diff --git a/.github/workflows/push-update-security-config.yaml b/.github/workflows/push-update-security-config.yaml index e99b406ce822..d9d819b33bad 100644 --- a/.github/workflows/push-update-security-config.yaml +++ b/.github/workflows/push-update-security-config.yaml @@ -70,7 +70,7 @@ jobs: --workdir /github/workspace \ --rm \ --user $UID \ - europe-docker.pkg.dev/kyma-project/prod/image-detector:v20240927-29c71d4a \ + europe-docker.pkg.dev/kyma-project/prod/image-detector:v20241004-fdf557fe \ --terraform-dir=${{ env.TERRAFORM_CONFIGS_DIR }} \ --sec-scanner-config=${{ env.SEC_SCANNERS_CONFIG_PATH }} \ --autobump-config=${{ env.AUTOBUMP_CONFIG_PATH }} diff --git a/configs/terraform/environments/dev/secrets-rotator/terraform.tfvars b/configs/terraform/environments/dev/secrets-rotator/terraform.tfvars index 64beee0e7f78..22c0a35948ad 100644 --- a/configs/terraform/environments/dev/secrets-rotator/terraform.tfvars +++ b/configs/terraform/environments/dev/secrets-rotator/terraform.tfvars @@ -1,8 +1,8 @@ project_id = "sap-kyma-neighbors-dev" region = "europe-west3" service_account_keys_rotator_service_name = "service-account-keys-rotator" -service_account_keys_rotator_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20241002-f478815a" #gitleaks:allow +service_account_keys_rotator_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20241004-fdf557fe" #gitleaks:allow service_account_keys_cleaner_service_name = "service-account-keys-cleaner" -service_account_keys_cleaner_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20241002-6e373aa7" #gitleaks:allow +service_account_keys_cleaner_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20241004-fdf557fe" #gitleaks:allow service_account_key_latest_version_min_age = 24 service_account_keys_cleaner_scheduler_cron_schedule = "0 0 * * 1-5" diff --git a/configs/terraform/environments/prod/terraform.tfvars b/configs/terraform/environments/prod/terraform.tfvars index c10f3c9f32d9..4d26a1e44ebe 100644 --- a/configs/terraform/environments/prod/terraform.tfvars +++ b/configs/terraform/environments/prod/terraform.tfvars @@ -8,9 +8,9 @@ kyma_project_artifact_registry_collection = { }, } service_account_keys_rotator_service_name = "service-account-keys-rotator" -service_account_keys_rotator_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20241002-f478815a" #gitleaks:allow +service_account_keys_rotator_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20241004-fdf557fe" #gitleaks:allow service_account_keys_cleaner_service_name = "service-account-keys-cleaner" -service_account_keys_cleaner_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20241002-6e373aa7" #gitleaks:allow +service_account_keys_cleaner_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20241004-fdf557fe" #gitleaks:allow service_account_key_latest_version_min_age = 24 service_account_keys_cleaner_scheduler_cron_schedule = "0 0 * * 1-5" diff --git a/configs/terraform/modules/cors-proxy/cors-proxy.tf b/configs/terraform/modules/cors-proxy/cors-proxy.tf index 51485559f821..3c39185fc109 100644 --- a/configs/terraform/modules/cors-proxy/cors-proxy.tf +++ b/configs/terraform/modules/cors-proxy/cors-proxy.tf @@ -28,7 +28,7 @@ resource "google_cloud_run_service" "cors_proxy" { template { spec { containers { - image = "europe-docker.pkg.dev/kyma-project/prod/cors-proxy:v20241002-aac0cb23" + image = "europe-docker.pkg.dev/kyma-project/prod/cors-proxy:v20241003-e3714466" env { name = "COMPONENT_NAME" value = "cors-proxy" diff --git a/configs/terraform/modules/github-webhook-gateway/github-webhook-gateway.tf b/configs/terraform/modules/github-webhook-gateway/github-webhook-gateway.tf index 43c7cb7fdd6d..dd5bb2f8ba9c 100644 --- a/configs/terraform/modules/github-webhook-gateway/github-webhook-gateway.tf +++ b/configs/terraform/modules/github-webhook-gateway/github-webhook-gateway.tf @@ -67,7 +67,7 @@ resource "google_cloud_run_service" "github_webhook_gateway" { spec { service_account_name = google_service_account.github_webhook_gateway.