Updated all deps and fixed fhir gw security context (#247)

* chore(deps): update docker.io/curlimages/curl docker tag to v8.4.0 * chore(deps): update ghcr.io/samply/blaze docker tag to v0.22.3 * chore(deps): update docker.io/obiba/opal:4.6 docker digest to 79782ac * chore(deps): update ghcr.io/chgl/kube-powertools docker tag to v2.2.13 * chore(deps): updated deps, refreshed docs, fixed missing secContext * chore: downgrade powertools to be compatible with recruit chart upstream --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
miracum · Oct 23, 2023 · ef84aa7 · ef84aa7
1 parent 36fd8c2
commit ef84aa7
Show file tree

Hide file tree

Showing 16 changed files with 44 additions and 43 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -67,15 +67,6 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: downgrade helm
-        shell: bash
-        run: |
-          rm /usr/local/bin/helm
-          curl -fsSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 > /tmp/helm.sh
-          chmod +x /tmp/helm.sh
-          /tmp/helm.sh --version v3.12.3
-          helm version
-
       - name: Set up chart-testing
         uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0
 

diff --git a/charts/blaze/Chart.yaml b/charts/blaze/Chart.yaml
@@ -12,7 +12,7 @@ maintainers:
   - name: miracum
 deprecated: false
 kubeVersion: ">= 1.19.0"
-version: 0.3.4
+version: 0.3.5
 appVersion: "0.x"
 annotations:
   artifacthub.io/license: Apache-2.0
@@ -25,4 +25,8 @@ annotations:
   # added, changed, deprecated, removed, fixed and security.
   artifacthub.io/changes: |
     - kind: changed
-      description: update docker.io/curlimages/curl docker tag to v8.3.0
+      description: updated ghcr.io/samply/blaze image tag to v0.22.3
+    - kind: changed
+      description: update docker.io/curlimages/curl docker tag to v8.4.0
+    - kind: changed
+      description: refreshed docs with latest helm-docs
diff --git a/charts/blaze/values.yaml b/charts/blaze/values.yaml
@@ -5,7 +5,7 @@ replicaCount: 1
 image:
   registry: ghcr.io
   repository: samply/blaze
-  tag: 0.22.1@sha256:aea9042a0b84aeba5e128ee1a14f1c7c1e5bf88096656e53015039c22b198c43
+  tag: 0.22.3@sha256:4c5c30290c06045b58aecf6e7c071ae05c5d677e9e687be71fad51eb31579f48
   pullPolicy: IfNotPresent
 
 # -- set the server base URL. Evaluated as a template. Equivalent to setting the `BASE_URL` environment variable.
@@ -152,7 +152,7 @@ curl:
   image:
     registry: docker.io
     repository: curlimages/curl
-    tag: 8.3.0@sha256:961cf9e2a1939ea380b3f16e313a581b5d4681dd9dc4b1ace060eb396a71df0d
+    tag: 8.4.0@sha256:4a3396ae573c44932d06ba33f8696db4429c419da87cbdc82965ee96a37dd0af
 
 # -- configuration for the server persistence
 persistence:

diff --git a/charts/cloudera-hue/Chart.yaml b/charts/cloudera-hue/Chart.yaml
@@ -17,7 +17,7 @@ dependencies:
     version: 12.5.6
     repository: oci://registry-1.docker.io/bitnamicharts
     condition: postgresql.enabled
-version: 0.1.3
+version: 0.1.4
 appVersion: "4.11.0"
 annotations:
   artifacthub.io/license: Apache-2.0
@@ -31,4 +31,6 @@ annotations:
   # added, changed, deprecated, removed, fixed and security.
   artifacthub.io/changes: |
     - kind: changed
-      description: update docker.io/curlimages/curl docker tag to v8.3.0
+      description: update docker.io/curlimages/curl docker tag to v8.4.0
+    - kind: changed
+      description: refreshed docs with latest helm-docs
diff --git a/charts/cloudera-hue/README.md b/charts/cloudera-hue/README.md
@@ -1,6 +1,6 @@
 # cloudera-hue
 
-![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.11.0](https://img.shields.io/badge/AppVersion-4.11.0-informational?style=flat-square)
+![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.11.0](https://img.shields.io/badge/AppVersion-4.11.0-informational?style=flat-square)
 
 A Helm chart for deploying Cloudera Hue.
 

diff --git a/charts/cloudera-hue/values.yaml b/charts/cloudera-hue/values.yaml
@@ -155,7 +155,7 @@ curl: # +doc-gen:ignore
   image:
     registry: docker.io
     repository: curlimages/curl
-    tag: 8.3.0@sha256:961cf9e2a1939ea380b3f16e313a581b5d4681dd9dc4b1ace060eb396a71df0d
+    tag: 8.4.0@sha256:4a3396ae573c44932d06ba33f8696db4429c419da87cbdc82965ee96a37dd0af
 
 database:
   # -- database hostname of an external database. Only used if `postgresql.enabled` is set to `false`.

diff --git a/charts/datashield/Chart.yaml b/charts/datashield/Chart.yaml
@@ -20,7 +20,7 @@ dependencies:
     condition: postgresql.enabled
 deprecated: false
 kubeVersion: ">= 1.19.0"
-version: 0.5.2
+version: 0.5.3
 annotations:
   artifacthub.io/license: Apache-2.0
   artifacthub.io/containsSecurityUpdates: "false"
@@ -32,4 +32,8 @@ annotations:
   # added, changed, deprecated, removed, fixed and security.
   artifacthub.io/changes: |
     - kind: changed
-      description: update docker.io/curlimages/curl docker tag to v8.3.0
+      description: update docker.io/curlimages/curl docker tag to v8.4.0
+    - kind: changed
+      description: refreshed docs with latest helm-docs
+    - kind: changed
+      description: updated docker.io/obiba/opal:4.6 image digest to 79782ac
diff --git a/charts/datashield/values.yaml b/charts/datashield/values.yaml
@@ -12,7 +12,7 @@ opal:
   image:
     registry: docker.io
     repository: obiba/opal
-    tag: 4.6@sha256:0cff692fae7033789e65fb2661a2515d9cbb999e2e741a0a39b769e5c57dc343
+    tag: 4.6@sha256:79782ac5b921535bfcdee141b7045e978a1e983bef924324445db14159d47909
     pullPolicy: IfNotPresent
 
   auth:
@@ -364,7 +364,7 @@ curl:
   image:
     registry: docker.io
     repository: curlimages/curl
-    tag: 8.3.0@sha256:961cf9e2a1939ea380b3f16e313a581b5d4681dd9dc4b1ace060eb396a71df0d
+    tag: 8.4.0@sha256:4a3396ae573c44932d06ba33f8696db4429c419da87cbdc82965ee96a37dd0af
 
 tests:
   # -- configure the test pods resource requests and limits

diff --git a/charts/fhir-gateway/Chart.yaml b/charts/fhir-gateway/Chart.yaml
@@ -14,12 +14,14 @@ dependencies:
     condition: fhir-pseudonymizer.enabled
     version: 0.5.6
     repository: oci://ghcr.io/miracum/charts
-version: 6.0.18
+version: 6.0.19
 annotations:
   # When using the list of objects option the valid supported kinds are
   # added, changed, deprecated, removed, fixed and security.
   artifacthub.io/changes: |
     - kind: changed
-      description: update fhir-pseudonymizer subchart to 0.5.6
+      description: update docker.io/curlimages/curl docker tag to v8.4.0
     - kind: changed
-      description: update ghcr.io/miracum/fhir-gateway docker tag to v3.12.2
+      description: refreshed docs with latest helm-docs
+    - kind: changed
+      description: fixed missing seccompProfile in initContainer
diff --git a/charts/fhir-gateway/templates/gateway-deployment.yaml b/charts/fhir-gateway/templates/gateway-deployment.yaml
@@ -37,16 +37,10 @@ spec:
         - name: wait-for-db
           image: {{ include "fhir-gateway.waitforDB.image" . }}
           imagePullPolicy: {{ .Values.waitForPostgresInitContainer.image.pullPolicy }}
+          {{- with .Values.restrictedContainerSecurityContext }}
           securityContext:
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: true
-            privileged: false
-            capabilities:
-              drop:
-                - ALL
-            runAsNonRoot: true
-            runAsUser: 1001
-            runAsGroup: 1001
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           env:
             - name: PGHOST
               value: {{ include "fhir-gateway.postgresql.host" $ | quote }}

diff --git a/charts/fhir-gateway/values.yaml b/charts/fhir-gateway/values.yaml
@@ -324,7 +324,7 @@ curl: # +doc-gen:ignore
   image:
     registry: docker.io
     repository: curlimages/curl
-    tag: 8.3.0@sha256:961cf9e2a1939ea380b3f16e313a581b5d4681dd9dc4b1ace060eb396a71df0d
+    tag: 8.4.0@sha256:4a3396ae573c44932d06ba33f8696db4429c419da87cbdc82965ee96a37dd0af
 
 # container security context applied to init containers used by the query, list, and notify modules.
 # also used by the Helm test job pods

diff --git a/charts/fhir-pseudonymizer/Chart.yaml b/charts/fhir-pseudonymizer/Chart.yaml
@@ -10,7 +10,7 @@ dependencies:
     version: 1.2.7
     repository: oci://ghcr.io/miracum/charts
     condition: vfps.enabled
-version: 0.5.6
+version: 0.5.7
 annotations:
   artifacthub.io/license: Apache-2.0
   artifacthub.io/containsSecurityUpdates: "false"
@@ -22,4 +22,6 @@ annotations:
   # added, changed, deprecated, removed, fixed and security.
   artifacthub.io/changes: |
     - kind: changed
-      description: update ghcr.io/miracum/fhir-pseudonymizer docker tag to v2.21.0
+      description: update docker.io/curlimages/curl docker tag to v8.4.0
+    - kind: changed
+      description: refreshed docs with latest helm-docs
diff --git a/charts/fhir-pseudonymizer/values.yaml b/charts/fhir-pseudonymizer/values.yaml
@@ -224,7 +224,7 @@ curl: # +doc-gen:ignore
   image:
     registry: docker.io
     repository: curlimages/curl
-    tag: 8.3.0@sha256:961cf9e2a1939ea380b3f16e313a581b5d4681dd9dc4b1ace060eb396a71df0d
+    tag: 8.4.0@sha256:4a3396ae573c44932d06ba33f8696db4429c419da87cbdc82965ee96a37dd0af
 
 # container security context applied to init containers and the Helm test pods
 restrictedContainerSecurityContext: # +doc-gen:ignore

diff --git a/charts/stream-processors/Chart.yaml b/charts/stream-processors/Chart.yaml
@@ -8,13 +8,13 @@ keywords:
   - kafka
   - strimzi kafka operator
   - stream processing
-version: 1.2.0
+version: 1.2.1
 annotations:
   artifacthub.io/recommendations: |
     - url: https://artifacthub.io/packages/helm/strimzi/strimzi-kafka-operator
     - url: https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack
   artifacthub.io/changes: |
     # When using the list of objects option the valid supported kinds are
     # added, changed, deprecated, removed, fixed and security.
-    - kind: added
-      description: "Added deployment strategy type template with default RollingUpdate"
+    - kind: changed
+      description: refreshed docs with latest helm-docs
diff --git a/charts/vfps/Chart.yaml b/charts/vfps/Chart.yaml
@@ -20,7 +20,7 @@ dependencies:
     condition: postgresql.enabled
 deprecated: false
 kubeVersion: ">= 1.19.0"
-version: 1.2.7
+version: 1.2.8
 appVersion: "1.x"
 annotations:
   artifacthub.io/license: Apache-2.0
@@ -37,4 +37,6 @@ annotations:
   # added, changed, deprecated, removed, fixed and security.
   artifacthub.io/changes: |
     - kind: changed
-      description: update docker.io/curlimages/curl docker tag to v8.3.0
+      description: update docker.io/curlimages/curl docker tag to v8.4.0
+    - kind: changed
+      description: refreshed docs with latest helm-docs
diff --git a/charts/vfps/values.yaml b/charts/vfps/values.yaml
@@ -224,7 +224,7 @@ curl:
   image:
     registry: docker.io
     repository: curlimages/curl
-    tag: 8.3.0@sha256:961cf9e2a1939ea380b3f16e313a581b5d4681dd9dc4b1ace060eb396a71df0d
+    tag: 8.4.0@sha256:4a3396ae573c44932d06ba33f8696db4429c419da87cbdc82965ee96a37dd0af
 
 # -- a JSON configuration object which is mounted as `appsettings.Production.json` inside the container.
 # useful to define namespaces to create as part of the application startup.