diff --git a/.github/workflows/autobump-docs-index-md.yml b/.github/workflows/autobump-docs-index-md.yml new file mode 100644 index 000000000000..9d40b7b26a51 --- /dev/null +++ b/.github/workflows/autobump-docs-index-md.yml @@ -0,0 +1,63 @@ +name: autobump-docs-index-md.yml + +on: + push: + branches: + - main + paths: + - '**/*.md' + workflow_dispatch: {} + +env: + AUTOBUMP_CONFIG_PATH: configs/autobump-config/test-infra-markdown-index-autobump-config.yaml + +jobs: + autobump: + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + concurrency: + group: post-test-infra-markdown-index-autobump + cancel-in-progress: false + + steps: + - uses: actions/checkout@v4 + + - name: Setup git config + run: | + GIT_USERNAME=$(grep "gitName" ${{ env.AUTOBUMP_CONFIG_PATH }} | cut -d '"' -f 2) + GIT_EMAIL=$(grep "gitEmail" ${{ env.AUTOBUMP_CONFIG_PATH }} | cut -d '"' -f 2) + git config user.name "$GIT_USERNAME" + git config user.email "$GIT_EMAIL" + + git config --unset-all http.https://github.com/.extraheader + + - name: Authenticate in GCP + id: 'auth' + uses: 'google-github-actions/auth@v2' + with: + project_id: ${{ vars.GCP_KYMA_PROJECT_PROJECT_ID }} + workload_identity_provider: ${{ vars.GH_COM_KYMA_PROJECT_GCP_WORKLOAD_IDENTITY_FEDERATION_PROVIDER }} + + - name: Get kyma bot token from Secret Manager + id: 'secrets' + uses: 'google-github-actions/get-secretmanager-secrets@v2' + with: + secrets: |- + kyma-autobump-token:${{ vars.GCP_KYMA_PROJECT_PROJECT_ID }}/${{ vars.KYMA_AUTOBUMP_BOT_GITHUB_SECRET_NAME }} + + - name: Store Github Token for autobumper + run: | + echo "${{ steps.secrets.outputs.kyma-autobump-token }}" > ~/token + + - name: Run markdown index autobump + run: | + docker run --rm \ + -v ~/token:/etc/github/token:ro \ + -v ${{ github.workspace }}:/github/test-infra \ + --workdir /github/test-infra \ + --user $UID \ + europe-docker.pkg.dev/kyma-project/prod/markdown-index:v20241007-aa6bbc21 \ + --config=${{ env.AUTOBUMP_CONFIG_PATH }} \ + --labels-override=kind/chore,area/documentation diff --git a/.github/workflows/autobump-images.yml b/.github/workflows/autobump-images.yml new file mode 100644 index 000000000000..c9fa1538604f --- /dev/null +++ b/.github/workflows/autobump-images.yml @@ -0,0 +1,10 @@ +name: autobump-images + +on: + schedule: + - cron: 45 * * * 1-5 + workflow_dispatch: + +jobs: + autobump: + uses: kyma-project/test-infra/.github/workflows/reusable-image-autobumper.yml@main \ No newline at end of file diff --git a/.github/workflows/buildx-images.yml b/.github/workflows/buildx-images.yml index 55e3389de48c..14130ec7475c 100644 --- a/.github/workflows/buildx-images.yml +++ b/.github/workflows/buildx-images.yml @@ -4,13 +4,13 @@ on: pull_request_target: types: [opened, synchronize, reopened, ready_for_review] paths: - - "images/**" + - "cmd/images/**" - ".github/workflows/image-builder.yml" push: branches: - main paths: - - "images/**" + - "cmd/images/**" - ".github/workflows/image-builder.yml" workflow_dispatch: {} @@ -20,7 +20,7 @@ jobs: uses: ./.github/workflows/image-builder.yml with: name: alpine - dockerfile: images/alpine/Dockerfile + dockerfile: cmd/images/alpine/Dockerfile context: . unpack-alpine: @@ -42,7 +42,7 @@ jobs: uses: ./.github/workflows/image-builder.yml with: name: alpine-git - dockerfile: images/alpine/git/Dockerfile + dockerfile: cmd/images/alpine/git/Dockerfile context: . build-args: BASE_ALPINE_IMAGE=${{ needs.unpack-alpine.outputs.clean_image }} @@ -52,7 +52,7 @@ jobs: uses: ./.github/workflows/image-builder.yml with: name: alpine-git-gke-aws-auth - dockerfile: images/alpine/git/gke-aws-auth/Dockerfile + dockerfile: cmd/images/alpine/git/gke-aws-auth/Dockerfile context: . build-args: BASE_ALPINE_IMAGE=${{ needs.unpack-alpine.outputs.clean_image }} @@ -61,7 +61,7 @@ jobs: uses: ./.github/workflows/image-builder.yml with: name: buildpack - dockerfile: images/buildpack/Dockerfile + dockerfile: cmd/images/buildpack/Dockerfile context: . unpack-buildpack: @@ -83,7 +83,7 @@ jobs: uses: ./.github/workflows/image-builder.yml with: name: buildpack-go - dockerfile: images/buildpack/go/Dockerfile + dockerfile: cmd/images/buildpack/go/Dockerfile context: . build-args: BASE_BUILDPACK_IMAGE=${{ needs.unpack-buildpack.outputs.clean_image }} @@ -92,7 +92,7 @@ jobs: uses: ./.github/workflows/image-builder.yml with: name: unified-agent - dockerfile: images/unified-agent/Dockerfile + dockerfile: cmd/images/unified-agent/Dockerfile context: . unpack-unified-agent: @@ -114,7 +114,7 @@ jobs: uses: ./.github/workflows/image-builder.yml with: name: unified-agent-go - dockerfile: images/unified-agent/go/Dockerfile + dockerfile: cmd/images/unified-agent/go/Dockerfile context: . build-args: BASE_UNIFIED_AGENT_IMAGE=${{ needs.unpack-unified-agent.outputs.clean_image }} @@ -124,7 +124,7 @@ jobs: uses: ./.github/workflows/image-builder.yml with: name: unified-agent-nodejs - dockerfile: images/unified-agent/nodejs/Dockerfile + dockerfile: cmd/images/unified-agent/nodejs/Dockerfile context: . build-args: BASE_UNIFIED_AGENT_IMAGE=${{ needs.unpack-unified-agent.outputs.clean_image }} @@ -134,7 +134,7 @@ jobs: uses: ./.github/workflows/image-builder.yml with: name: unified-agent-python - dockerfile: images/unified-agent/python/Dockerfile + dockerfile: cmd/images/unified-agent/python/Dockerfile context: . build-args: BASE_UNIFIED_AGENT_IMAGE=${{ needs.unpack-unified-agent.outputs.clean_image }} @@ -143,5 +143,5 @@ jobs: uses: ./.github/workflows/image-builder.yml with: name: e2e-gcloud - dockerfile: images/e2e-gcloud/Dockerfile + dockerfile: cmd/images/e2e-gcloud/Dockerfile context: . diff --git a/.github/workflows/hello-world.yml b/.github/workflows/hello-world.yml new file mode 100644 index 000000000000..60b0659d9213 --- /dev/null +++ b/.github/workflows/hello-world.yml @@ -0,0 +1,52 @@ +name: hello-world +on: workflow_dispatch + +env: + AUTOBUMP_CONFIG_PATH: configs/autobump-config/test-infra-markdown-index-autobump-config.yaml + +jobs: + autobump: + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + concurrency: + group: post-test-infra-markdown-index-autobump + cancel-in-progress: false + + steps: + - uses: actions/checkout@v4 + + - name: Setup git config + run: | + GIT_USERNAME=$(grep "gitName" ${{ env.AUTOBUMP_CONFIG_PATH }} | cut -d '"' -f 2) + GIT_EMAIL=$(grep "gitEmail" ${{ env.AUTOBUMP_CONFIG_PATH }} | cut -d '"' -f 2) + git config user.name "$GIT_USERNAME" + git config user.email "$GIT_EMAIL" + git config --unset-all http.https://github.com/.extraheader + - name: Authenticate in GCP + id: 'auth' + uses: 'google-github-actions/auth@v2' + with: + project_id: ${{ vars.GCP_KYMA_PROJECT_PROJECT_ID }} + workload_identity_provider: ${{ vars.GH_COM_KYMA_PROJECT_GCP_WORKLOAD_IDENTITY_FEDERATION_PROVIDER }} + + - name: Get kyma bot token from Secret Manager + id: 'secrets' + uses: 'google-github-actions/get-secretmanager-secrets@v2' + with: + secrets: |- + kyma-autobump-token:${{ vars.GCP_KYMA_PROJECT_PROJECT_ID }}/${{ vars.KYMA_AUTOBUMP_BOT_GITHUB_SECRET_NAME }} + - name: Store Github Token for autobumper + run: | + echo "${{ steps.secrets.outputs.kyma-autobump-token }}" > ~/token + - name: Run markdown index autobump + run: | + docker run --rm \ + -v ~/token:/etc/github/token:ro \ + -v ${{ github.workspace }}:/github/workspace \ + --workdir /github/workspace \ + --user $UID \ + europe-docker.pkg.dev/kyma-project/prod/markdown-index:v20241007-aa6bbc21 \ + --config=${{ env.AUTOBUMP_CONFIG_PATH }} \ + --labels-override=kind/chore,area/documentation diff --git a/.github/workflows/image-builder.yml b/.github/workflows/image-builder.yml index 06010c8740a7..64ef46e0ace4 100644 --- a/.github/workflows/image-builder.yml +++ b/.github/workflows/image-builder.yml @@ -14,7 +14,7 @@ on: description: Path to the dockerfile used to build docker image required: false type: string - default: "prow/images/ginkgo/Dockerfile" + default: "cmd/images/ginkgo/Dockerfile" context: description: Build context to build container from required: false diff --git a/.github/workflows/pull-image-builder-test.yml b/.github/workflows/pull-image-builder-test.yml index 5e2d3bb23dcc..bd68338ee5e1 100644 --- a/.github/workflows/pull-image-builder-test.yml +++ b/.github/workflows/pull-image-builder-test.yml @@ -31,7 +31,7 @@ jobs: uses: ./.github/workflows/image-builder.yml with: name: test-infra/ginkgo - dockerfile: prow/images/ginkgo/Dockerfile + dockerfile: cmd/images/ginkgo/Dockerfile context: . env-file: "envs" tags: ${{ needs.compute-tag.outputs.tag }} diff --git a/.github/workflows/pull-validate-kaniko-build-config.yml b/.github/workflows/pull-validate-kaniko-build-config.yml index a5502581a2d9..1816a7d0bf1c 100644 --- a/.github/workflows/pull-validate-kaniko-build-config.yml +++ b/.github/workflows/pull-validate-kaniko-build-config.yml @@ -53,4 +53,4 @@ jobs: - uses: docker://europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240621-63f4f2b1 id: build with: - args: --name=test-infra/ginkgo --context=. --dockerfile=prow/images/ginkgo/Dockerfile --azure-access-token=${{ steps.secrets.outputs.ado-pat }} --oidc-token=${{ steps.get_oidc.outputs.jwt }} --env-file='envs' --build-in-ado=true --test-kaniko-build-config=true --config="./configs/image-builder-client-config.yaml" \ No newline at end of file + args: --name=test-infra/ginkgo --context=. --dockerfile=cmd/images/ginkgo/Dockerfile --azure-access-token=${{ steps.secrets.outputs.ado-pat }} --oidc-token=${{ steps.get_oidc.outputs.jwt }} --env-file='envs' --build-in-ado=true --test-kaniko-build-config=true --config="./configs/image-builder-client-config.yaml" \ No newline at end of file diff --git a/.github/workflows/push-update-security-config.yaml b/.github/workflows/push-update-security-config.yaml index 6ccf98cfd1fe..8b36f7ac5945 100644 --- a/.github/workflows/push-update-security-config.yaml +++ b/.github/workflows/push-update-security-config.yaml @@ -70,7 +70,7 @@ jobs: --workdir /github/workspace \ --rm \ --user $UID \ - europe-docker.pkg.dev/kyma-project/prod/image-detector:v20241007-36d14dd7 \ + europe-docker.pkg.dev/kyma-project/prod/image-detector:v20241010-d3f08490 \ --terraform-dir=${{ env.TERRAFORM_CONFIGS_DIR }} \ --sec-scanner-config=${{ env.SEC_SCANNERS_CONFIG_PATH }} \ --autobump-config=${{ env.AUTOBUMP_CONFIG_PATH }} diff --git a/.github/workflows/reusable-image-autobumper.yml b/.github/workflows/reusable-image-autobumper.yml new file mode 100644 index 000000000000..ff09fc763953 --- /dev/null +++ b/.github/workflows/reusable-image-autobumper.yml @@ -0,0 +1,66 @@ +name: reusable-image-autobumper +on: + workflow_call: + inputs: + docker-image: + description: 'Docker image with tag to be used' + default: 'europe-docker.pkg.dev/kyma-project/prod/image-autobumper:v20240927-bc42bcd3' + type: string + +env: + AUTOBUMP_CONFIG_PATH: configs/image-autobumper-config/image-autobumper-config.yaml + +jobs: + autobump: + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + steps: + - name: Configure Workload Identity Federation + id: auth + uses: google-github-actions/auth@v2 + with: + project_id: ${{ vars.GCP_KYMA_PROJECT_PROJECT_ID }} + workload_identity_provider: ${{ vars.GH_COM_KYMA_PROJECT_GCP_WORKLOAD_IDENTITY_FEDERATION_PROVIDER }} + + - name: Access Google Cloud Secret + id: access-secret + uses: google-github-actions/get-secretmanager-secrets@v2 + with: + secrets: | + kyma-autobump-token:${{ vars.GCP_KYMA_PROJECT_PROJECT_ID }}/${{ vars.KYMA_AUTOBUMP_BOT_GITHUB_SECRET_NAME }} + + - name: Store Github Token for autobumper + run: | + echo ${{ steps.secrets.outputs.kyma-autobump-token }} > ~/token + chmod 644 ~/token + + - name: Checkout repository + with: + token: ${{ steps.secrets.outputs.kyma-autobump-token }} + uses: actions/checkout@v4 + + # Setup git config with commiter data from config + # Prevent silent passing github token + # see https://stackoverflow.com/a/69979203/23148781 + - name: Setup git config + run: | + GIT_USERNAME=$(grep "gitName" ${{ env.AUTOBUMP_CONFIG_PATH }} | cut -d '"' -f 2) + GIT_EMAIL=$(grep "gitEmail" ${{ env.AUTOBUMP_CONFIG_PATH }} | cut -d '"' -f 2) + git config user.name $GIT_USERNAME + git config user.email $GIT_EMAIL + + git config --unset-all http.https://github.com/.extraheader + + - name: Run Docker container + run: | + docker run \ + --rm \ + --cap-drop=ALL \ + --privileged \ + -v "${{ github.workspace }}:/workspace" \ + -v "~/token:/tmp/github_token:ro" \ + -w /workspace \ + ${{ inputs.docker-image }} \ + --autobump-config=${{ env.AUTOBUMP_CONFIG_PATH }} \ No newline at end of file diff --git a/cmd/cloud-run/slack-message-sender/Dockerfile b/cmd/cloud-run/slack-message-sender/Dockerfile index b570ae2b5f29..d0b8e026ca87 100644 --- a/cmd/cloud-run/slack-message-sender/Dockerfile +++ b/cmd/cloud-run/slack-message-sender/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.12.7-alpine3.20 +FROM python:3.13.0-alpine3.20 # Allow statements and log messages to immediately appear in the Knative logs ENV PYTHONUNBUFFERED True diff --git a/cmd/image-builder/README.md b/cmd/image-builder/README.md index f95614c29b8c..aa3f4a233fc2 100644 --- a/cmd/image-builder/README.md +++ b/cmd/image-builder/README.md @@ -54,7 +54,7 @@ jobs: uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main # Usage: kyma-project/test-infra/.github/workflows/image-builder.yml@main with: name: test-infra/ginkgo - dockerfile: prow/images/ginkgo/Dockerfile + dockerfile: cmd/images/ginkgo/Dockerfile context: . env-file: "envs" tags: ${{ needs.compute-tag.outputs.tag }} @@ -95,6 +95,7 @@ The Image Builder reusable workflow supports the following GitHub events to trig * `push` - to build images on push to the specified branch. * `pull_request_target` - to build images on pull requests. * `workflow_dispatch` - to manually trigger the workflow. +* `schedule` - to build images on a regular basis. ## Reusable Workflow Reference @@ -146,7 +147,7 @@ By default, Image Builder signs images with the production signify service. Image signing allows verification that the image comes from a trusted repository and has not been altered in the meantime. > [!NOTE] -> Image Builder signs images built on the push and workflow_dispatch events only. Images built on the pull_request_target event are not signed. +> Image Builder only signs images built on the `push`, `schedule`, and `workflow_dispatch` events. Images built on the `pull_request_target` event are not signed. ## Image Signing with Signify diff --git a/images/README.md b/cmd/images/README.md similarity index 53% rename from images/README.md rename to cmd/images/README.md index fd3bfe2db36d..df0e79089072 100644 --- a/images/README.md +++ b/cmd/images/README.md @@ -10,22 +10,3 @@ To add additional applications into the images, open a pull request (PR) with ch * Always build from a source to ensure compiler vulnerabilities do not affect the resulting binary. * Link the binary to a specific version so that it's easier to update when necessary. * Build binaries in a separate stage, then copy the resulting binary into the final image to ensure images are small and contain the least number of layers. - -## Write Image Tests - -To write simple smoke tests with your image, add an executable file called `test.sh`. -The scripts should contain all steps that perform basic or advanced test operations against the image. -The test script must exit with a non-zero number if any steps have failed. - -By default, current context of a test script is always Docker build context. Image name is passed as a variable `IMG`. - -### Example - -The example below showcases the example definition of the `test.sh` script. -```shell -#!/usr/bin/env bash -set -e -echo "$IMG" -docker run --rm $IMG -- some-command -test $? -eq 0 || exit 1 -``` \ No newline at end of file diff --git a/images/alpine/Dockerfile b/cmd/images/alpine/Dockerfile similarity index 100% rename from images/alpine/Dockerfile rename to cmd/images/alpine/Dockerfile diff --git a/images/alpine/git/Dockerfile b/cmd/images/alpine/git/Dockerfile similarity index 100% rename from images/alpine/git/Dockerfile rename to cmd/images/alpine/git/Dockerfile diff --git a/images/alpine/git/github-known-hosts b/cmd/images/alpine/git/github-known-hosts similarity index 100% rename from images/alpine/git/github-known-hosts rename to cmd/images/alpine/git/github-known-hosts diff --git a/images/alpine/git/gke-aws-auth/Dockerfile b/cmd/images/alpine/git/gke-aws-auth/Dockerfile similarity index 93% rename from images/alpine/git/gke-aws-auth/Dockerfile rename to cmd/images/alpine/git/gke-aws-auth/Dockerfile index 95969a9d4436..393b8c21ba70 100644 --- a/images/alpine/git/gke-aws-auth/Dockerfile +++ b/cmd/images/alpine/git/gke-aws-auth/Dockerfile @@ -1,4 +1,4 @@ -FROM google/cloud-sdk:495.0.0 AS base +FROM google/cloud-sdk:496.0.0 AS base ARG AWS_IAM_AUTHENTICATOR_VERSION="0.6.11" RUN curl -fsSL \ diff --git a/images/alpine/git/ssh-config b/cmd/images/alpine/git/ssh-config similarity index 100% rename from images/alpine/git/ssh-config rename to cmd/images/alpine/git/ssh-config diff --git a/images/buildpack/Dockerfile b/cmd/images/buildpack/Dockerfile similarity index 100% rename from images/buildpack/Dockerfile rename to cmd/images/buildpack/Dockerfile diff --git a/images/buildpack/go/Dockerfile b/cmd/images/buildpack/go/Dockerfile similarity index 100% rename from images/buildpack/go/Dockerfile rename to cmd/images/buildpack/go/Dockerfile diff --git a/images/e2e-gcloud/Dockerfile b/cmd/images/e2e-gcloud/Dockerfile similarity index 100% rename from images/e2e-gcloud/Dockerfile rename to cmd/images/e2e-gcloud/Dockerfile diff --git a/prow/images/ginkgo/Dockerfile b/cmd/images/ginkgo/Dockerfile similarity index 100% rename from prow/images/ginkgo/Dockerfile rename to cmd/images/ginkgo/Dockerfile diff --git a/prow/images/ginkgo/envs b/cmd/images/ginkgo/envs similarity index 100% rename from prow/images/ginkgo/envs rename to cmd/images/ginkgo/envs diff --git a/images/unified-agent/Dockerfile b/cmd/images/unified-agent/Dockerfile similarity index 100% rename from images/unified-agent/Dockerfile rename to cmd/images/unified-agent/Dockerfile diff --git a/images/unified-agent/go/Dockerfile b/cmd/images/unified-agent/go/Dockerfile similarity index 100% rename from images/unified-agent/go/Dockerfile rename to cmd/images/unified-agent/go/Dockerfile diff --git a/images/unified-agent/go/go-mod-wss-unified-agent.config b/cmd/images/unified-agent/go/go-mod-wss-unified-agent.config similarity index 100% rename from images/unified-agent/go/go-mod-wss-unified-agent.config rename to cmd/images/unified-agent/go/go-mod-wss-unified-agent.config diff --git a/images/unified-agent/nodejs/Dockerfile b/cmd/images/unified-agent/nodejs/Dockerfile similarity index 100% rename from images/unified-agent/nodejs/Dockerfile rename to cmd/images/unified-agent/nodejs/Dockerfile diff --git a/images/unified-agent/nodejs/javascript-wss-unified-agent.config b/cmd/images/unified-agent/nodejs/javascript-wss-unified-agent.config similarity index 100% rename from images/unified-agent/nodejs/javascript-wss-unified-agent.config rename to cmd/images/unified-agent/nodejs/javascript-wss-unified-agent.config diff --git a/images/unified-agent/python/Dockerfile b/cmd/images/unified-agent/python/Dockerfile similarity index 100% rename from images/unified-agent/python/Dockerfile rename to cmd/images/unified-agent/python/Dockerfile diff --git a/images/unified-agent/python/python-wss-unified-agent.config b/cmd/images/unified-agent/python/python-wss-unified-agent.config similarity index 100% rename from images/unified-agent/python/python-wss-unified-agent.config rename to cmd/images/unified-agent/python/python-wss-unified-agent.config diff --git a/images/unified-agent/start-wssagent.sh b/cmd/images/unified-agent/start-wssagent.sh similarity index 100% rename from images/unified-agent/start-wssagent.sh rename to cmd/images/unified-agent/start-wssagent.sh diff --git a/configs/terraform/core/apis.tf b/configs/terraform/core/apis.tf index b86f0bf9767a..3fb87ac351c0 100644 --- a/configs/terraform/core/apis.tf +++ b/configs/terraform/core/apis.tf @@ -6,7 +6,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "6.5.0" + version = "6.6.0" } } } diff --git a/configs/terraform/environments/dev/secrets-rotator/terraform.tfvars b/configs/terraform/environments/dev/secrets-rotator/terraform.tfvars index cf7fa087044f..cd2272bde527 100644 --- a/configs/terraform/environments/dev/secrets-rotator/terraform.tfvars +++ b/configs/terraform/environments/dev/secrets-rotator/terraform.tfvars @@ -1,8 +1,8 @@ project_id = "sap-kyma-neighbors-dev" region = "europe-west3" service_account_keys_rotator_service_name = "service-account-keys-rotator" -service_account_keys_rotator_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20241007-36d14dd7" #gitleaks:allow +service_account_keys_rotator_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20241010-d3f08490" #gitleaks:allow service_account_keys_cleaner_service_name = "service-account-keys-cleaner" -service_account_keys_cleaner_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20241007-36d14dd7" #gitleaks:allow +service_account_keys_cleaner_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20241010-d3f08490" #gitleaks:allow service_account_key_latest_version_min_age = 24 service_account_keys_cleaner_scheduler_cron_schedule = "0 0 * * 1-5" diff --git a/configs/terraform/environments/prod/kyma-bots-secrets-variables.tf b/configs/terraform/environments/prod/kyma-bots-secrets-variables.tf index 56592290b10d..8a15e7645941 100644 --- a/configs/terraform/environments/prod/kyma-bots-secrets-variables.tf +++ b/configs/terraform/environments/prod/kyma-bots-secrets-variables.tf @@ -9,14 +9,13 @@ variable "kyma_autobump_bot_github_token_secret_name" { default = "kyma-autobump-bot-github-token" } -# TODO(kacpermalachowski): Rename to kyma_autobump_bot_github_token_secret_name after Prow removal -variable "kyma_autobump_bot_github_token_sm_secret_name" { +variable "kyma_bot_github_sap_token_secret_name" { type = string description = "Name of the kyma-autobump-bot-github-token secret in the Google's Secret Manager. This secret is used by automatic bumpers to interact with GitHub." - default = "workloads_default_kyma-autobump-bot-github-token" + default = "kyma-autobump-bot-github-token" } -variable "kyma_bot_github_sap_token_secret_name" { +variable "kyma_bot_github_sap_token_prow_k8s_secret_name" { type = string description = "Name of the kyma-bot-github-sap-token secret. This is used by automation to interact with SAP GitHub instance." default = "kyma-bot-github-sap-token" diff --git a/configs/terraform/environments/prod/kyma-bots-secrets.tf b/configs/terraform/environments/prod/kyma-bots-secrets.tf index dd7e64b316df..0fb6a79723a1 100644 --- a/configs/terraform/environments/prod/kyma-bots-secrets.tf +++ b/configs/terraform/environments/prod/kyma-bots-secrets.tf @@ -12,7 +12,7 @@ resource "kubernetes_cluster_role" "access_kyma_bot_github_tokens_trusted_worklo rule { api_groups = [""] resources = ["secrets"] - resource_names = [var.kyma_autobump_bot_github_token_secret_name, var.kyma_bot_github_token_secret_name, var.kyma_bot_github_sap_token_secret_name, var.kyma_guard_bot_github_token_secret_name] + resource_names = [var.kyma_autobump_bot_github_token_secret_name, var.kyma_bot_github_token_secret_name, var.kyma_bot_github_sap_token_prow_k8s_secret_name, var.kyma_guard_bot_github_token_secret_name] verbs = ["update", "get", "list", "watch", "patch", "create", "delete"] } } @@ -27,7 +27,7 @@ resource "kubernetes_cluster_role" "access_kyma_bot_github_tokens_untrusted_work rule { api_groups = [""] resources = ["secrets"] - resource_names = [var.kyma_autobump_bot_github_token_secret_name, var.kyma_bot_github_token_secret_name, var.kyma_bot_github_sap_token_secret_name, var.kyma_guard_bot_github_token_secret_name] + resource_names = [var.kyma_autobump_bot_github_token_secret_name, var.kyma_bot_github_token_secret_name, var.kyma_bot_github_sap_token_prow_k8s_secret_name, var.kyma_guard_bot_github_token_secret_name] verbs = ["update", "get", "list", "watch", "patch", "create", "delete"] } } @@ -72,5 +72,5 @@ resource "github_actions_variable" "kyma_autobump_bot_github_token_secret_name" provider = github.kyma_project repository = data.github_repository.test_infra.name variable_name = "KYMA_AUTOBUMP_BOT_GITHUB_SECRET_NAME" - value = var.kyma_autobump_bot_github_token_sm_secret_name + value = var.kyma_bot_github_sap_token_secret_name } diff --git a/configs/terraform/environments/prod/terraform.tfvars b/configs/terraform/environments/prod/terraform.tfvars index a075230f0d23..daabbdf24d97 100644 --- a/configs/terraform/environments/prod/terraform.tfvars +++ b/configs/terraform/environments/prod/terraform.tfvars @@ -8,9 +8,9 @@ kyma_project_artifact_registry_collection = { }, } service_account_keys_rotator_service_name = "service-account-keys-rotator" -service_account_keys_rotator_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20241007-36d14dd7" #gitleaks:allow +service_account_keys_rotator_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20241010-d3f08490" #gitleaks:allow service_account_keys_cleaner_service_name = "service-account-keys-cleaner" -service_account_keys_cleaner_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20241007-36d14dd7" #gitleaks:allow +service_account_keys_cleaner_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20241010-d3f08490" #gitleaks:allow service_account_key_latest_version_min_age = 24 service_account_keys_cleaner_scheduler_cron_schedule = "0 0 * * 1-5" diff --git a/configs/terraform/modules/cors-proxy/cors-proxy.tf b/configs/terraform/modules/cors-proxy/cors-proxy.tf index 9420ddbe38db..ece756f9a1bf 100644 --- a/configs/terraform/modules/cors-proxy/cors-proxy.tf +++ b/configs/terraform/modules/cors-proxy/cors-proxy.tf @@ -28,7 +28,7 @@ resource "google_cloud_run_service" "cors_proxy" { template { spec { containers { - image = "europe-docker.pkg.dev/kyma-project/prod/cors-proxy:v20241007-36d14dd7" + image = "europe-docker.pkg.dev/kyma-project/prod/cors-proxy:v20241010-d3f08490" env { name = "COMPONENT_NAME" value = "cors-proxy" diff --git a/configs/terraform/modules/github-webhook-gateway/github-webhook-gateway.tf b/configs/terraform/modules/github-webhook-gateway/github-webhook-gateway.tf index b560e76f3c08..d35cdf20e9a7 100644 --- a/configs/terraform/modules/github-webhook-gateway/github-webhook-gateway.tf +++ b/configs/terraform/modules/github-webhook-gateway/github-webhook-gateway.tf @@ -67,7 +67,7 @@ resource "google_cloud_run_service" "github_webhook_gateway" { spec { service_account_name = google_service_account.github_webhook_gateway.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/github-webhook-gateway:v20241007-36d14dd7" + image = "europe-docker.pkg.dev/kyma-project/prod/github-webhook-gateway:v20241010-d3f08490" env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/configs/terraform/modules/secrets-leaks-log-scanner/gcs-bucket-mover.tf b/configs/terraform/modules/secrets-leaks-log-scanner/gcs-bucket-mover.tf index 1ad1251f7807..4849a470c2c0 100644 --- a/configs/terraform/modules/secrets-leaks-log-scanner/gcs-bucket-mover.tf +++ b/configs/terraform/modules/secrets-leaks-log-scanner/gcs-bucket-mover.tf @@ -47,7 +47,7 @@ resource "google_cloud_run_service" "gcs_bucket_mover" { spec { service_account_name = google_service_account.gcs_bucket_mover.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/move-gcs-bucket:v20241007-36d14dd7" + image = "europe-docker.pkg.dev/kyma-project/prod/move-gcs-bucket:v20241010-d3f08490" env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-creator.tf b/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-creator.tf index 9660d6402e4b..e36a6156730e 100644 --- a/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-creator.tf +++ b/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-creator.tf @@ -24,7 +24,7 @@ resource "google_cloud_run_service" "github_issue_creator" { spec { service_account_name = google_service_account.github_issue_creator.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/create-github-issue:v20241007-36d14dd7" + image = "europe-docker.pkg.dev/kyma-project/prod/create-github-issue:v20241010-d3f08490" env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-finder.tf b/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-finder.tf index d9a5b7b41274..39ca059b0293 100644 --- a/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-finder.tf +++ b/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-finder.tf @@ -24,7 +24,7 @@ resource "google_cloud_run_service" "github_issue_finder" { spec { service_account_name = google_service_account.github_issue_finder.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/search-github-issue:v20241007-36d14dd7" + image = "europe-docker.pkg.dev/kyma-project/prod/search-github-issue:v20241010-d3f08490" env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/configs/terraform/modules/secrets-leaks-log-scanner/secrets-leak-log-scanner.tf b/configs/terraform/modules/secrets-leaks-log-scanner/secrets-leak-log-scanner.tf index 69e96c7793e0..9aa1875afdc5 100644 --- a/configs/terraform/modules/secrets-leaks-log-scanner/secrets-leak-log-scanner.tf +++ b/configs/terraform/modules/secrets-leaks-log-scanner/secrets-leak-log-scanner.tf @@ -23,7 +23,7 @@ resource "google_cloud_run_service" "secrets_leak_log_scanner" { spec { service_account_name = google_service_account.secrets_leak_log_scanner.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/scan-logs-for-secrets:v20241007-36d14dd7" #gitleaks:allow + image = "europe-docker.pkg.dev/kyma-project/prod/scan-logs-for-secrets:v20241010-d3f08490" #gitleaks:allow env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/configs/terraform/modules/security-dashboard-token/security-dashboard-token.tf b/configs/terraform/modules/security-dashboard-token/security-dashboard-token.tf index 3baa6c37dafb..43eeb63082d3 100644 --- a/configs/terraform/modules/security-dashboard-token/security-dashboard-token.tf +++ b/configs/terraform/modules/security-dashboard-token/security-dashboard-token.tf @@ -31,7 +31,7 @@ resource "google_cloud_run_service" "security_dashboard_token" { template { spec { containers { - image = "europe-docker.pkg.dev/kyma-project/prod/dashboard-token-proxy:v20241007-36d14dd7" #gitleaks:allow ignore gitleaks detection + image = "europe-docker.pkg.dev/kyma-project/prod/dashboard-token-proxy:v20241010-d3f08490" #gitleaks:allow ignore gitleaks detection env { name = "CLIENT_SECRET" value_from { diff --git a/configs/terraform/modules/slack-message-sender/slack-message-sender.tf b/configs/terraform/modules/slack-message-sender/slack-message-sender.tf index c91db2b8536a..e74f6b60eeeb 100644 --- a/configs/terraform/modules/slack-message-sender/slack-message-sender.tf +++ b/configs/terraform/modules/slack-message-sender/slack-message-sender.tf @@ -38,7 +38,7 @@ resource "google_cloud_run_service" "slack_message_sender" { spec { service_account_name = google_service_account.slack_message_sender.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/slackmessagesender:v20241002-1ca38179" + image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/slackmessagesender:v20241008-00628e8e" env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/docs/index.md b/docs/index.md index 24d6c54eb3c3..4da239b61315 100644 --- a/docs/index.md +++ b/docs/index.md @@ -66,7 +66,7 @@ [HTML Lens](/docs/prow/prow-html-lens.md) - Spyglass HTML lens allows to render HTML files in the job results. -[Image Autobump ](/docs/prow/prow-jobs-autobump.md) - This document provides an overview of autobump Prow Jobs. +[Image Autobump ](/docs/prow/prow-jobs-autobump.md) - This document provides an overview of autobump Prow Jobs. [Prow Cluster Monitoring Setup](/docs/prow/prow-monitoring.md) - This document describes how to install and manage Prow cluster monitoring. @@ -76,7 +76,7 @@ [Prow Workload Clusters](/docs/prow/workload-clusters.md) - This document describes workload clusters on which Prow schedules Pods to execute the logic of a given Prow job. All workload clusters are aggregated under the `kyma-prow` Google Cloud project. We use two workload clusters for trusted and untrusted Prow jobs. -[Prow Runtime Images](/images/README.md) - This directory contains images that can be used as runtime images for all ProwJobs in Kyma's Prow Instance. +[Prow Runtime Images](/cmd/images/README.md) - This directory contains images that can be used as runtime images for all ProwJobs in Kyma's Prow Instance. [PR Tag Builder](/pkg/tools/prtagbuilder/README.md) - PR Tag Builder is a tool that finds a pull request (PR) number for a commit. @@ -86,6 +86,7 @@ [External Secrets](/prow/cluster/resources/external-secrets/README.md) - Kubernetes Secrets are synchronized with Google Cloud Secret Manager using [External Secrets Operator](https://github.com/external-secrets/external-secrets). -[Images](/prow/images/README.md) - > DEPRECATED: Use the [`images`](/images) directory instead. +[Images](/prow/images/README.md) - > DEPRECATED: Use the [`images`](/cmd/images) directory instead. [Vulnerability Scanner](/prow/images/whitesource-scanner/README.md) - This folder contains the WhiteSource Unified Agent image that is based on the Java Buildpack image. Use it to perform WhiteSource vulnerability scans. + diff --git a/docs/prow/manage-component-jobs-with-templates.md b/docs/prow/manage-component-jobs-with-templates.md deleted file mode 100644 index 6853ee78d4ef..000000000000 --- a/docs/prow/manage-component-jobs-with-templates.md +++ /dev/null @@ -1,197 +0,0 @@ -# Manage Component Jobs with Templates - -This document describes how to define, modify, and remove Prow jobs for Kyma components using predefined templates that create both presubmit and postsubmit jobs for your component. Also, this document gives you the steps required to prepare your component for the Prow CI pipeline. - -
-
- - Add component jobs - - -Follow these steps: - -1. Edit the configuration file. - - Go to `templates/data/generic_component_data.yaml` and add a new entry with your component details to the `render` list under the `templates` section. - - See an example that defines the `compass-runtime-agent` component from the `kyma` repository, using the generic bootstrap: - - ```yaml - templates: - - from: generic.tmpl - render: - - to: ../../prow/jobs/kyma/components/compass-runtime-agent/compass-runtime-agent-generic.yaml - jobConfigs: - - repoName: "github.com/kyma-project/kyma" - jobs: - - jobConfig: - path: components/compass-runtime-agent - args: - - "/home/prow/go/src/github.com/kyma-project/kyma/components/compass-runtime-agent" - run_if_changed: "^components/compass-runtime-agent/|^common/makefiles/" - release_since: "1.7" - optional: true - ... - ``` - - Such an entry uses the `generic.tmpl` template to create the `compass-runtime-agent-generic.yaml` file under the `/prow/jobs/kyma/components/compass-runtime-agent/` subfolder, specifying that the presubmit and postsubmit jobs for this component should apply from the `1.7` release onwards. - Set the **optional** parameter to `true` for this job to be optional on pull requests (PRs), not to block others. - - If needed, you can add global Config Sets (**globalSets**) to the `templates/config.yaml` file. - - For more information about creating template files, as well as local config sets (**localSets**), job configs (**jobConfig**), and (**globalSets**), read [Render Templates](../../pkg/tools/rendertemplates). - > **CAUTION:** The `.yaml` file and the component folder name should be the same as the name of the Kyma component. Also, all `.yaml` files in the whole `jobs` structure must have unique names. - - Use the buildpack for Go or Node.js applications provided in the `test-infra` repository. It is the standard mechanism for defining Prow jobs. If the buildpack you want to use is not there yet, you must add it. When you add a new buildpack, follow the example of the already defined ones. - -2. Generate jobs. - - Run this command to generate jobs previously defined in the `config.yaml` file: - ```bash - make jobs-definitions - ``` - - As a result, the Render Templates tool generates the requested job files. - - For more information about generating jobs, read [Render Templates](../../cmd/tools/rendertemplates/README.md). - - -3. Check your configuration locally. - - Use the `development/validate-config.sh` script to validate your Prow configuration. The script accepts three arguments: - - - The path to the plugins configuration file (`prow/plugins.yaml`) - - The path to the generic configuration file (`prow/config.yaml`) - - The path to the directory with job definitions (`prow/jobs/`) - - See an example: - - ```bash - cd $GOPATH/src/github.com/kyma-project/test-infra - ./development/validate-config.sh prow/plugins.yaml prow/config.yaml prow/jobs/ - ``` - -4. Merge the changes. - - Create a PR with your changes in the `generic_component_data.yaml` file and the job files generated by the Render Templates tool. - - After your PR is reviewed and approved, merge the changes to the `test-infra` repository. The job configuration is automatically applied to the Prow production cluster. The `config_updater` plugin configured in the `prow/plugins.yaml` file adds a comment to the PR: - -![msg](./assets/msg-updated-config.png) - -5. Create a Makefile for your component. - - Buildpacks need a `Makefile` defined in your component directory under the `kyma` repository. The `Makefile` must define the **ci-release** target that is executed for a PR issued against the release branch. - - See an example of `Makefile` for the Central Application Gateway component that already uses the generic buildpack: - - ```Makefile - APP_NAME = central-application-gateway - APP_PATH = components/$(APP_NAME) - BUILDPACK = eu.gcr.io/kyma-project/test-infra/buildpack-golang:v20210607-b7e95d8b - SCRIPTS_DIR = $(realpath $(shell pwd)/../..)/common/makefiles - - override ENTRYPOINT = cmd/applicationgateway/ - - include $(SCRIPTS_DIR)/generic-make-go.mk - - VERIFY_IGNORE := /vendor\|/mocks - - release: - $(MAKE) gomod-release-local - - resolve-local: - GO111MODULE=on go mod vendor -v - - test-local: - GO111MODULE=on go test ./... - - .PHONY: path-to-referenced-charts - path-to-referenced-charts: - @echo "resources/application-connector" - ``` - - > **NOTE** Add a tab before each command. - - If your job involves pushing a Docker image, its name is based on the following environment variables: - - - **DOCKER_TAG** that refers to the Docker tag set by the `build.sh` script. - - **DOCKER_PUSH_DIRECTORY** that points to the directory in the Docker repository where the image is pushed. Set it in the job definition by adding the **preset-build-pr**, **preset-build-main**, or **preset-build-release** Preset. - - **DOCKER_PUSH_REPOSITORY** that is the Docker repository where the image is pushed. It is set in the job definition by the **preset-docker-push-repository** Preset. - - -6. Make your component job and test obligatory. - - Create another PR in the `test-infra` repository that removes these entries: - - - `optional: true` from your component job definition in `templates/config.yaml`. - - `jobsuite.Optional()` from your component test definition in `components_test.go`. - - This change makes your component job and test obligatory to pass on all PRs before they can be merged. - -
-
- -Modify component jobs - - -To change component job configuration, follow these steps: - -1. In the `generic_component_data.yaml` file, change the name of the file where the jobs are generated. For example, add the `deprecated` suffix. -2. Add `until: {last release}` to this configuration. It specifies the release until which this component version applies. -3. Create a new entry with the new configuration. Set the `to` field to point to the file responsible for storing jobs. -4. Add `since: {next release}` to the new entry. It specifies the release from which this component version applies. - - See this example: - - Buildpack for the API Controller changed from `go1.11` to `go.12` in release `1.5`. This is the component configuration before the buildpack change: - - ```yaml - - to: ../prow/jobs/kyma/components/api-controller/api-controller.yaml - values: - <<: *go_kyma_component_1_11 - path: components/api-controller - ``` - - This is what the configuration created after the buildpack change looks like: - - ```yaml - - to: ../prow/jobs/kyma/components/api-controller/api-controller.yaml - values: - <<: *go_kyma_component_1_12 - path: components/api-controller - since: '1.5' - - to: ../prow/jobs/kyma/components/api-controller/api-controller-deprecated.yaml - values: - <<: *go_kyma_component_1_11 - path: components/api-controller - until: '1.4' - ``` - -
-
- -Remove component jobs - - -CI pipeline in Kyma supports jobs for three last releases so plan the component job removal in advance. Before you remove your component from Prow, add the `until: '{release}'` entry to your component job definition in the `templates/config.yaml` file. - -For example, if you are planning to remove your component after version `1.3`, add the `until: '1.3'` entry to your component job definition and remove it only when the release 1.3 is no longer supported: - -```yaml -global: - nextRelease: "1.7" - releases: - - "1.6" - - "1.5" - - "1.4" -... -``` - -To remove a component from Prow, follow these steps: - -1. In the `generic_component_data.yaml` file, remove the entries under the `templates` section that refer to your component. -2. Manually remove all files and the component folder from `/prow/jobs`. - -
-
diff --git a/go.mod b/go.mod index 92df44f23232..0d156f122e53 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( cloud.google.com/go/compute/metadata v0.5.2 cloud.google.com/go/firestore v1.17.0 cloud.google.com/go/logging v1.11.0 - cloud.google.com/go/pubsub v1.43.0 + cloud.google.com/go/pubsub v1.44.0 cloud.google.com/go/storage v1.44.0 github.com/Masterminds/semver v1.5.0 github.com/avast/retry-go/v4 v4.6.0 @@ -34,12 +34,12 @@ require ( github.com/spf13/viper v1.19.0 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.18.0 - github.com/zricethezav/gitleaks/v8 v8.20.0 + github.com/zricethezav/gitleaks/v8 v8.20.1 go.uber.org/zap v1.27.0 golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 golang.org/x/net v0.30.0 golang.org/x/oauth2 v0.23.0 - google.golang.org/api v0.199.0 + google.golang.org/api v0.200.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.27.2 k8s.io/apimachinery v0.27.2 @@ -54,11 +54,11 @@ require github.com/rogpeppe/go-internal v1.11.0 // indirect require ( cel.dev/expr v0.16.1 // indirect cloud.google.com/go v0.115.1 // indirect - cloud.google.com/go/auth v0.9.5 // indirect + cloud.google.com/go/auth v0.9.8 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect cloud.google.com/go/iam v1.2.1 // indirect cloud.google.com/go/longrunning v0.6.1 // indirect - cloud.google.com/go/monitoring v1.21.0 // indirect + cloud.google.com/go/monitoring v1.21.1 // indirect contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d // indirect contrib.go.opencensus.io/exporter/prometheus v0.4.0 // indirect github.com/BobuSumisu/aho-corasick v1.0.3 // indirect @@ -199,16 +199,16 @@ require ( golang.org/x/sys v0.26.0 // indirect golang.org/x/term v0.25.0 // indirect golang.org/x/text v0.19.0 // indirect - golang.org/x/time v0.6.0 // indirect + golang.org/x/time v0.7.0 // indirect golang.org/x/tools v0.25.0 // indirect golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect - google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/grpc v1.67.0 // indirect + google.golang.org/genproto v0.0.0-20241007155032-5fefd90f89a9 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 // indirect + google.golang.org/grpc v1.67.1 // indirect google.golang.org/grpc/stats/opentelemetry v0.0.0-20240907200651-3ffb98b2c93a // indirect - google.golang.org/protobuf v1.34.2 // indirect + google.golang.org/protobuf v1.35.1 // indirect gopkg.in/fsnotify.v1 v1.4.7 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/go.sum b/go.sum index 308b9f25bcc4..c13a6d4d1625 100644 --- a/go.sum +++ b/go.sum @@ -24,8 +24,8 @@ cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKP cloud.google.com/go v0.73.0/go.mod h1:BkDh9dFvGjCitVw03TNjKbBxXNKULXXIq6orU6HrJ4Q= cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= -cloud.google.com/go/auth v0.9.5 h1:4CTn43Eynw40aFVr3GpPqsQponx2jv0BQpjvajsbbzw= -cloud.google.com/go/auth v0.9.5/go.mod h1:Xo0n7n66eHyOWWCnitop6870Ilwo3PiZyodVkkH1xWM= +cloud.google.com/go/auth v0.9.8 h1:+CSJ0Gw9iVeSENVCKJoLHhdUykDgXSc4Qn+gu2BRtR8= +cloud.google.com/go/auth v0.9.8/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -42,21 +42,21 @@ cloud.google.com/go/firestore v1.17.0 h1:iEd1LBbkDZTFsLw3sTH50eyg4qe8eoG6CjocmEX cloud.google.com/go/firestore v1.17.0/go.mod h1:69uPx1papBsY8ZETooc71fOhoKkD70Q1DwMrtKuOT/Y= cloud.google.com/go/iam v1.2.1 h1:QFct02HRb7H12J/3utj0qf5tobFh9V4vR6h9eX5EBRU= cloud.google.com/go/iam v1.2.1/go.mod h1:3VUIJDPpwT6p/amXRC5GY8fCCh70lxPygguVtI0Z4/g= -cloud.google.com/go/kms v1.19.0 h1:x0OVJDl6UH1BSX4THKlMfdcFWoE4ruh90ZHuilZekrU= -cloud.google.com/go/kms v1.19.0/go.mod h1:e4imokuPJUc17Trz2s6lEXFDt8bgDmvpVynH39bdrHM= +cloud.google.com/go/kms v1.20.0 h1:uKUvjGqbBlI96xGE669hcVnEMw1Px/Mvfa62dhM5UrY= +cloud.google.com/go/kms v1.20.0/go.mod h1:/dMbFF1tLLFnQV44AoI2GlotbjowyUfgVwezxW291fM= cloud.google.com/go/logging v1.11.0 h1:v3ktVzXMV7CwHq1MBF65wcqLMA7i+z3YxbUsoK7mOKs= cloud.google.com/go/logging v1.11.0/go.mod h1:5LDiJC/RxTt+fHc1LAt20R9TKiUTReDg6RuuFOZ67+A= cloud.google.com/go/longrunning v0.6.1 h1:lOLTFxYpr8hcRtcwWir5ITh1PAKUD/sG2lKrTSYjyMc= cloud.google.com/go/longrunning v0.6.1/go.mod h1:nHISoOZpBcmlwbJmiVk5oDRz0qG/ZxPynEGs1iZ79s0= -cloud.google.com/go/monitoring v1.21.0 h1:EMc0tB+d3lUewT2NzKC/hr8cSR9WsUieVywzIHetGro= -cloud.google.com/go/monitoring v1.21.0/go.mod h1:tuJ+KNDdJbetSsbSGTqnaBvbauS5kr3Q/koy3Up6r+4= +cloud.google.com/go/monitoring v1.21.1 h1:zWtbIoBMnU5LP9A/fz8LmWMGHpk4skdfeiaa66QdFGc= +cloud.google.com/go/monitoring v1.21.1/go.mod h1:Rj++LKrlht9uBi8+Eb530dIrzG/cU/lB8mt+lbeFK1c= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= cloud.google.com/go/pubsub v1.9.1/go.mod h1:7QTUeCiy+P1dVPO8hHVbZSHDfibbgm1gbKyOVYnqb8g= -cloud.google.com/go/pubsub v1.43.0 h1:s3Qx+F96J7Kwey/uVHdK3QxFLIlOvvw4SfMYw2jFjb4= -cloud.google.com/go/pubsub v1.43.0/go.mod h1:LNLfqItblovg7mHWgU5g84Vhza4J8kTxx0YqIeTzcXY= +cloud.google.com/go/pubsub v1.44.0 h1:pLaMJVDTlnUDIKT5L0k53YyLszfBbGoUBo/IqDK/fEI= +cloud.google.com/go/pubsub v1.44.0/go.mod h1:BD4a/kmE8OePyHoa1qAHEw1rMzXX+Pc8Se54T/8mc3I= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -65,8 +65,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9 cloud.google.com/go/storage v1.12.0/go.mod h1:fFLk2dp2oAhDz8QFKwqrjdJvxSp/W2g7nillojlL5Ho= cloud.google.com/go/storage v1.44.0 h1:abBzXf4UJKMmQ04xxJf9dYM/fNl24KHoTuBjyJDX2AI= cloud.google.com/go/storage v1.44.0/go.mod h1:wpPblkIuMP5jCB/E48Pz9zIo2S/zD8g+ITmxKkPCITE= -cloud.google.com/go/trace v1.11.0 h1:UHX6cOJm45Zw/KIbqHe4kII8PupLt/V5tscZUkeiJVI= -cloud.google.com/go/trace v1.11.0/go.mod h1:Aiemdi52635dBR7o3zuc9lLjXo3BwGaChEjCa3tJNmM= +cloud.google.com/go/trace v1.11.1 h1:UNqdP+HYYtnm6lb91aNA5JQ0X14GnxkABGlfz2PzPew= +cloud.google.com/go/trace v1.11.1/go.mod h1:IQKNQuBzH72EGaXEodKlNJrWykGZxet2zgjtS60OtjA= contrib.go.opencensus.io/exporter/aws v0.0.0-20181029163544-2befc13012d0/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0= contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d h1:LblfooH1lKOpp1hIhukktmSAxFkqMPFk9KR6iZ0MJNI= @@ -683,8 +683,8 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/zricethezav/gitleaks/v8 v8.20.0 h1:Gtd9SFhe1NTHZaCW/FTlDVPZtEBwwxEov1RYZ61+7xI= -github.com/zricethezav/gitleaks/v8 v8.20.0/go.mod h1:EgDcqyUTQZtnuUYweb1RK+lwKEX+BYoIXCN16H0TMaM= +github.com/zricethezav/gitleaks/v8 v8.20.1 h1:FIGCDrgySyOZe+yQJecBoSyEq6xzQdUDKK583ZOr1tg= +github.com/zricethezav/gitleaks/v8 v8.20.1/go.mod h1:EgDcqyUTQZtnuUYweb1RK+lwKEX+BYoIXCN16H0TMaM= go.einride.tech/aip v0.68.0 h1:4seM66oLzTpz50u4K1zlJyOXQ3tCzcJN7I22tKkjipw= go.einride.tech/aip v0.68.0/go.mod h1:7y9FF8VtPWqpxuAxl0KQWqaULxW4zFIesD6zF5RIHHg= go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= @@ -915,8 +915,8 @@ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= -golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1003,8 +1003,8 @@ google.golang.org/api v0.31.0/go.mod h1:CL+9IBCa2WWU6gRuBWaKqGWLFFwbEUXkfeMkHLQW google.golang.org/api v0.32.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.199.0 h1:aWUXClp+VFJmqE0JPvpZOK3LDQMyFKYIow4etYd9qxs= -google.golang.org/api v0.199.0/go.mod h1:ohG4qSztDJmZdjK/Ar6MhbAmb/Rpi4JHOqagsh90K28= +google.golang.org/api v0.200.0 h1:0ytfNWn101is6e9VBoct2wrGDjOi5vn7jw5KtaQgDrU= +google.golang.org/api v0.200.0/go.mod h1:Tc5u9kcbjO7A8SwGlYj4IiVifJU01UqXtEgDMYmBmV8= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1055,12 +1055,12 @@ google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20201203001206-6486ece9c497/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201209185603-f92720507ed4/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU= -google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= -google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1:hjSy6tcFQZ171igDaN5QHOw2n6vx40juYbC/x67CEhc= -google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto v0.0.0-20241007155032-5fefd90f89a9 h1:nFS3IivktIU5Mk6KQa+v6RKkHUpdQpphqGNLxqNnbEk= +google.golang.org/genproto v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:tEzYTYZxbmVNOu0OAFH9HzdJtLn6h4Aj89zzlBCdHms= +google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f h1:jTm13A2itBi3La6yTGqn8bVSrc3ZZ1r8ENHlIXBfnRA= +google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f/go.mod h1:CLGoBuH1VHxAUXVPP8FfPwPEVJB6lz3URE5mY2SuayE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 h1:QCqS/PdaHTSWGvupk2F/ehwHtGc0/GYkT+3GAcR1CCc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1081,8 +1081,8 @@ google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.67.0 h1:IdH9y6PF5MPSdAntIcpjQ+tXO41pcQsfZV2RxtQgVcw= -google.golang.org/grpc v1.67.0/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= +google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= +google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= google.golang.org/grpc/stats/opentelemetry v0.0.0-20240907200651-3ffb98b2c93a h1:UIpYSuWdWHSzjwcAFRLjKcPXFZVVLXGEM23W+NWqipw= google.golang.org/grpc/stats/opentelemetry v0.0.0-20240907200651-3ffb98b2c93a/go.mod h1:9i1T9n4ZinTUZGgzENMi8MDDgbGC5mqTS75JAv6xN3A= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= @@ -1098,8 +1098,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= -google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= +google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= +google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/images/buildpack/go/test.sh b/images/buildpack/go/test.sh deleted file mode 100755 index 79f3819f92b4..000000000000 --- a/images/buildpack/go/test.