From 3cc2ee7c065c4acbd6447d0b5ea506300e85fbf3 Mon Sep 17 00:00:00 2001
From: Opnauticus <blanchardA@gmail.com>
Date: Tue, 2 Apr 2024 11:56:53 -0700
Subject: [PATCH] feat: zarf file (#39)

* Adding a simple zarf file and corresponding uds task for building it

* revert change to version

* pinning version of sed, removing multi-arch build assumption

* task -> cmd

* add zarf build test

* adjusting builder image base, removing pinned sed

* Adding .vscode settings and some renovate config to track zarf/uds schema versions

* updating docs

* remove unused renovate config settings
---
 .github/workflows/test.yaml | 19 ++++++++++++++++++-
 .gitignore                  |  1 +
 .vscode/settings.json       | 33 +++++++++++++++++++++++++++++++++
 README.md                   |  1 +
 docs/CUSTOMIZE.md           | 10 ++++++++++
 renovate.json               | 10 ++++++++++
 src/Dockerfile              |  2 +-
 tasks.yaml                  |  6 ++++++
 zarf.yaml                   | 15 +++++++++++++++
 9 files changed, 95 insertions(+), 2 deletions(-)
 create mode 100644 .vscode/settings.json
 create mode 100644 zarf.yaml

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 7a511c6f..9e5c6a0b 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -11,7 +11,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  title_check:
+  docker_build:
     runs-on: ubuntu-latest
     name: Test Docker Build
     permissions:
@@ -27,6 +27,23 @@ jobs:
 
       - name: Test building the docker image
         run: uds run dev-build
+  
+  zarf_build:
+    runs-on: ubuntu-latest
+    name: Test Zarf Build
+    permissions:
+      pull-requests: read
+      contents: read
+
+    steps:  
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Environment setup
+        uses: defenseunicorns/uds-common/.github/actions/setup@fc12e3a773580020a1d63e254525eab0f8b99fc8
+
+      - name: Test building a zarf package
+        run: uds run build-zarf-pkg
 
   plugin_unit_tests:
     runs-on: ubuntu-latest
diff --git a/.gitignore b/.gitignore
index 1ad75dee..261d6a31 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,3 +13,4 @@ test.cer
 test.csr
 test.pem
 *authorized_certs*
+src/extra-jars/
diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 00000000..199f04dc
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,33 @@
+{
+    "yaml.schemas": {  
+      "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.2/tasks.schema.json": [
+        "tasks.yaml",
+        "tasks/**/*.yaml",
+        "src/**/validate.yaml"
+      ],
+      "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.2/zarf.schema.json": [
+        "zarf.yaml"
+      ]
+    },
+    "cSpell.words": [
+      "alertmanager",
+      "Authservice",
+      "automount",
+      "controlplane",
+      "crds",
+      "distros",
+      "ironbank",
+      "Kiali",
+      "Kyverno",
+      "MITM",
+      "neuvector",
+      "opensource",
+      "promtail",
+      "Quarkus",
+      "Quickstart",
+      "seccomp",
+      "Sysctls",
+      "Velero"
+    ],
+    "cSpell.enabled": true
+  }
\ No newline at end of file
diff --git a/README.md b/README.md
index 1a4c7960..2598d475 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,7 @@ This repo builds the UDS Identity (Keycloak) Config image used by UDS Identity.
    | Task Name | Task Description |
    |---------------------|---------------------------------------------|
    | build-and-publish   | Build and publish the multi-arch image      |
+   | build-zarf-pkg      | Build the image locally and package it with Zarf |
    | dev-build           | Build the image locally for dev             |
    | dev-update-image    | Build the image and import locally into k3d |
    | dev-theme           | Copy theme to Keycloak in dev cluster       |
diff --git a/docs/CUSTOMIZE.md b/docs/CUSTOMIZE.md
index 06e2c5c6..d5f590b8 100644
--- a/docs/CUSTOMIZE.md
+++ b/docs/CUSTOMIZE.md
@@ -215,3 +215,13 @@ RUN mvn clean package
 #### Building New Image with Updates
 
 Once satisfied with changes and tested that they work, see [Testing custom image in UDS Core](./CUSTOMIZE.md#testing-custom-image-in-uds-core) for building, publishing, and using the new image with `uds-core`.
+
+
+## Transport Custom Image with Zarf
+For convenience, a Zarf package definition has been included to simplify custom image transport and install in air-gapped systems.
+
+#### Build the Zarf package
+Use the included UDS task to build the custom image and package it with Zarf:
+```
+uds run build-zarf-pkg
+```
\ No newline at end of file
diff --git a/renovate.json b/renovate.json
index 449cea3c..9b3aabfb 100644
--- a/renovate.json
+++ b/renovate.json
@@ -66,5 +66,15 @@
         "matchPaths": [".github/**"],
         "groupName": "GHA-DEPS"
     }
+  ],
+  "regexManagers":[
+    {
+      "fileMatch": ["^tasks.ya?ml$", "^tasks/.*\\.ya?ml$", "^\\.vscode/settings\\.json$"],
+      "matchStrings": [
+         "https:\\/\\/raw\\.githubusercontent\\.com\\/(?<depName>[^\\/]+\\/[^\\/]+)\\/(?<currentValue>[^\\/]+)"
+      ],
+      "versioningTemplate": "semver-coerced",
+      "datasourceTemplate": "github-tags"
+    }  
   ]
 }
diff --git a/src/Dockerfile b/src/Dockerfile
index 0a3ddd14..4b648bfb 100644
--- a/src/Dockerfile
+++ b/src/Dockerfile
@@ -21,7 +21,7 @@ COPY extra-jars/* ./target/
 # Build the Java truststore from DOD CAs                                          #
 #                                                                                 #
 ###################################################################################
-FROM cgr.dev/chainguard/jdk:latest-dev as truststore
+FROM amazoncorretto:21-alpine-jdk as truststore
 USER root
 RUN apk add openssl coreutils sed bash findutils
 
diff --git a/tasks.yaml b/tasks.yaml
index 7c85e5ee..7e286e58 100644
--- a/tasks.yaml
+++ b/tasks.yaml
@@ -13,6 +13,12 @@ tasks:
     description: "Build and publish the multi-arch image"
     actions:
       - cmd: docker buildx build --push --platform linux/arm64/v8,linux/amd64 --tag ${IMAGE_NAME}:${VERSION} src
+  
+  - name: build-zarf-pkg
+    description: "Build the custom docker image and the zarf package for transporting it"
+    actions:
+      - cmd: docker build --tag ${IMAGE_NAME}:${VERSION} src
+      - cmd: ./uds zarf package create . --set IDENTITY_CONFIG_IMG=${IMAGE_NAME}:${VERSION} --confirm
 
   - name: dev-build
     description: "Build the image locally for dev"
diff --git a/zarf.yaml b/zarf.yaml
new file mode 100644
index 00000000..983cb403
--- /dev/null
+++ b/zarf.yaml
@@ -0,0 +1,15 @@
+kind: ZarfPackageConfig
+metadata:
+  name: keycloak-identity-config
+  version: "0.0.1"
+
+constants:
+  - name: IDENTIFY_CONFIG_IMG
+    description: "Image name and tag (MUST BE PROVIDED -- no default)"
+    value: '###ZARF_PKG_TMPL_IDENTITY_CONFIG_IMG###'
+
+components:
+  - name: keycloak-config-wrapper
+    required: true
+    images:
+      - '###ZARF_PKG_TMPL_IDENTITY_CONFIG_IMG###'