From a9986d12ad330292b817af649bea8c914d54105f Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Wed, 23 Oct 2024 17:16:13 -0600 Subject: [PATCH 1/5] chore: badge and update READMEs/workflow permissions --- .github/workflows/ci-docs-shim.yaml | 4 ++ .github/workflows/commitlint.yaml | 4 ++ .github/workflows/lint.yaml | 4 ++ .github/workflows/release.yaml | 2 +- .github/workflows/test.yaml | 2 +- README.md | 41 ++++++++++++------- bundles/dev/README.md | 5 ++- bundles/k3d-demo/README.md | 6 ++- .../dev-secrets/minio-secret.yaml | 37 +++++++++++++++++ src/dev-namespaces/dev-secrets/zarf.yaml | 31 ++++++++++++++ .../gitlab-ns.yaml | 0 .../mattermost-ns.yaml | 0 .../sonarqube-ns.yaml | 0 src/{namespaces => dev-namespaces}/zarf.yaml | 0 tasks/dependencies.yaml | 2 +- 15 files changed, 117 insertions(+), 21 deletions(-) create mode 100644 src/dev-namespaces/dev-secrets/minio-secret.yaml create mode 100644 src/dev-namespaces/dev-secrets/zarf.yaml rename src/{namespaces => dev-namespaces}/gitlab-ns.yaml (100%) rename src/{namespaces => dev-namespaces}/mattermost-ns.yaml (100%) rename src/{namespaces => dev-namespaces}/sonarqube-ns.yaml (100%) rename src/{namespaces => dev-namespaces}/zarf.yaml (100%) diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml index d75ce33..25b089b 100644 --- a/.github/workflows/ci-docs-shim.yaml +++ b/.github/workflows/ci-docs-shim.yaml @@ -8,6 +8,10 @@ on: branches: [main] types: [milestoned, opened, synchronize] +# Permissions for the GITHUB_TOKEN used by the workflow. +permissions: + contents: read # Allows reading the content of the repository. + jobs: validate: strategy: diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml index 668de4a..4d2bded 100644 --- a/.github/workflows/commitlint.yaml +++ b/.github/workflows/commitlint.yaml @@ -8,6 +8,10 @@ on: branches: [main] types: [milestoned, opened, edited, synchronize] +# Permissions for the GITHUB_TOKEN used by the workflow. +permissions: + contents: read # Allows reading the content of the repository. + jobs: validate: uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index be6fb18..ee594a2 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -9,6 +9,10 @@ on: # milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow). types: [milestoned, opened, reopened, synchronize] +# Permissions for the GITHUB_TOKEN used by the workflow. +permissions: + contents: read # Allows reading the content of the repository. + jobs: validate: uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index ca6aef2..4bb93a7 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -36,7 +36,7 @@ jobs: if: ${{ needs.tag-new-version.outputs.release_created == 'true' }} strategy: matrix: - bundle: [k3d-demo, dev] + bundle: [k3d-demo, dev, lab] architecture: [amd64, arm64] runs-on: ${{ matrix.architecture == 'arm64' && 'uds-swf-ubuntu-arm64-4-core' || 'uds-swf-ubuntu-big-boy-16-core' }} timeout-minutes: 80 diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 9da86b6..250e22b 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -43,7 +43,7 @@ jobs: strategy: fail-fast: false matrix: - bundle: [k3d-demo, dev] + bundle: [k3d-demo, dev, lab] type: [install, upgrade] steps: diff --git a/README.md b/README.md index a0eff78..58af16c 100644 --- a/README.md +++ b/README.md @@ -1,25 +1,35 @@ # 🏭 UDS Software Factory +[Made for UDS](https://github.com/defenseunicorns/uds-core) [![Latest Release](https://img.shields.io/github/v/release/defenseunicorns/uds-software-factory)](https://github.com/defenseunicorns/uds-software-factory/releases) [![Build Status](https://img.shields.io/github/actions/workflow/status/defenseunicorns/uds-software-factory/release.yaml)](https://github.com/defenseunicorns/uds-software-factory/release.yaml) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/uds-software-factory/badge)](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/uds-software-factory) -This is the integration / wayfinding repository for the Unicorn Delivery Service (UDS) Software Factory created and offered by Defense Unicorns. In its current state it is made up of the following UDS packages that are bundled together: +This is the integration / wayfinding repository for the UDS Software Factory created and offered by Defense Unicorns. The Software Factory is made up of bundled applications that assist with development of new software in airgap environments. These applications are split into `primary` and `lab` applications to denote applications that are ready for wider use and those that we are still learning from and experimenting with. + +The `primary` UDS Software Factory packages are: - [GitLab](https://github.com/defenseunicorns/uds-package-gitlab) - a DevOps software package that can develop, secure, and operate software - [GitLab Runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) - a Continuous Integration runner that integrates with GitLab +- [Renovate](https://github.com/defenseunicorns/uds-package-renovate) - a dependency checking bot that integrates with GitLab - [Mattermost](https://github.com/defenseunicorns/uds-package-mattermost) - an open-source, self-hostable online chat service - [SonarQube](https://github.com/defenseunicorns/uds-package-sonarqube) - an open-source platform developed by SonarSource for continuous inspection of code quality +- [Postgres Operator](https://github.com/defenseunicorns/uds-package-postgres-operator) - a Kubernetes operator to deploy PostgreSQL databases in a cluster +- [Valkey](https://github.com/defenseunicorns/uds-package-valkey) - a Redis-alternative that can be deployed in a cluster (intended for use with GitLab) + +The `lab` UDS Software Factory packages are: + +- [Sigstore](https://github.com/defenseunicorns/uds-package-sigstore) - a keyless signing infrastructure for software artifact signing and attestations +- [Archivista](https://github.com/defenseunicorns/uds-package-archivista) - a GraphQL datastore for in-toto attestations This repo serves as an integration repository for testing, creating common [Architectural Decision Records](./adr), and tracking issues that have effects across the individual packages that make up Software Factory. -Also note that the Software Factory team helps to manage the following shared UDS packages and repositories: +Also note that the Software Factory team helps to manage the following UDS packages and repositories: -- [Postgres Operator](https://github.com/defenseunicorns/uds-package-postgres-operator) - a Kubernetes operator to deploy PostgreSQL databases in a cluster -- ⚠️ (alpha) [Valkey](https://github.com/defenseunicorns/uds-package-valkey) - a Redis-alternative that can be deployed in a cluster (intended for use with GitLab) -- [UDS Common](https://github.com/defenseunicorns/uds-common) - a common repo to share actions, UDS tasks and more between package repositories +- [UDS Common](https://github.com/defenseunicorns/uds-common) - a common repo to share workflows, UDS tasks and more between UDS Package repositories +- ⚠️ (alpha) [Minio Operator](https://github.com/defenseunicorns/uds-package-minio-operator) - an S3-compatible object storage provider -### tl;dr - [try it now](#quickstart-demo-bundle) +### 📜 tl;dr - [try it now](#quickstart-demo-bundle) ## Bundles @@ -30,21 +40,21 @@ This repository publishes multiple bundles for dev, test and demo purposes. They ### swf-dev -This is a bundle primarily for development that is located at `bundles/dev`. It requires an existing k3d cluster to deploy. +This bundle is for development of the `primary` Software Factory packages and is located at `bundles/dev`. It requires an existing Kubernetes cluster with at least [UDS Core Base](https://github.com/defenseunicorns/uds-core/tree/main/packages/base) and [UDS Core Identity and Authorization](https://github.com/defenseunicorns/uds-core/tree/main/packages/identity-authorization) on it to deploy. This bundle requires ~ `9 CPUs and 28GB of memory` available to run. ### k3d-swf-demo -This bundle is a demo bundle of Software Factory deployed on top of full [UDS Core](https://github.com/defenseunicorns/uds-core). It includes the deployment of an underlying k3d cluster. The bundle definition is located at `bundles/k3d-demo` +This bundle is a demo bundle of the `primary` Software Factory packages deployed on top of full [UDS Core](https://github.com/defenseunicorns/uds-core). It includes the deployment of an underlying K3d cluster and is located at `bundles/k3d-demo` -This is a fairly large bundle and requires `16 CPUs and 64GB of memory` available to run. It is best deployed on an adequately sized linux machine with Docker or equivalent installed. This is not currently tested on Mac due to resource limitations. +This is a fairly large bundle and requires `16 CPUs and 64GB of memory` available to run. It is best deployed on an adequately sized Linux machine with Docker or equivalent installed. This is not currently tested on macOS due to resource limitations. --- ### Quickstart (Demo Bundle) -If you have the resources for it locally (see above), you can deploy the full Software Factory with full `uds-core` and `k3d` using the [uds-k3d-swf-demo bundle](./bundles/k3d-demo/README.md). +If you have the resources for it locally (see above), you can deploy the `primary` Software Factory packages with full `uds-core` and `k3d` using the [uds-k3d-swf-demo bundle](./bundles/k3d-demo/README.md). #### Prerequisites @@ -68,11 +78,11 @@ uds deploy k3d-swf-demo:0.2.7 ### Quickstart (Dev Bundle) -Alternatively, you can deploy the [uds-k3d-swf-dev bundle](./bundles/dev/README.md), which is meant to be deployed on top of [k3d-core-slim-dev](https://github.com/defenseunicorns/uds-core/blob/main/bundles/k3d-slim-dev/README.md). This bundle includes all of Software Factory, but only utilizes part of the underlying `uds-core` baseline. This allows it to be run on a wider variety of hardware, particularly with local development in mind. +Alternatively, you can deploy the [uds-swf-dev bundle](./bundles/dev/README.md), which is meant to be deployed on top of [k3d-core-slim-dev](https://github.com/defenseunicorns/uds-core/blob/main/bundles/k3d-slim-dev/README.md) or another Kubernetes cluster with at least [UDS Core Base](https://github.com/defenseunicorns/uds-core/tree/main/packages/base) and [UDS Core Identity and Authorization](https://github.com/defenseunicorns/uds-core/tree/main/packages/identity-authorization). This bundle includes the `primary` Software Factory packages, but only requires part of the underlying `uds-core` baseline allowing it to be run on a wider variety of hardware, particularly with local development in mind. #### Prerequisites -- [K3D](https://k3d.io/) for dev & test environments or any [CNCF Certified Kubernetes Cluster](https://www.cncf.io/training/certification/software-conformance/#logos) for production environments. +- [K3D](https://k3d.io/) for dev & test environments or any [CNCF Certified Kubernetes Cluster](https://www.cncf.io/training/certification/software-conformance/#logos) for production-esque environments. - [UDS CLI](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install) v0.10.4 or later > [!NOTE] @@ -94,11 +104,14 @@ uds run _Alternatively_, you can deploy from OCI by running the following two commands: -Run the below command to deploy the `k3d-core-slim-dev` bundle: +To easily create a K3d cluster with [UDS Core Base](https://github.com/defenseunicorns/uds-core/tree/main/packages/base) and [UDS Core Identity and Authorization](https://github.com/defenseunicorns/uds-core/tree/main/packages/identity-authorization) run the below command to deploy the `k3d-core-slim-dev` bundle: > [!TIP] > You can append `--set INSECURE_ADMIN_PASSWORD_GENERATION=true` to the below command to enable a default keycloak admin. This is useful for development and testing of the SWF stack and enables the ability to run `uds run setup:create-doug-user` to create a user to test with using the username `doug` and the password `unicorn123!@#UN`. +> [!TIP] +> You can install this bundle on nearly any Kubernetes cluster as long as you install the Base and Identity and Authorization layers from UDS Core. You may need to make some changes to your node configuration which you can see in the [development documentation](./docs/development.md#linux-users). + ```bash uds deploy k3d-core-slim-dev:0.29.1 ``` @@ -113,4 +126,4 @@ uds deploy swf-dev:0.2.7 ## Development -When developing this package it is ideal to utilize the json schemas for UDS Bundles, Zarf Packages and Maru Tasks. This involves configuring your IDE to provide schema validation for the respective files used by each application. For guidance on how to set up this schema validation, please refer to the [guide](https://github.com/defenseunicorns/uds-common/blob/main/docs/development-ide-configuration.md) in uds-common. +When developing these bundles it is ideal to utilize the json schemas for UDS Bundles, Zarf Packages and Maru Tasks. This involves configuring your IDE to provide schema validation for the respective files used by each application. For guidance on how to set up this schema validation, please refer to the [guide](https://github.com/defenseunicorns/uds-common/blob/main/docs/uds-packages/development/development-ide-configuration.md) in uds-common. diff --git a/bundles/dev/README.md b/bundles/dev/README.md index dd90993..616cbe2 100644 --- a/bundles/dev/README.md +++ b/bundles/dev/README.md @@ -2,9 +2,10 @@ ## Bundle Applications -- [Minio](https://min.io/) - In-cluster S3 Object Storage (See below for more details) -- [Postgres Operator](https://github.com/defenseunicorns/uds-package-postgres-operator) - In-cluster Postgresql Database - [GitLab](https://github.com/defenseunicorns/uds-package-gitlab) - a DevOps software package that can develop, secure, and operate software - [GitLab Runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) - a Continuous Integration runner that integrates with GitLab +- [Renovate](https://github.com/defenseunicorns/uds-package-renovate) - a dependency checking bot that integrates with GitLab - [Mattermost](https://github.com/defenseunicorns/uds-package-mattermost) - an open-source, self-hostable online chat service - [SonarQube](https://github.com/defenseunicorns/uds-package-sonarqube) - an open-source platform developed by SonarSource for continuous inspection of code quality +- [Postgres Operator](https://github.com/defenseunicorns/uds-package-postgres-operator) - a Kubernetes operator to deploy PostgreSQL databases in a cluster +- [Minio](https://min.io/) - In-cluster S3 Object Storage (note this is not yet `uds-package-minio-operator`) diff --git a/bundles/k3d-demo/README.md b/bundles/k3d-demo/README.md index 9e97e87..d315f8b 100644 --- a/bundles/k3d-demo/README.md +++ b/bundles/k3d-demo/README.md @@ -3,10 +3,12 @@ ## Bundle Applications - [UDS-K3d](https://k3d.io/) - Containerized K3s with opinionated deployment for UDS development -- [Minio](https://min.io/) - In-cluster S3 Object Storage (See below for more details) -- [Postgres Operator](https://github.com/defenseunicorns/uds-package-postgres-operator) - In-cluster Postgresql Database - [UDS Core](https://github.com/defenseunicorns/uds-core) - Service Mesh, IdAM, Monitoring, Logging, Metrics, UDS Policy Engine & Operator, Container Security, Backup and Restore - [GitLab](https://github.com/defenseunicorns/uds-package-gitlab) - a DevOps software package that can develop, secure, and operate software - [GitLab Runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) - a Continuous Integration runner that integrates with GitLab +- [Renovate](https://github.com/defenseunicorns/uds-package-renovate) - a dependency checking bot that integrates with GitLab - [Mattermost](https://github.com/defenseunicorns/uds-package-mattermost) - an open-source, self-hostable online chat service - [SonarQube](https://github.com/defenseunicorns/uds-package-sonarqube) - an open-source platform developed by SonarSource for continuous inspection of code quality +- [Postgres Operator](https://github.com/defenseunicorns/uds-package-postgres-operator) - a Kubernetes operator to deploy PostgreSQL databases in a cluster +- [Valkey](https://github.com/defenseunicorns/uds-package-valkey) - a Redis-alternative that can be deployed in a cluster (intended for use with GitLab) +- [Minio](https://min.io/) - In-cluster S3 Object Storage (note this is not yet `uds-package-minio-operator`) diff --git a/src/dev-namespaces/dev-secrets/minio-secret.yaml b/src/dev-namespaces/dev-secrets/minio-secret.yaml new file mode 100644 index 0000000..82a910f --- /dev/null +++ b/src/dev-namespaces/dev-secrets/minio-secret.yaml @@ -0,0 +1,37 @@ +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + +# Source: bigbang/templates/gitlab/secret-objectstore.yaml +apiVersion: v1 +kind: Secret +metadata: + name: gitlab-object-store + namespace: gitlab +type: kubernetes.io/opaque +stringData: + connection: |- + provider: AWS + region: minio + aws_access_key_id: ###ZARF_VAR_ACCESS_KEY### + aws_secret_access_key: ###ZARF_VAR_SECRET_KEY### + endpoint: "http://minio.dev-minio.svc.cluster.local:9000" + aws_signature_version: 4 + path_style: true + registry: |- + s3: + bucket: uds-gitlab-registry + accesskey: ###ZARF_VAR_ACCESS_KEY### + secretkey: ###ZARF_VAR_SECRET_KEY### + regionendpoint: "http://minio.dev-minio.svc.cluster.local:9000" + region: minio + aws_signature_version: 4 + path_style: true + backups: |- + [default] + access_key = ###ZARF_VAR_ACCESS_KEY### + secret_key = ###ZARF_VAR_SECRET_KEY### + host_base = http://minio.dev-minio.svc.cluster.local:9000 + host_bucket = http://minio.dev-minio.svc.cluster.local:9000 + bucket_location = minio + multipart_chunk_size_mb = 128 + use_https = False diff --git a/src/dev-namespaces/dev-secrets/zarf.yaml b/src/dev-namespaces/dev-secrets/zarf.yaml new file mode 100644 index 0000000..95cd476 --- /dev/null +++ b/src/dev-namespaces/dev-secrets/zarf.yaml @@ -0,0 +1,31 @@ +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json +kind: ZarfPackageConfig +metadata: + name: dev-secrets + version: "0.1.0" + +components: + - name: minio-password + required: true + actions: + onDeploy: + before: + - cmd: ./zarf tools kubectl get secret -n dev-minio minio --template='{{ index .data "rootPassword" }}' | base64 -d + mute: true + setVariables: + - name: SECRET_KEY + sensitive: true + - cmd: ./zarf tools kubectl get secret -n dev-minio minio --template='{{ index .data "rootUser" }}' | base64 -d + mute: true + setVariables: + - name: ACCESS_KEY + sensitive: true + - name: gitlab-minio + required: true + manifests: + - name: gitlab-minio + files: + - "minio-secret.yaml" diff --git a/src/namespaces/gitlab-ns.yaml b/src/dev-namespaces/gitlab-ns.yaml similarity index 100% rename from src/namespaces/gitlab-ns.yaml rename to src/dev-namespaces/gitlab-ns.yaml diff --git a/src/namespaces/mattermost-ns.yaml b/src/dev-namespaces/mattermost-ns.yaml similarity index 100% rename from src/namespaces/mattermost-ns.yaml rename to src/dev-namespaces/mattermost-ns.yaml diff --git a/src/namespaces/sonarqube-ns.yaml b/src/dev-namespaces/sonarqube-ns.yaml similarity index 100% rename from src/namespaces/sonarqube-ns.yaml rename to src/dev-namespaces/sonarqube-ns.yaml diff --git a/src/namespaces/zarf.yaml b/src/dev-namespaces/zarf.yaml similarity index 100% rename from src/namespaces/zarf.yaml rename to src/dev-namespaces/zarf.yaml diff --git a/tasks/dependencies.yaml b/tasks/dependencies.yaml index e6f580a..65ebb71 100644 --- a/tasks/dependencies.yaml +++ b/tasks/dependencies.yaml @@ -10,4 +10,4 @@ tasks: default: ${UDS_ARCH} actions: - cmd: ./uds zarf package create src/dev-secrets --confirm --no-progress --skip-sbom -a ${{ .inputs.architecture }} - - cmd: ./uds zarf package create src/namespaces --confirm --no-progress --skip-sbom -a ${{ .inputs.architecture }} + - cmd: ./uds zarf package create src/dev-namespaces --confirm --no-progress --skip-sbom -a ${{ .inputs.architecture }} From a327f74ca8fb7116c4f8ec6e62f4c69589f91470 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Wed, 23 Oct 2024 17:17:38 -0600 Subject: [PATCH 2/5] remove lab --- .github/workflows/release.yaml | 2 +- .github/workflows/test.