diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml index 6764508..00b949b 100644 --- a/.github/workflows/commitlint.yaml +++ b/.github/workflows/commitlint.yaml @@ -10,4 +10,4 @@ on: jobs: validate: name: Validate - uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@5e4414dc25302739063bb58aa96b8afef5be9851 # v0.3.10 + uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 66c5919..b63d8de 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -15,15 +15,16 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: fetch-depth: 0 - name: Environment setup - uses: defenseunicorns/uds-common/.github/actions/setup@5e4414dc25302739063bb58aa96b8afef5be9851 # v0.3.10 + uses: defenseunicorns/uds-common/.github/actions/setup@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 with: - username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} - password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} + registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} + registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} + ghToken: ${{ secrets.GITHUB_TOKEN }} - name: Install lint deps run: | diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 2ea702e..70a7596 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -22,7 +22,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: persist-credentials: false @@ -37,7 +37,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: SARIF file path: results.sarif @@ -45,6 +45,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 + uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4 with: sarif_file: results.sarif diff --git a/.github/workflows/tag-and-release.yaml b/.github/workflows/tag-and-release.yaml index 1e3b283..f21272c 100644 --- a/.github/workflows/tag-and-release.yaml +++ b/.github/workflows/tag-and-release.yaml @@ -37,13 +37,14 @@ jobs: packages: write steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: Environment setup - uses: defenseunicorns/uds-common/.github/actions/setup@5e4414dc25302739063bb58aa96b8afef5be9851 # v0.3.10 + uses: defenseunicorns/uds-common/.github/actions/setup@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 with: - username: ${{secrets.IRON_BANK_ROBOT_USERNAME}} - password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}} + registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} + registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} + ghToken: ${{ secrets.GITHUB_TOKEN }} - name: Login to GHCR uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3 @@ -57,6 +58,6 @@ jobs: - name: Save logs if: always() - uses: defenseunicorns/uds-common/.github/actions/save-logs@5e4414dc25302739063bb58aa96b8afef5be9851 # v0.3.10 + uses: defenseunicorns/uds-common/.github/actions/save-logs@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 with: suffix: '${{ matrix.bundle }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}' diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 6b22721..8a5d7e6 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -47,16 +47,17 @@ jobs: flavor: upstream steps: - name: Checkout repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: Environment setup - uses: defenseunicorns/uds-common/.github/actions/setup@5e4414dc25302739063bb58aa96b8afef5be9851 # v0.3.10 + uses: defenseunicorns/uds-common/.github/actions/setup@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 with: - username: ${{secrets.IRON_BANK_ROBOT_USERNAME}} - password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}} + registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} + registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} + ghToken: ${{ secrets.GITHUB_TOKEN }} - name: Test - uses: defenseunicorns/uds-common/.github/actions/test@5e4414dc25302739063bb58aa96b8afef5be9851 # v0.3.10 + uses: defenseunicorns/uds-common/.github/actions/test@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 with: flavor: ${{ matrix.flavor }} type: ${{ matrix.type }} @@ -64,6 +65,6 @@ jobs: - name: Save logs if: always() - uses: defenseunicorns/uds-common/.github/actions/save-logs@5e4414dc25302739063bb58aa96b8afef5be9851 # v0.3.10 + uses: defenseunicorns/uds-common/.github/actions/save-logs@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 with: suffix: ${{ matrix.type }}-${{ matrix.bundle }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }} diff --git a/.vscode/settings.json b/.vscode/settings.json index 62175b0..0ff5ab7 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,15 +1,15 @@ { "yaml.schemas": { - "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.0/uds.schema.json": [ + "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/uds.schema.json": [ "**/uds-bundle.yaml" ], - "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.0/tasks.schema.json": [ + "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/tasks.schema.json": [ "tasks.yaml", "tasks/**/*.yaml", "src/**/validate.yaml" ], - "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.0/zarf.schema.json": [ + "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/zarf.schema.json": [ "**zarf.yaml" ] }, diff --git a/README.md b/README.md index 08083d0..66f772a 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,7 @@ Alternatively, you can deploy from OCI by running the following two commands: 1. Run the below command to deploy the `k3d-core-slim-dev` bundle: ```bash - uds deploy k3d-core-slim-dev:0.18.0 + uds deploy k3d-core-slim-dev:0.21.1 ``` 1. Run the below command to deploy the `swf-dev` bundle on top of the dev cluster: diff --git a/bundles/dev/uds-bundle.yaml b/bundles/dev/uds-bundle.yaml index e7535b7..bd5f6de 100644 --- a/bundles/dev/uds-bundle.yaml +++ b/bundles/dev/uds-bundle.yaml @@ -10,7 +10,7 @@ packages: - name: dev-minio repository: ghcr.io/defenseunicorns/packages/uds/dev-minio - ref: 0.0.1 + ref: 0.0.2 overrides: minio: minio: @@ -69,7 +69,7 @@ packages: - name: dev-redis repository: ghcr.io/defenseunicorns/packages/uds/dev-redis - ref: 0.0.1 + ref: 0.0.2 overrides: redis: redis: @@ -90,23 +90,17 @@ packages: exports: - name: ACCESS_KEY - name: SECRET_KEY - - name: DB_PASSWORD - name: gitlab repository: ghcr.io/defenseunicorns/packages/uds/gitlab - ref: 16.10.1-uds.1-upstream + ref: 16.11.1-uds.1-upstream overrides: gitlab: uds-gitlab-config: variables: - name: GITLAB_SSO_ENABLED description: "Boolean to enable or disable sso things" - path: "sso" - uds-gitlab-sso: - variables: - - name: GITLAB_SSO_ENABLED - description: "Boolean to enable or disable sso things" - path: "sso" + path: "sso.enabled" gitlab: variables: - name: GITLAB_SSO_ENABLED @@ -164,6 +158,15 @@ packages: requests: cpu: 50m memory: 625M + - name: PAGES_RESOURCES + description: "GitLab Pages Resources" + path: "gitlab.gitlab-pages.resources" + default: + limits: + memory: 1.5G + requests: + cpu: 50m + memory: 625M - name: REGISTRY_REPLICAS description: "Gitlab Registry Min Replicas" path: "registry.hpa.minReplicas" @@ -199,11 +202,11 @@ packages: - name: gitlab-runner repository: ghcr.io/defenseunicorns/packages/uds/gitlab-runner - ref: 16.10.0-uds.0-upstream + ref: 16.11.0-uds.0-upstream - name: sonarqube repository: ghcr.io/defenseunicorns/packages/uds/sonarqube - ref: 8.0.3-uds.4-upstream-ce + ref: 9.9.2-uds.0-upstream overrides: sonarqube: sonarqube: @@ -227,14 +230,12 @@ packages: - name: mattermost repository: ghcr.io/defenseunicorns/packages/uds/mattermost - ref: 9.6.1-uds.0-upstream + ref: 9.7.2-uds.1-upstream imports: - name: ACCESS_KEY package: dev-secrets - name: SECRET_KEY package: dev-secrets - - name: DB_PASSWORD - package: dev-secrets overrides: mattermost: uds-mattermost-config: diff --git a/bundles/dev/uds-config.yaml b/bundles/dev/uds-config.yaml index 8004abd..8e08fc1 100644 --- a/bundles/dev/uds-config.yaml +++ b/bundles/dev/uds-config.yaml @@ -1,3 +1,4 @@ +# TODO (@WSTARR): We can remove this after the next bundle update variables: postgres-operator: postgresql: diff --git a/bundles/k3d-demo/uds-bundle.yaml b/bundles/k3d-demo/uds-bundle.yaml index 6e8c369..ecb8142 100644 --- a/bundles/k3d-demo/uds-bundle.yaml +++ b/bundles/k3d-demo/uds-bundle.yaml @@ -9,19 +9,19 @@ metadata: packages: - name: uds-k3d-dev repository: ghcr.io/defenseunicorns/packages/uds-k3d - ref: 0.3.1 + ref: 0.6.0 - name: init repository: ghcr.io/defenseunicorns/packages/init - ref: v0.32.3 + ref: v0.33.1 - name: uds-core #for now - repository: oci://ghcr.io/defenseunicorns/packages/uds/core - ref: "0.18.0-upstream" + repository: ghcr.io/defenseunicorns/packages/uds/core + ref: "0.21.1-upstream" - name: dev-minio repository: ghcr.io/defenseunicorns/packages/uds/dev-minio - ref: 0.0.1 + ref: 0.0.2 # Namespaces are deployed prior to the packages to faciliate use of the postgres-operator cross namespace secret creation - name: dev-namespaces @@ -59,7 +59,7 @@ packages: - name: dev-redis repository: ghcr.io/defenseunicorns/packages/uds/dev-redis - ref: 0.0.1 + ref: 0.0.2 overrides: redis: redis: @@ -80,23 +80,17 @@ packages: exports: - name: ACCESS_KEY - name: SECRET_KEY - - name: DB_PASSWORD - name: gitlab repository: ghcr.io/defenseunicorns/packages/uds/gitlab - ref: 16.10.1-uds.1-upstream + ref: 16.11.1-uds.1-upstream overrides: gitlab: uds-gitlab-config: variables: - name: GITLAB_SSO_ENABLED description: "Boolean to enable or disable sso things" - path: "sso" - uds-gitlab-sso: - variables: - - name: GITLAB_SSO_ENABLED - description: "Boolean to enable or disable sso things" - path: "sso" + path: "sso.enabled" gitlab: variables: - name: GITLAB_SSO_ENABLED @@ -154,6 +148,15 @@ packages: requests: cpu: 50m memory: 625M + - name: PAGES_RESOURCES + description: "GitLab Pages Resources" + path: "gitlab.gitlab-pages.resources" + default: + limits: + memory: 1.5G + requests: + cpu: 50m + memory: 625M - name: REGISTRY_REPLICAS description: "Gitlab Registry Min Replicas" path: "registry.hpa.minReplicas" @@ -189,11 +192,11 @@ packages: - name: gitlab-runner repository: ghcr.io/defenseunicorns/packages/uds/gitlab-runner - ref: 16.10.0-uds.0-upstream + ref: 16.11.0-uds.0-upstream - name: sonarqube repository: ghcr.io/defenseunicorns/packages/uds/sonarqube - ref: 8.0.3-uds.4-upstream-ce + ref: 9.9.2-uds.0-upstream overrides: sonarqube: sonarqube: @@ -217,14 +220,12 @@ packages: - name: mattermost repository: ghcr.io/defenseunicorns/packages/uds/mattermost - ref: 9.6.1-uds.0-upstream + ref: 9.7.2-uds.1-upstream imports: - name: ACCESS_KEY package: dev-secrets - name: SECRET_KEY package: dev-secrets - - name: DB_PASSWORD - package: dev-secrets overrides: mattermost: uds-mattermost-config: diff --git a/bundles/k3d-demo/uds-config.yaml b/bundles/k3d-demo/uds-config.yaml index 793a6aa..350e3ba 100644 --- a/bundles/k3d-demo/uds-config.yaml +++ b/bundles/k3d-demo/uds-config.yaml @@ -1,3 +1,4 @@ +# TODO (@WSTARR): We can remove this after the next bundle update variables: postgres-operator: postgresql: diff --git a/docs/development.md b/docs/development.md index 212b510..1f59384 100644 --- a/docs/development.md +++ b/docs/development.md @@ -21,7 +21,7 @@ exit ## Linux users -Depending on your linux distrobution and how it is configured you may need to run the following steps to be able to properly deploy SWF and/or UDS Core: +Depending on your linux distribution and how it is configured you may need to run the following steps to be able to properly deploy SWF and/or UDS Core: ```bash sudo sysctl -w vm.max_map_count=1524288 diff --git a/renovate.json b/renovate.json index 34d9295..ddad540 100644 --- a/renovate.json +++ b/renovate.json @@ -6,6 +6,31 @@ "group:all", "replacements:all", "workarounds:all" + ], + "packageRules": [ + { + "groupName": "SWF Support Dependencies", + "labels": ["support-deps"], + "commitMessageTopic": "support-deps", + "packagePatterns": ["*"] + }, + { + "groupName": "SWF Bundle Dependencies", + "labels": ["bundle-deps"], + "commitMessageTopic": "bundle-deps", + "matchDatasources": ["docker", "helm", "git-tags", "github-tags"] + } + ], + "regexManagers":[ + { + "depNameTemplate": "defenseunicorns/uds-core", + "fileMatch": ["README\\.md"], + "matchStrings": [ + "k3d-core-slim-dev:(?.*)" + ], + "datasourceTemplate": "github-tags", + "extractVersionTemplate": "^v(?.*)$" + } ] } diff --git a/src/dev-secrets/postgres-secret.yaml b/src/dev-secrets/postgres-secret.yaml deleted file mode 100644 index c34515d..0000000 --- a/src/dev-secrets/postgres-secret.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: gitlab-postgres - namespace: gitlab -type: kubernetes.io/opaque -stringData: - password: "###ZARF_VAR_POSTGRES_DB_PASSWORD###" diff --git a/src/dev-secrets/zarf.yaml b/src/dev-secrets/zarf.yaml index 6c07f61..d11d98f 100644 --- a/src/dev-secrets/zarf.yaml +++ b/src/dev-secrets/zarf.yaml @@ -4,7 +4,6 @@ metadata: name: dev-secrets version: "0.1.0" - components: - name: minio-password required: true @@ -44,13 +43,3 @@ components: namespace: gitlab files: - redis-secret.yaml - - name: mattermost-postgres-password - required: true - actions: - onDeploy: - before: - - cmd: ./zarf tools kubectl get secret -n mattermost mattermost.mattermost.pg-cluster.credentials.postgresql.acid.zalan.do --template={{.data.password}} | base64 -d - mute: true - setVariables: - - name: DB_PASSWORD - sensitive: true diff --git a/tasks.yaml b/tasks.yaml index 611643a..1aeb6c4 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -1,13 +1,12 @@ includes: - - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.10/tasks/create.yaml - - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.10/tasks/lint.yaml - - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.10/tasks/pull.yaml - - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.10/tasks/deploy.yaml - - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.10/tasks/setup.yaml + - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/create.yaml + - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/lint.yaml + - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/pull.yaml + - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/deploy.yaml + - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/setup.yaml - dependencies: ./tasks/dependencies.yaml - test: ./tasks/test.yaml - variables: - name: BUNDLE_PATH default: bundles/dev @@ -36,26 +35,7 @@ tasks: - task: pull:latest-bundle-release with: spoof_release: "true" - path: bundles/k3d-demo - - - name: test-upgrade-local - description: Test an upgrade from the latest released bundle to the current branch only using the dev bundles - actions: - - task: pull:latest-bundle-release - with: - spoof_release: "true" - path: bundles/dev - - task: setup:k3d-test-cluster - - task: deploy:test-bundle - with: - path: bundles/dev - - task: test:test-swf-bundle - - task: create-test-bundle - - task: deploy:test-bundle - with: path: ${BUNDLE_PATH} - options: "--packages=gitlab,gitlab-runner,sonarqube,mattermost,dev-secrets" - - task: test:test-swf-bundle # CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names @@ -69,14 +49,14 @@ tasks: path: ${BUNDLE_PATH} - task: test:test-swf-bundle - - name: test-upgrade description: Test an upgrade from the latest released bundle to the current branch actions: - task: create-swf-latest-release-bundle + - task: setup:k3d-test-cluster - task: deploy:test-bundle with: - path: bundles/k3d-demo + path: ${BUNDLE_PATH} - task: create-test-bundle - task: deploy:test-bundle with: diff --git a/tasks/publish.yaml b/tasks/publish.yaml index 88b3cbf..29125f0 100644 --- a/tasks/publish.yaml +++ b/tasks/publish.yaml @@ -1,7 +1,7 @@ includes: - dependencies: ./dependencies.yaml - - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.10/tasks/create.yaml - - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.10/tasks/publish.yaml + - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/create.yaml + - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/publish.yaml tasks: - name: test-bundle