From 7bdd0215c1d6cbe47de2771acac2e86716061a89 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Mon, 25 Mar 2024 12:22:12 -0600 Subject: [PATCH] chore: implement upgrade tests for sonarqube (#60) * chore: implement upgrade tests for sonarqube * fix name * fix copy-pasta issue * update to uds-common v0.3.4 * update to uds-common v0.3.5 * update to uds-common v0.3.6 * resolve zach feedback --- .github/workflows/ci-docs-shim.yaml | 7 +-- .github/workflows/commitlint.yaml | 2 +- .github/workflows/lint.yaml | 33 ++++++++++++++ .github/workflows/scorecard.yaml | 2 +- .github/workflows/tag-and-release.yaml | 12 ++--- .github/workflows/test.yaml | 17 +++---- .yamllint | 35 +++++++++++++++ README.md | 14 ++---- bundle/uds-bundle.yaml | 2 +- bundle/uds-config.yaml | 1 - common/zarf.yaml | 27 ++++++------ oscal-component.yaml | 12 ++--- renovate.json | 27 ++++++++---- tasks.yaml | 61 ++++++++++++++++---------- tasks/create.yaml | 21 --------- tasks/dependencies.yaml | 5 +++ tasks/publish.yaml | 43 +++++++----------- tasks/test.yaml | 6 ++- values/common-values.yaml | 2 +- values/registry1-values.yaml | 2 +- zarf.yaml | 16 +++---- 21 files changed, 206 insertions(+), 141 deletions(-) create mode 100644 .github/workflows/lint.yaml create mode 100644 .yamllint delete mode 100644 tasks/create.yaml create mode 100644 tasks/dependencies.yaml diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml index 02ea9c0..ad8e133 100644 --- a/.github/workflows/ci-docs-shim.yaml +++ b/.github/workflows/ci-docs-shim.yaml @@ -22,13 +22,14 @@ on: jobs: run-test: - name: Create and Deploy Flavor ${{ matrix.flavor }} + name: ${{ matrix.type }} ${{ matrix.flavor }} runs-on: "ubuntu-latest" timeout-minutes: 20 strategy: matrix: flavor: [upstream, registry1] + type: [install, upgrade] steps: - - name: Shim for Deploy ${{ matrix.flavor }} + - name: Shim for ${{ matrix.type }} ${{ matrix.flavor }} run: | - echo "Documentation-only change detected; marking Deploy ${{ matrix.flavor }} as successful." + echo "Documentation-only change detected; marking ${{ matrix.type }} ${{ matrix.flavor }} as successful." diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml index 54ef3a6..2b6a9ce 100644 --- a/.github/workflows/commitlint.yaml +++ b/.github/workflows/commitlint.yaml @@ -8,4 +8,4 @@ on: jobs: validate: name: Validate - uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@442bae718050ea9a47254851a45632aabeb13b17 + uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml new file mode 100644 index 0000000..1a32cff --- /dev/null +++ b/.github/workflows/lint.yaml @@ -0,0 +1,33 @@ +name: Scan + +on: + # This workflow is triggered on pull requests to the main branch. + pull_request: + branches: [main] + types: [milestoned, opened, synchronize] + +jobs: + validate: + runs-on: ubuntu-latest + name: Lint + permissions: + contents: read # Allows reading the repo contents + + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + + - name: Environment setup + uses: defenseunicorns/uds-common/.github/actions/setup@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6 + with: + username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} + password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} + + - name: Install lint deps + run: | + uds run lint:deps + - name: Lint the repository + run: | + uds run lint:yaml diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index f9307bf..23a9619 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -5,7 +5,7 @@ on: schedule: - cron: '30 1 * * 6' push: - branches: [ "main" ] + branches: ["main"] # Declare default permissions as read only. permissions: read-all diff --git a/.github/workflows/tag-and-release.yaml b/.github/workflows/tag-and-release.yaml index 04fd7a1..4b1945b 100644 --- a/.github/workflows/tag-and-release.yaml +++ b/.github/workflows/tag-and-release.yaml @@ -31,28 +31,28 @@ jobs: permissions: contents: read packages: write - + steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Environment setup - uses: defenseunicorns/uds-common/.github/actions/setup@442bae718050ea9a47254851a45632aabeb13b17 + uses: defenseunicorns/uds-common/.github/actions/setup@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6 with: username: ${{secrets.IRON_BANK_ROBOT_USERNAME}} password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}} - + - name: Login to GHCR uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3 with: registry: ghcr.io username: dummy password: ${{ secrets.GITHUB_TOKEN }} - + - name: Publish Package run: uds run -f tasks/publish.yaml package --set FLAVOR=${{ matrix.flavor }} - name: Save logs if: always() - uses: defenseunicorns/uds-common/.github/actions/save-logs@442bae718050ea9a47254851a45632aabeb13b17 + uses: defenseunicorns/uds-common/.github/actions/save-logs@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6 with: - suffix: ${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }} \ No newline at end of file + suffix: ${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }} diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index ab063c0..ff55d54 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -3,7 +3,7 @@ name: Test on: pull_request: branches: [main] - types: [milestoned, opened, edited, synchronize] + types: [milestoned, opened, synchronize] paths-ignore: - "**.md" - "**.jpg" @@ -20,7 +20,7 @@ on: - "CODEOWNERS" - "LICENSE" - "CONTRIBUTING.md" - - "SECURITY.md" + - "SECURITY.md" # Abort prior jobs in the same workflow / PR concurrency: @@ -32,31 +32,32 @@ permissions: jobs: run-test: - name: Create and Deploy Flavor ${{ matrix.flavor }} + name: ${{ matrix.type }} ${{ matrix.flavor }} runs-on: ubuntu-latest timeout-minutes: 20 strategy: matrix: flavor: [upstream, registry1] + type: [install, upgrade] steps: - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Environment setup - uses: defenseunicorns/uds-common/.github/actions/setup@442bae718050ea9a47254851a45632aabeb13b17 + uses: defenseunicorns/uds-common/.github/actions/setup@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6 with: username: ${{secrets.IRON_BANK_ROBOT_USERNAME}} password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}} - name: Test - uses: defenseunicorns/uds-common/.github/actions/test@442bae718050ea9a47254851a45632aabeb13b17 + uses: defenseunicorns/uds-common/.github/actions/test@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6 with: flavor: ${{ matrix.flavor }} + type: ${{ matrix.type }} - name: Save logs if: always() - uses: defenseunicorns/uds-common/.github/actions/save-logs@442bae718050ea9a47254851a45632aabeb13b17 + uses: defenseunicorns/uds-common/.github/actions/save-logs@05f42bb3117b66ebef8c72ae050b34bce19385f5 # v0.3.6 with: - suffix: ${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }} - + suffix: ${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }} diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..3b3e255 --- /dev/null +++ b/.yamllint @@ -0,0 +1,35 @@ +yaml-files: + - '**/*.y*ml' + - '.yamllint' + +ignore: + - 'chart/templates**' + +rules: + anchors: enable + braces: enable + brackets: enable + colons: enable + commas: enable + comments: + level: warning + comments-indentation: + level: warning + document-end: disable + document-start: + level: warning + empty-lines: enable + empty-values: disable + float-values: disable + hyphens: enable + indentation: enable + key-duplicates: enable + key-ordering: disable + line-length: disable + new-line-at-end-of-file: enable + new-lines: enable + octal-values: disable + quoted-strings: disable + trailing-spaces: enable + truthy: + level: warning diff --git a/README.md b/README.md index be129e7..f70d55c 100644 --- a/README.md +++ b/README.md @@ -27,17 +27,9 @@ The released packages can be found in [ghcr](https://github.com/defenseunicorns/ ## UDS Tasks (for local dev and CI) -*For local dev, this requires installing [uds-cli](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install) - -| Task | Description | Example | -| ---- | ----------- | ------- | -| setup-cluster | Uses the `k3d-core-istio` bundle to create a cluster for testing against | `uds run setup-cluster` | -| create-package | Creates just the SonarQube package | `uds run create-package --set FLAVOR=` | -| create-test-bundle | Creates SonarQube and SonarQube dependency packages and then bundles them | `uds run create-test-bundle` | -| deploy-package | Deploy SonarQube package only | `uds run deploy-package` | -| deploy-test-bundle | Deploy SonarQube and SonarQube dependency bundle | `uds run deploy-test-bundle` | -| test-package | Run checks against a deployed package or bundle | `uds run test-package` | -| cleanup | Teardown the cluster | `uds run cleanup` | +*For local dev, this requires you install [uds-cli](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install) + +> :white_check_mark: **Tip:** To get a list of tasks to run you can use `uds run --list`! ## Contributing diff --git a/bundle/uds-bundle.yaml b/bundle/uds-bundle.yaml index 7d51bec..9c10182 100644 --- a/bundle/uds-bundle.yaml +++ b/bundle/uds-bundle.yaml @@ -10,7 +10,7 @@ packages: - name: dev-postgres repository: ghcr.io/defenseunicorns/packages/uds/dev-postgres ref: 0.0.1 - + - name: dev-secrets path: ../ ref: 0.1.0 diff --git a/bundle/uds-config.yaml b/bundle/uds-config.yaml index 705a122..e2758b5 100644 --- a/bundle/uds-config.yaml +++ b/bundle/uds-config.yaml @@ -4,4 +4,3 @@ variables: db_name: "sonarqubedb" sonarqube: sonarqube_db_endpoint: "postgresql.dev-postgres.svc.cluster.local" - diff --git a/common/zarf.yaml b/common/zarf.yaml index 0ad1c92..ab70af4 100644 --- a/common/zarf.yaml +++ b/common/zarf.yaml @@ -2,22 +2,21 @@ kind: ZarfPackageConfig metadata: name: sonarqube-common - description: "UDS SonarQube Common Package" + description: "UDS SonarQube Common Package" components: - name: sonarqube - required: true description: "Deploy sonarqube" charts: - - name: uds-sonarqube-config - namespace: sonarqube - version: 0.1.0 - localPath: ../chart - - name: sonarqube - namespace: sonarqube - # see note in README.md about use of registry1 chart for both flavors - url: https://repo1.dso.mil/big-bang/product/packages/sonarqube.git - gitPath: chart - version: "8.0.3-bb.0" - valuesFiles: - - ../values/common-values.yaml + - name: uds-sonarqube-config + namespace: sonarqube + version: 0.1.0 + localPath: ../chart + - name: sonarqube + namespace: sonarqube + # see note in README.md about use of registry1 chart for both flavors + url: https://repo1.dso.mil/big-bang/product/packages/sonarqube.git + gitPath: chart + version: "8.0.3-bb.0" + valuesFiles: + - ../values/common-values.yaml diff --git a/oscal-component.yaml b/oscal-component.yaml index 4e16762..7949eb0 100644 --- a/oscal-component.yaml +++ b/oscal-component.yaml @@ -31,15 +31,15 @@ component-definition: - uuid: 55993d5e-a53f-4a85-8e5e-949f0da24b43 control-id: au-2 description: >- - SonarQube creates logs as it conducts secure code scanning within the secure DevSecOps pipeline. + SonarQube creates logs as it conducts secure code scanning within the secure DevSecOps pipeline. - uuid: 25b50886-be11-46ae-bece-8c832fb85426 control-id: au-3 description: >- - SonarQube creates logs as it conducts secure code scanning within the secure DevSecOps pipeline. + SonarQube creates logs as it conducts secure code scanning within the secure DevSecOps pipeline. - uuid: 1e89f273-7e85-4e76-8c10-190c3fdfddfc control-id: au-3.1 description: >- - SonarQube creates logs as it conducts secure code scanning within the secure DevSecOps pipeline. + SonarQube creates logs as it conducts secure code scanning within the secure DevSecOps pipeline. - uuid: 2afccc07-f998-46f0-a05f-55985c9e58a0 control-id: au-8 description: >- @@ -47,11 +47,11 @@ component-definition: - uuid: 92f94bdb-e8da-45a6-9f0e-6cd4dc49eaa6 control-id: ca-2.2 description: >- - SonarQube runs automated code scanning to discover vulnerabilities as apart of the secure DevSecOps pipeline as code it committed. + SonarQube runs automated code scanning to discover vulnerabilities as apart of the secure DevSecOps pipeline as code it committed. - uuid: c092d3d3-66ca-4922-ac76-d38440640648 control-id: ca-7 description: >- - SonarQube assists with the ConMon process be conducting automated security code scanning in the secure DevSecOps pipelines to discover code vulnerabilities as code is committed. + SonarQube assists with the ConMon process be conducting automated security code scanning in the secure DevSecOps pipelines to discover code vulnerabilities as code is committed. - uuid: e4037835-5d80-4f09-9303-42045e5a588f control-id: cm-3.6 description: >- @@ -105,4 +105,4 @@ component-definition: - uuid: 2501ae6d-73e5-40e2-a87c-40e88c0c8b62 title: UDS Package SonarQube rlinks: - - href: https://github.com/defenseunicorns/uds-package-sonarqube \ No newline at end of file + - href: https://github.com/defenseunicorns/uds-package-sonarqube diff --git a/renovate.json b/renovate.json index 0058ce8..e9ec024 100644 --- a/renovate.json +++ b/renovate.json @@ -10,15 +10,26 @@ "replacements:all", "workarounds:all" ], - "hostRules": [ + "packageRules": [ { - "matchHost": "registry1.dso.mil", - "hostType": "docker", - "description": "Encrypted creds for registry1, scoped to this Github org using: https://github.com/renovatebot/renovate/blob/main/docs/usage/configuration-options.md#encrypted", - "encrypted": { - "username": "wcFMA/xDdHCJBTolAQ//a+5GNAOsD/UOKnqJDdbPRr73EXRgyRdtMOIqDyjGZIKcdVo64StgUb1O37O5bazoyGeYkcISaWjInxRuoBOxqFhdo5cTUIJavjm2Sn75OWCDBUr2Q5/OSluQDbp7QO9g4+cHxcjtldlMswZg0RIoSX8rtAcNvJePvuWDKRHmUSDbWrNoAPaqOUvBIUF+BUR8o2UtKY4c986B9sqz1/ZiyL7vmenuoFi36MPpq123b6xra9/Q8Zb+AGZY6guhI0kmmSvLPwuNpU/W9ocpaUW1jOgJdYDowZqoTC27uozw1rCq38ybL94GMeG+pzWJd7LBVbfpDnU10j5UC5l5coxghh8dBYNzirsRbYW9KMV3CSeRNxOqfUuJ9AfWekCBWQMkueDtop+lzZhpvsPnXYTV6V0+TE+W5lg0wApcGUNM5XsEHV/gchSULZCWUTHpyZfkUoyc3dXax7K9LawrNLLpJg3Oz0c5Y4WXS1SqfY3U6n84Q95URZC+uRl5BqzBwQSQYbWsnon+g3My+GukdhHlynoiJwQo/ch5gIfgiA59VrL/H9L/ABAyYzQ7KUEguQrNh8hbNG0dfpMLMIrdUDhno5vTeccx2k5R/EOQopxZCY+k2Xfqgg5okAG9eQKhhGKcQD+A8y6X2V0cPkHQ35TCi5AObrcQiiemBZUy3G6IJIrSdQFEs+WcBPT4GPgOAsZWUJKU4RU3qdhdUGZy/VwJSsB05/E65fRTGl5i0e5PhIoIbh4uaPgWnbJyvKi87bIIJhe9bxP/m2lDs5GPeXSrvBb0GT3t9l3aHUYW3uKp5GABwmvX6ptMbNoYoQRSLptR/gE80RPFSQ", - "password": "wcFMA/xDdHCJBTolAQ//bu2ZFKmMysjpkOkwQSgLigvUMDw1SHpp1YN8y1LerOqMfTocdswihRFbB/FFRP/bYG1ByhnAvxqhbdV0TRQqYTRXZehrlT+SDEVEJyK9eGS+ozClbccG64ebZSJ4y9rMFW3sK4Ja9ZyAEsX0S4vO88XwJhtOYmMGTXLlcSfiANQB8a9jISzov27FQOzdPx6cEd19FGxmX5vAdH9FWDwhVA6QSTrip4h5tZ6THylNc3md2TGRYUVTxMtsZdp/bnhv+I3LqmodR0vEP9Or/dbhtqnMy2sdS6HsANUaZ+7j4D0qDL7EEcxk+CHM5lM2sSz6u4+J4u01XDkn0HJ/mShPDSWUoU01Va/ZpRL8zw/bjKApDBSgvBOwF7eXfUKqLrg2zURm2quUf7XwuVTXmBMg3DSEuRBlW8kM0rGWGyv7U62sx+2zjK0v2uNHJz0hzWaEfriOQu4B7/avb+CIupfVYGNllyMTuB2ySDMLKN3Q/EB7q97apWqwcnThxRhK7t3e59ea4JDxodxeeTG3m/UgBLBlXCutk7BsC7NQPaSeOzV7mw6AOVQz+Bn0DAGd1x03ITYAcgfYvSW7VCfhrvnmuSVICHA7GTYevC7RBYhexWdgHZb98mIt1vVA2C+h7eqsx+xWhHQFE2+lNRTRmj9ccU/6qz1+3zqHdMQ/WD8MLofSdgFLU/A7qljUm/dk1MEVMtGznukdRpJJV4PsEcwh2OV/9is5KPyFQ83M7sl3/fY+CBaHFEiT4j/bSBznmxL3TuAjMdIT7j0cNsOxnsHllgRHL1qG3S2ZmAQ0Ex4gIUUGn2VbZLyRogJspsjxx5ZYuuYVfhtSaTU" - } + "groupName": "SonarQube Support Dependencies", + "labels": ["support-deps"], + "commitMessageTopic": "support-deps", + "packagePatterns": ["*"] + }, + { + "groupName": "SonarQube Package Dependencies", + "labels": ["package-deps"], + "commitMessageTopic": "package-deps", + "registryUrls": ["https://registry1.dso.mil"], + "matchDatasources": ["docker", "helm", "git-tags"] + }, + { + "groupName": "SonarQube Package Dependencies", + "labels": ["package-deps"], + "commitMessageTopic": "package-deps", + "matchPackageNames": ["https://repo1.dso.mil/big-bang/product/packages/sonarqube.git"], + "allowedVersions": "/.+-bb.+/" } ] } diff --git a/tasks.yaml b/tasks.yaml index c887c6c..fea670b 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -1,45 +1,62 @@ includes: - cleanup: ./tasks/cleanup.yaml - - create: ./tasks/create.yaml - - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common-tasks/v0.2.2/tasks/deploy.yaml - - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common-tasks/v0.2.2/tasks/setup.yaml + - dependencies: ./tasks/dependencies.yaml - test: ./tasks/test.yaml + - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.6/tasks/create.yaml + - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.6/tasks/lint.yaml + - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.6/tasks/pull.yaml + - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.6/tasks/deploy.yaml + - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.6/tasks/setup.yaml tasks: - name: default - description: Create K3D Cluster with UDS-Core-Istio and Sonarqube + description: Create K3D Cluster with UDS-Core (Dev) and SonarQube actions: - - task: create-test-bundle - - task: setup-cluster - - task: deploy-test-bundle + - task: create-sq-test-bundle + - task: setup:k3d-test-cluster + - task: deploy:test-bundle - - name: create-package + - name: create-sq-package + description: Create the SonarQube package actions: - - task: create:sonarqube-package + - task: create:package + with: + options: "--skip-sbom" - - name: deploy-package + - name: create-sq-test-bundle + description: Create a local UDS SonarQube bundle actions: - - task: deploy:package + - task: create-sq-package + - task: dependencies:create + - task: create:test-bundle - - name: cleanup + - name: create-sq-latest-release-bundle + description: Create UDS SonarQube bundle based on the latest release actions: - - task: cleanup:destroy + - task: pull:latest-package-release + with: + spoof_release: "true" + - task: dependencies:create + - task: create:test-bundle # CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names - - name: create-test-bundle - actions: - - task: create:sonarqube-test-bundle - - - name: setup-cluster + - name: test-package + description: Test the health of a SonarQube deployment actions: + - task: create-sq-test-bundle - task: setup:k3d-test-cluster - - - name: deploy-test-bundle - actions: - task: deploy:test-bundle + - task: test:health-check + - task: test:ingress - - name: test-package + - name: test-upgrade + description: Test an upgrade from the latest released package to the current branch actions: + - task: create-sq-latest-release-bundle + - task: setup:k3d-test-cluster + - task: deploy:test-bundle + - task: create-sq-test-bundle + - task: deploy:test-bundle - task: test:health-check - task: test:ingress diff --git a/tasks/create.yaml b/tasks/create.yaml deleted file mode 100644 index ef9b7cb..0000000 --- a/tasks/create.yaml +++ /dev/null @@ -1,21 +0,0 @@ -variables: - - name: FLAVOR - default: "registry1" - -tasks: - - name: sonarqube-test-bundle - description: Create the UDS bundle with Sonarqube and its dependencies - actions: - - task: sonarqube-package - - task: dependency-package - - cmd: uds create bundle --confirm --no-progress --architecture=${UDS_ARCH} - - - name: sonarqube-package - description: Create the UDS Sonarqube Zarf Package - actions: - - cmd: uds zarf package create --confirm --no-progress --architecture=${ZARF_ARCHITECTURE} --flavor ${FLAVOR} - - - name: dependency-package - description: Create the Dependency Zarf Package(s) - actions: - - cmd: uds zarf package create src/dev-secrets/ --confirm --no-progress --architecture=${UDS_ARCH} --skip-sbom diff --git a/tasks/dependencies.yaml b/tasks/dependencies.yaml new file mode 100644 index 0000000..b417a5c --- /dev/null +++ b/tasks/dependencies.yaml @@ -0,0 +1,5 @@ +tasks: + - name: create + description: Create the Dependency Zarf Package(s) + actions: + - cmd: uds zarf package create src/dev-secrets/ --confirm --no-progress --architecture=${UDS_ARCH} --skip-sbom diff --git a/tasks/publish.yaml b/tasks/publish.yaml index 154c139..96961db 100644 --- a/tasks/publish.yaml +++ b/tasks/publish.yaml @@ -1,32 +1,23 @@ -variables: - - name: TARGET_REPO - default: oci://ghcr.io/defenseunicorns/packages/uds - - - name: VERSION - description: The version of the package to build - # x-release-please-start-version - default: "8.0.3-uds.6" - # x-release-please-end - - - name: FLAVOR - default: "registry1" +includes: + - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common-tasks/v0.3.6/tasks/publish.yaml tasks: - name: package description: Build and publish the packages actions: - - description: Create the packages - cmd: | - set -e - ZARF_ARCHITECTURE=amd64 uds run -f tasks/create.yaml sonarqube-package --set FLAVOR=${FLAVOR} - if [ ${FLAVOR} != "registry1" ]; then - ZARF_ARCHITECTURE=arm64 uds run -f tasks/create.yaml sonarqube-package --set FLAVOR=${FLAVOR} - fi - + - description: Create the AMD64 package + task: create:package + with: + architecture: amd64 + + - description: Create the ARM64 package + task: create:package + with: + architecture: arm64 + - description: Publish the packages - cmd: | - set -e - uds zarf package publish zarf-package-sonarqube-amd64-${VERSION}.tar.zst ${TARGET_REPO} - if [ ${FLAVOR} != "registry1" ]; then - uds zarf package publish zarf-package-sonarqube-arm64-${VERSION}.tar.zst ${TARGET_REPO} - fi + task: publish:package + with: + # x-release-please-start-version + version: "8.0.3-uds.6" + # x-release-please-end diff --git a/tasks/test.yaml b/tasks/test.yaml index 8b607fc..e2765b2 100644 --- a/tasks/test.yaml +++ b/tasks/test.yaml @@ -1,12 +1,14 @@ tasks: - name: health-check actions: + # StatefulSets don't show conditions themselves so we look for an underlying Pod - description: Sonarqube StatefulSet Health Check wait: cluster: - kind: StatefulSet - name: sonarqube-sonarqube + kind: Pod + name: app=sonarqube namespace: sonarqube + condition: Ready - name: ingress actions: diff --git a/values/common-values.yaml b/values/common-values.yaml index f94093f..d404142 100644 --- a/values/common-values.yaml +++ b/values/common-values.yaml @@ -42,5 +42,5 @@ postgresql: postgresqlDatabase: ###ZARF_VAR_SONARQUBE_DB_NAME### service: port: 5432 - + domain: ###ZARF_VAR_DOMAIN### diff --git a/values/registry1-values.yaml b/values/registry1-values.yaml index 1d39a5a..01f6cb1 100644 --- a/values/registry1-values.yaml +++ b/values/registry1-values.yaml @@ -6,4 +6,4 @@ initContainers: image: registry1.dso.mil/ironbank/big-bang/base:2.1.0 prometheusExporter: - image: registry1.dso.mil/ironbank/big-bang/base:2.1.0 \ No newline at end of file + image: registry1.dso.mil/ironbank/big-bang/base:2.1.0 diff --git a/zarf.yaml b/zarf.yaml index 68bac4e..576137a 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -2,7 +2,7 @@ kind: ZarfPackageConfig metadata: name: sonarqube - description: "UDS Sonarqube package" + description: "UDS Sonarqube package" # x-release-please-start-version version: "8.0.3-uds.6" # x-release-please-end @@ -48,9 +48,9 @@ components: only: flavor: registry1 charts: - - name: sonarqube - valuesFiles: - - values/registry1-values.yaml + - name: sonarqube + valuesFiles: + - values/registry1-values.yaml images: - "registry1.dso.mil/ironbank/big-bang/base:2.1.0" - "registry1.dso.mil/ironbank/big-bang/sonarqube-9:9.9.3-community" @@ -64,10 +64,10 @@ components: only: flavor: upstream charts: - - name: sonarqube - valuesFiles: - - values/upstream-values.yaml + - name: sonarqube + valuesFiles: + - values/upstream-values.yaml images: - "sonarqube:9.9.3-community" - "curlimages/curl:7.76.1" - - "busybox:1.32" \ No newline at end of file + - "busybox:1.32"