Merge branch 'renovate/ironbank' into 'main'

Update Ironbank Closes #10 See merge request !13

Merge branch 'renovate/ironbank' into 'main'
5a672fde · Micah Nagel · ae35ffd9 · 8ba24733 · ae35ffd9 · 5a672fde
Commit 5a672fde authored 1 year ago by Micah Nagel
--- a/.gitignore
+++ b/.gitignore
-overlay.yaml
\ No newline at end of file
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,10 @@
 Format: [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+## [34.120.0-bb.1] - 2023-04-07
+### Changed
+- Updated redis to 7.0.10
 ## [34.120.0-bb.0] - 2023-03-24
 ### Changed
 - Added standard Network Policies

--- a/README.md
+++ b/README.md
 # renovate
-![Version: 34.120.0-bb.0](https://img.shields.io/badge/Version-34.120.0--bb.0-informational?style=flat-square) ![AppVersion: 34.120.0](https://img.shields.io/badge/AppVersion-34.120.0-informational?style=flat-square)
+![Version: 34.120.0-bb.1](https://img.shields.io/badge/Version-34.120.0--bb.1-informational?style=flat-square) ![AppVersion: 34.120.0](https://img.shields.io/badge/AppVersion-34.120.0-informational?style=flat-square)
 Universal dependency update tool that fits into your workflows.
@@ -55,14 +55,14 @@ helm install renovate chart/
 | cronjob.preCommand | string | `""` | Prepend shell commands before renovate runs |
 | pod.annotations | object | `{}` | Annotations to set on the pod |
 | pod.labels | object | `{}` | Labels to set on the pod |
-| image.repository | string | `"registry1.dso.mil/ironbank/container-hardening-tools/renovate/renovate"` |  |
+| image.repository | string | `"registry1.dso.mil/ironbank/container-hardening-tools/renovate/renovate"` | Repository to pull renovate image from |
-| image.tag | string | `"34.120.0"` |  |
+| image.tag | string | `"34.120.0"` | Renovate image tag to pull |
-| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.pullPolicy | string | `"IfNotPresent"` | "IfNotPresent" to pull the image if no image with the specified tag exists on the node, "Always" to always pull the image or "Never" to try and use pre-pulled images |
-| imagePullSecrets[0].name | string | `"private-registry"` |  |
+| imagePullSecrets | list | `[{"name":"private-registry"}]` | Secret to use to pull the image from the repository |
 | renovate.existingConfigFile | string | `""` | Custom exiting global renovate config |
 | renovate.config | string | `"{}"` | Inline global renovate config.json |
 | renovate.configEnableHelmTpl | bool | `false` | Use the Helm tpl function on your configuration. See README for how to use this value |
-| renovate.configIsSecret | bool | `false` | Use this to create the renovate-config as a secret instead of a configmap |
+| renovate.configIsSecret | bool | `true` | Use this to create the renovate-config as a secret instead of a configmap |
 | renovate.securityContext | object | `{}` | Renovate Container-level security-context |
 | renovate.persistence | object | `{"cache":{"enabled":false,"storageClass":"","storageSize":"512Mi"}}` | Options related to persistence |
 | renovate.persistence.cache.enabled | bool | `false` | Allow the cache to persist between runs |

--- a/chart/Chart.lock
+++ b/chart/Chart.lock
 dependencies:
 - name: redis
  repository: oci://registry1.dso.mil/bigbang
-  version: 17.7.2-bb.0
+  version: 17.9.3-bb.0
 - name: gluon
  repository: oci://registry1.dso.mil/bigbang
  version: 0.3.2
-digest: sha256:ecee3e2d238711ccd73332f9dd5baa4ed4d9f7715772f2c286646d803c3a9acf
+digest: sha256:62fab651a17d1774f062834e597de5d3860c2b83b92203747dad6a0279cf5b7a
-generated: "2023-03-24T10:39:09.91868-07:00"
+generated: "2023-04-17T20:26:52.294995-06:00"
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: '34.120.0'
 description: Universal dependency update tool that fits into your workflows.
 name: renovate
-version: '34.120.0-bb.0'
+version: '34.120.0-bb.1'
 icon: https://docs.renovatebot.com/assets/images/logo.png
 home: https://github.com/renovatebot/renovate
 keywords:
@@ -28,10 +28,10 @@ annotations:
    - name: renovate
      image: registry1.dso.mil/ironbank/container-hardening-tools/renovate/renovate:34.120.0
    - name: redis
-      image: registry1.dso.mil/ironbank/bitnami/redis:7.0.8
+      image: registry1.dso.mil/ironbank/bitnami/redis:7.0.10
      condition: redis.enabled
    - name: exporter
-      image: registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter:v1.46.0
+      image: registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter:v1.50.0
      condition: redis.enabled
  artifacthub.io/license: AGPL-3.0-only
  artifacthub.io/images: |
@@ -41,10 +41,11 @@ annotations:
    - name: docs
      url: https://docs.renovatebot.com
 dependencies:
- name: redis
+  - name: redis
-  version: 17.7.2-bb.0
+    repository:  "oci://registry1.dso.mil/bigbang"
-  repository: "oci://registry1.dso.mil/bigbang"
+    version: 17.9.3-bb.0
-  condition: redis.enabled
+    condition: redis.enabled
- name: gluon
+  - name: gluon
-  version: "0.3.2"
+    version: "0.3.2"
-  repository: "oci://registry1.dso.mil/bigbang"
+    repository: "oci://registry1.dso.mil/bigbang"
--- a/chart/charts/redis-17.7.2-bb.0.tgz
+++ b/chart/charts/redis-17.7.2-bb.0.tgz
--- a/chart/charts/redis-17.9.3-bb.0.tgz
+++ b/chart/charts/redis-17.9.3-bb.0.tgz
--- a/chart/ci/ci-slim-without-dind.yaml
+++ b/chart/ci/ci-slim-without-dind.yaml
+imagePullSecrets:
+  - name: myregistrykey
+envFrom:
+  - configMapRef:
+      name: my-config
+secrets:
+  my-secret-1: |
+    123
+  my-secret-2: |
+    456
+ssh_config:
+  enabled: true
+  config: |
+    Host *
+      ForwardAgent yes
+renovate:
+  config: |
+    {
+      "platform": "gitlab",
+      "endpoint": "https://gitlab.example.com/api/v4",
+      "token": "your-gitlab-renovate-user-token",
+      "autodiscover": "false",
+      "dryRun": true,
+      "printConfig": true,
+      "logLevel": "debug",
+      "repositories": ["username/repo", "orgname/repo"]
+    }
+slim: true
--- a/chart/templates/NOTES.txt
+++ b/chart/templates/NOTES.txt
 A {{ template "renovate.name" . }} CronJob will run with schedule {{ .Values.cronjob.schedule }}.
\ No newline at end of file
-The Jobs will not be removed automagically when deleting this Helm chart.
-To remove these jobs, run the following :
-    kubectl -n {{ .Release.Namespace }} delete job -l app={{ template "renovate.name" . }},release={{ .Release.Name }}
--- a/chart/templates/_helpers.tpl
+++ b/chart/templates/_helpers.tpl
@@ -91,8 +91,12 @@ Define ssh config secret
 Force slim image if dind is enabled and slim is not disabled
 */}}
 {{- define "renovate.imageTag" -}}
+{{- if and .Values.dind.enabled .Values.dind.slim.enabled (not (eq .Values.image.tag "slim")) (not (regexMatch "^.*-slim$" .Values.image.tag)) -}}
+{{- .Values.image.tag }}-slim
+{{- else -}}
 {{- .Values.image.tag }}
 {{- end -}}
+{{- end -}} 
 {{/*
 Create a default fully qualified Redis&trade; name.

--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -51,10 +51,14 @@ pod:
  labels: {}
 image:
+  # -- Repository to pull renovate image from
  repository: registry1.dso.mil/ironbank/container-hardening-tools/renovate/renovate
+  # -- Renovate image tag to pull
  tag: 34.120.0
+  # -- "IfNotPresent" to pull the image if no image with the specified tag exists on the node, "Always" to always pull the image or "Never" to try and use pre-pulled images
  pullPolicy: IfNotPresent
+# -- Secret to use to pull the image from the repository
 imagePullSecrets:
  - name: private-registry