From 7b3cb86c759436ef282427c77556a235930b8eb2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 1 May 2024 19:31:47 +0000 Subject: [PATCH 1/6] chore(deps): update gitlab runner package dependencies | datasource | package | from | to | | ---------- | -------------------------------------------------------------------- | -------- | -------- | | helm | gitlab-runner | 0.63.0 | 0.64.0 | | docker | registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner | v16.10.0 | v16.11.0 | | docker | registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper | v16.10.0 | v16.11.0 | | docker | registry1.dso.mil/ironbank/redhat/ubi/ubi9 | 9.3 | 9.4 | --- common/zarf.yaml | 2 +- zarf.yaml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/common/zarf.yaml b/common/zarf.yaml index c50bab3..6bd7c7a 100644 --- a/common/zarf.yaml +++ b/common/zarf.yaml @@ -17,7 +17,7 @@ components: - name: gitlab-runner namespace: gitlab-runner url: https://charts.gitlab.io - version: "0.63.0" + version: "0.64.0" valuesFiles: - ../values/common-values.yaml actions: diff --git a/zarf.yaml b/zarf.yaml index d3e74a6..cb1b784 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -24,9 +24,9 @@ components: valuesFiles: - values/registry1-values.yaml images: - - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner:v16.10.0" - - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v16.10.0" - - "registry1.dso.mil/ironbank/redhat/ubi/ubi9:9.3" + - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner:v16.11.0" + - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v16.11.0" + - "registry1.dso.mil/ironbank/redhat/ubi/ubi9:9.4" - name: gitlab-runner required: true @@ -41,5 +41,5 @@ components: - values/upstream-values.yaml images: - "registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v16.10.0" # renovate: versioning=regex:^alpine-v?(?\\d+)\\.(?\\d+)\\.(?\\d+)?$ - - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v16.10.0" + - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v16.11.0" - "library/alpine:3.19.1" # renovate: versioning=regex:^(?\\d+)\\.(?\\d+)\\.(?\\d+)?$ From b09c0751a531b5c46737fb57ac7f09db4edd11a8 Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Thu, 2 May 2024 22:49:17 -0400 Subject: [PATCH 2/6] fix broken renovate updates --- values/registry1-values.yaml | 6 +++--- values/upstream-values.yaml | 4 ++-- zarf.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/values/registry1-values.yaml b/values/registry1-values.yaml index 648f62e..7aee373 100644 --- a/values/registry1-values.yaml +++ b/values/registry1-values.yaml @@ -4,14 +4,14 @@ useTini: true image: registry: "registry1.dso.mil" image: "ironbank/gitlab/gitlab-runner/gitlab-runner" - tag: v16.10.0 + tag: v16.11.0 runners: job: registry: registry1.dso.mil repository: ironbank/redhat/ubi/ubi9 - tag: "9.3" + tag: "9.4" helper: registry: registry1.dso.mil repository: ironbank/gitlab/gitlab-runner/gitlab-runner-helper - tag: v16.10.0 + tag: v16.11.0 diff --git a/values/upstream-values.yaml b/values/upstream-values.yaml index 95e6665..31541cb 100644 --- a/values/upstream-values.yaml +++ b/values/upstream-values.yaml @@ -1,7 +1,7 @@ image: registry: registry.gitlab.com image: gitlab-org/gitlab-runner - tag: alpine-v16.10.0 + tag: alpine-v16.11.0 runners: job: @@ -11,4 +11,4 @@ runners: helper: registry: registry1.dso.mil repository: ironbank/gitlab/gitlab-runner/gitlab-runner-helper - tag: v16.10.0 + tag: v16.11.0 diff --git a/zarf.yaml b/zarf.yaml index cb1b784..0050167 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -40,6 +40,6 @@ components: valuesFiles: - values/upstream-values.yaml images: - - "registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v16.10.0" # renovate: versioning=regex:^alpine-v?(?\\d+)\\.(?\\d+)\\.(?\\d+)?$ + - "registry.gitlab.com/gitlab-org/gitlab-runner:alpine-v16.11.0" # renovate: versioning=regex:^alpine-v?(?\\d+)\\.(?\\d+)\\.(?\\d+)?$ - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v16.11.0" - "library/alpine:3.19.1" # renovate: versioning=regex:^(?\\d+)\\.(?\\d+)\\.(?\\d+)?$ From b2157387d5a7239ec5a40bc871bb8a9044ea66c8 Mon Sep 17 00:00:00 2001 From: Zachariah Miller Date: Mon, 6 May 2024 22:37:25 -0400 Subject: [PATCH 3/6] update values to proper inputs and escurity context, add dev and admin task, make test work on arm64 --- .vscode/settings.json | 43 +++++++++++++++++++++++++++++++ tasks.yaml | 24 +++++++++++++++++ test/journey/pipeline-run.test.ts | 2 +- values/common-values.yaml | 11 +++++--- 4 files changed, 75 insertions(+), 5 deletions(-) create mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..9eeb159 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,43 @@ +{ + "debug.javascript.terminalOptions": { + "enableTurboSourcemaps": true, + "resolveSourceMapLocations": [ + "${workspaceFolder}/**", + "node_modules/kubernetes-fluent-client/**", + "node_modules/pepr/**" + ] + }, + "yaml.schemas": { + "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.1/uds.schema.json": [ + "uds-bundle.yaml" + ], + "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.1/tasks.schema.json": [ + "tasks.yaml", + "tasks/**/*.yaml", + "src/**/validate.yaml" + ], + "https://raw.githubusercontent.com/defenseunicorns/zarf/v0.32.6/zarf.schema.json": [ + "zarf.yaml" + ] + }, + "cSpell.words": [ + "alertmanager", + "Authservice", + "automount", + "controlplane", + "crds", + "distros", + "ironbank", + "Kiali", + "Kyverno", + "MITM", + "neuvector", + "opensource", + "promtail", + "Quickstart", + "Gitlab", + "seccomp", + "Sysctls", + "Velero" + ] + } \ No newline at end of file diff --git a/tasks.yaml b/tasks.yaml index ea46c3d..d495580 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -37,6 +37,29 @@ tasks: spoof_release: "true" - task: create:test-bundle + - name: test + description: Just test the health of Gitlab and Gitlab Runner deployments + actions: + - task: test:glr-run-check + + - name: dev + description: Deploy gitlab-runner on existing cluster with existing gitlab + actions: + - task: create-glr-package + - task: create-glr-test-bundle + - task: deploy:test-bundle + + - name: create-user + description: create doug user + actions: + - task: setup:create-doug-user + + - name: doug-admin + description: Promote Doug to admin (requires running create-user and logging into gitlab ui first) + actions: + - cmd: | + ./uds zarf tools kubectl exec -n gitlab deployment/gitlab-toolbox -- gitlab-rails runner -e production "user = User.find_by(username: 'doug'); user.admin = true; user.save!" + # CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names - name: test-package @@ -56,6 +79,7 @@ tasks: - task: setup:k3d-test-cluster - task: dependencies:deploy - task: deploy:test-bundle + - task: setup:create-doug-user - task: create-glr-test-bundle - task: deploy:test-bundle - task: test:glr-health-check diff --git a/test/journey/pipeline-run.test.ts b/test/journey/pipeline-run.test.ts index 9a0390e..1ba76ba 100644 --- a/test/journey/pipeline-run.test.ts +++ b/test/journey/pipeline-run.test.ts @@ -12,7 +12,7 @@ test('test kicking off a pipeline run', async () => { zarfExec([ "package", "mirror-resources", - "zarf-package-gitlab-runner-test-amd64-0.0.1.tar.zst", + "zarf-package-gitlab-runner-test-*-0.0.1.tar.zst", "--git-url", "https://gitlab.uds.dev/", "--git-push-username", "root", "--git-push-password", rootPassword, diff --git a/values/common-values.yaml b/values/common-values.yaml index 6a15b16..358db5c 100644 --- a/values/common-values.yaml +++ b/values/common-values.yaml @@ -32,15 +32,18 @@ runners: concurrent: 50 -securityContext: - runAsUser: 1001 - runAsGroup: 1001 +podSecurityContext: + runAsUser: 100 + fsGroup: 65534 -containerSecurityContext: +securityContext: + allowPrivilegeEscalation: false runAsNonRoot: true + privileged: false capabilities: drop: ["ALL"] + resources: limits: memory: 256Mi From acbe2e5ea9546ef34885b74f1d29c72a7de6a816 Mon Sep 17 00:00:00 2001 From: Zachariah Miller Date: Mon, 6 May 2024 22:41:10 -0400 Subject: [PATCH 4/6] fix lint --- tasks.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tasks.yaml b/tasks.yaml index d495580..380b77b 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -52,13 +52,13 @@ tasks: - name: create-user description: create doug user actions: - - task: setup:create-doug-user + - task: setup:create-doug-user - name: doug-admin description: Promote Doug to admin (requires running create-user and logging into gitlab ui first) actions: - - cmd: | - ./uds zarf tools kubectl exec -n gitlab deployment/gitlab-toolbox -- gitlab-rails runner -e production "user = User.find_by(username: 'doug'); user.admin = true; user.save!" + - cmd: | + ./uds zarf tools kubectl exec -n gitlab deployment/gitlab-toolbox -- gitlab-rails runner -e production "user = User.find_by(username: 'doug'); user.admin = true; user.save!" # CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names From 21c067afe5e42e0e0f3f23e3aa7dbf735959dafd Mon Sep 17 00:00:00 2001 From: Zachariah Miller Date: Tue, 7 May 2024 09:03:14 -0400 Subject: [PATCH 5/6] address review comments --- .vscode/settings.json | 9 ++++----- docs/DEVELOPMENT_MAINTENANCE.md | 1 + tasks.yaml | 10 ---------- test/journey/pipeline-run.test.ts | 4 ++-- 4 files changed, 7 insertions(+), 17 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index 9eeb159..edfcc35 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -8,15 +8,14 @@ ] }, "yaml.schemas": { - "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.1/uds.schema.json": [ + "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/uds.schema.json": [ "uds-bundle.yaml" ], - "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.1/tasks.schema.json": [ + "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/tasks.schema.json": [ "tasks.yaml", "tasks/**/*.yaml", - "src/**/validate.yaml" ], - "https://raw.githubusercontent.com/defenseunicorns/zarf/v0.32.6/zarf.schema.json": [ + "https://raw.githubusercontent.com/defenseunicorns/zarf/v0.31.0/zarf.schema.json": [ "zarf.yaml" ] }, @@ -40,4 +39,4 @@ "Sysctls", "Velero" ] - } \ No newline at end of file + } diff --git a/docs/DEVELOPMENT_MAINTENANCE.md b/docs/DEVELOPMENT_MAINTENANCE.md index 8e00d3a..6439a28 100644 --- a/docs/DEVELOPMENT_MAINTENANCE.md +++ b/docs/DEVELOPMENT_MAINTENANCE.md @@ -24,4 +24,5 @@ When changes are merged to the `main` branch, the Release Please will evaluate a > TIP: Merging a PR should be done via a branch **"Squash and merge"**; this means that the commit message seen on this PR merge is what Release Please will use to determine a version bump. When the auto generated Release Please PR is merged the following steps will automatically happen. + 1) A new release will be created and tagged diff --git a/tasks.yaml b/tasks.yaml index 380b77b..6fbe67e 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -37,11 +37,6 @@ tasks: spoof_release: "true" - task: create:test-bundle - - name: test - description: Just test the health of Gitlab and Gitlab Runner deployments - actions: - - task: test:glr-run-check - - name: dev description: Deploy gitlab-runner on existing cluster with existing gitlab actions: @@ -49,11 +44,6 @@ tasks: - task: create-glr-test-bundle - task: deploy:test-bundle - - name: create-user - description: create doug user - actions: - - task: setup:create-doug-user - - name: doug-admin description: Promote Doug to admin (requires running create-user and logging into gitlab ui first) actions: diff --git a/test/journey/pipeline-run.test.ts b/test/journey/pipeline-run.test.ts index 1ba76ba..74822ca 100644 --- a/test/journey/pipeline-run.test.ts +++ b/test/journey/pipeline-run.test.ts @@ -6,13 +6,13 @@ test('test kicking off a pipeline run', async () => { // Get the root password for GitLab const rootPasswordSecret = await K8s(kind.Secret).InNamespace("gitlab").Get("gitlab-gitlab-initial-root-password") const rootPassword = atob(rootPasswordSecret.data!.password) - + const arch = process.env.UDS_ARCH // Create a test repository in GitLab using Zarf zarfExec(["package", "create", "package", "--confirm"]); zarfExec([ "package", "mirror-resources", - "zarf-package-gitlab-runner-test-*-0.0.1.tar.zst", + `zarf-package-gitlab-runner-test-${arch}-0.0.1.tar.zst`, "--git-url", "https://gitlab.uds.dev/", "--git-push-username", "root", "--git-push-password", rootPassword, From 5ec61617a94697931ca82d38d0f68aa238b36304 Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Tue, 7 May 2024 09:06:22 -0400 Subject: [PATCH 6/6] Update tasks.yaml --- tasks.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks.yaml b/tasks.yaml index 6fbe67e..75dcbb2 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -45,7 +45,7 @@ tasks: - task: deploy:test-bundle - name: doug-admin - description: Promote Doug to admin (requires running create-user and logging into gitlab ui first) + description: Promote Doug to admin (requires running setup:create-doug-user and logging into gitlab ui first) actions: - cmd: | ./uds zarf tools kubectl exec -n gitlab deployment/gitlab-toolbox -- gitlab-rails runner -e production "user = User.find_by(username: 'doug'); user.admin = true; user.save!"