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4bb93a7..ca6aef2 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -36,7 +36,7 @@ jobs: if: ${{ needs.tag-new-version.outputs.release_created == 'true' }} strategy: matrix: - bundle: [k3d-demo, dev, lab] + bundle: [k3d-demo, dev] architecture: [amd64, arm64] runs-on: ${{ matrix.architecture == 'arm64' && 'uds-swf-ubuntu-arm64-4-core' || 'uds-swf-ubuntu-big-boy-16-core' }} timeout-minutes: 80 diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 250e22b..9da86b6 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -43,7 +43,7 @@ jobs: strategy: fail-fast: false matrix: - bundle: [k3d-demo, dev, lab] + bundle: [k3d-demo, dev] type: [install, upgrade] steps: From 38447ea291674963c088742b50ff7ae918e21565 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Wed, 23 Oct 2024 17:18:40 -0600 Subject: [PATCH 3/5] cleanup extra files --- .../dev-secrets/minio-secret.yaml | 37 ------------------- src/dev-namespaces/dev-secrets/zarf.yaml | 31 ---------------- 2 files changed, 68 deletions(-) delete mode 100644 src/dev-namespaces/dev-secrets/minio-secret.yaml delete mode 100644 src/dev-namespaces/dev-secrets/zarf.yaml diff --git a/src/dev-namespaces/dev-secrets/minio-secret.yaml b/src/dev-namespaces/dev-secrets/minio-secret.yaml deleted file mode 100644 index 82a910f..0000000 --- a/src/dev-namespaces/dev-secrets/minio-secret.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright 2024 Defense Unicorns -# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial - -# Source: bigbang/templates/gitlab/secret-objectstore.yaml -apiVersion: v1 -kind: Secret -metadata: - name: gitlab-object-store - namespace: gitlab -type: kubernetes.io/opaque -stringData: - connection: |- - provider: AWS - region: minio - aws_access_key_id: ###ZARF_VAR_ACCESS_KEY### - aws_secret_access_key: ###ZARF_VAR_SECRET_KEY### - endpoint: "http://minio.dev-minio.svc.cluster.local:9000" - aws_signature_version: 4 - path_style: true - registry: |- - s3: - bucket: uds-gitlab-registry - accesskey: ###ZARF_VAR_ACCESS_KEY### - secretkey: ###ZARF_VAR_SECRET_KEY### - regionendpoint: "http://minio.dev-minio.svc.cluster.local:9000" - region: minio - aws_signature_version: 4 - path_style: true - backups: |- - [default] - access_key = ###ZARF_VAR_ACCESS_KEY### - secret_key = ###ZARF_VAR_SECRET_KEY### - host_base = http://minio.dev-minio.svc.cluster.local:9000 - host_bucket = http://minio.dev-minio.svc.cluster.local:9000 - bucket_location = minio - multipart_chunk_size_mb = 128 - use_https = False diff --git a/src/dev-namespaces/dev-secrets/zarf.yaml b/src/dev-namespaces/dev-secrets/zarf.yaml deleted file mode 100644 index 95cd476..0000000 --- a/src/dev-namespaces/dev-secrets/zarf.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright 2024 Defense Unicorns -# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial - -# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json -kind: ZarfPackageConfig -metadata: - name: dev-secrets - version: "0.1.0" - -components: - - name: minio-password - required: true - actions: - onDeploy: - before: - - cmd: ./zarf tools kubectl get secret -n dev-minio minio --template='{{ index .data "rootPassword" }}' | base64 -d - mute: true - setVariables: - - name: SECRET_KEY - sensitive: true - - cmd: ./zarf tools kubectl get secret -n dev-minio minio --template='{{ index .data "rootUser" }}' | base64 -d - mute: true - setVariables: - - name: ACCESS_KEY - sensitive: true - - name: gitlab-minio - required: true - manifests: - - name: gitlab-minio - files: - - "minio-secret.yaml" From 9683cefadda57b215801089140fdf80bd7cc8137 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Wed, 23 Oct 2024 17:25:49 -0600 Subject: [PATCH 4/5] add renovate --- bundles/dev/uds-bundle.yaml | 46 ++++++++++++++++++++++++++++++++ bundles/k3d-demo/uds-bundle.yaml | 46 ++++++++++++++++++++++++++++++++ 2 files changed, 92 insertions(+) diff --git a/bundles/dev/uds-bundle.yaml b/bundles/dev/uds-bundle.yaml index 391d752..c0910c5 100644 --- a/bundles/dev/uds-bundle.yaml +++ b/bundles/dev/uds-bundle.yaml @@ -212,11 +212,57 @@ packages: description: "Gitlab Shell Min Replicas" path: "gitlab.gitlab-shell.minReplicas" default: 1 + uds-gitlab-settings: + values: + - path: "botAccounts" + value: + enabled: true + accounts: + - username: renovatebot + scopes: + - api + - read_repository + - write_repository + secret: + name: gitlab-renovatebot + namespace: renovate + keyName: TOKEN - name: gitlab-runner repository: ghcr.io/defenseunicorns/packages/uds/gitlab-runner ref: 17.2.1-uds.3-upstream + - name: valkey + repository: ghcr.io/defenseunicorns/packages/uds/valkey + ref: 7.2.6-uds.0-upstream + overrides: + valkey: + valkey: + # use a custom namespace here in the test bundle + # to deconflict with valkey deployed by gitlab dependency + namespace: "valkey-renovate" + uds-valkey-config: + namespace: "valkey-renovate" + values: + - path: custom + value: + - direction: Ingress + selector: + app.kubernetes.io/name: valkey + remoteNamespace: renovate + port: 6379 + description: "Ingress from Renovate" + - path: copyPassword + value: + enabled: true + namespace: renovate + secretName: valkey-password + secretKey: password + + - name: renovate + repository: ghcr.io/defenseunicorns/packages/uds/renovate + ref: 38.107.0-uds.1-upstream + - name: sonarqube repository: ghcr.io/defenseunicorns/packages/uds/sonarqube ref: 10.7.0-uds.0-upstream diff --git a/bundles/k3d-demo/uds-bundle.yaml b/bundles/k3d-demo/uds-bundle.yaml index 8649ba5..7ce4314 100644 --- a/bundles/k3d-demo/uds-bundle.yaml +++ b/bundles/k3d-demo/uds-bundle.yaml @@ -234,11 +234,57 @@ packages: description: "Gitlab Shell Min Replicas" path: "gitlab.gitlab-shell.minReplicas" default: 1 + uds-gitlab-settings: + values: + - path: "botAccounts" + value: + enabled: true + accounts: + - username: renovatebot + scopes: + - api + - read_repository + - write_repository + secret: + name: gitlab-renovatebot + namespace: renovate + keyName: TOKEN - name: gitlab-runner repository: ghcr.io/defenseunicorns/packages/uds/gitlab-runner ref: 17.2.1-uds.3-upstream + - name: valkey + repository: ghcr.io/defenseunicorns/packages/uds/valkey + ref: 7.2.6-uds.0-upstream + overrides: + valkey: + valkey: + # use a custom namespace here in the test bundle + # to deconflict with valkey deployed by gitlab dependency + namespace: "valkey-renovate" + uds-valkey-config: + namespace: "valkey-renovate" + values: + - path: custom + value: + - direction: Ingress + selector: + app.kubernetes.io/name: valkey + remoteNamespace: renovate + port: 6379 + description: "Ingress from Renovate" + - path: copyPassword + value: + enabled: true + namespace: renovate + secretName: valkey-password + secretKey: password + + - name: renovate + repository: ghcr.io/defenseunicorns/packages/uds/renovate + ref: 38.107.0-uds.1-upstream + - name: sonarqube repository: ghcr.io/defenseunicorns/packages/uds/sonarqube ref: 10.7.0-uds.0-upstream From 5fb62f92dc5feb1cddfc4880af715629ca63249d Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Thu, 24 Oct 2024 09:20:52 -0600 Subject: [PATCH 5/5] Update .github/workflows/commitlint.yaml Co-authored-by: Eric Wyles <23637493+ericwyles@users.noreply.github.com> --- .github/workflows/commitlint.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml index 4d2bded..03c4917 100644 --- a/.github/workflows/commitlint.yaml +++ b/.github/workflows/commitlint.yaml @@ -11,6 +11,7 @@ on: # Permissions for the GITHUB_TOKEN used by the workflow. permissions: contents: read # Allows reading the content of the repository. + pull-requests: read # Allows reading pull requests jobs: validate: