From afa786fa8a4fc04b0e3b7ecdabb554e777efea83 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 8 May 2024 20:58:06 +0000 Subject: [PATCH 01/14] chore(deps): update all dependencies | datasource | package | from | to | | ----------- | -------------------------------------------------- | ------- | ------- | | github-tags | actions/checkout | v4.1.1 | v4.1.5 | | github-tags | actions/upload-artifact | v4.3.1 | v4.3.3 | | github-tags | defenseunicorns/uds-cli | v0.9.0 | v0.10.4 | | github-tags | defenseunicorns/uds-common | v0.3.10 | v0.4.2 | | docker | ghcr.io/defenseunicorns/packages/init | v0.32.3 | v0.33.1 | | docker | ghcr.io/defenseunicorns/packages/uds-k3d | 0.3.1 | 0.6.0 | | docker | ghcr.io/defenseunicorns/packages/uds/dev-minio | 0.0.1 | 0.0.2 | | docker | ghcr.io/defenseunicorns/packages/uds/dev-redis | 0.0.1 | 0.0.2 | | docker | ghcr.io/defenseunicorns/packages/uds/gitlab | 16.10.1 | 16.11.1 | | docker | ghcr.io/defenseunicorns/packages/uds/gitlab-runner | 16.10.0 | 16.11.0 | | docker | ghcr.io/defenseunicorns/packages/uds/mattermost | 9.6.1 | 9.7.2 | | github-tags | github/codeql-action | v3.24.7 | v3.25.4 | --- .github/workflows/commitlint.yaml | 2 +- .github/workflows/lint.yaml | 4 ++-- .github/workflows/scorecard.yaml | 6 +++--- .github/workflows/tag-and-release.yaml | 6 +++--- .github/workflows/test.yaml | 8 ++++---- .vscode/settings.json | 6 +++--- bundles/dev/uds-bundle.yaml | 10 +++++----- bundles/k3d-demo/uds-bundle.yaml | 14 +++++++------- tasks.yaml | 10 +++++----- tasks/publish.yaml | 4 ++-- 10 files changed, 35 insertions(+), 35 deletions(-) diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml index 6764508..00b949b 100644 --- a/.github/workflows/commitlint.yaml +++ b/.github/workflows/commitlint.yaml @@ -10,4 +10,4 @@ on: jobs: validate: name: Validate - uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@5e4414dc25302739063bb58aa96b8afef5be9851 # v0.3.10 + uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 66c5919..e03faae 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -15,12 +15,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: fetch-depth: 0 - name: Environment setup - uses: defenseunicorns/uds-common/.github/actions/setup@5e4414dc25302739063bb58aa96b8afef5be9851 # v0.3.10 + uses: defenseunicorns/uds-common/.github/actions/setup@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 with: username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 2ea702e..70a7596 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -22,7 +22,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: persist-credentials: false @@ -37,7 +37,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: SARIF file path: results.sarif @@ -45,6 +45,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 + uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4 with: sarif_file: results.sarif diff --git a/.github/workflows/tag-and-release.yaml b/.github/workflows/tag-and-release.yaml index 1e3b283..ab44bd1 100644 --- a/.github/workflows/tag-and-release.yaml +++ b/.github/workflows/tag-and-release.yaml @@ -37,10 +37,10 @@ jobs: packages: write steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: Environment setup - uses: defenseunicorns/uds-common/.github/actions/setup@5e4414dc25302739063bb58aa96b8afef5be9851 # v0.3.10 + uses: defenseunicorns/uds-common/.github/actions/setup@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 with: username: ${{secrets.IRON_BANK_ROBOT_USERNAME}} password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}} @@ -57,6 +57,6 @@ jobs: - name: Save logs if: always() - uses: defenseunicorns/uds-common/.github/actions/save-logs@5e4414dc25302739063bb58aa96b8afef5be9851 # v0.3.10 + uses: defenseunicorns/uds-common/.github/actions/save-logs@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 with: suffix: '${{ matrix.bundle }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}' diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 6b22721..881933c 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -47,16 +47,16 @@ jobs: flavor: upstream steps: - name: Checkout repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: Environment setup - uses: defenseunicorns/uds-common/.github/actions/setup@5e4414dc25302739063bb58aa96b8afef5be9851 # v0.3.10 + uses: defenseunicorns/uds-common/.github/actions/setup@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 with: username: ${{secrets.IRON_BANK_ROBOT_USERNAME}} password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}} - name: Test - uses: defenseunicorns/uds-common/.github/actions/test@5e4414dc25302739063bb58aa96b8afef5be9851 # v0.3.10 + uses: defenseunicorns/uds-common/.github/actions/test@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 with: flavor: ${{ matrix.flavor }} type: ${{ matrix.type }} @@ -64,6 +64,6 @@ jobs: - name: Save logs if: always() - uses: defenseunicorns/uds-common/.github/actions/save-logs@5e4414dc25302739063bb58aa96b8afef5be9851 # v0.3.10 + uses: defenseunicorns/uds-common/.github/actions/save-logs@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 with: suffix: ${{ matrix.type }}-${{ matrix.bundle }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }} diff --git a/.vscode/settings.json b/.vscode/settings.json index 62175b0..0ff5ab7 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,15 +1,15 @@ { "yaml.schemas": { - "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.0/uds.schema.json": [ + "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/uds.schema.json": [ "**/uds-bundle.yaml" ], - "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.0/tasks.schema.json": [ + "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/tasks.schema.json": [ "tasks.yaml", "tasks/**/*.yaml", "src/**/validate.yaml" ], - "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.0/zarf.schema.json": [ + "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/zarf.schema.json": [ "**zarf.yaml" ] }, diff --git a/bundles/dev/uds-bundle.yaml b/bundles/dev/uds-bundle.yaml index e7535b7..26f4c27 100644 --- a/bundles/dev/uds-bundle.yaml +++ b/bundles/dev/uds-bundle.yaml @@ -10,7 +10,7 @@ packages: - name: dev-minio repository: ghcr.io/defenseunicorns/packages/uds/dev-minio - ref: 0.0.1 + ref: 0.0.2 overrides: minio: minio: @@ -69,7 +69,7 @@ packages: - name: dev-redis repository: ghcr.io/defenseunicorns/packages/uds/dev-redis - ref: 0.0.1 + ref: 0.0.2 overrides: redis: redis: @@ -94,7 +94,7 @@ packages: - name: gitlab repository: ghcr.io/defenseunicorns/packages/uds/gitlab - ref: 16.10.1-uds.1-upstream + ref: 16.11.1-uds.1-upstream overrides: gitlab: uds-gitlab-config: @@ -199,7 +199,7 @@ packages: - name: gitlab-runner repository: ghcr.io/defenseunicorns/packages/uds/gitlab-runner - ref: 16.10.0-uds.0-upstream + ref: 16.11.0-uds.0-upstream - name: sonarqube repository: ghcr.io/defenseunicorns/packages/uds/sonarqube @@ -227,7 +227,7 @@ packages: - name: mattermost repository: ghcr.io/defenseunicorns/packages/uds/mattermost - ref: 9.6.1-uds.0-upstream + ref: 9.7.2-uds.0-upstream imports: - name: ACCESS_KEY package: dev-secrets diff --git a/bundles/k3d-demo/uds-bundle.yaml b/bundles/k3d-demo/uds-bundle.yaml index 6e8c369..b5dd4c3 100644 --- a/bundles/k3d-demo/uds-bundle.yaml +++ b/bundles/k3d-demo/uds-bundle.yaml @@ -9,11 +9,11 @@ metadata: packages: - name: uds-k3d-dev repository: ghcr.io/defenseunicorns/packages/uds-k3d - ref: 0.3.1 + ref: 0.6.0 - name: init repository: ghcr.io/defenseunicorns/packages/init - ref: v0.32.3 + ref: v0.33.1 - name: uds-core #for now repository: oci://ghcr.io/defenseunicorns/packages/uds/core @@ -21,7 +21,7 @@ packages: - name: dev-minio repository: ghcr.io/defenseunicorns/packages/uds/dev-minio - ref: 0.0.1 + ref: 0.0.2 # Namespaces are deployed prior to the packages to faciliate use of the postgres-operator cross namespace secret creation - name: dev-namespaces @@ -59,7 +59,7 @@ packages: - name: dev-redis repository: ghcr.io/defenseunicorns/packages/uds/dev-redis - ref: 0.0.1 + ref: 0.0.2 overrides: redis: redis: @@ -84,7 +84,7 @@ packages: - name: gitlab repository: ghcr.io/defenseunicorns/packages/uds/gitlab - ref: 16.10.1-uds.1-upstream + ref: 16.11.1-uds.1-upstream overrides: gitlab: uds-gitlab-config: @@ -189,7 +189,7 @@ packages: - name: gitlab-runner repository: ghcr.io/defenseunicorns/packages/uds/gitlab-runner - ref: 16.10.0-uds.0-upstream + ref: 16.11.0-uds.0-upstream - name: sonarqube repository: ghcr.io/defenseunicorns/packages/uds/sonarqube @@ -217,7 +217,7 @@ packages: - name: mattermost repository: ghcr.io/defenseunicorns/packages/uds/mattermost - ref: 9.6.1-uds.0-upstream + ref: 9.7.2-uds.0-upstream imports: - name: ACCESS_KEY package: dev-secrets diff --git a/tasks.yaml b/tasks.yaml index 611643a..7250a11 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -1,9 +1,9 @@ includes: - - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.10/tasks/create.yaml - - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.10/tasks/lint.yaml - - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.10/tasks/pull.yaml - - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.10/tasks/deploy.yaml - - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.10/tasks/setup.yaml + - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/create.yaml + - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/lint.yaml + - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/pull.yaml + - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/deploy.yaml + - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/setup.yaml - dependencies: ./tasks/dependencies.yaml - test: ./tasks/test.yaml diff --git a/tasks/publish.yaml b/tasks/publish.yaml index 88b3cbf..29125f0 100644 --- a/tasks/publish.yaml +++ b/tasks/publish.yaml @@ -1,7 +1,7 @@ includes: - dependencies: ./dependencies.yaml - - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.10/tasks/create.yaml - - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.10/tasks/publish.yaml + - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/create.yaml + - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/publish.yaml tasks: - name: test-bundle From 130d4121139a56fd9bf78e0e5f821b43eb1aee60 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Thu, 9 May 2024 16:49:43 -0600 Subject: [PATCH 02/14] fix setup --- .github/workflows/lint.yaml | 5 +++-- .github/workflows/tag-and-release.yaml | 5 +++-- .github/workflows/test.yaml | 5 +++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index e03faae..b63d8de 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -22,8 +22,9 @@ jobs: - name: Environment setup uses: defenseunicorns/uds-common/.github/actions/setup@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 with: - username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} - password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} + registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} + registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} + ghToken: ${{ secrets.GITHUB_TOKEN }} - name: Install lint deps run: | diff --git a/.github/workflows/tag-and-release.yaml b/.github/workflows/tag-and-release.yaml index ab44bd1..f21272c 100644 --- a/.github/workflows/tag-and-release.yaml +++ b/.github/workflows/tag-and-release.yaml @@ -42,8 +42,9 @@ jobs: - name: Environment setup uses: defenseunicorns/uds-common/.github/actions/setup@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 with: - username: ${{secrets.IRON_BANK_ROBOT_USERNAME}} - password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}} + registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} + registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} + ghToken: ${{ secrets.GITHUB_TOKEN }} - name: Login to GHCR uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3 diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 881933c..8a5d7e6 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -52,8 +52,9 @@ jobs: - name: Environment setup uses: defenseunicorns/uds-common/.github/actions/setup@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 with: - username: ${{secrets.IRON_BANK_ROBOT_USERNAME}} - password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}} + registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} + registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} + ghToken: ${{ secrets.GITHUB_TOKEN }} - name: Test uses: defenseunicorns/uds-common/.github/actions/test@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 From daa344f8068446831557d3d60b21b9e11eb96b5c Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Thu, 9 May 2024 17:00:47 -0600 Subject: [PATCH 03/14] fix config --- bundles/dev/uds-bundle.yaml | 9 ++++ bundles/dev/uds-config.yaml | 76 +------------------------------- bundles/k3d-demo/uds-bundle.yaml | 9 ++++ bundles/k3d-demo/uds-config.yaml | 76 +------------------------------- 4 files changed, 20 insertions(+), 150 deletions(-) diff --git a/bundles/dev/uds-bundle.yaml b/bundles/dev/uds-bundle.yaml index 26f4c27..2876a29 100644 --- a/bundles/dev/uds-bundle.yaml +++ b/bundles/dev/uds-bundle.yaml @@ -164,6 +164,15 @@ packages: requests: cpu: 50m memory: 625M + - name: PAGES_RESOURCES + description: "GitLab Pages Resources" + path: "gitlab.gitlab-pages.resources" + default: + limits: + memory: 1.5G + requests: + cpu: 50m + memory: 625M - name: REGISTRY_REPLICAS description: "Gitlab Registry Min Replicas" path: "registry.hpa.minReplicas" diff --git a/bundles/dev/uds-config.yaml b/bundles/dev/uds-config.yaml index 8004abd..7a8f3de 100644 --- a/bundles/dev/uds-config.yaml +++ b/bundles/dev/uds-config.yaml @@ -1,75 +1 @@ -variables: - postgres-operator: - postgresql: - enabled: true # Set to false to not create the PostgreSQL resource - teamId: "uds" - volume: - size: "10Gi" - numberOfInstances: 2 - users: - gitlab.gitlab: [] # database owner - sonarqube.sonarqube: [] # database owner - mattermost.mattermost: [] # database owner - databases: - gitlabdb: gitlab.gitlab - mattermost: mattermost.mattermost - sonarqubedb: sonarqube.sonarqube - version: "13" - ingress: - remoteGenerated: Anywhere - dev-minio: - buckets: | - - name: uds-gitlab-artifacts - - name: uds-gitlab-backups - - name: uds-gitlab-ci-secure-files - - name: uds-gitlab-dependency-proxy - - name: uds-gitlab-lfs - - name: uds-gitlab-mr-diffs - - name: uds-gitlab-packages - - name: uds-gitlab-pages - - name: uds-gitlab-terraform-state - - name: uds-gitlab-uploads - - name: uds-gitlab-registry - - name: uds-gitlab-tmp - - name: uds-mattermost-dev - sonarqube: - sonarqube_db_endpoint: "pg-cluster.postgres.svc.cluster.local" - gitlab: - GITLAB_SSO_ENABLED: false - gitlab_redis_endpoint: "redis-master.dev-redis.svc.cluster.local" - gitlab_db_endpoint: "pg-cluster.postgres.svc.cluster.local" - DISABLE_REGISTRY_REDIRECT: "true" - # # Overrides for scaled down cluster for local dev and CI - webservice_replicas: 1 - toolbox_resources: - limits: - cpu: 2000m - memory: 3584M - requests: - cpu: 500m - memory: 1000M - webservice_resources: - limits: - memory: 2.5G - requests: - cpu: 300m - memory: 2.5G - migrations_resources: - limits: - cpu: 500m - memory: 4G - workhorse_resources: - limits: - memory: 100M - requests: - cpu: 10m - memory: 10M - sidekiq_replicas: 1 - sidekiq_resources: - limits: - memory: 1.5G - requests: - cpu: 50m - memory: 625M - registry_replicas: 1 - shell_replicas: 1 +# Add your own configuration here - see overrides in the uds-bundle.yaml for some common configuration options. diff --git a/bundles/k3d-demo/uds-bundle.yaml b/bundles/k3d-demo/uds-bundle.yaml index b5dd4c3..a9f045d 100644 --- a/bundles/k3d-demo/uds-bundle.yaml +++ b/bundles/k3d-demo/uds-bundle.yaml @@ -154,6 +154,15 @@ packages: requests: cpu: 50m memory: 625M + - name: PAGES_RESOURCES + description: "GitLab Pages Resources" + path: "gitlab.gitlab-pages.resources" + default: + limits: + memory: 1.5G + requests: + cpu: 50m + memory: 625M - name: REGISTRY_REPLICAS description: "Gitlab Registry Min Replicas" path: "registry.hpa.minReplicas" diff --git a/bundles/k3d-demo/uds-config.yaml b/bundles/k3d-demo/uds-config.yaml index 793a6aa..7a8f3de 100644 --- a/bundles/k3d-demo/uds-config.yaml +++ b/bundles/k3d-demo/uds-config.yaml @@ -1,75 +1 @@ -variables: - postgres-operator: - postgresql: - enabled: true # Set to false to not create the PostgreSQL resource - teamId: "uds" - volume: - size: "10Gi" - numberOfInstances: 2 - users: - gitlab.gitlab: [] # database owner - sonarqube.sonarqube: [] # database owner - mattermost.mattermost: [] # database owner - databases: - gitlabdb: gitlab.gitlab - mattermost: mattermost.mattermost - sonarqubedb: sonarqube.sonarqube - version: "13" - ingress: - remoteGenerated: Anywhere - dev-minio: - buckets: | - - name: uds-gitlab-artifacts - - name: uds-gitlab-backups - - name: uds-gitlab-ci-secure-files - - name: uds-gitlab-dependency-proxy - - name: uds-gitlab-lfs - - name: uds-gitlab-mr-diffs - - name: uds-gitlab-packages - - name: uds-gitlab-pages - - name: uds-gitlab-terraform-state - - name: uds-gitlab-uploads - - name: uds-gitlab-registry - - name: uds-gitlab-tmp - - name: uds-mattermost-dev - sonarqube: - sonarqube_db_endpoint: "pg-cluster.postgres.svc.cluster.local" - gitlab: - GITLAB_SSO_ENABLED: false - gitlab_redis_endpoint: "redis-master.dev-redis.svc.cluster.local" - gitlab_db_endpoint: "pg-cluster.postgres.svc.cluster.local" - DISABLE_REGISTRY_REDIRECT: "true" - # # Overrides for scaled down cluster for local dev and CI - webservice_replicas: 1 - webservice_resources: - limits: - memory: 2.5G - requests: - cpu: 300m - memory: 2.5G - toolbox_resources: - limits: - cpu: 2000m - memory: 3584M - requests: - cpu: 500m - memory: 1000M - migrations_resources: - limits: - cpu: 500m - memory: 4G - workhorse_resources: - limits: - memory: 100M - requests: - cpu: 10m - memory: 10M - sidekiq_replicas: 1 - sidekiq_resources: - limits: - memory: 1.5G - requests: - cpu: 50m - memory: 625M - registry_replicas: 1 - shell_replicas: 1 +# Add your own configuration here - see overrides in the uds-bundle.yaml for some common configuration options. From 3ebf723226d57ee4e35358cb810b0aced7a0c137 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Thu, 9 May 2024 17:06:30 -0600 Subject: [PATCH 04/14] fix sso --- bundles/dev/uds-bundle.yaml | 7 +------ bundles/k3d-demo/uds-bundle.yaml | 7 +------ 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/bundles/dev/uds-bundle.yaml b/bundles/dev/uds-bundle.yaml index 2876a29..d25cc3b 100644 --- a/bundles/dev/uds-bundle.yaml +++ b/bundles/dev/uds-bundle.yaml @@ -101,12 +101,7 @@ packages: variables: - name: GITLAB_SSO_ENABLED description: "Boolean to enable or disable sso things" - path: "sso" - uds-gitlab-sso: - variables: - - name: GITLAB_SSO_ENABLED - description: "Boolean to enable or disable sso things" - path: "sso" + path: "sso.enabled" gitlab: variables: - name: GITLAB_SSO_ENABLED diff --git a/bundles/k3d-demo/uds-bundle.yaml b/bundles/k3d-demo/uds-bundle.yaml index a9f045d..bce79b4 100644 --- a/bundles/k3d-demo/uds-bundle.yaml +++ b/bundles/k3d-demo/uds-bundle.yaml @@ -91,12 +91,7 @@ packages: variables: - name: GITLAB_SSO_ENABLED description: "Boolean to enable or disable sso things" - path: "sso" - uds-gitlab-sso: - variables: - - name: GITLAB_SSO_ENABLED - description: "Boolean to enable or disable sso things" - path: "sso" + path: "sso.enabled" gitlab: variables: - name: GITLAB_SSO_ENABLED From 36d743877faf31b48901fb53858ebc840864243b Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Thu, 9 May 2024 17:23:40 -0600 Subject: [PATCH 05/14] fix some renovate-isms --- README.md | 2 +- bundles/k3d-demo/uds-bundle.yaml | 4 ++-- docs/development.md | 2 +- renovate.json | 25 +++++++++++++++++++++++++ 4 files changed, 29 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 08083d0..66f772a 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,7 @@ Alternatively, you can deploy from OCI by running the following two commands: 1. Run the below command to deploy the `k3d-core-slim-dev` bundle: ```bash - uds deploy k3d-core-slim-dev:0.18.0 + uds deploy k3d-core-slim-dev:0.21.1 ``` 1. Run the below command to deploy the `swf-dev` bundle on top of the dev cluster: diff --git a/bundles/k3d-demo/uds-bundle.yaml b/bundles/k3d-demo/uds-bundle.yaml index bce79b4..d29a493 100644 --- a/bundles/k3d-demo/uds-bundle.yaml +++ b/bundles/k3d-demo/uds-bundle.yaml @@ -16,8 +16,8 @@ packages: ref: v0.33.1 - name: uds-core #for now - repository: oci://ghcr.io/defenseunicorns/packages/uds/core - ref: "0.18.0-upstream" + repository: ghcr.io/defenseunicorns/packages/uds/core + ref: "0.21.1-upstream" - name: dev-minio repository: ghcr.io/defenseunicorns/packages/uds/dev-minio diff --git a/docs/development.md b/docs/development.md index 212b510..1f59384 100644 --- a/docs/development.md +++ b/docs/development.md @@ -21,7 +21,7 @@ exit ## Linux users -Depending on your linux distrobution and how it is configured you may need to run the following steps to be able to properly deploy SWF and/or UDS Core: +Depending on your linux distribution and how it is configured you may need to run the following steps to be able to properly deploy SWF and/or UDS Core: ```bash sudo sysctl -w vm.max_map_count=1524288 diff --git a/renovate.json b/renovate.json index 34d9295..ddad540 100644 --- a/renovate.json +++ b/renovate.json @@ -6,6 +6,31 @@ "group:all", "replacements:all", "workarounds:all" + ], + "packageRules": [ + { + "groupName": "SWF Support Dependencies", + "labels": ["support-deps"], + "commitMessageTopic": "support-deps", + "packagePatterns": ["*"] + }, + { + "groupName": "SWF Bundle Dependencies", + "labels": ["bundle-deps"], + "commitMessageTopic": "bundle-deps", + "matchDatasources": ["docker", "helm", "git-tags", "github-tags"] + } + ], + "regexManagers":[ + { + "depNameTemplate": "defenseunicorns/uds-core", + "fileMatch": ["README\\.md"], + "matchStrings": [ + "k3d-core-slim-dev:(?.*)" + ], + "datasourceTemplate": "github-tags", + "extractVersionTemplate": "^v(?.*)$" + } ] } From 4b726974b4a3c60d3d80d826059c1989b087abc3 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Thu, 9 May 2024 19:47:41 -0600 Subject: [PATCH 06/14] fix path --- tasks.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tasks.yaml b/tasks.yaml index 7250a11..579c4ce 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -36,7 +36,7 @@ tasks: - task: pull:latest-bundle-release with: spoof_release: "true" - path: bundles/k3d-demo + path: ${BUNDLE_PATH} - name: test-upgrade-local description: Test an upgrade from the latest released bundle to the current branch only using the dev bundles @@ -44,11 +44,11 @@ tasks: - task: pull:latest-bundle-release with: spoof_release: "true" - path: bundles/dev + path: ${BUNDLE_PATH} - task: setup:k3d-test-cluster - task: deploy:test-bundle with: - path: bundles/dev + path: ${BUNDLE_PATH} - task: test:test-swf-bundle - task: create-test-bundle - task: deploy:test-bundle @@ -76,7 +76,7 @@ tasks: - task: create-swf-latest-release-bundle - task: deploy:test-bundle with: - path: bundles/k3d-demo + path: ${BUNDLE_PATH} - task: create-test-bundle - task: deploy:test-bundle with: From 3754d6dd14d7151487ca7975d801ff958f26fd18 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Thu, 9 May 2024 19:52:10 -0600 Subject: [PATCH 07/14] fix cluster --- tasks.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks.yaml b/tasks.yaml index 579c4ce..f3214c9 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -74,6 +74,7 @@ tasks: description: Test an upgrade from the latest released bundle to the current branch actions: - task: create-swf-latest-release-bundle + - task: setup:k3d-test-cluster - task: deploy:test-bundle with: path: ${BUNDLE_PATH} From dff870b1dd98631e18f0697e9879494e1e2f1969 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Thu, 9 May 2024 19:53:53 -0600 Subject: [PATCH 08/14] remove local test --- tasks.yaml | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/tasks.yaml b/tasks.yaml index f3214c9..15495e2 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -38,25 +38,6 @@ tasks: spoof_release: "true" path: ${BUNDLE_PATH} - - name: test-upgrade-local - description: Test an upgrade from the latest released bundle to the current branch only using the dev bundles - actions: - - task: pull:latest-bundle-release - with: - spoof_release: "true" - path: ${BUNDLE_PATH} - - task: setup:k3d-test-cluster - - task: deploy:test-bundle - with: - path: ${BUNDLE_PATH} - - task: test:test-swf-bundle - - task: create-test-bundle - - task: deploy:test-bundle - with: - path: ${BUNDLE_PATH} - options: "--packages=gitlab,gitlab-runner,sonarqube,mattermost,dev-secrets" - - task: test:test-swf-bundle - # CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names - name: test-package From 389982c1fd745761777df02d0216fed66087d012 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Thu, 9 May 2024 19:54:14 -0600 Subject: [PATCH 09/14] extra spaces --- tasks.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/tasks.yaml b/tasks.yaml index 15495e2..1aeb6c4 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -7,7 +7,6 @@ includes: - dependencies: ./tasks/dependencies.yaml - test: ./tasks/test.yaml - variables: - name: BUNDLE_PATH default: bundles/dev @@ -50,7 +49,6 @@ tasks: path: ${BUNDLE_PATH} - task: test:test-swf-bundle - - name: test-upgrade description: Test an upgrade from the latest released bundle to the current branch actions: From e61e84cd9a0883e87bc3c0ce39ae15dac03849f9 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Thu, 9 May 2024 20:58:31 -0600 Subject: [PATCH 10/14] update mm + sq --- bundles/dev/uds-bundle.yaml | 7 ++----- bundles/k3d-demo/uds-bundle.yaml | 7 ++----- src/dev-secrets/postgres-secret.yaml | 8 -------- src/dev-secrets/zarf.yaml | 11 ----------- 4 files changed, 4 insertions(+), 29 deletions(-) delete mode 100644 src/dev-secrets/postgres-secret.yaml diff --git a/bundles/dev/uds-bundle.yaml b/bundles/dev/uds-bundle.yaml index d25cc3b..bd5f6de 100644 --- a/bundles/dev/uds-bundle.yaml +++ b/bundles/dev/uds-bundle.yaml @@ -90,7 +90,6 @@ packages: exports: - name: ACCESS_KEY - name: SECRET_KEY - - name: DB_PASSWORD - name: gitlab repository: ghcr.io/defenseunicorns/packages/uds/gitlab @@ -207,7 +206,7 @@ packages: - name: sonarqube repository: ghcr.io/defenseunicorns/packages/uds/sonarqube - ref: 8.0.3-uds.4-upstream-ce + ref: 9.9.2-uds.0-upstream overrides: sonarqube: sonarqube: @@ -231,14 +230,12 @@ packages: - name: mattermost repository: ghcr.io/defenseunicorns/packages/uds/mattermost - ref: 9.7.2-uds.0-upstream + ref: 9.7.2-uds.1-upstream imports: - name: ACCESS_KEY package: dev-secrets - name: SECRET_KEY package: dev-secrets - - name: DB_PASSWORD - package: dev-secrets overrides: mattermost: uds-mattermost-config: diff --git a/bundles/k3d-demo/uds-bundle.yaml b/bundles/k3d-demo/uds-bundle.yaml index d29a493..ecb8142 100644 --- a/bundles/k3d-demo/uds-bundle.yaml +++ b/bundles/k3d-demo/uds-bundle.yaml @@ -80,7 +80,6 @@ packages: exports: - name: ACCESS_KEY - name: SECRET_KEY - - name: DB_PASSWORD - name: gitlab repository: ghcr.io/defenseunicorns/packages/uds/gitlab @@ -197,7 +196,7 @@ packages: - name: sonarqube repository: ghcr.io/defenseunicorns/packages/uds/sonarqube - ref: 8.0.3-uds.4-upstream-ce + ref: 9.9.2-uds.0-upstream overrides: sonarqube: sonarqube: @@ -221,14 +220,12 @@ packages: - name: mattermost repository: ghcr.io/defenseunicorns/packages/uds/mattermost - ref: 9.7.2-uds.0-upstream + ref: 9.7.2-uds.1-upstream imports: - name: ACCESS_KEY package: dev-secrets - name: SECRET_KEY package: dev-secrets - - name: DB_PASSWORD - package: dev-secrets overrides: mattermost: uds-mattermost-config: diff --git a/src/dev-secrets/postgres-secret.yaml b/src/dev-secrets/postgres-secret.yaml deleted file mode 100644 index c34515d..0000000 --- a/src/dev-secrets/postgres-secret.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: gitlab-postgres - namespace: gitlab -type: kubernetes.io/opaque -stringData: - password: "###ZARF_VAR_POSTGRES_DB_PASSWORD###" diff --git a/src/dev-secrets/zarf.yaml b/src/dev-secrets/zarf.yaml index 6c07f61..d11d98f 100644 --- a/src/dev-secrets/zarf.yaml +++ b/src/dev-secrets/zarf.yaml @@ -4,7 +4,6 @@ metadata: name: dev-secrets version: "0.1.0" - components: - name: minio-password required: true @@ -44,13 +43,3 @@ components: namespace: gitlab files: - redis-secret.yaml - - name: mattermost-postgres-password - required: true - actions: - onDeploy: - before: - - cmd: ./zarf tools kubectl get secret -n mattermost mattermost.mattermost.pg-cluster.credentials.postgresql.acid.zalan.do --template={{.data.password}} | base64 -d - mute: true - setVariables: - - name: DB_PASSWORD - sensitive: true From 09105e7f0b8fc4bb932cae523c6b023bb309f0e8 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Thu, 9 May 2024 21:14:07 -0600 Subject: [PATCH 11/14] add netpol --- bundles/dev/uds-bundle.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/bundles/dev/uds-bundle.yaml b/bundles/dev/uds-bundle.yaml index bd5f6de..140a942 100644 --- a/bundles/dev/uds-bundle.yaml +++ b/bundles/dev/uds-bundle.yaml @@ -240,6 +240,14 @@ packages: mattermost: uds-mattermost-config: variables: + - name: MATTERMOST_CUSTOM_NETPOLS + path: "custom" + default: | + - direction: Egress + selector: + app.kubernetes.io/name: mattermost-enterprise-edition + remoteGenerated: Anywhere + description: Keycloak Egress - name: MATTERMOST_DB_ENDPOINT path: "postgres.host" default: "pg-cluster.postgres.svc.cluster.local" From 0b45886707746418f2246468faf5e0ffe7f97faf Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Thu, 9 May 2024 21:16:57 -0600 Subject: [PATCH 12/14] add netpol --- bundles/k3d-demo/uds-bundle.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/bundles/k3d-demo/uds-bundle.yaml b/bundles/k3d-demo/uds-bundle.yaml index ecb8142..3d5beaf 100644 --- a/bundles/k3d-demo/uds-bundle.yaml +++ b/bundles/k3d-demo/uds-bundle.yaml @@ -230,6 +230,14 @@ packages: mattermost: uds-mattermost-config: variables: + - name: MATTERMOST_CUSTOM_NETPOLS + path: "custom" + default: | + - direction: Egress + selector: + app.kubernetes.io/name: mattermost-enterprise-edition + remoteGenerated: Anywhere + description: Keycloak Egress - name: MATTERMOST_DB_ENDPOINT path: "postgres.host" default: "pg-cluster.postgres.svc.cluster.local" From 4f81e95dae4178ba847d7de0346bfb1463b9e9dc Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Thu, 9 May 2024 21:56:00 -0600 Subject: [PATCH 13/14] undo override --- bundles/dev/uds-bundle.yaml | 8 -------- bundles/k3d-demo/uds-bundle.yaml | 8 -------- 2 files changed, 16 deletions(-) diff --git a/bundles/dev/uds-bundle.yaml b/bundles/dev/uds-bundle.yaml index 140a942..bd5f6de 100644 --- a/bundles/dev/uds-bundle.yaml +++ b/bundles/dev/uds-bundle.yaml @@ -240,14 +240,6 @@ packages: mattermost: uds-mattermost-config: variables: - - name: MATTERMOST_CUSTOM_NETPOLS - path: "custom" - default: | - - direction: Egress - selector: - app.kubernetes.io/name: mattermost-enterprise-edition - remoteGenerated: Anywhere - description: Keycloak Egress - name: MATTERMOST_DB_ENDPOINT path: "postgres.host" default: "pg-cluster.postgres.svc.cluster.local" diff --git a/bundles/k3d-demo/uds-bundle.yaml b/bundles/k3d-demo/uds-bundle.yaml index 3d5beaf..ecb8142 100644 --- a/bundles/k3d-demo/uds-bundle.yaml +++ b/bundles/k3d-demo/uds-bundle.yaml @@ -230,14 +230,6 @@ packages: mattermost: uds-mattermost-config: variables: - - name: MATTERMOST_CUSTOM_NETPOLS - path: "custom" - default: | - - direction: Egress - selector: - app.kubernetes.io/name: mattermost-enterprise-edition - remoteGenerated: Anywhere - description: Keycloak Egress - name: MATTERMOST_DB_ENDPOINT path: "postgres.host" default: "pg-cluster.postgres.svc.cluster.local" From b975213ca6a19b7adcf6d61338c04bc506cfd93a Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Fri, 10 May 2024 09:20:27 -0600 Subject: [PATCH 14/14] add back the config --- bundles/dev/uds-config.yaml | 77 +++++++++++++++++++++++++++++++- bundles/k3d-demo/uds-config.yaml | 77 +++++++++++++++++++++++++++++++- 2 files changed, 152 insertions(+), 2 deletions(-) diff --git a/bundles/dev/uds-config.yaml b/bundles/dev/uds-config.yaml index 7a8f3de..8e08fc1 100644 --- a/bundles/dev/uds-config.yaml +++ b/bundles/dev/uds-config.yaml @@ -1 +1,76 @@ -# Add your own configuration here - see overrides in the uds-bundle.yaml for some common configuration options. +# TODO (@WSTARR): We can remove this after the next bundle update +variables: + postgres-operator: + postgresql: + enabled: true # Set to false to not create the PostgreSQL resource + teamId: "uds" + volume: + size: "10Gi" + numberOfInstances: 2 + users: + gitlab.gitlab: [] # database owner + sonarqube.sonarqube: [] # database owner + mattermost.mattermost: [] # database owner + databases: + gitlabdb: gitlab.gitlab + mattermost: mattermost.mattermost + sonarqubedb: sonarqube.sonarqube + version: "13" + ingress: + remoteGenerated: Anywhere + dev-minio: + buckets: | + - name: uds-gitlab-artifacts + - name: uds-gitlab-backups + - name: uds-gitlab-ci-secure-files + - name: uds-gitlab-dependency-proxy + - name: uds-gitlab-lfs + - name: uds-gitlab-mr-diffs + - name: uds-gitlab-packages + - name: uds-gitlab-pages + - name: uds-gitlab-terraform-state + - name: uds-gitlab-uploads + - name: uds-gitlab-registry + - name: uds-gitlab-tmp + - name: uds-mattermost-dev + sonarqube: + sonarqube_db_endpoint: "pg-cluster.postgres.svc.cluster.local" + gitlab: + GITLAB_SSO_ENABLED: false + gitlab_redis_endpoint: "redis-master.dev-redis.svc.cluster.local" + gitlab_db_endpoint: "pg-cluster.postgres.svc.cluster.local" + DISABLE_REGISTRY_REDIRECT: "true" + # # Overrides for scaled down cluster for local dev and CI + webservice_replicas: 1 + toolbox_resources: + limits: + cpu: 2000m + memory: 3584M + requests: + cpu: 500m + memory: 1000M + webservice_resources: + limits: + memory: 2.5G + requests: + cpu: 300m + memory: 2.5G + migrations_resources: + limits: + cpu: 500m + memory: 4G + workhorse_resources: + limits: + memory: 100M + requests: + cpu: 10m + memory: 10M + sidekiq_replicas: 1 + sidekiq_resources: + limits: + memory: 1.5G + requests: + cpu: 50m + memory: 625M + registry_replicas: 1 + shell_replicas: 1 diff --git a/bundles/k3d-demo/uds-config.yaml b/bundles/k3d-demo/uds-config.yaml index 7a8f3de..350e3ba 100644 --- a/bundles/k3d-demo/uds-config.yaml +++ b/bundles/k3d-demo/uds-config.yaml @@ -1 +1,76 @@ -# Add your own configuration here - see overrides in the uds-bundle.yaml for some common configuration options. +# TODO (@WSTARR): We can remove this after the next bundle update +variables: + postgres-operator: + postgresql: + enabled: true # Set to false to not create the PostgreSQL resource + teamId: "uds" + volume: + size: "10Gi" + numberOfInstances: 2 + users: + gitlab.gitlab: [] # database owner + sonarqube.sonarqube: [] # database owner + mattermost.mattermost: [] # database owner + databases: + gitlabdb: gitlab.gitlab + mattermost: mattermost.mattermost + sonarqubedb: sonarqube.sonarqube + version: "13" + ingress: + remoteGenerated: Anywhere + dev-minio: + buckets: | + - name: uds-gitlab-artifacts + - name: uds-gitlab-backups + - name: uds-gitlab-ci-secure-files + - name: uds-gitlab-dependency-proxy + - name: uds-gitlab-lfs + - name: uds-gitlab-mr-diffs + - name: uds-gitlab-packages + - name: uds-gitlab-pages + - name: uds-gitlab-terraform-state + - name: uds-gitlab-uploads + - name: uds-gitlab-registry + - name: uds-gitlab-tmp + - name: uds-mattermost-dev + sonarqube: + sonarqube_db_endpoint: "pg-cluster.postgres.svc.cluster.local" + gitlab: + GITLAB_SSO_ENABLED: false + gitlab_redis_endpoint: "redis-master.dev-redis.svc.cluster.local" + gitlab_db_endpoint: "pg-cluster.postgres.svc.cluster.local" + DISABLE_REGISTRY_REDIRECT: "true" + # # Overrides for scaled down cluster for local dev and CI + webservice_replicas: 1 + webservice_resources: + limits: + memory: 2.5G + requests: + cpu: 300m + memory: 2.5G + toolbox_resources: + limits: + cpu: 2000m + memory: 3584M + requests: + cpu: 500m + memory: 1000M + migrations_resources: + limits: + cpu: 500m + memory: 4G + workhorse_resources: + limits: + memory: 100M + requests: + cpu: 10m + memory: 10M + sidekiq_replicas: 1 + sidekiq_resources: + limits: + memory: 1.5G + requests: + cpu: 50m + memory: 625M + registry_replicas: 1 + shell_replicas: 1