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/github-webhook-gateway:v20241002-aac0cb23" + image = "europe-docker.pkg.dev/kyma-project/prod/github-webhook-gateway:v20241004-fdf557fe" env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/configs/terraform/modules/secrets-leaks-log-scanner/gcs-bucket-mover.tf b/configs/terraform/modules/secrets-leaks-log-scanner/gcs-bucket-mover.tf index f60a70331b52..06251b0f790f 100644 --- a/configs/terraform/modules/secrets-leaks-log-scanner/gcs-bucket-mover.tf +++ b/configs/terraform/modules/secrets-leaks-log-scanner/gcs-bucket-mover.tf @@ -47,7 +47,7 @@ resource "google_cloud_run_service" "gcs_bucket_mover" { spec { service_account_name = google_service_account.gcs_bucket_mover.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/move-gcs-bucket:v20241002-aac0cb23" + image = "europe-docker.pkg.dev/kyma-project/prod/move-gcs-bucket:v20241004-fdf557fe" env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-creator.tf b/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-creator.tf index 4b133a06ef4e..595bdfc4d2f3 100644 --- a/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-creator.tf +++ b/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-creator.tf @@ -24,7 +24,7 @@ resource "google_cloud_run_service" "github_issue_creator" { spec { service_account_name = google_service_account.github_issue_creator.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/create-github-issue:v20241002-aac0cb23" + image = "europe-docker.pkg.dev/kyma-project/prod/create-github-issue:v20241004-fdf557fe" env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-finder.tf b/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-finder.tf index 967a6acd7150..17aa3c85f41a 100644 --- a/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-finder.tf +++ b/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-finder.tf @@ -24,7 +24,7 @@ resource "google_cloud_run_service" "github_issue_finder" { spec { service_account_name = google_service_account.github_issue_finder.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/search-github-issue:v20241002-aac0cb23" + image = "europe-docker.pkg.dev/kyma-project/prod/search-github-issue:v20241004-fdf557fe" env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/configs/terraform/modules/secrets-leaks-log-scanner/secrets-leak-log-scanner.tf b/configs/terraform/modules/secrets-leaks-log-scanner/secrets-leak-log-scanner.tf index 9caa8cbdabac..354fc8be5ea8 100644 --- a/configs/terraform/modules/secrets-leaks-log-scanner/secrets-leak-log-scanner.tf +++ b/configs/terraform/modules/secrets-leaks-log-scanner/secrets-leak-log-scanner.tf @@ -23,7 +23,7 @@ resource "google_cloud_run_service" "secrets_leak_log_scanner" { spec { service_account_name = google_service_account.secrets_leak_log_scanner.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/scan-logs-for-secrets:v20241002-aac0cb23" #gitleaks:allow + image = "europe-docker.pkg.dev/kyma-project/prod/scan-logs-for-secrets:v20241004-fdf557fe" #gitleaks:allow env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/configs/terraform/modules/security-dashboard-token/security-dashboard-token.tf b/configs/terraform/modules/security-dashboard-token/security-dashboard-token.tf index 32949d15a027..ed6cfe23dae2 100644 --- a/configs/terraform/modules/security-dashboard-token/security-dashboard-token.tf +++ b/configs/terraform/modules/security-dashboard-token/security-dashboard-token.tf @@ -31,7 +31,7 @@ resource "google_cloud_run_service" "security_dashboard_token" { template { spec { containers { - image = "europe-docker.pkg.dev/kyma-project/prod/dashboard-token-proxy:v20241002-aac0cb23" #gitleaks:allow ignore gitleaks detection + image = "europe-docker.pkg.dev/kyma-project/prod/dashboard-token-proxy:v20241004-fdf557fe" #gitleaks:allow ignore gitleaks detection env { name = "CLIENT_SECRET" value_from { diff --git a/prow/cluster/components/automated-approver_external-plugin.yaml b/prow/cluster/components/automated-approver_external-plugin.yaml index 2e25606f6fc8..44f825b3d502 100644 --- a/prow/cluster/components/automated-approver_external-plugin.yaml +++ b/prow/cluster/components/automated-approver_external-plugin.yaml @@ -16,7 +16,7 @@ spec: spec: containers: - name: automated-approver - image: europe-docker.pkg.dev/kyma-project/prod/automated-approver:v20241002-aac0cb23 + image: europe-docker.pkg.dev/kyma-project/prod/automated-approver:v20241004-fdf557fe imagePullPolicy: Always args: - --dry-run=false diff --git a/prow/cluster/resources/external-secrets/external_secrets_checker_prow.yaml b/prow/cluster/resources/external-secrets/external_secrets_checker_prow.yaml index cb0487140b82..fef9257ddbee 100644 --- a/prow/cluster/resources/external-secrets/external_secrets_checker_prow.yaml +++ b/prow/cluster/resources/external-secrets/external_secrets_checker_prow.yaml @@ -13,7 +13,7 @@ spec: spec: containers: - name: secret-checker-untrusted - image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20241002-aac0cb23 #gitleaks:allow + image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20241004-fdf557fe #gitleaks:allow imagePullPolicy: IfNotPresent command: - /externalsecretschecker @@ -49,7 +49,7 @@ spec: spec: containers: - name: secret-checker-trusted - image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20241002-aac0cb23 #gitleaks:allow + image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20241004-fdf557fe #gitleaks:allow imagePullPolicy: IfNotPresent command: - /externalsecretschecker @@ -85,7 +85,7 @@ spec: spec: containers: - name: secret-checker-prow - image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20241002-aac0cb23 #gitleaks:allow + image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20241004-fdf557fe #gitleaks:allow imagePullPolicy: IfNotPresent command: - /externalsecretschecker diff --git a/prow/jobs/kyma-project/test-infra/image-syncer.yaml b/prow/jobs/kyma-project/test-infra/image-syncer.yaml index c1d29dc0a7da..731e3f86cc0c 100644 --- a/prow/jobs/kyma-project/test-infra/image-syncer.yaml +++ b/prow/jobs/kyma-project/test-infra/image-syncer.yaml @@ -22,7 +22,7 @@ presubmits: # runs on PRs - ^main$ spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-syncer:v20240918-20d00fb8" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-syncer:v20241004-fdf557fe" securityContext: privileged: false seccompProfile: @@ -61,7 +61,7 @@ postsubmits: # runs on main - ^main$ spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-syncer:v20240918-20d00fb8" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-syncer:v20241004-fdf557fe" securityContext: privileged: false seccompProfile: diff --git a/prow/jobs/kyma-project/test-infra/kyma-bot.yaml b/prow/jobs/kyma-project/test-infra/kyma-bot.yaml index 1c4f7650fa84..32a83354251e 100644 --- a/prow/jobs/kyma-project/test-infra/kyma-bot.yaml +++ b/prow/jobs/kyma-project/test-infra/kyma-bot.yaml @@ -22,7 +22,7 @@ presubmits: # runs on PRs spec: serviceAccountName: sa-prowjob-gcp-logging-client containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/usersmapchecker:v20241002-aac0cb23" + - image: "europe-docker.pkg.dev/kyma-project/prod/usersmapchecker:v20241004-fdf557fe" imagePullPolicy: Always securityContext: privileged: false diff --git a/prow/jobs/kyma-project/test-infra/periodics.yaml b/prow/jobs/kyma-project/test-infra/periodics.yaml index c3da17b46785..7759b53751eb 100644 --- a/prow/jobs/kyma-project/test-infra/periodics.yaml +++ b/prow/jobs/kyma-project/test-infra/periodics.yaml @@ -15,7 +15,7 @@ periodics: # runs on schedule spec: serviceAccountName: sa-prow-job-resource-cleaners containers: - - image: europe-docker.pkg.dev/kyma-project/prod/e2e-gcloud:v20241001-f0fc4ad0 + - image: europe-docker.pkg.dev/kyma-project/prod/e2e-gcloud:v20241003-acbac287 securityContext: privileged: false seccompProfile: @@ -50,7 +50,7 @@ periodics: # runs on schedule cluster: trusted-workload spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/gcscleaner:v20241002-aac0cb23" + - image: "europe-docker.pkg.dev/kyma-project/prod/gcscleaner:v20241004-fdf557fe" securityContext: privileged: false seccompProfile: @@ -84,7 +84,7 @@ periodics: # runs on schedule cluster: trusted-workload spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/diskscollector:v20241002-aac0cb23" + - image: "europe-docker.pkg.dev/kyma-project/prod/diskscollector:v20241004-fdf557fe" securityContext: privileged: false seccompProfile: @@ -116,7 +116,7 @@ periodics: # runs on schedule cluster: trusted-workload spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/ipcleaner:v20241002-aac0cb23" + - image: "europe-docker.pkg.dev/kyma-project/prod/ipcleaner:v20241004-fdf557fe" securityContext: privileged: false seccompProfile: @@ -148,7 +148,7 @@ periodics: # runs on schedule cluster: trusted-workload spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/clusterscollector:v20241002-aac0cb23" + - image: "europe-docker.pkg.dev/kyma-project/prod/clusterscollector:v20241004-fdf557fe" securityContext: privileged: false seccompProfile: @@ -180,7 +180,7 @@ periodics: # runs on schedule cluster: trusted-workload spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/vmscollector:v20241002-aac0cb23" + - image: "europe-docker.pkg.dev/kyma-project/prod/vmscollector:v20241004-fdf557fe" securityContext: privileged: false seccompProfile: @@ -213,7 +213,7 @@ periodics: # runs on schedule cluster: trusted-workload spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/orphanremover:v20241002-aac0cb23" + - image: "europe-docker.pkg.dev/kyma-project/prod/orphanremover:v20241004-fdf557fe" securityContext: privileged: false seccompProfile: @@ -245,7 +245,7 @@ periodics: # runs on schedule cluster: trusted-workload spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/dnscollector:v20241002-aac0cb23" + - image: "europe-docker.pkg.dev/kyma-project/prod/dnscollector:v20241004-fdf557fe" securityContext: privileged: false seccompProfile: diff --git a/prow/jobs/kyma-project/test-infra/prow-periodics.yaml b/prow/jobs/kyma-project/test-infra/prow-periodics.yaml index 61a2284bc795..2ba3ad52e111 100644 --- a/prow/jobs/kyma-project/test-infra/prow-periodics.yaml +++ b/prow/jobs/kyma-project/test-infra/prow-periodics.yaml @@ -20,7 +20,7 @@ postsubmits: # runs on main channel: kyma-neighbors-alerts spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/markdown-index:v20241002-aac0cb23" + - image: "europe-docker.pkg.dev/kyma-project/prod/markdown-index:v20241004-fdf557fe" securityContext: privileged: false seccompProfile: @@ -52,7 +52,7 @@ postsubmits: # runs on main spec: serviceAccountName: sa-prow-deploy containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/e2e-gcloud:v20241001-f0fc4ad0" + - image: "europe-docker.pkg.dev/kyma-project/prod/e2e-gcloud:v20241003-acbac287" securityContext: privileged: false seccompProfile: