chore(deps): update gitlab runner package dependencies (#77)

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [gitlab-runner](https://gitlab.com/gitlab-org/charts/gitlab-runner) | minor | `0.63.0` -> `0.64.0` | | [registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner](https://about.gitlab.com/) ([source](https://repo1.dso.mil/dsop/gitlab/gitlab-runner/gitlab-runner)) | minor | `v16.10.0` -> `v16.11.0` | | [registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper](https://about.gitlab.com/) ([source](https://repo1.dso.mil/dsop/gitlab/gitlab-runner/gitlab-runner-helper)) | minor | `v16.10.0` -> `v16.11.0` | | [registry1.dso.mil/ironbank/redhat/ubi/ubi9](https://catalog.redhat.com/software/container-stacks/detail/609560d9e2b160d361d24f98) ([source](https://repo1.dso.mil/dsop/redhat/ubi/9.x/ubi9)) | minor | `9.3` -> `9.4` | --- ### Release Notes <details> <summary>gitlab-org/charts/gitlab-runner (gitlab-runner)</summary> ### [`v0.64.0`](https://gitlab.com/gitlab-org/charts/gitlab-runner/blob/HEAD/CHANGELOG.md#v0640-2024-04-18) [Compare Source](https://gitlab.com/gitlab-org/charts/gitlab-runner/compare/v0.63.0...v0.64.0) ##### New features - Update GitLab Runner version to v16.11.0 - Add support for connection_max_age parameter !468 - Propagate Service Account Name from values !367 (Martin Odstrčilík [@martin](https://github.com/martin).odstrcilik) ##### Bug fixes - Fix liveness probe for Runner Pod !466 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7am and before 9am every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/uds-package-gitlab-runner).  --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: zamaz <71521611+zachariahmiller@users.noreply.github.com> Co-authored-by: Zachariah Miller <zachariah.miller@defenseunicorns.com> Release-As: v16.11.0-uds.0
defenseunicorns · May 7, 2024 · a74125e · a74125e
1 parent f8c97fb
commit a74125e
Show file tree

Hide file tree

Showing 9 changed files with 77 additions and 17 deletions.
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,42 @@
+{
+    "debug.javascript.terminalOptions": {
+      "enableTurboSourcemaps": true,
+      "resolveSourceMapLocations": [
+        "${workspaceFolder}/**",
+        "node_modules/kubernetes-fluent-client/**",
+        "node_modules/pepr/**"
+      ]
+    },
+    "yaml.schemas": {
+      "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/uds.schema.json": [
+        "uds-bundle.yaml"
+      ],
+      "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/tasks.schema.json": [
+        "tasks.yaml",
+        "tasks/**/*.yaml",
+      ],
+      "https://raw.githubusercontent.com/defenseunicorns/zarf/v0.31.0/zarf.schema.json": [
+        "zarf.yaml"
+      ]
+    },
+    "cSpell.words": [
+      "alertmanager",
+      "Authservice",
+      "automount",
+      "controlplane",
+      "crds",
+      "distros",
+      "ironbank",
+      "Kiali",
+      "Kyverno",
+      "MITM",
+      "neuvector",
+      "opensource",
+      "promtail",
+      "Quickstart",
+      "Gitlab",
+      "seccomp",
+      "Sysctls",
+      "Velero"
+    ]
+  }
diff --git a/common/zarf.yaml b/common/zarf.yaml
@@ -17,7 +17,7 @@ components:
       - name: gitlab-runner
         namespace: gitlab-runner
         url: https://charts.gitlab.io
-        version: "0.63.0"
+        version: "0.64.0"
         valuesFiles:
           - ../values/common-values.yaml
     actions:

diff --git a/docs/DEVELOPMENT_MAINTENANCE.md b/docs/DEVELOPMENT_MAINTENANCE.md
@@ -24,4 +24,5 @@ When changes are merged to the `main` branch, the Release Please will evaluate a
 > TIP: Merging a PR should be done via a branch **"Squash and merge"**; this means that the commit message seen on this PR merge is what Release Please will use to determine a version bump.
 
