ensure all addons are also installed on tagged runs (for release purposes)

See merge request platform-one/big-bang/bigbang!341

Resolve "Include Bigbang repos into repositories.tar.gz"

Closes #243

See merge request platform-one/big-bang/bigbang!340

Swapping bash for shell, updating k3d cmds.

See merge request platform-one/big-bang/bigbang!338

Added Nexus to BigBang Charter

See merge request platform-one/big-bang/bigbang!276

Mattermost Updates (Operator: 1.13.0, Instance: 5.32.1)

See merge request platform-one/big-bang/bigbang!333

Resolve "fix codeowners"

Closes #265

See merge request platform-one/big-bang/bigbang!331

Resolve "Transition all BB values to Secret objects parsed by `HelmRelease`"

Summary

* Removes all inline `HelmRelease` values and replaces with `{{ .Release.Name }}-<package>-values` secret loaded via `valuesFrom`
  * These values are loaded _before_ the `values` passthroughs so they get overridden by any customer defined values
  * the secret creation is handled by a named template `values-secret`
* refactors all customer overlay values into the same secret with bb defaults but using a different `overlays` key
* introduces `common` values that are set in the `values-secret` named template that all charts can use (currently empty)
* Refactors `haproxy-sso` helmrelease into it's own file (instead of with the `authservice` `namespace.yaml`)
* ensure istiooperator components are tied to `.Values.istiooperator.enabled` (instead of `.Values.istio.enabled`)

Closes #223

See merge request platform-one/big-bang/bigbang!308

Upgrade Anchore

Bumps the Anchore tag to the newest version.

This includes the enterprise upgrade to 3.0.1, engine upgrade to 0.9.2, a small SSO bug fix with upgrades, and the upstream chart updates.

This is merging into Big Bang the changes from https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/merge_requests/21

See merge request platform-one/big-bang/bigbang!322

Update IB image, add credential settings, service name override

Summary

This MR adds the following changes and capabilities:

* Updates the base minio server image to the latest approved ironbank image
* Enables specification of the root credentials via values.yaml
* Enables overriding the internal service name if needed.

See merge request platform-one/big-bang/bigbang!311

Consolidate Flux Install

See merge request platform-one/big-bang/bigbang!220

ci: ensure all addons are deployed on master

See merge request platform-one/big-bang/bigbang!329

Resolve "Release pipeline always clones from `main`"

Fixes the issue of always cloning from main for release CI. Uses some `yq` magic :)

Bumps yq in the synker image to 4.x

Closes #253

See merge request platform-one/big-bang/bigbang!327

Resolve "dynamic inclusion of addons in ci"

Summary

* ci: change k3s as a sidecar to k3d using (tls enabled) dockerd as a sidecar using ci created `bridge` networks with properly tuned `mtu`
* ci: add logic to enable addons based on MR labels (name must be case exact match to the helm value block)
* infra: bump `ci-optimized` rke2 node pool to `c5d.12xlarge`, resize to `{ min: 1, desired: 1, max: 5 }`
* infra: introduce cluster-autoscaler to `ci-optimized` rke2 node pool and actually test it, new nodes join in ~2m but to be safe, set ci timeout to 5m
* infra: use instance storage for image ci image layers (reduces i/o bottlenecks by ~80%)
* dogfood cluster: embed `dind` service into the dogfood gitlab ci deployment with fixes for `/etc/machine-id`, `dind tls`, and runtime dockerd config (see [here](https://repo1.dso.mil/platform-one/big-bang/customers/bigbang/-/blob/master/apps/gitlab-runners/prod/bigbang-gitlab-runner-privileged.yaml#L39))
* dogfood cluster: deploy gitlab ci with `default` dns (instead of the default `ClusterFirst`) dns to properly resolve dind-k3d dns


Closes #258

See merge request platform-one/big-bang/bigbang!328

Resolve "Gitlab CAC signed commits"

Closes #177

See merge request platform-one/big-bang/bigbang!309

Resolve "upgrade gitlab runner"

Closes #147

See merge request platform-one/big-bang/bigbang!319

update developer docs

Summary

I noticed that the command to squash commits only does the squash and does not actually do the rebase. 
```
git reset $(git merge-base origin/main $(git rev-parse --abbrev-ref HEAD))
```
The main change to the docs is to add the command to rebase
```
git rebase origin/master
```
or
```
git rebase origin/main
```
as the final step before asking for merge approvals

See merge request platform-one/big-bang/bigbang!324

Hash Anchore Passwords Always

Closes #135

See merge request platform-one/big-bang/bigbang!315

add RKE2 pre-reqs

Closes #10

See merge request platform-one/big-bang/bigbang!314

Resolve "Move Developer Process Docs to repo1 bigbang repository"

Closes #95

See merge request platform-one/big-bang/bigbang!316

Update CODEOWNERS with Jason Krause/ Blake Hearn as codeowners for anchore....

Summary

Updated file with nick nellis as istio codeowner, jason krause and blake hearn as codeowners for anchore; removed andre

/cc @someoneelse

- [ISTIO Control Plane](https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane/-/merge_requests/26)
- [GateKeeper](https://repo1.dso.mil/platform-one/big-bang/apps/core/policy/-/merge_requests/14)
- [Twistlock](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock/-/merge_requests/12)
- [Anchore](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/merge_requests/13)
- [KeyCloak](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak/-/merge_requests/2)
- [Authservice](https://repo1.dso.mil/platform-one/big-bang/apps/core/authservice/-/merge_requests/13)
- [ArgoCD](https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd/-/merge_requests/20)

See merge request platform-one/big-bang/bigbang!280