com/defenseunicorns/uds-common/commit/dfdf927b2367a0592a54fa8a97d4ee84e118e2e0))
- fix renovate env var rule overmatching
([#&#8203;99](https://github.com/defenseunicorns/uds-common/issues/99))
([480497f](https://github.com/defenseunicorns/uds-common/commit/480497f4a72c3f25fcb87823c5902192d4e5befb))
- fix the renovate config github digest pinning
([#&#8203;100](https://github.com/defenseunicorns/uds-common/issues/100))
([4603448](https://github.com/defenseunicorns/uds-common/commit/4603448ce94c22c614ec7e87b9520e9681e618e2))

###
[`v0.3.9`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.9)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.8...v0.3.9)

##### Miscellaneous

- fix missing keys in setup actions
([#&#8203;93](https://github.com/defenseunicorns/uds-common/issues/93))
([39d7395](https://github.com/defenseunicorns/uds-common/commit/39d73955ebb35f4e844a45fe23a7acf7d65d239a))

###
[`v0.3.8`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.8)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.7...v0.3.8)

##### Miscellaneous

- add upgrade tests to common
([#&#8203;91](https://github.com/defenseunicorns/uds-common/issues/91))
([bb2e590](https://github.com/defenseunicorns/uds-common/commit/bb2e59021355172db2cfcca7dbf5a2434ce41b6d))
- **deps:** update dependency defenseunicorns/uds-cli to v0.10.1
([#&#8203;84](https://github.com/defenseunicorns/uds-common/issues/84))
([6b455b7](https://github.com/defenseunicorns/uds-common/commit/6b455b7cef8ddab022c758a6309d8993f0a564b7))
- **deps:** update dependency defenseunicorns/uds-core to v0.17.0
([#&#8203;83](https://github.com/defenseunicorns/uds-common/issues/83))
([b8d8181](https://github.com/defenseunicorns/uds-common/commit/b8d818165c7c676f56898c2d15ae14a2f7ff5f0c))
- **deps:** update uds common package dependencies to v6.6.1
([#&#8203;92](https://github.com/defenseunicorns/uds-common/issues/92))
([862b635](https://github.com/defenseunicorns/uds-common/commit/862b63512b4b53ff963b85e25e8011818bb8e4e3))
- update registry login to happen in the common env setup action
([#&#8203;88](https://github.com/defenseunicorns/uds-common/issues/88))
([b7bce88](https://github.com/defenseunicorns/uds-common/commit/b7bce888d1d62c5d382d7d88a54e59da72e0d3ae))

###
[`v0.3.7`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.7)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.6...v0.3.7)

##### Miscellaneous

- remove schedule on renovate
([#&#8203;85](https://github.com/defenseunicorns/uds-common/issues/85))
([fda7e57](https://github.com/defenseunicorns/uds-common/commit/fda7e57ad878cc70bf3905948911daa84c67db27))
- update k3d-core-istio-dev to k3d-core-slim-dev
([#&#8203;86](https://github.com/defenseunicorns/uds-common/issues/86))
([aa0e6da](https://github.com/defenseunicorns/uds-common/commit/aa0e6dad40126ead465b102ea28a3ac961883493))

###
[`v0.3.6`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.6)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.5...v0.3.6)

##### Miscellaneous

- hotfix the spoof containing a dash in the input and add a publish step
([#&#8203;81](https://github.com/defenseunicorns/uds-common/issues/81))
([f9c7aac](https://github.com/defenseunicorns/uds-common/commit/f9c7aac4a30e5c3e627c44946f2f212af1573b39))

###
[`v0.3.5`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.5)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.4...v0.3.5)

##### Miscellaneous

- fix spoof to not include a dash
([#&#8203;79](https://github.com/defenseunicorns/uds-common/issues/79))
([5d1738b](https://github.com/defenseunicorns/uds-common/commit/5d1738ba0ca2cd19c7fdf6dfe6873339e129c3bb))

###
[`v0.3.4`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.4)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.3...v0.3.4)

##### Miscellaneous

- add the ability to spoof to common
([#&#8203;77](https://github.com/defenseunicorns/uds-common/issues/77))
([49634e1](https://github.com/defenseunicorns/uds-common/commit/49634e1b69c6b2eadcc2497f6baba8bd349f3d38))
- **deps:** update dependency defenseunicorns/uds-core to v0.16.1
([#&#8203;72](https://github.com/defenseunicorns/uds-common/issues/72))
([32d1ad6](https://github.com/defenseunicorns/uds-common/commit/32d1ad6812a3ef6ad750447296f5644b14ff2855))

###
[`v0.3.3`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.3)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.2...v0.3.3)

##### Miscellaneous

- add an explicit architecture input
([#&#8203;75](https://github.com/defenseunicorns/uds-common/issues/75))
([15825d4](https://github.com/defenseunicorns/uds-common/commit/15825d44bbb53b90a22ff41eced5050d84ffa251))

</details>

<details>
<summary>defenseunicorns/pepr (pepr)</summary>

###
[`v0.29.0`](https://github.com/defenseunicorns/pepr/releases/tag/v0.29.0)

[Compare
Source](https://github.com/defenseunicorns/pepr/compare/v0.28.8...v0.29.0)

#### features

- chore: create helper functions for pepr by
[@&#8203;schaeferka](https://github.com/schaeferka) in
[defenseunicorns/pepr#688

**getOwnerRefFrom** - get fields needed to create an owner ref

```ts
// Create a deployment that is "owned" by the WebApp instance 👍 
function deployment(instance: WebApp) {
  const { name, namespace } = instance.metadata!;
  const { replicas } = instance.spec!;

  return {
    apiVersion: "apps/v1",
    kind: "Deployment",
    metadata: {
      ownerReferences: getOwnerRefFrom(instance), // 👈 Instance owns deploymeny
      name,
      namespace,
      labels: {
        "pepr.dev/operator": name,
      },
    },
```

**containers** - Get all of the containers from a pod

```ts
When(a.Pod)
  .IsCreatedOrUpdated()
  .Validate(po => {
    const podContainers = containers(po); // containers, initContainer, ephemeralContainers 👈 
    for (const container of podContainers) {
      if (
        container.securityContext?.allowPrivilegeEscalation ||
        container.securityContext?.privileged
      ) {
        return po.Deny("Privilege escalation is not allowed");
      }
    }

    return po.Approve();
  });
```

**writeEvent** - write an event

```ts
async function updateStatus(instance: WebApp, status: Status) {
  await writeEvent(instance, {phase: status}, "Normal", "CreatedOrUpdate", instance.metadata.name, instance.metadata.name);
  await K8s(WebApp).PatchStatus({
    metadata: {
      name: instance.metadata!.name,
      namespace: instance.metadata!.namespace,
    },
    status,
  });
}

kubectl describe wa webapp-light-en -n webapps

### output
Name:         webapp-light-en
Namespace:    webapps
API Version:  pepr.io/v1alpha1
Kind:         WebApp
Metadata: ...
Spec:
  Language:  en
  Replicas:  1
  Theme:     light
Status:
  Observed Generation:  1
  Phase:                Ready
Events:
  Type    Reason                    Age   From             Message
  ----    ------                    ----  ----             -------
  Normal  InstanceCreatedOrUpdated  36s   webapp-light-en  Pending 👈 
  Normal  InstanceCreatedOrUpdated  36s   webapp-light-en  Ready 👈 
```

Take a look at the [sdk
functions](https://github.com/defenseunicorns/pepr/blob/main/src/sdk/sdk.ts).
Good job [@&#8203;schaeferka](https://github.com/schaeferka) 👏

#### What's Changed

- chore: onschedule runs always in dev mode by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[defenseunicorns/pepr#725
- chore: update docs on the operator by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[defenseunicorns/pepr#726
- chore: bump chainguard/node-lts from `cc860c4` to `8c5f0eb` by
[@&#8203;dependabot](https://github.com/dependabot) in
[defenseunicorns/pepr#721
- chore: bump [@&#8203;types/node](https://github.com/types/node) from
18.19.29 to 18.19.30 in the development-dependencies group by
[@&#8203;dependabot](https://github.com/dependabot) in
[defenseunicorns/pepr#720

**Full Changelog**:
defenseunicorns/pepr@v0.28.8...v0.29.0

###
[`v0.28.8`](https://github.com/defenseunicorns/pepr/releases/tag/v0.28.8)

[Compare
Source](https://github.com/defenseunicorns/pepr/compare/v0.28.7...v0.28.8)

#### What's Changed

- fix: switch to node-lts chainguard image by
[@&#8203;jeff-mccoy](https://github.com/jeff-mccoy) in
[defenseunicorns/pepr#716
- chore: update readme to have inclusive language by
[@&#8203;schristoff](https://github.com/schristoff) in
[defenseunicorns/pepr#681
- chore: update Contributor Guide Link by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[defenseunicorns/pepr#700
- chore: excellent examples new path by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[defenseunicorns/pepr#709
- chore: pipeline test by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[defenseunicorns/pepr#710
- chore: test exception ci by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[defenseunicorns/pepr#707
- chore: e2e integration by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[defenseunicorns/pepr#712
- Excellent examples integration by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[defenseunicorns/pepr#713
- chore: vulnerability scan by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[defenseunicorns/pepr#718
- chore: testing the e2e test by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[defenseunicorns/pepr#701
- chore: bump the development-dependencies group with 2 updates by
[@&#8203;dependabot](https://github.com/dependabot) in
[defenseunicorns/pepr#705
- chore: bump the production-dependencies group with 1 update by
[@&#8203;dependabot](https://github.com/dependabot) in
[defenseunicorns/pepr#704
- chore: bump actions/setup-node from 2 to 4 by
[@&#8203;dependabot](https://github.com/dependabot) in
[defenseunicorns/pepr#703
- chore: bump actions/checkout from 2 to 4 by
[@&#8203;dependabot](https://github.com/dependabot) in
[defenseunicorns/pepr#702
- chore: bump the development-dependencies group with 1 update by
[@&#8203;dependabot](https://github.com/dependabot) in
[defenseunicorns/pepr#708
- chore: bump actions/checkout from 4.1.1 to 4.1.2 by
[@&#8203;dependabot](https://github.com/dependabot) in
[defenseunicorns/pepr#719

#### New Contributors

- [@&#8203;schristoff](https://github.com/schristoff) made their first
contribution in
[defenseunicorns/pepr#681

**Full Changelog**:
defenseunicorns/pepr@v0.28.7...v0.28.8

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/defenseunicorns/uds-core).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNjkuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
rjferguson21 pushed a commit to defenseunicorns/uds-core that referenced this pull request Jul 11, 2024
@renovate
chore(deps): update pepr (#324)
1dcedb4 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change | Age | Adoption | Passing |
Confidence |
|---|---|---|---|---|---|---|---|
|
[defenseunicorns/uds-common](https://github.com/defenseunicorns/uds-common)
| | patch | `v0.3.2` -> `v0.3.10` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/defenseunicorns%2fuds-common/v0.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/github-tags/defenseunicorns%2fuds-common/v0.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/github-tags/defenseunicorns%2fuds-common/v0.3.2/v0.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/defenseunicorns%2fuds-common/v0.3.2/v0.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [pepr](https://github.com/defenseunicorns/pepr) | dependencies |
minor | [`0.28.7` ->
`0.29.0`](https://renovatebot.com/diffs/npm/pepr/0.28.7/0.29.0) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/pepr/0.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/pepr/0.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/pepr/0.28.7/0.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/pepr/0.28.7/0.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[registry1.dso.mil/ironbank/opensource/defenseunicorns/pepr/controller](https://github.com/defenseunicorns/pepr)
([source](https://repo1.dso.mil/dsop/opensource/defenseunicorns/pepr/controller))
| | minor | `v0.28.7` -> `v0.29.0` |
[![age](https://developer.mend.io/api/mc/badges/age/docker/registry1.dso.mil%2fironbank%2fopensource%2fdefenseunicorns%2fpepr%2fcontroller/v0.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/docker/registry1.dso.mil%2fironbank%2fopensource%2fdefenseunicorns%2fpepr%2fcontroller/v0.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/docker/registry1.dso.mil%2fironbank%2fopensource%2fdefenseunicorns%2fpepr%2fcontroller/v0.28.7/v0.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/registry1.dso.mil%2fironbank%2fopensource%2fdefenseunicorns%2fpepr%2fcontroller/v0.28.7/v0.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>defenseunicorns/uds-common
(defenseunicorns/uds-common)</summary>

###
[`v0.3.10`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.10)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.9...v0.3.10)

##### Miscellaneous

- add a full uds task and inputs
([#&#8203;95](https://github.com/defenseunicorns/uds-common/issues/95))
([7e15fd2](https://github.com/defenseunicorns/uds-common/commit/7e15fd2ba4629ee1fae31e87f946ca32138df73c))
- add latest-bundle-release task
([#&#8203;97](https://github.com/defenseunicorns/uds-common/issues/97))
([2662f6a](https://github.com/defenseunicorns/uds-common/commit/2662f6a697a97b2a202a128040a487f2d2e117d7))
- attempt to fix renovate
([#&#8203;98](https://github.com/defenseunicorns/uds-common/issues/98))
([8155ecc](https://github.com/defenseunicorns/uds-common/commit/8155ecc62968e342110b0598a2d57de17b5e3914))
- **deps:** update uds common support dependencies
([#&#8203;101](https://github.com/defenseunicorns/uds-common/issues/101))
([dfdf927](https://github.com/defenseunicorns/uds-common/commit/dfdf927b2367a0592a54fa8a97d4ee84e118e2e0))
- fix renovate env var rule overmatching
([#&#8203;99](https://github.com/defenseunicorns/uds-common/issues/99))
([480497f](https://github.com/defenseunicorns/uds-common/commit/480497f4a72c3f25fcb87823c5902192d4e5befb))
- fix the renovate config github digest pinning
([#&#8203;100](https://github.com/defenseunicorns/uds-common/issues/100))
([4603448](https://github.com/defenseunicorns/uds-common/commit/4603448ce94c22c614ec7e87b9520e9681e618e2))

###
[`v0.3.9`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.9)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.8...v0.3.9)

##### Miscellaneous

- fix missing keys in setup actions
([#&#8203;93](https://github.com/defenseunicorns/uds-common/issues/93))
([39d7395](https://github.com/defenseunicorns/uds-common/commit/39d73955ebb35f4e844a45fe23a7acf7d65d239a))

###
[`v0.3.8`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.8)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.7...v0.3.8)

##### Miscellaneous

- add upgrade tests to common
([#&#8203;91](https://github.com/defenseunicorns/uds-common/issues/91))
([bb2e590](https://github.com/defenseunicorns/uds-common/commit/bb2e59021355172db2cfcca7dbf5a2434ce41b6d))
- **deps:** update dependency defenseunicorns/uds-cli to v0.10.1
([#&#8203;84](https://github.com/defenseunicorns/uds-common/issues/84))
([6b455b7](https://github.com/defenseunicorns/uds-common/commit/6b455b7cef8ddab022c758a6309d8993f0a564b7))
- **deps:** update dependency defenseunicorns/uds-core to v0.17.0
([#&#8203;83](https://github.com/defenseunicorns/uds-common/issues/83))
([b8d8181](https://github.com/defenseunicorns/uds-common/commit/b8d818165c7c676f56898c2d15ae14a2f7ff5f0c))
- **deps:** update uds common package dependencies to v6.6.1
([#&#8203;92](https://github.com/defenseunicorns/uds-common/issues/92))
([862b635](https://github.com/defenseunicorns/uds-common/commit/862b63512b4b53ff963b85e25e8011818bb8e4e3))
- update registry login to happen in the common env setup action
([#&#8203;88](https://github.com/defenseunicorns/uds-common/issues/88))
([b7bce88](https://github.com/defenseunicorns/uds-common/commit/b7bce888d1d62c5d382d7d88a54e59da72e0d3ae))

###
[`v0.3.7`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.7)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.6...v0.3.7)

##### Miscellaneous

- remove schedule on renovate
([#&#8203;85](https://github.com/defenseunicorns/uds-common/issues/85))
([fda7e57](https://github.com/defenseunicorns/uds-common/commit/fda7e57ad878cc70bf3905948911daa84c67db27))
- update k3d-core-istio-dev to k3d-core-slim-dev
([#&#8203;86](https://github.com/defenseunicorns/uds-common/issues/86))
([aa0e6da](https://github.com/defenseunicorns/uds-common/commit/aa0e6dad40126ead465b102ea28a3ac961883493))

###
[`v0.3.6`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.6)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.5...v0.3.6)

##### Miscellaneous

- hotfix the spoof containing a dash in the input and add a publish step
([#&#8203;81](https://github.com/defenseunicorns/uds-common/issues/81))
([f9c7aac](https://github.com/defenseunicorns/uds-common/commit/f9c7aac4a30e5c3e627c44946f2f212af1573b39))

###
[`v0.3.5`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.5)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.4...v0.3.5)

##### Miscellaneous

- fix spoof to not include a dash
([#&#8203;79](https://github.com/defenseunicorns/uds-common/issues/79))
([5d1738b](https://github.com/defenseunicorns/uds-common/commit/5d1738ba0ca2cd19c7fdf6dfe6873339e129c3bb))

###
[`v0.3.4`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.4)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.3...v0.3.4)

##### Miscellaneous

- add the ability to spoof to common
([#&#8203;77](https://github.com/defenseunicorns/uds-common/issues/77))
([49634e1](https://github.com/defenseunicorns/uds-common/commit/49634e1b69c6b2eadcc2497f6baba8bd349f3d38))
- **deps:** update dependency defenseunicorns/uds-core to v0.16.1
([#&#8203;72](https://github.com/defenseunicorns/uds-common/issues/72))
([32d1ad6](https://github.com/defenseunicorns/uds-common/commit/32d1ad6812a3ef6ad750447296f5644b14ff2855))

###
[`v0.3.3`](https://github.com/defenseunicorns/uds-common/releases/tag/v0.3.3)

[Compare
Source](https://github.com/defenseunicorns/uds-common/compare/v0.3.2...v0.3.3)

##### Miscellaneous

- add an explicit architecture input
([#&#8203;75](https://github.com/defenseunicorns/uds-common/issues/75))
([15825d4](https://github.com/defenseunicorns/uds-common/commit/15825d44bbb53b90a22ff41eced5050d84ffa251))

</details>

<details>
<summary>defenseunicorns/pepr (pepr)</summary>

###
[`v0.29.0`](https://github.com/defenseunicorns/pepr/releases/tag/v0.29.0)

[Compare
Source](https://github.com/defenseunicorns/pepr/compare/v0.28.8...v0.29.0)

#### features

- chore: create helper functions for pepr by
[@&#8203;schaeferka](https://github.com/schaeferka) in
[defenseunicorns/pepr#688

**getOwnerRefFrom** - get fields needed to create an owner ref

```ts
// Create a deployment that is "owned" by the WebApp instance 👍 
function deployment(instance: WebApp) {
  const { name, namespace } = instance.metadata!;
  const { replicas } = instance.spec!;

  return {
    apiVersion: "apps/v1",
    kind: "Deployment",
    metadata: {
      ownerReferences: getOwnerRefFrom(instance), // 👈 Instance owns deploymeny
      name,
      namespace,
      labels: {
        "pepr.dev/operator": name,
      },
    },
```

**containers** - Get all of the containers from a pod

```ts
When(a.Pod)
  .IsCreatedOrUpdated()
  .Validate(po => {
    const podContainers = containers(po); // containers, initContainer, ephemeralContainers 👈 
    for (const container of podContainers) {
      if (
        container.securityContext?.allowPrivilegeEscalation ||
        container.securityContext?.privileged
      ) {
        return po.Deny("Privilege escalation is not allowed");
      }
    }

    return po.Approve();
  });
```

**writeEvent** - write an event

```ts
async function updateStatus(instance: WebApp, status: Status) {
  await writeEvent(instance, {phase: status}, "Normal", "CreatedOrUpdate", instance.metadata.name, instance.metadata.name);
  await K8s(WebApp).PatchStatus({
    metadata: {
      name: instance.metadata!.name,
      namespace: instance.metadata!.namespace,
    },
    status,
  });
}

kubectl describe wa webapp-light-en -n webapps

### output
Name:         webapp-light-en
Namespace:    webapps
API Version:  pepr.io/v1alpha1
Kind:         WebApp
Metadata: ...
Spec:
  Language:  en
  Replicas:  1
  Theme:     light
Status:
  Observed Generation:  1
  Phase:                Ready
Events:
  Type    Reason                    Age   From             Message
  ----    ------                    ----  ----             -------
  Normal  InstanceCreatedOrUpdated  36s   webapp-light-en  Pending 👈 
  Normal  InstanceCreatedOrUpdated  36s   webapp-light-en  Ready 👈 
```

Take a look at the [sdk
functions](https://github.com/defenseunicorns/pepr/blob/main/src/sdk/sdk.ts).
Good job [@&#8203;schaeferka](https://github.com/schaeferka) 👏

#### What's Changed

- chore: onschedule runs always in dev mode by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[defenseunicorns/pepr#725
- chore: update docs on the operator by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[defenseunicorns/pepr#726
- chore: bump chainguard/node-lts from `cc860c4` to `8c5f0eb` by
[@&#8203;dependabot](https://github.com/dependabot) in
[defenseunicorns/pepr#721
- chore: bump [@&#8203;types/node](https://github.com/types/node) from
18.19.29 to 18.19.30 in the development-dependencies group by
[@&#8203;dependabot](https://github.com/dependabot) in
[defenseunicorns/pepr#720

**Full Changelog**:
defenseunicorns/pepr@v0.28.8...v0.29.0

###
[`v0.28.8`](https://github.com/defenseunicorns/pepr/releases/tag/v0.28.8)

[Compare
Source](https://github.com/defenseunicorns/pepr/compare/v0.28.7...v0.28.8)

#### What's Changed

- fix: switch to node-lts chainguard image by
[@&#8203;jeff-mccoy](https://github.com/jeff-mccoy) in
[defenseunicorns/pepr#716
- chore: update readme to have inclusive language by
[@&#8203;schristoff](https://github.com/schristoff) in
[defenseunicorns/pepr#681
- chore: update Contributor Guide Link by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[defenseunicorns/pepr#700
- chore: excellent examples new path by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[defenseunicorns/pepr#709
- chore: pipeline test by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[defenseunicorns/pepr#710
- chore: test exception ci by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[defenseunicorns/pepr#707
- chore: e2e integration by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[defenseunicorns/pepr#712
- Excellent examples integration by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[defenseunicorns/pepr#713
- chore: vulnerability scan by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[defenseunicorns/pepr#718
- chore: testing the e2e test by
[@&#8203;cmwylie19](https://github.com/cmwylie19) in
[defenseunicorns/pepr#701
- chore: bump the development-dependencies group with 2 updates by
[@&#8203;dependabot](https://github.com/dependabot) in
[defenseunicorns/pepr#705
- chore: bump the production-dependencies group with 1 update by
[@&#8203;dependabot](https://github.com/dependabot) in
[defenseunicorns/pepr#704
- chore: bump actions/setup-node from 2 to 4 by
[@&#8203;dependabot](https://github.com/dependabot) in
[defenseunicorns/pepr#703
- chore: bump actions/checkout from 2 to 4 by
[@&#8203;dependabot](https://github.com/dependabot) in
[defenseunicorns/pepr#702
- chore: bump the development-dependencies group with 1 update by
[@&#8203;dependabot](https://github.com/dependabot) in
[defenseunicorns/pepr#708
- chore: bump actions/checkout from 4.1.1 to 4.1.2 by
[@&#8203;dependabot](https://github.com/dependabot) in
[defenseunicorns/pepr#719

#### New Contributors

- [@&#8203;schristoff](https://github.com/schristoff) made their first
contribution in
[defenseunicorns/pepr#681

**Full Changelog**:
defenseunicorns/pepr@v0.28.7...v0.28.8

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/defenseunicorns/uds-core).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNjkuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cmwylie19 cmwylie19 cmwylie19 approved these changes

@btlghrants btlghrants Awaiting requested review from btlghrants btlghrants is a code owner

@schaeferka schaeferka Awaiting requested review from schaeferka schaeferka is a code owner

Assignees
No one assigned
Labels
None yet
Projects
Pepr Project Board
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jeff-mccoy @cmwylie19