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env bash - -set -e -docker run --rm "$IMG" bash -c ' -set -e -go version -kubebuilder version -kustomize version -jobguard -help - -cat< /tmp/main.go -package main -import "fmt" -func main() { -fmt.Println("Hello World!") -} -EOF -go run /tmp/main.go -' \ No newline at end of file diff --git a/prow/cluster/components/automated-approver_external-plugin.yaml b/prow/cluster/components/automated-approver_external-plugin.yaml index 9c62d156422d..5aae5b3c5c3b 100644 --- a/prow/cluster/components/automated-approver_external-plugin.yaml +++ b/prow/cluster/components/automated-approver_external-plugin.yaml @@ -16,7 +16,7 @@ spec: spec: containers: - name: automated-approver - image: europe-docker.pkg.dev/kyma-project/prod/automated-approver:v20241007-36d14dd7 + image: europe-docker.pkg.dev/kyma-project/prod/automated-approver:v20241010-d3f08490 imagePullPolicy: Always args: - --dry-run=false diff --git a/prow/cluster/resources/external-secrets/external_secrets_checker_prow.yaml b/prow/cluster/resources/external-secrets/external_secrets_checker_prow.yaml index 5b5eb97e4f65..d55ab4201c63 100644 --- a/prow/cluster/resources/external-secrets/external_secrets_checker_prow.yaml +++ b/prow/cluster/resources/external-secrets/external_secrets_checker_prow.yaml @@ -13,7 +13,7 @@ spec: spec: containers: - name: secret-checker-untrusted - image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20241007-36d14dd7 #gitleaks:allow + image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20241010-d3f08490 #gitleaks:allow imagePullPolicy: IfNotPresent command: - /externalsecretschecker @@ -49,7 +49,7 @@ spec: spec: containers: - name: secret-checker-trusted - image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20241007-36d14dd7 #gitleaks:allow + image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20241010-d3f08490 #gitleaks:allow imagePullPolicy: IfNotPresent command: - /externalsecretschecker @@ -85,7 +85,7 @@ spec: spec: containers: - name: secret-checker-prow - image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20241007-36d14dd7 #gitleaks:allow + image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20241010-d3f08490 #gitleaks:allow imagePullPolicy: IfNotPresent command: - /externalsecretschecker diff --git a/prow/images/README.md b/prow/images/README.md deleted file mode 100644 index 9301f4523823..000000000000 --- a/prow/images/README.md +++ /dev/null @@ -1,24 +0,0 @@ -# Images - -> DEPRECATED: Use the [`images`](/images) directory instead. - -## Overview - -This folder contains a list of images used in Prow jobs. - -### Project Structure - - - -The structure of the folder looks as follows: - -``` - ├── bootstrap # The generic image that contains Docker and gcloud - ├── bootstrap-helm # The image that contains gcloud, Docker, and Helm - ├── buildpack-golang # The image for building Golang components - ├── buildpack-node # The image for building Node.js components - ├── buildpack-java # The image for building Java components - ├── cleaner # The image with a script for cleaning SSH keys on service accounts in Google Cloud Storage - ├── golangci-lint # The image contains a golangci-lint binary with wrapper script for scanning all folders containing go.mod files - └── whitesource-scanner # The image for performing whitesource scans -``` diff --git a/prow/images/whitesource-scanner/Dockerfile b/prow/images/whitesource-scanner/Dockerfile deleted file mode 100644 index 7b9a16dd5bf9..000000000000 --- a/prow/images/whitesource-scanner/Dockerfile +++ /dev/null @@ -1,67 +0,0 @@ -FROM eu.gcr.io/kyma-project/test-infra/bootstrap:v20230119-993f0759 - -# Commit details -ARG commit -ENV IMAGE_COMMIT=$commit -LABEL io.kyma-project.test-infra.commit=$commit -SHELL ["/bin/bash", "-o", "pipefail", "-c"] - -ENV UA_VERSION v23.1.2.1 -ENV GO_VERSION 1.22.2 -ENV JAVA_VERSION 8u212-b04 -ENV JAVA_BASE_URL https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u212-b04/OpenJDK8U-jdk_ -ENV JAVA_URL_VERSION 8u212b04 - -ENV JAVA_HOME /usr/local/openjdk-8 -ENV PATH $JAVA_HOME/bin:$PATH - -# Default to UTF-8 file.encoding -ENV LANG C.UTF-8 - -RUN apt-get update && apt-get install -y --no-install-recommends \ - ca-certificates p11-kit maven \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -RUN curl -fLSs -o openjdk.tgz "${JAVA_BASE_URL}x64_linux_hotspot_${JAVA_URL_VERSION}.tar.gz" - -RUN mkdir -p "$JAVA_HOME"; \ - tar --extract \ - --file openjdk.tgz \ - --directory "$JAVA_HOME" \ - --strip-components 1 \ - --no-same-owner \ - ; \ - rm openjdk.tgz* \ - ; \ - java -version - - -# Install Go -ENV GOPATH /workspace/go -ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH -RUN curl -o go.tar.gz -LfSs https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz && \ - tar xzf go.tar.gz && \ - rm go.tar.gz && \ - mv go /usr/local && \ - mkdir -p ${GOPATH}/bin && \ - mkdir -p ${GOPATH}/src - -# install unified agent -RUN curl -LJO https://github.com/whitesource/unified-agent-distribution/releases/download/"${UA_VERSION}"/wss-unified-agent.jar && \ - mkdir -p /wss && \ - mv wss-unified-agent.jar /wss/wss-unified-agent.jar - -# install NodeJS -RUN curl -sL https://deb.nodesource.com/setup_12.x | bash - -RUN apt-get update && apt-get install -y --no-install-recommends \ - nodejs \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -# Prow Tools -# hadolint doesn't support --from external image -# hadolint ignore=DL3022 -COPY --from=eu.gcr.io/kyma-project/test-infra/prow-tools:v20210401-294e46e5 /prow-tools /prow-tools -# for better access to prow-tools -ENV PATH=$PATH:/prow-tools diff --git a/prow/images/whitesource-scanner/Makefile b/prow/images/whitesource-scanner/Makefile deleted file mode 100644 index 3eb7862a131a..000000000000 --- a/prow/images/whitesource-scanner/Makefile +++ /dev/null @@ -1,43 +0,0 @@ -# Environment variables expected by this makefile -# DOCKER_TAG - dynamic tag for image -# DOCKER_PUSH_REPOSITORY - URL set by prow preset -# DOCKER_PUSH_DIRECTORY - -IMG_NAME = wssagent -IMG = $(DOCKER_PUSH_REPOSITORY)$(DOCKER_PUSH_DIRECTORY)/$(IMG_NAME) - - -# build and push on PR, tag with PR number -.PHONY: ci-pr -ci-pr: build-image push-image -push-image: build-image - - -# build and push on postsubmit, tag with commit ID and current -.PHONY: ci-release -ci-release: build-image tag-image push-image -tag-image: build-image - - -# tag image with current tag -.PHONY: tag-image -tag-image: - @echo "___ Tagging as current ___" - docker tag $(IMG):$(DOCKER_TAG) $(IMG):current -ifdef DOCKER_POST_PR_TAG - @echo "___ Tagging with pr number ___" - docker tag $(IMG):$(DOCKER_TAG) $(IMG):$(DOCKER_POST_PR_TAG) -endif - - -# build image and tag it with commit ID or PR number -.PHONY: build-image -build-image: - docker build -t $(IMG):$(DOCKER_TAG) --build-arg commit=$(DOCKER_TAG) . - - -# push image with all tags -.PHONY: push-image -push-image: - @echo "___ Pushing image with all tags ___" - docker push -a $(IMG) \ No newline at end of file diff --git a/prow/images/whitesource-scanner/README.md b/prow/images/whitesource-scanner/README.md deleted file mode 100644 index 28d075abb65b..000000000000 --- a/prow/images/whitesource-scanner/README.md +++ /dev/null @@ -1,15 +0,0 @@ -# Vulnerability Scanner - -## Overview - -This folder contains the WhiteSource Unified Agent image that is based on the Java Buildpack image. Use it to perform WhiteSource vulnerability scans. - -The image contains `whitesource agent v22.1.1.1`. - -## Installation - -To build the Docker image, run this command: - -```bash -make build-image -``` diff --git a/prow/images/whitesource-scanner/go-mod-wss-unified-agent.config b/prow/images/whitesource-scanner/go-mod-wss-unified-agent.config deleted file mode 100644 index 169674d3b382..000000000000 --- a/prow/images/whitesource-scanner/go-mod-wss-unified-agent.config +++ /dev/null @@ -1,114 +0,0 @@ -#################################################################### -# WhiteSource Unified-Agent configuration file -#################################################################### -########################################## -# GENERAL SCAN MODE: Files and Package Managers -########################################## - -checkPolicies=false -forceCheckAllDependencies=false -forceUpdate=true -forceUpdate.failBuildOnPolicyViolation=false -offline=false -ignoreSourceFiles=true -#scanComment= -#updateInventory=false -resolveAllDependencies=false -failErrorLevel=ALL -#requireKnownSha1=false -#generateProjectDetailsJson=true -#generateScanReport=true -#scanReportTimeoutMinutes=10 -#scanReportFilenameFormat= -#excludeDependenciesFromNodes=.*commons-io.*,.