From 4093665a902331bf0161d265cee670b8cbe33904 Mon Sep 17 00:00:00 2001 From: jeason Date: Wed, 14 Oct 2020 15:45:45 -0600 Subject: [PATCH 1/8] Project template: file templates --- .gitlab/CODEOWNERS | 6 +++ .gitlab/issue_templates/Access Request.md | 16 ++++++++ .../issue_templates/Application - Archive.md | 21 +++++++++++ .../issue_templates/Application - Initial.md | 32 ++++++++++++++++ .../issue_templates/Application - Update.md | 35 ++++++++++++++++++ .gitlab/issue_templates/Bug.md | 37 +++++++++++++++++++ .gitlab/issue_templates/Feature Request.md | 32 ++++++++++++++++ .../issue_templates/Leadership Question.md | 7 ++++ .gitlab/issue_templates/New Findings.md | 20 ++++++++++ .../issue_templates/Onboarding Question.md | 7 ++++ .gitlab/issue_templates/Pipeline Failure.md | 31 ++++++++++++++++ 11 files changed, 244 insertions(+) create mode 100644 .gitlab/CODEOWNERS create mode 100644 .gitlab/issue_templates/Access Request.md create mode 100644 .gitlab/issue_templates/Application - Archive.md create mode 100644 .gitlab/issue_templates/Application - Initial.md create mode 100644 .gitlab/issue_templates/Application - Update.md create mode 100644 .gitlab/issue_templates/Bug.md create mode 100644 .gitlab/issue_templates/Feature Request.md create mode 100644 .gitlab/issue_templates/Leadership Question.md create mode 100644 .gitlab/issue_templates/New Findings.md create mode 100644 .gitlab/issue_templates/Onboarding Question.md create mode 100644 .gitlab/issue_templates/Pipeline Failure.md diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS new file mode 100644 index 0000000..64a2c68 --- /dev/null +++ b/.gitlab/CODEOWNERS @@ -0,0 +1,6 @@ +[Pipelines] +.gitlab-ci.yml @ironbank-notifications/cht +.gitlab-ci.yaml @ironbank-notifications/cht + +[Gitlab Configuration Files] +.gitlab/* @ironbank-notifications/cht diff --git a/.gitlab/issue_templates/Access Request.md b/.gitlab/issue_templates/Access Request.md new file mode 100644 index 0000000..1a7b224 --- /dev/null +++ b/.gitlab/issue_templates/Access Request.md @@ -0,0 +1,16 @@ +## Summary + +The following individuals are requesting access to this project (one per line): +(List or tag all individuals here) + + +The access level should be: +- [ ] Developer access +- [ ] Remove access + + +## Definition of Done +- [ ] All accounts have been provided the necessary accesses + + +/label ~"Access" ~"To Do" \ No newline at end of file diff --git a/.gitlab/issue_templates/Application - Archive.md b/.gitlab/issue_templates/Application - Archive.md new file mode 100644 index 0000000..9f3b5fe --- /dev/null +++ b/.gitlab/issue_templates/Application - Archive.md @@ -0,0 +1,21 @@ +## Summary + +Requesting this application be archived due to one of the following reasons: +- [ ] Version is no longer supported by vendor +- [ ] Application is End-Of-Life +- [ ] License violation. +- [ ] Other. See below. + +## Detailed Description + +(Please provide a detailed description of why this application should be archived) + + +## Definition of Done +- [ ] Application has been reviewed for archival +- [ ] Project is officially marked as stale +- [ ] Iron Bank frontend no longer lists application as available or approved + + +/label ~"Container::Archive" +/cc @ironbank-notifications/archive \ No newline at end of file diff --git a/.gitlab/issue_templates/Application - Initial.md b/.gitlab/issue_templates/Application - Initial.md new file mode 100644 index 0000000..6594a05 --- /dev/null +++ b/.gitlab/issue_templates/Application - Initial.md @@ -0,0 +1,32 @@ +## Summary + +Requesting application to be hardened. This is only for initial hardening of a container. + + +## Version Information + +Current version: (State the current version of the application as you see it) + +Under support: (Is the updated version within the same major version of the application or is this a new major version?) + + +## Definition of Done +Hardening: +- [ ] Container builds successfully +- [ ] Greylist file has been created (requires a member from container hardening) +- [ ] Branch has been merged into `development` + +Justifications: +- [ ] All findings have been justified per the above documentation +- [ ] Justifications have been provided to the container hardening team + +Approval Process (container hardening team processes): +- [ ] Peer review from Container Hardening Team +- [ ] Findings Approver has reviewed and approved all justifications +- [ ] Approval request has been sent to Authorizing Official +- [ ] Approval request has been processed by Authorizing Official + + + +/label ~"Container::Initial" +/cc @ironbank-notifications/cht \ No newline at end of file diff --git a/.gitlab/issue_templates/Application - Update.md b/.gitlab/issue_templates/Application - Update.md new file mode 100644 index 0000000..caebb3e --- /dev/null +++ b/.gitlab/issue_templates/Application - Update.md @@ -0,0 +1,35 @@ +## Summary + +Requesting application be updated to a newer version. + + + +## Version Information + +Current version: (State the current version of the application as you see it) + +Updated version: (State the version you would like the application updated to) + +Under support: (Is the updated version within the same major version of the application or is this a new major version?) + + +## Definition of Done +Hardening: +- [ ] Container builds successfully +- [ ] Container version has been updated in greylist file +- [ ] Branch has been merged into `development` + +Justifications: +- [ ] All findings have been justified per the above documentation +- [ ] Justifications have been provided to the container hardening team + +Approval Process: +- [ ] Peer review from Container Hardening Team +- [ ] Findings Approver has reviewed and approved all justifications +- [ ] Approval request has been sent to Authorizing Official +- [ ] Approval request has been processed by Authorizing Official + + + +/label ~"Container::Update" +/cc @ironbank-notifications/updates \ No newline at end of file diff --git a/.gitlab/issue_templates/Bug.md b/.gitlab/issue_templates/Bug.md new file mode 100644 index 0000000..1427a0c --- /dev/null +++ b/.gitlab/issue_templates/Bug.md @@ -0,0 +1,37 @@ +## Summary + +(Summarize the bug encountered concisely) + + +## Steps to reproduce + +(How one can reproduce the issue - this is very important) + + +## What is the current bug behavior? + +(What actually happens) + + +## What is the expected correct behavior? + +(What you should see instead) + + +## Relevant logs and/or screenshots + +(Paste any relevant logs - please use code blocks (```) to format console output, +logs, and code as it's very hard to read otherwise.) + + +## Possible fixes + +(If you can, link to the line of code that might be responsible for the problem) + + +## Defintion of Done +- [ ] Bug has been identified and corrected within the container + + +/label ~Bug +/cc @ironbank-notifications/bug \ No newline at end of file diff --git a/.gitlab/issue_templates/Feature Request.md b/.gitlab/issue_templates/Feature Request.md new file mode 100644 index 0000000..a0e2f19 --- /dev/null +++ b/.gitlab/issue_templates/Feature Request.md @@ -0,0 +1,32 @@ +## Feature description + +(Detailed description of the feature being requested) + + +## Use cases + + +(Detailed description of the use case for this feature) + + +## Benefits + +(How does this benefit others) + + +## Requirements + +(Any requirements for this feature to be enabled?) + + +## Links / references + +(List of links or references that support this feature) + + +## Definition of Done +- [ ] Feature has been implemented + + +/label ~Feature +/cc @ironbank-notifications/feature \ No newline at end of file diff --git a/.gitlab/issue_templates/Leadership Question.md b/.gitlab/issue_templates/Leadership Question.md new file mode 100644 index 0000000..4674f82 --- /dev/null +++ b/.gitlab/issue_templates/Leadership Question.md @@ -0,0 +1,7 @@ +## Leadership question + +(Detailed description of the question you'd like to ask the leadership team) + + +/label ~"Question::Leadership" ~"To Do" +/cc @ironbank-notifications/leadership \ No newline at end of file diff --git a/.gitlab/issue_templates/New Findings.md b/.gitlab/issue_templates/New Findings.md new file mode 100644 index 0000000..068d029 --- /dev/null +++ b/.gitlab/issue_templates/New Findings.md @@ -0,0 +1,20 @@ +## Summary + +Container has new findings discovered during continuous monitoring. + + + +## Definition of Done +Justifications: +- [ ] All findings have been justified +- [ ] Justifications have been provided to the container hardening team + +Approval Process: +- [ ] Findings Approver has reviewed and approved all justifications +- [ ] Approval request has been sent to Authorizing Official +- [ ] Approval request has been processed by Authorizing Official + + + +/label ~"Container::New Findings" +/cc @ironbank-notifications/security \ No newline at end of file diff --git a/.gitlab/issue_templates/Onboarding Question.md b/.gitlab/issue_templates/Onboarding Question.md new file mode 100644 index 0000000..77dea11 --- /dev/null +++ b/.gitlab/issue_templates/Onboarding Question.md @@ -0,0 +1,7 @@ +## Onboarding question + +(Detailed description of the question you'd like to ask the onboarding team) + + +/label ~"Question::Onboarding" ~"To Do" +/cc @ironbank-notifications/onboarding \ No newline at end of file diff --git a/.gitlab/issue_templates/Pipeline Failure.md b/.gitlab/issue_templates/Pipeline Failure.md new file mode 100644 index 0000000..28b82a9 --- /dev/null +++ b/.gitlab/issue_templates/Pipeline Failure.md @@ -0,0 +1,31 @@ +## Summary + +(Summarize the pipeline issue encountered concisely) + + +## Link to failed pipeline + +(Link to the failed pipeline) + + +## What is the current bug behavior? + +(What actually happens) + + +## What is the expected correct behavior? + +(What you should see instead) + + +## Possible fixes + +(If you can, link to the line of code that might be responsible for the problem) + + +## Definition of Done +- [ ] Pipeline failure has been resolved + + +/label ~Pipeline +/cc @ironbank-notifications/pipelines \ No newline at end of file -- GitLab From 5b213f23ec4d331132c72509a2914a994814802b Mon Sep 17 00:00:00 2001 From: imontero Date: Wed, 4 Nov 2020 11:51:18 +0000 Subject: [PATCH 2/8] 2.249.3.1 --- Jenkinsfile | 2 +- README.md | 8 ++++---- download.json | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 6cbfdbd..e1f1927 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,2 @@ @Library('DCCSCR@master') _ -dccscrPipeline(version: '2.249.2.3') +dccscrPipeline(version: '2.249.3.1') diff --git a/README.md b/README.md index b2f5ad6..606cf42 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ CloudBees CI (formerly known as _CloudBees Core_) consists of three Docker image For each image, all files other than UBI and native packages are included in a `files.tar` marked with a SHA-256 checksum. -A version of CloudBees CI is given in the format `2.249.2.3` +A version of CloudBees CI is given in the format `2.249.3.1` where the first three components are aligned with a Jenkins LTS. The Helm chart is coversioned with `core-oc`. The `core-mm` image typically shares the same version, @@ -22,13 +22,13 @@ plus whatever other customizations are desired: ```yaml OperationsCenter: Image: - dockerImage: your-registry/core-oc:2.249.2.3 + dockerImage: your-registry/core-oc:2.249.3.1 Master: Image: - dockerImage: your-registry/core-mm:2.249.2.3 + dockerImage: your-registry/core-mm:2.249.3.1 Agents: Image: - dockerImage: your-registry/agent:2.249.2.3 + dockerImage: your-registry/agent:2.249.3.1 ``` and [install via Helm 3](https://docs.cloudbees.com/docs/cloudbees-core/latest/kubernetes-install-guide/installing-kubernetes-using-helm) using the local copy of the chart: diff --git a/download.json b/download.json index c8aa404..31f9c12 100644 --- a/download.json +++ b/download.json @@ -1,11 +1,11 @@ { "resources": [ { - "url": "https://downloads.cloudbees.com/dsop-files/agent-files-805e797f027018844fd4b59eef722fabd7d4b015d2ff4ebd652d1146e00b94cb.tar", + "url": "https://downloads.cloudbees.com/dsop-files/agent-files-86ac04cce44887a798823563c773da1510e03ae8871cc26573a9fd5313b9967e.tar", "filename": "files.tar", "validation": { "type": "sha256", - "value": "805e797f027018844fd4b59eef722fabd7d4b015d2ff4ebd652d1146e00b94cb" + "value": "86ac04cce44887a798823563c773da1510e03ae8871cc26573a9fd5313b9967e" } } ] -- GitLab From f565a8d4411a349c0dc665fc4b2bdab2c8ef8c7d Mon Sep 17 00:00:00 2001 From: imontero Date: Thu, 12 Nov 2020 11:49:03 +0000 Subject: [PATCH 3/8] 2.249.3.2 --- Jenkinsfile | 2 +- README.md | 8 ++++---- download.json | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index e1f1927..018aa91 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,2 @@ @Library('DCCSCR@master') _ -dccscrPipeline(version: '2.249.3.1') +dccscrPipeline(version: '2.249.3.2') diff --git a/README.md b/README.md index 606cf42..95e319d 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ CloudBees CI (formerly known as _CloudBees Core_) consists of three Docker image For each image, all files other than UBI and native packages are included in a `files.tar` marked with a SHA-256 checksum. -A version of CloudBees CI is given in the format `2.249.3.1` +A version of CloudBees CI is given in the format `2.249.3.2` where the first three components are aligned with a Jenkins LTS. The Helm chart is coversioned with `core-oc`. The `core-mm` image typically shares the same version, @@ -22,13 +22,13 @@ plus whatever other customizations are desired: ```yaml OperationsCenter: Image: - dockerImage: your-registry/core-oc:2.249.3.1 + dockerImage: your-registry/core-oc:2.249.3.2 Master: Image: - dockerImage: your-registry/core-mm:2.249.3.1 + dockerImage: your-registry/core-mm:2.249.3.2 Agents: Image: - dockerImage: your-registry/agent:2.249.3.1 + dockerImage: your-registry/agent:2.249.3.2 ``` and [install via Helm 3](https://docs.cloudbees.com/docs/cloudbees-core/latest/kubernetes-install-guide/installing-kubernetes-using-helm) using the local copy of the chart: diff --git a/download.json b/download.json index 31f9c12..5d053a9 100644 --- a/download.json +++ b/download.json @@ -1,11 +1,11 @@ { "resources": [ { - "url": "https://downloads.cloudbees.com/dsop-files/agent-files-86ac04cce44887a798823563c773da1510e03ae8871cc26573a9fd5313b9967e.tar", + "url": "https://downloads.cloudbees.com/dsop-files/agent-files-00b57c9078d97ead911133c86a69d2256a6792da44bf4bbcb299e6a6742e7a04.tar", "filename": "files.tar", "validation": { "type": "sha256", - "value": "86ac04cce44887a798823563c773da1510e03ae8871cc26573a9fd5313b9967e" + "value": "00b57c9078d97ead911133c86a69d2256a6792da44bf4bbcb299e6a6742e7a04" } } ] -- GitLab From 88b0417e5d5a365a5c4b994765512fa41b659b27 Mon Sep 17 00:00:00 2001 From: imontero Date: Thu, 19 Nov 2020 13:54:03 +0000 Subject: [PATCH 4/8] 2.249.3.3 --- Jenkinsfile | 2 +- README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 018aa91..03ae711 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,2 @@ @Library('DCCSCR@master') _ -dccscrPipeline(version: '2.249.3.2') +dccscrPipeline(version: '2.249.3.3') diff --git a/README.md b/README.md index 95e319d..e3ab221 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ CloudBees CI (formerly known as _CloudBees Core_) consists of three Docker image For each image, all files other than UBI and native packages are included in a `files.tar` marked with a SHA-256 checksum. -A version of CloudBees CI is given in the format `2.249.3.2` +A version of CloudBees CI is given in the format `2.249.3.3` where the first three components are aligned with a Jenkins LTS. The Helm chart is coversioned with `core-oc`. The `core-mm` image typically shares the same version, @@ -22,13 +22,13 @@ plus whatever other customizations are desired: ```yaml OperationsCenter: Image: - dockerImage: your-registry/core-oc:2.249.3.2 + dockerImage: your-registry/core-oc:2.249.3.3 Master: Image: - dockerImage: your-registry/core-mm:2.249.3.2 + dockerImage: your-registry/core-mm:2.249.3.3 Agents: Image: - dockerImage: your-registry/agent:2.249.3.2 + dockerImage: your-registry/agent:2.249.3.3 ``` and [install via Helm 3](https://docs.cloudbees.com/docs/cloudbees-core/latest/kubernetes-install-guide/installing-kubernetes-using-helm) using the local copy of the chart: -- GitLab From e98ad712ade9859bd393450df1da55879c5c5102 Mon Sep 17 00:00:00 2001 From: imontero Date: Thu, 3 Dec 2020 15:26:36 +0000 Subject: [PATCH 5/8] 2.263.1.2 --- Dockerfile | 5 +---- Jenkinsfile | 2 +- README.md | 8 ++++---- download.json | 4 ++-- 4 files changed, 8 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index 86e0589..e4cefbb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,10 +29,7 @@ ENTRYPOINT ["entrypoint", "jenkins-agent"] # TODO LABELS ARG TARBALL=files.tar -COPY ${TARBALL} /tmp -RUN cd / && \ - tar xvf /tmp/files.tar && \ - rm /tmp/files.tar +ADD ${TARBALL} / COPY scripts/ / RUN rpm -i /rpms/*.rpm && \ rm -rf /rpms && \ diff --git a/Jenkinsfile b/Jenkinsfile index 03ae711..05c1f6b 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,2 @@ @Library('DCCSCR@master') _ -dccscrPipeline(version: '2.249.3.3') +dccscrPipeline(version: '2.263.1.2') diff --git a/README.md b/README.md index e3ab221..2d5baa8 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ CloudBees CI (formerly known as _CloudBees Core_) consists of three Docker image For each image, all files other than UBI and native packages are included in a `files.tar` marked with a SHA-256 checksum. -A version of CloudBees CI is given in the format `2.249.3.3` +A version of CloudBees CI is given in the format `2.263.1.2` where the first three components are aligned with a Jenkins LTS. The Helm chart is coversioned with `core-oc`. The `core-mm` image typically shares the same version, @@ -22,13 +22,13 @@ plus whatever other customizations are desired: ```yaml OperationsCenter: Image: - dockerImage: your-registry/core-oc:2.249.3.3 + dockerImage: your-registry/core-oc:2.263.1.2 Master: Image: - dockerImage: your-registry/core-mm:2.249.3.3 + dockerImage: your-registry/core-mm:2.263.1.2 Agents: Image: - dockerImage: your-registry/agent:2.249.3.3 + dockerImage: your-registry/agent:2.263.1.2 ``` and [install via Helm 3](https://docs.cloudbees.com/docs/cloudbees-core/latest/kubernetes-install-guide/installing-kubernetes-using-helm) using the local copy of the chart: diff --git a/download.json b/download.json index 5d053a9..53e6e35 100644 --- a/download.json +++ b/download.json @@ -1,11 +1,11 @@ { "resources": [ { - "url": "https://downloads.cloudbees.com/dsop-files/agent-files-00b57c9078d97ead911133c86a69d2256a6792da44bf4bbcb299e6a6742e7a04.tar", + "url": "https://downloads.cloudbees.com/dsop-files/agent-files-f93f6e8014ad253b32649004fc10febc5f19155cf38ac88f03f3eb4e65d4f734.tar", "filename": "files.tar", "validation": { "type": "sha256", - "value": "00b57c9078d97ead911133c86a69d2256a6792da44bf4bbcb299e6a6742e7a04" + "value": "f93f6e8014ad253b32649004fc10febc5f19155cf38ac88f03f3eb4e65d4f734" } } ] -- GitLab From 23c10ed3eec659acad74b4abf3b07568775d28d6 Mon Sep 17 00:00:00 2001 From: imontero Date: Fri, 11 Dec 2020 09:43:28 +0000 Subject: [PATCH 6/8] 2.263.1.2 --- LICENSE.adoc => LICENSE | 0 download.json | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) rename LICENSE.adoc => LICENSE (100%) diff --git a/LICENSE.adoc b/LICENSE similarity index 100% rename from LICENSE.adoc rename to LICENSE diff --git a/download.json b/download.json index 53e6e35..43f9d49 100644 --- a/download.json +++ b/download.json @@ -1,11 +1,11 @@ { "resources": [ { - "url": "https://downloads.cloudbees.com/dsop-files/agent-files-f93f6e8014ad253b32649004fc10febc5f19155cf38ac88f03f3eb4e65d4f734.tar", + "url": "https://downloads.cloudbees.com/dsop-files/agent-files-4a311ae7d8b1a5527125ef58dc240f6a88731e34688288b0a2ced04702da0a39.tar", "filename": "files.tar", "validation": { "type": "sha256", - "value": "f93f6e8014ad253b32649004fc10febc5f19155cf38ac88f03f3eb4e65d4f734" + "value": "4a311ae7d8b1a5527125ef58dc240f6a88731e34688288b0a2ced04702da0a39" } } ] -- GitLab From 697440ef4753aca82ff01d79260c6d92b9cae315 Mon Sep 17 00:00:00 2001 From: imontero Date: Tue, 5 Jan 2021 21:26:52 +0000 Subject: [PATCH 7/8] 2.263.1.2 --- Dockerfile | 2 -- Jenkinsfile | 2 -- download.json | 12 ------------ hardening_manifest.yaml | 23 +++++++++++++++++++++++ 4 files changed, 23 insertions(+), 16 deletions(-) delete mode 100644 Jenkinsfile delete mode 100644 download.json create mode 100644 hardening_manifest.yaml diff --git a/Dockerfile b/Dockerfile index e4cefbb..0381cde 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,8 +26,6 @@ WORKDIR /home/${user} ENTRYPOINT ["entrypoint", "jenkins-agent"] -# TODO LABELS - ARG TARBALL=files.tar ADD ${TARBALL} / COPY scripts/ / diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index 05c1f6b..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,2 +0,0 @@ -@Library('DCCSCR@master') _ -dccscrPipeline(version: '2.263.1.2') diff --git a/download.json b/download.json deleted file mode 100644 index 43f9d49..0000000 --- a/download.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "resources": [ - { - "url": "https://downloads.cloudbees.com/dsop-files/agent-files-4a311ae7d8b1a5527125ef58dc240f6a88731e34688288b0a2ced04702da0a39.tar", - "filename": "files.tar", - "validation": { - "type": "sha256", - "value": "4a311ae7d8b1a5527125ef58dc240f6a88731e34688288b0a2ced04702da0a39" - } - } - ] -} diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml new file mode 100644 index 0000000..93da2da --- /dev/null +++ b/hardening_manifest.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +name: cloudbees/core/agent +tags: +- "2.263.1.2" +- latest +labels: + org.opencontainers.image.title: agent + org.opencontainers.image.description: "CloudBees CI (agent subcomponent)" + org.opencontainers.image.licenses: proprietary + org.opencontainers.image.url: https://docs.cloudbees.com/docs/cloudbees-ci/ + org.opencontainers.image.vendor: CloudBees + org.opencontainers.image.version: "2.263.1.2" + mil.dso.ironbank.image.keywords: cicd + mil.dso.ironbank.image.type: commercial + mil.dso.ironbank.product.name: CloudBees CI +resources: +- filename: files.tar + url: https://downloads.cloudbees.com/dsop-files/agent-files-0f282fe59508b7acdcafd1b49ec9a768fb2428c88f7824096965eb748ce3642b.tar + validation: + type: sha256 + value: 0f282fe59508b7acdcafd1b49ec9a768fb2428c88f7824096965eb748ce3642b +maintainers: +- email: productivity-team@cloudbees.com -- GitLab From be439c5eba4297719275aaf1254a36cdcba5af36 Mon Sep 17 00:00:00 2001 From: imontero Date: Thu, 4 Feb 2021 10:28:23 +0000 Subject: [PATCH 8/8] 2.263.2.4-ra --- Dockerfile | 4 ++-- README.md | 8 ++++---- hardening_manifest.yaml | 14 +++++++++----- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0381cde..5649bb3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,8 +26,8 @@ WORKDIR /home/${user} ENTRYPOINT ["entrypoint", "jenkins-agent"] -ARG TARBALL=files.tar -ADD ${TARBALL} / +COPY files.tar /tmp +RUN cd / && tar xvf /tmp/files.tar && rm /tmp/files.tar COPY scripts/ / RUN rpm -i /rpms/*.rpm && \ rm -rf /rpms && \ diff --git a/README.md b/README.md index 2d5baa8..b77c12b 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ CloudBees CI (formerly known as _CloudBees Core_) consists of three Docker image For each image, all files other than UBI and native packages are included in a `files.tar` marked with a SHA-256 checksum. -A version of CloudBees CI is given in the format `2.263.1.2` +A version of CloudBees CI is given in the format `2.263.2.4-ra` where the first three components are aligned with a Jenkins LTS. The Helm chart is coversioned with `core-oc`. The `core-mm` image typically shares the same version, @@ -22,13 +22,13 @@ plus whatever other customizations are desired: ```yaml OperationsCenter: Image: - dockerImage: your-registry/core-oc:2.263.1.2 + dockerImage: your-registry/core-oc:2.263.2.4-ra Master: Image: - dockerImage: your-registry/core-mm:2.263.1.2 + dockerImage: your-registry/core-mm:2.263.2.4-ra Agents: Image: - dockerImage: your-registry/agent:2.263.1.2 + dockerImage: your-registry/agent:2.263.2.4-ra ``` and [install via Helm 3](https://docs.cloudbees.com/docs/cloudbees-core/latest/kubernetes-install-guide/installing-kubernetes-using-helm) using the local copy of the chart: diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 93da2da..062671b 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -1,23 +1,27 @@ apiVersion: v1 name: cloudbees/core/agent tags: -- "2.263.1.2" +- "2.263.2.4-ra" - latest labels: - org.opencontainers.image.title: agent + org.opencontainers.image.title: "agent" org.opencontainers.image.description: "CloudBees CI (agent subcomponent)" org.opencontainers.image.licenses: proprietary org.opencontainers.image.url: https://docs.cloudbees.com/docs/cloudbees-ci/ org.opencontainers.image.vendor: CloudBees - org.opencontainers.image.version: "2.263.1.2" + org.opencontainers.image.version: "2.263.2.4-ra" mil.dso.ironbank.image.keywords: cicd mil.dso.ironbank.image.type: commercial mil.dso.ironbank.product.name: CloudBees CI +args: + BASE_IMAGE: "redhat/openjdk/openjdk8" + BASE_TAG: "1.8.0" resources: - filename: files.tar - url: https://downloads.cloudbees.com/dsop-files/agent-files-0f282fe59508b7acdcafd1b49ec9a768fb2428c88f7824096965eb748ce3642b.tar + url: https://downloads.cloudbees.com/dsop-files/agent-files-cc9d1052834f6b3cd943436374dd7081273d0f46e5ec8931974cb716fa004952.tar validation: type: sha256 - value: 0f282fe59508b7acdcafd1b49ec9a768fb2428c88f7824096965eb748ce3642b + value: "cc9d1052834f6b3cd943436374dd7081273d0f46e5ec8931974cb716fa004952" maintainers: - email: productivity-team@cloudbees.com +- email: andre.maksymowicz@centauricorp.com -- GitLab