 When the auto generated Release Please PR is merged the following steps will automatically happen.
+
 1) A new release will be created and tagged
diff --git a/tasks.yaml b/tasks.yaml
@@ -37,6 +37,19 @@ tasks:
           spoof_release: "true"
       - task: create:test-bundle
 
+  - name: dev
+    description: Deploy gitlab-runner on existing cluster with existing gitlab
+    actions:
+      - task: create-glr-package
+      - task: create-glr-test-bundle
+      - task: deploy:test-bundle
+
+  - name: doug-admin
+    description: Promote Doug to admin (requires running setup:create-doug-user and logging into gitlab ui first)
+    actions:
+      - cmd: |
+         ./uds zarf tools kubectl exec -n gitlab deployment/gitlab-toolbox -- gitlab-rails runner -e production "user = User.find_by(username: 'doug'); user.admin = true; user.save!"
+
 # CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names
 
   - name: test-package
@@ -56,6 +69,7 @@ tasks:
       - task: setup:k3d-test-cluster
       - task: dependencies:deploy
       - task: deploy:test-bundle
+      - task: setup:create-doug-user
       - task: create-glr-test-bundle
       - task: deploy:test-bundle
       - task: test:glr-health-check

diff --git a/test/journey/pipeline-run.test.ts b/test/journey/pipeline-run.test.ts
@@ -6,13 +6,13 @@ test('test kicking off a pipeline run', async () => {
     // Get the root password for GitLab
     const rootPasswordSecret = await K8s(kind.Secret).InNamespace("gitlab").Get("gitlab-gitlab-initial-root-password")
     const rootPassword = atob(rootPasswordSecret.data!.password)
-
+    const arch = process.env.UDS_ARCH
     // Create a test repository in GitLab using Zarf
     zarfExec(["package", "create", "package", "--confirm"]);
     zarfExec([
         "package",
         "mirror-resources",
-        "zarf-package-gitlab-runner-test-amd64-0.0.1.tar.zst",
+        `zarf-package-gitlab-runner-test-${arch}-0.0.1.tar.zst`,
         "--git-url", "https://gitlab.uds.dev/",
         "--git-push-username", "root",
         "--git-push-password", rootPassword,

diff --git a/values/common-values.yaml b/values/common-values.yaml
@@ -32,15 +32,18 @@ runners:
 
 concurrent: 50
 
-securityContext:
-  runAsUser: 1001
-  runAsGroup: 1001
+podSecurityContext:
+  runAsUser: 100
+  fsGroup: 65534
 
-containerSecurityContext:
+securityContext:
+  allowPrivilegeEscalation: false
   runAsNonRoot: true
+  privileged: false
   capabilities:
     drop: ["ALL"]
 
+
 resources:
   limits:
     memory: 256Mi

diff --git a/values/registry1-values.yaml b/values/registry1-values.yaml
@@ -4,14 +4,14 @@ useTini: true
 image:
   registry: "registry1.dso.mil"
   image: "ironbank/gitlab/gitlab-runner/gitlab-runner"
-  tag: v16.10.0
+  tag: v16.11.0
 
 runners:
   job:
     registry: registry1.dso.mil
     repository: ironbank/redhat/ubi/ubi9
-    tag: "9.3"
+    tag: "9.4"
   helper:
     registry: registry1.dso.mil
     repository: ironbank/gitlab/gitlab-runner/gitlab-runner-helper
-    tag: v16.10.0
+    tag: v16.11.0
diff --git a/values/upstream-values.yaml b/values/upstream-values.yaml
@@ -1,7 +1,7 @@
 image:
   registry: registry.gitlab.com
   image: gitlab-org/gitlab-runner
-  tag: alpine-v16.10.0
+  tag: alpine-v16.11.0
 
 runners:
   job:
@@ -11,4 +11,4 @@ runners:
   helper:
     registry: registry1.dso.mil
     repository: ironbank/gitlab/gitlab-runner/gitlab-runner-helper
-    tag: v16.10.0
+    tag: v16.11.0
diff --git a/zarf.yaml b/zarf.yaml
@@ -24,9 +24,9 @@ components:
         valuesFiles:
           - values/registry1-values.yaml
     images:
-      - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner:v16.10.0"
-      - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v16.10.0"
-      - "registry1.dso.mil/ironbank/redhat/ubi/ubi9:9.3"
+      - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner:v16.11.0"
+      - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v16.11.0"
+      - "registry1.dso.mil/ironbank/redhat/ubi/ubi9:9.4"
 
   - name: gitlab-runner
     required: true
@@ -40,6 +40,6 @@ components:
         valuesFiles:
           - values/upstream-values.yaml
     images:
-      - "registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v16.10.0" # renovate: versioning=regex:^alpine-v?(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)?$
-      - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v16.10.0"
+      - "registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v16.11.0" # renovate: versioning=regex:^alpine-v?(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)?$
+      - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v16.11.0"
       - "library/alpine:3.19.1" # renovate: versioning=regex:^(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)?$