*maven-model - -#projectPerFolder=true -#projectPerFolderIncludes= -#projectPerFolderExcludes= - -#analyzeFrameworks=true -#analyzeFrameworksReference= - -#wss.connectionTimeoutMinutes=60 -# Change the below URL to your WhiteSource server. -# Use the 'WhiteSource Server URL' which can be retrieved -# from your 'Profile' page on the 'Server URLs' panel. -# Then, add the '/agent' path to it. -wss.url=https://sap.whitesourcesoftware.com/agent - - -#bower.resolveDependencies=false -#bower.ignoreSourceFiles=true -#bower.runPreStep=true - -#gradle.ignoredScopes= -#gradle.resolveDependencies=false -#gradle.runAssembleCommand=false -#gradle.runPreStep=true -#gradle.ignoreSourceFiles=true -#gradle.aggregateModules=true -#gradle.preferredEnvironment=wrapper -#gradle.localRepositoryPath= - -#paket.resolveDependencies=false -#paket.ignoredGroups= -#paket.ignoreSourceFiles=false -#paket.runPreStep=true -#paket.exePath= - - -# GO dependency resolver part -################################ -# resolveDependencies parameter is important and need to be true -go.resolveDependencies=false -go.modules.resolveDependencies=true -# ignoreSourceFiles parameter is important and need to be true -go.modules.ignoreSourceFiles=true -# go.collectDependenciesAtRuntime=true -# dependencyManager: Determines the Go dependency manager to use when scanning a Go project. -# Valid values are 'dep', 'godep', 'vndr', 'gogradle', 'glide', 'govendor', 'gopm', 'vgo' and 'modules'. -# If empty, then the Unified Agent will try to resolve the dependencies using each one -# of the package managers above. -# go.dependencyManager= -#go.glide.ignoreTestPackages=false -#go.gogradle.enableTaskAlias=true - -#html.resolveDependencies=false - -################################## -# Organization tokens: -################################## -apiKey= - -#userKey is required if WhiteSource administrator has enabled "Enforce user level access" option -userKey= - -projectName= -projectVersion= -projectToken= - -productName= -productVersion= -productToken= -#updateType=APPEND -#requesterEmail=user@provider.com - -######################################################################################### -# Includes/Excludes Glob patterns - PLEASE USE ONLY ONE EXCLUDE LINE AND ONE INCLUDE LINE -######################################################################################### -#includes=**/*.c **/*.cc **/*.cp **/*.cpp **/*.cxx **/*.c++ **/*.h **/*.hpp **/*.hxx **/*.js -includes=**/*.go **/*.mod **/*.sum **/*.lock **/*.toml - -#includes=**/*.m **/*.mm **/*.js **/*.php -#includes=**/*.jar -#includes=**/*.gem **/*.rb -#includes=**/*.dll **/*.cs **/*.nupkg -#includes=**/*.tgz **/*.deb **/*.gzip **/*.rpm **/*.tar.bz2 -#includes=**/*.zip **/*.tar.gz **/*.egg **/*.whl **/*.py - -## Exclude file extensions or specific directories by adding **/*. or **//** -# exclude all Kyma tests components which are not deployed to the production cluster and could be skipped from the ws scan -# excludes=**/tests/** - -case.sensitive.glob=false -followSymbolicLinks=true diff --git a/prow/images/whitesource-scanner/go-wss-unified-agent.config b/prow/images/whitesource-scanner/go-wss-unified-agent.config deleted file mode 100644 index c3d2c3bb501d..000000000000 --- a/prow/images/whitesource-scanner/go-wss-unified-agent.config +++ /dev/null @@ -1,113 +0,0 @@ -#################################################################### -# WhiteSource Unified-Agent configuration file -#################################################################### -########################################## -# GENERAL SCAN MODE: Files and Package Managers -########################################## - -checkPolicies=false -forceCheckAllDependencies=false -forceUpdate=true -forceUpdate.failBuildOnPolicyViolation=false -offline=false -ignoreSourceFiles=true -#scanComment= -#updateInventory=false -resolveAllDependencies=false -failErrorLevel=ALL -#requireKnownSha1=false -#generateProjectDetailsJson=true -#generateScanReport=true -#scanReportTimeoutMinutes=10 -#scanReportFilenameFormat= -#excludeDependenciesFromNodes=.*commons-io.*,.*maven-model - -#projectPerFolder=true -#projectPerFolderIncludes= -#projectPerFolderExcludes= - -#analyzeFrameworks=true -#analyzeFrameworksReference= - -#wss.connectionTimeoutMinutes=60 -# Change the below URL to your WhiteSource server. -# Use the 'WhiteSource Server URL' which can be retrieved -# from your 'Profile' page on the 'Server URLs' panel. -# Then, add the '/agent' path to it. -wss.url=https://sap.whitesourcesoftware.com/agent - - -#bower.resolveDependencies=false -#bower.ignoreSourceFiles=true -#bower.runPreStep=true - -#gradle.ignoredScopes= -#gradle.resolveDependencies=false -#gradle.runAssembleCommand=false -#gradle.runPreStep=true -#gradle.ignoreSourceFiles=true -#gradle.aggregateModules=true -#gradle.preferredEnvironment=wrapper -#gradle.localRepositoryPath= - -#paket.resolveDependencies=false -#paket.ignoredGroups= -#paket.ignoreSourceFiles=false -#paket.runPreStep=true -#paket.exePath= - - -# GO dependency resolver part -################################ -# resolveDependencies parameter is important and need to be true -go.resolveDependencies=true -# ignoreSourceFiles parameter is important and need to be true -go.ignoreSourceFiles=true -go.collectDependenciesAtRuntime=true -# dependencyManager: Determines the Go dependency manager to use when scanning a Go project. -# Valid values are 'dep', 'godep', 'vndr', 'gogradle', 'glide', 'govendor', 'gopm', 'vgo' and 'modules'. -# If empty, then the Unified Agent will try to resolve the dependencies using each one -# of the package managers above. -go.dependencyManager=dep -#go.glide.ignoreTestPackages=false -#go.gogradle.enableTaskAlias=true - -#html.resolveDependencies=false - -################################## -# Organization tokens: -################################## -apiKey= - -#userKey is required if WhiteSource administrator has enabled "Enforce user level access" option -userKey= - -projectName= -projectVersion= -projectToken= - -productName= -productVersion= -productToken= -#updateType=APPEND -#requesterEmail=user@provider.com - -######################################################################################### -# Includes/Excludes Glob patterns - PLEASE USE ONLY ONE EXCLUDE LINE AND ONE INCLUDE LINE -######################################################################################### -#includes=**/*.c **/*.cc **/*.cp **/*.cpp **/*.cxx **/*.c++ **/*.h **/*.hpp **/*.hxx **/*.js -includes=**/*.go **/*.mod **/*.sum **/*.lock **/*.toml - -#includes=**/*.m **/*.mm **/*.js **/*.php -#includes=**/*.jar -#includes=**/*.gem **/*.rb -#includes=**/*.dll **/*.cs **/*.nupkg -#includes=**/*.tgz **/*.deb **/*.gzip **/*.rpm **/*.tar.bz2 -#includes=**/*.zip **/*.tar.gz **/*.egg **/*.whl **/*.py - -## Exclude file extensions or specific directories by adding **/*. or **//** -# exclude all Kyma tests components which are not deployed to the production cluster and could be skipped from the ws scan -# excludes=**/tests/** - -case.sensitive.glob=false -followSymbolicLinks=true diff --git a/prow/images/whitesource-scanner/javascript-wss-unified-agent.config b/prow/images/whitesource-scanner/javascript-wss-unified-agent.config deleted file mode 100644 index 054838d226b7..000000000000 --- a/prow/images/whitesource-scanner/javascript-wss-unified-agent.config +++ /dev/null @@ -1,99 +0,0 @@ -#################################################################### -# WhiteSource Unified-Agent configuration file -#################################################################### -########################################## -# GENERAL SCAN MODE: Files and Package Managers -########################################## - -checkPolicies=false -forceCheckAllDependencies=false -forceUpdate=true -forceUpdate.failBuildOnPolicyViolation=false -offline=false -ignoreSourceFiles=true -#scanComment= -#updateInventory=false -resolveAllDependencies=false -failErrorLevel=ALL -#requireKnownSha1=false -#generateProjectDetailsJson=true -#generateScanReport=true -#scanReportTimeoutMinutes=10 -#scanReportFilenameFormat= -#excludeDependenciesFromNodes=.*commons-io.*,.*maven-model - -#projectPerFolder=true -#projectPerFolderIncludes= -#projectPerFolderExcludes= - -#analyzeFrameworks=true -#analyzeFrameworksReference= - -#wss.connectionTimeoutMinutes=60 -# Change the below URL to your WhiteSource server. -# Use the 'WhiteSource Server URL' which can be retrieved -# from your 'Profile' page on the 'Server URLs' panel. -# Then, add the '/agent' path to it. -wss.url=https://sap.whitesourcesoftware.com/agent - -# NPM dependency resolver part -################################ -# resolveDependencies parameter is important and need to be true -npm.resolveDependencies=true -# ignoreSourceFiles parameter is important and need to be true -npm.ignoreSourceFiles=true -npm.includeDevDependencies=false -npm.runPreStep=true -# the folowing paramter "ignoreNpmLsErrors" and "failOnNpmLsErrors" are a little bit -# tricky. So if you run into issues, please contact us. -npm.ignoreNpmLsErrors=true -npm.failOnNpmLsErrors=false -npm.ignoreScripts=true -#npm.yarnProject=true -#npm.accessToken= -#npm.identifyByNameAndVersion=true -#npm.yarn.frozenLockfile=true -#npm.resolveMainPackageJsonOnly=true -#npm.removeDuplicateDependencies=false -#npm.resolveAdditionalDependencies=true -#npm.projectNameFromDependencyFile=true -#npm.resolveGlobalPackages=true -#npm.resolveLockFile=true - - -################################## -# Organization tokens: -################################## -apiKey= - -#userKey is required if WhiteSource administrator has enabled "Enforce user level access" option -userKey= - -projectName= -projectVersion= -projectToken= - -productName= -productVersion= -productToken= -#updateType=APPEND -#requesterEmail=user@provider.com - -######################################################################################### -# Includes/Excludes Glob patterns - PLEASE USE ONLY ONE EXCLUDE LINE AND ONE INCLUDE LINE -######################################################################################### -#includes=**/*.c **/*.cc **/*.cp **/*.cpp **/*.cxx **/*.c++ **/*.h **/*.hpp **/*.hxx **/*.js -includes=**/*.go **/*.js **/*.ts - -#includes=**/*.m **/*.mm **/*.js **/*.php -#includes=**/*.jar -#includes=**/*.gem **/*.rb -#includes=**/*.dll **/*.cs **/*.nupkg -#includes=**/*.tgz **/*.deb **/*.gzip **/*.rpm **/*.tar.bz2 -#includes=**/*.zip **/*.tar.gz **/*.egg **/*.whl **/*.py - -## Exclude file extensions or specific directories by adding **/*. or **//** -excludes=**/*sources.jar **/*javadoc.jar - -case.sensitive.glob=false -followSymbolicLinks=true diff --git a/prow/jobs/kyma-project/test-infra/gcr-cleaner.yaml b/prow/jobs/kyma-project/test-infra/gcr-cleaner.yaml deleted file mode 100644 index 1481c4faf237..000000000000 --- a/prow/jobs/kyma-project/test-infra/gcr-cleaner.yaml +++ /dev/null @@ -1,108 +0,0 @@ -periodics: - - name: ci-gcr-cleaner-untagged - annotations: - owner: neighbors - description: "periodic that cleans up untagged images from all repos" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "ci-gcr-cleaner-untagged" - prow.k8s.io/pubsub.topic: "prowjobs" - decorate: true - cluster: trusted-workload - reporter_config: - slack: - channel: kyma-neighbors-alerts - cron: "25 * * * 1-5" - spec: - serviceAccountName: gcr-cleaner - containers: - - image: europe-docker.pkg.dev/gcr-cleaner/gcr-cleaner/gcr-cleaner-cli:0.12.0 - imagePullPolicy: Always - command: [ "/bin/gcr-cleaner-cli" ] - args: - - -repo=europe-docker.pkg.dev/kyma-project - - -recursive - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - resources: - requests: - cpu: 500m - memory: 1Gi - limits: - cpu: 500m - memory: 1Gi - - name: ci-gcr-cleaner-cache - annotations: - owner: neighbors - description: "periodic that cleans up ACR cache always at 3:25 on Monday" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "ci-gcr-cleaner-cache" - prow.k8s.io/pubsub.topic: "prowjobs" - decorate: true - cluster: trusted-workload - reporter_config: - slack: - channel: kyma-neighbors-alerts - cron: "33 3 * * 1" - spec: - serviceAccountName: gcr-cleaner - containers: - - image: europe-docker.pkg.dev/gcr-cleaner/gcr-cleaner/gcr-cleaner-cli:0.12.0 - imagePullPolicy: Always - command: [ "/bin/gcr-cleaner-cli" ] - args: - - -repo=europe-docker.pkg.dev/kyma-project/cache/cache - - -tag-filter-any=.* - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - resources: - requests: - cpu: 500m - memory: 1Gi - limits: - cpu: 500m - memory: 1Gi - - name: ci-gcr-cleaner-pr - annotations: - owner: neighbors - description: "periodic that cleans up PR images from dev that are older than 30 days" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "ci-gcr-cleaner-pr" - prow.k8s.io/pubsub.topic: "prowjobs" - decorate: true - cluster: trusted-workload - reporter_config: - slack: - channel: kyma-neighbors-alerts - cron: "40 * * * 1-5" - spec: - serviceAccountName: gcr-cleaner - containers: - - image: europe-docker.pkg.dev/gcr-cleaner/gcr-cleaner/gcr-cleaner-cli:0.12.0 - imagePullPolicy: Always - command: [ "/bin/gcr-cleaner-cli" ] - args: - - -repo=europe-docker.pkg.dev/kyma-project/dev - - -recursive - - -tag-filter-any=PR-.* - - -grace=720h - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - resources: - requests: - cpu: 500m - memory: 1Gi - limits: - cpu: 500m - memory: 1Gi \ No newline at end of file diff --git a/prow/jobs/kyma-project/test-infra/image-syncer.yaml b/prow/jobs/kyma-project/test-infra/image-syncer.yaml index 60ec66d55712..a0ea75980e40 100644 --- a/prow/jobs/kyma-project/test-infra/image-syncer.yaml +++ b/prow/jobs/kyma-project/test-infra/image-syncer.yaml @@ -22,7 +22,7 @@ presubmits: # runs on PRs - ^main$ spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-syncer:v20241007-36d14dd7" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-syncer:v20241010-d3f08490" securityContext: privileged: false seccompProfile: @@ -61,7 +61,7 @@ postsubmits: # runs on main - ^main$ spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-syncer:v20241007-36d14dd7" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-syncer:v20241010-d3f08490" securityContext: privileged: false seccompProfile: diff --git a/prow/jobs/kyma-project/test-infra/kyma-bot.yaml b/prow/jobs/kyma-project/test-infra/kyma-bot.yaml index a00e88bb9fd5..eacf6f3ecd05 100644 --- a/prow/jobs/kyma-project/test-infra/kyma-bot.yaml +++ b/prow/jobs/kyma-project/test-infra/kyma-bot.yaml @@ -22,7 +22,7 @@ presubmits: # runs on PRs spec: serviceAccountName: sa-prowjob-gcp-logging-client containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/usersmapchecker:v20241007-36d14dd7" + - image: "europe-docker.pkg.dev/kyma-project/prod/usersmapchecker:v20241010-d3f08490" imagePullPolicy: Always securityContext: privileged: false diff --git a/prow/jobs/kyma-project/test-infra/periodics.yaml b/prow/jobs/kyma-project/test-infra/periodics.yaml index fe5e828fe68e..f8a36942672d 100644 --- a/prow/jobs/kyma-project/test-infra/periodics.yaml +++ b/prow/jobs/kyma-project/test-infra/periodics.yaml @@ -15,7 +15,7 @@ periodics: # runs on schedule spec: serviceAccountName: sa-prow-job-resource-cleaners containers: - - image: europe-docker.pkg.dev/kyma-project/prod/e2e-gcloud:v20241007-610a437f + - image: europe-docker.pkg.dev/kyma-project/prod/e2e-gcloud:v20241008-5739ce08 securityContext: privileged: false seccompProfile: @@ -51,7 +51,7 @@ periodics: # runs on schedule cluster: trusted-workload spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/diskscollector:v20241007-36d14dd7" + - image: "europe-docker.pkg.dev/kyma-project/prod/diskscollector:v20241010-d3f08490" securityContext: privileged: false seccompProfile: @@ -83,7 +83,7 @@ periodics: # runs on schedule cluster: trusted-workload spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/ipcleaner:v20241007-36d14dd7" + - image: "europe-docker.pkg.dev/kyma-project/prod/ipcleaner:v20241010-d3f08490" securityContext: privileged: false seccompProfile: @@ -115,7 +115,7 @@ periodics: # runs on schedule cluster: trusted-workload spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/clusterscollector:v20241007-36d14dd7" + - image: "europe-docker.pkg.dev/kyma-project/prod/clusterscollector:v20241010-d3f08490" securityContext: privileged: false seccompProfile: @@ -147,7 +147,7 @@ periodics: # runs on schedule cluster: trusted-workload spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/vmscollector:v20241007-36d14dd7" + - image: "europe-docker.pkg.dev/kyma-project/prod/vmscollector:v20241010-d3f08490" securityContext: privileged: false seccompProfile: @@ -180,7 +180,7 @@ periodics: # runs on schedule cluster: trusted-workload spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/orphanremover:v20241007-36d14dd7" + - image: "europe-docker.pkg.dev/kyma-project/prod/orphanremover:v20241010-d3f08490" securityContext: privileged: false seccompProfile: @@ -212,7 +212,7 @@ periodics: # runs on schedule cluster: trusted-workload spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/dnscollector:v20241007-36d14dd7" + - image: "europe-docker.pkg.dev/kyma-project/prod/dnscollector:v20241010-d3f08490" securityContext: privileged: false seccompProfile: diff --git a/prow/jobs/kyma-project/test-infra/prow-periodics.yaml b/prow/jobs/kyma-project/test-infra/prow-periodics.yaml index b7af72f9caf2..f6b5eba7067e 100644 --- a/prow/jobs/kyma-project/test-infra/prow-periodics.yaml +++ b/prow/jobs/kyma-project/test-infra/prow-periodics.yaml @@ -1,36 +1,5 @@ postsubmits: # runs on main kyma-project/test-infra: - - name: post-test-infra-markdown-index-autobump - annotations: - description: "autobump markdown index.md" - owner: "neighbors" - labels: - prow.k8s.io/pubsub.project: "sap-kyma-prow" - prow.k8s.io/pubsub.runID: "post-test-infra-markdown-index-autobump" - prow.k8s.io/pubsub.topic: "prowjobs" - preset-autobump-bot-github-token: "true" - run_if_changed: '.md$' - skip_report: false - cluster: trusted-workload - max_concurrency: 10 - branches: - - ^main$ - reporter_config: - slack: - channel: kyma-neighbors-alerts - spec: - containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/markdown-index:v20241007-36d14dd7" - securityContext: - privileged: false - seccompProfile: - type: RuntimeDefault - allowPrivilegeEscalation: false - command: - - "/markdown-index" - args: - - "--config=configs/autobump-config/test-infra-markdown-index-autobump-config.yaml" - - "--labels-override=kind/chore,area/documentation" - name: post-test-infra-deploy-prow annotations: description: "Deploy prow components" @@ -52,7 +21,7 @@ postsubmits: # runs on main spec: serviceAccountName: sa-prow-deploy containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/e2e-gcloud:v20241007-610a437f" + - image: "europe-docker.pkg.dev/kyma-project/prod/e2e-gcloud:v20241008-5739ce08" securityContext: privileged: false seccompProfile: diff --git a/sec-scanners-config.yaml b/sec-scanners-config.yaml index 1453f59095ff..68adccf7d1f5 100644 --- a/sec-scanners-config.yaml +++ b/sec-scanners-config.yaml @@ -1,16 +1,16 @@ module-name: test-infra protecode: - - europe-docker.pkg.dev/kyma-project/prod/cors-proxy:v20241007-36d14dd7 - - europe-docker.pkg.dev/kyma-project/prod/create-github-issue:v20241007-36d14dd7 - - europe-docker.pkg.dev/kyma-project/prod/dashboard-token-proxy:v20241007-36d14dd7 - - europe-docker.pkg.dev/kyma-project/prod/github-webhook-gateway:v20241007-36d14dd7 - - europe-docker.pkg.dev/kyma-project/prod/move-gcs-bucket:v20241007-36d14dd7 - - europe-docker.pkg.dev/kyma-project/prod/scan-logs-for-secrets:v20241007-36d14dd7 - - europe-docker.pkg.dev/kyma-project/prod/search-github-issue:v20241007-36d14dd7 - - europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20241007-36d14dd7 - - europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20241007-36d14dd7 + - europe-docker.pkg.dev/kyma-project/prod/cors-proxy:v20241010-d3f08490 + - europe-docker.pkg.dev/kyma-project/prod/create-github-issue:v20241010-d3f08490 + - europe-docker.pkg.dev/kyma-project/prod/dashboard-token-proxy:v20241010-d3f08490 + - europe-docker.pkg.dev/kyma-project/prod/github-webhook-gateway:v20241010-d3f08490 + - europe-docker.pkg.dev/kyma-project/prod/move-gcs-bucket:v20241010-d3f08490 + - europe-docker.pkg.dev/kyma-project/prod/scan-logs-for-secrets:v20241010-d3f08490 + - europe-docker.pkg.dev/kyma-project/prod/search-github-issue:v20241010-d3f08490 + - europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20241010-d3f08490 + - europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20241010-d3f08490 - europe-docker.pkg.dev/kyma-project/prod/test-infra/signify-secret-rotator:v20240924-997e8b7b - - europe-docker.pkg.dev/kyma-project/prod/test-infra/slackmessagesender:v20241002-1ca38179 + - europe-docker.pkg.dev/kyma-project/prod/test-infra/slackmessagesender:v20241008-00628e8e whitesource: language: golang-mod exclude: