From b67aa93fb4345d26abe4a2fd8cd47980c7167398 Mon Sep 17 00:00:00 2001
From: imontero <imontero@cloudbees.com>
Date: Thu, 5 Aug 2021 13:01:09 +0000
Subject: [PATCH] 2.289.3.2-ra

---
 Dockerfile                           |  4 ++--
 README.md                            |  8 ++++----
 hardening_manifest.yaml              |  8 ++++----
 helm/Chart.yaml                      |  4 ++--
 helm/README-template.md              |  4 +++-
 helm/README.md                       |  4 +++-
 helm/templates/cjoc-statefulset.yaml | 14 ++++++++++++++
 helm/values.yaml                     | 16 +++++++++++++---
 scripts/usr/local/bin/jenkins.sh     |  2 +-
 9 files changed, 46 insertions(+), 18 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index b64454a..c40f3bc 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -42,8 +42,8 @@ HEALTHCHECK --interval=5m --timeout=3s \
   CMD curl -fsL ${JENKINS_URL}/login || exit 1
 
 # L-A-B-E-L securitytxt="https://www.cloudbees.com/.well-known/security.txt"
-# L-A-B-E-L release=c96254800631d0ea4eff5ff0347232e658eaac0b
-# L-A-B-E-L version=2.289.2.2-ra
+# L-A-B-E-L release=fcdc87a35cf67052d4222b11ced2e6c42678402d
+# L-A-B-E-L version=2.289.3.2-ra
 
 COPY files.tar /tmp
 RUN cd / && tar xvf /tmp/files.tar && rm /tmp/files.tar
diff --git a/README.md b/README.md
index 999819d..fc56bca 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@ CloudBees CI (formerly known as _CloudBees Core_) consists of three Docker image
 For each image, all files other than UBI and native packages
 are included in a `files.tar` marked with a SHA-256 checksum.
 
-A version of CloudBees CI is given in the format `2.289.2.2-ra`
+A version of CloudBees CI is given in the format `2.289.3.2-ra`
 where the first three components are aligned with a Jenkins LTS.
 The Helm chart is coversioned with `core-oc`.
 The `core-mm` image typically shares the same version,
@@ -25,13 +25,13 @@ plus whatever other customizations are desired:
 ```yaml
 OperationsCenter:
   Image:
-    dockerImage: your-registry/core-oc:2.289.2.2-ra
+    dockerImage: your-registry/core-oc:2.289.3.2-ra
 Master:
   Image:
-    dockerImage: your-registry/core-mm:2.289.2.2-ra
+    dockerImage: your-registry/core-mm:2.289.3.2-ra
 Agents:
   Image:
-    dockerImage: your-registry/agent:2.289.2.2-ra
+    dockerImage: your-registry/agent:2.289.3.2-ra
 ```
 
 and [install via Helm 3](https://docs.cloudbees.com/docs/cloudbees-core/latest/kubernetes-install-guide/installing-kubernetes-using-helm) using the local copy of the chart:
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 3a14cb8..2efd661 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: "cloudbees/core/core-oc"
 tags:
-- "2.289.2.2-ra"
+- "2.289.3.2-ra"
 - latest
 labels:
   org.opencontainers.image.title: "core-oc"
@@ -9,7 +9,7 @@ labels:
   org.opencontainers.image.licenses: proprietary
   org.opencontainers.image.url: https://docs.cloudbees.com/docs/cloudbees-ci/
   org.opencontainers.image.vendor: CloudBees
-  org.opencontainers.image.version: "2.289.2.2-ra"
+  org.opencontainers.image.version: "2.289.3.2-ra"
   mil.dso.ironbank.image.keywords: cicd
   mil.dso.ironbank.image.type: commercial
   mil.dso.ironbank.product.name: CloudBees CI
@@ -18,10 +18,10 @@ args:
   BASE_TAG: "1.8.0"
 resources:
 - filename: files.tar
-  url: https://downloads.cloudbees.com/dsop-files/core-oc-files-71a113b144f0329c38424fc6836e9ccfda772fff3399c89b5dac485c6c954635.tar
+  url: https://downloads.cloudbees.com/dsop-files/core-oc-files-2d243c95029bbdfeb19081775dfce57e6a82d3f54fd564bce07485ff6c7ec846.tar
   validation:
     type: sha256
-    value: "71a113b144f0329c38424fc6836e9ccfda772fff3399c89b5dac485c6c954635"
+    value: "2d243c95029bbdfeb19081775dfce57e6a82d3f54fd564bce07485ff6c7ec846"
 maintainers:
 - email: productivity-team@cloudbees.com
   name: CloudBees
diff --git a/helm/Chart.yaml b/helm/Chart.yaml
index 0adaf6a..569e979 100644
--- a/helm/Chart.yaml
+++ b/helm/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: cloudbees-core
-version: 3.33.0
+version: 3.34.1
 description: Enterprise Continuous Integration with Jenkins
 keywords:
   - cloudbees
@@ -20,7 +20,7 @@ dependencies:
     repository: https://charts.cloudbees.com/public/cloudbees
     condition: sidecarinjector.Enabled
 icon: https://images.ctfassets.net/vtn4rfaw6n2j/7xprMMXARXDBuVxW4y8XfV/349fff91035050e3f2a8ff37bc0615b5/cloudbees-core-logo_header.svg
-appVersion: 2.289.2.2
+appVersion: 2.289.3.2
 annotations:
   artifacthub.io/links: |
     - name: Product overview
diff --git a/helm/README-template.md b/helm/README-template.md
index 9035955..fce31b4 100644
--- a/helm/README-template.md
+++ b/helm/README-template.md
@@ -1,6 +1,6 @@
 # cloudbees-core
 
-![Version: 3.33.0](https://img.shields.io/badge/Version-3.33.0-informational?style=flat-square) ![AppVersion: 2.289.2.2](https://img.shields.io/badge/AppVersion-2.289.2.2-informational?style=flat-square)
+![Version: 3.34.1](https://img.shields.io/badge/Version-3.34.1-informational?style=flat-square) ![AppVersion: 2.289.3.2](https://img.shields.io/badge/AppVersion-2.289.3.2-informational?style=flat-square)
 
 [CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides:
 
@@ -129,6 +129,8 @@ CloudBees provides complete and more detailed installation and operation documen
 | OperationsCenter.AgentListenerPort | int | `50000` | Container port for agent listener traffic |
 | OperationsCenter.Annotations | object | `{}` | Additional annotations to put on the pod running Operations Center |
 | OperationsCenter.CSRF.ProxyCompatibility | bool | `false` | Proxy compatibility for the default CSRF issuer |
+| OperationsCenter.CasC.ConfigMapName | string | `"oc-casc-bundle"` | the name of the ConfigMap used to configure Operations Center. Note: this property can point to a ConfigMap defined in OperationsCenter.ExtraConfigMaps, or any ConfigMap that exists in the cluster. If CasC is enabled and the ConfigMap doesn't exist, Operations Center will start up normally as if no CasC bundle is installed. |
+| OperationsCenter.CasC.Enabled | bool | `false` | enable or disable CasC for Operations Center. |
 | OperationsCenter.ContainerPort | int | `8080` | Container port for http traffic |
 | OperationsCenter.ContextPath | string | `nil` | the path under which Operations Center will be accessible in the given host. DEPRECATED - Use OperationsCenter.Name instead. |
 | OperationsCenter.Enabled | bool | `true` | Disable for particular use case like setting up namespaces to host masters only |
diff --git a/helm/README.md b/helm/README.md
index e66b336..fb686d3 100644
--- a/helm/README.md
+++ b/helm/README.md
@@ -1,6 +1,6 @@
 # cloudbees-core
 
-![Version: 3.33.0](https://img.shields.io/badge/Version-3.33.0-informational?style=flat-square) ![AppVersion: 2.289.2.2](https://img.shields.io/badge/AppVersion-2.289.2.2-informational?style=flat-square)
+![Version: 3.34.1](https://img.shields.io/badge/Version-3.34.1-informational?style=flat-square) ![AppVersion: 2.289.3.2](https://img.shields.io/badge/AppVersion-2.289.3.2-informational?style=flat-square)
 
 [CloudBees CI](https://www.cloudbees.com/products/continuous-integration) is the continuous integration platform architected for the enterprise. It provides:
 
@@ -129,6 +129,8 @@ CloudBees provides complete and more detailed installation and operation documen
 | OperationsCenter.AgentListenerPort | int | `50000` | Container port for agent listener traffic |
 | OperationsCenter.Annotations | object | `{}` | Additional annotations to put on the pod running Operations Center |
 | OperationsCenter.CSRF.ProxyCompatibility | bool | `false` | Proxy compatibility for the default CSRF issuer |
+| OperationsCenter.CasC.ConfigMapName | string | `"oc-casc-bundle"` | the name of the ConfigMap used to configure Operations Center. Note: this property can point to a ConfigMap defined in OperationsCenter.ExtraConfigMaps, or any ConfigMap that exists in the cluster. If CasC is enabled and the ConfigMap doesn't exist, Operations Center will start up normally as if no CasC bundle is installed. |
+| OperationsCenter.CasC.Enabled | bool | `false` | enable or disable CasC for Operations Center. |
 | OperationsCenter.ContainerPort | int | `8080` | Container port for http traffic |
 | OperationsCenter.ContextPath | string | `nil` | the path under which Operations Center will be accessible in the given host. DEPRECATED - Use OperationsCenter.Name instead. |
 | OperationsCenter.Enabled | bool | `true` | Disable for particular use case like setting up namespaces to host masters only |
diff --git a/helm/templates/cjoc-statefulset.yaml b/helm/templates/cjoc-statefulset.yaml
index 84b1e20..23f7af3 100644
--- a/helm/templates/cjoc-statefulset.yaml
+++ b/helm/templates/cjoc-statefulset.yaml
@@ -176,6 +176,9 @@ spec:
             {{- end }}
             -Dcom.cloudbees.jenkins.plugins.platform.PlatformServer.apiUrl=https://flow-server.{{ .Release.Namespace }}:8443/
             {{- end }}
+            {{- if .Values.OperationsCenter.CasC.Enabled }}
+            -Dcore.casc.config.bundle=/var/jenkins_config/oc-casc-bundle
+            {{- end }}
             -XX:+UseG1GC
             -XX:+DisableExplicitGC
         ports:
@@ -203,6 +206,11 @@ spec:
           readOnly: true
         - name: tmp
           mountPath: /tmp
+        {{- if .Values.OperationsCenter.CasC.Enabled }}
+        - name: oc-casc-bundle
+          mountPath: /var/jenkins_config/oc-casc-bundle
+          readOnly: true
+        {{- end }}
 {{- if .Values.OperationsCenter.ExtraVolumeMounts }}
 {{toYaml .Values.OperationsCenter.ExtraVolumeMounts | indent 8}}
 {{- end }}
@@ -231,6 +239,12 @@ spec:
           name: cjoc-configure-jenkins-groovy
       - name: tmp
         emptyDir: {}
+      {{- if .Values.OperationsCenter.CasC.Enabled }}
+      - name: oc-casc-bundle
+        configMap:
+          name: {{ .Values.OperationsCenter.CasC.ConfigMapName | quote }}
+          optional: true
+      {{- end }}
 {{- if .Values.OperationsCenter.ExtraVolumes }}
 {{toYaml .Values.OperationsCenter.ExtraVolumes | indent 6}}
 {{- end }}
diff --git a/helm/values.yaml b/helm/values.yaml
index ea31f18..5abfae7 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -57,7 +57,7 @@ OperationsCenter:
   # Operations Center docker image
   Image:
     # OperationsCenter.Image.dockerImage -- Container image to use for Operations Center
-    dockerImage: dcar/core-oc:2.289.2.2-ra
+    dockerImage: dcar/core-oc:2.289.3.2-ra
     # OperationsCenter.Image.dockerPullPolicy -- https://kubernetes.io/docs/concepts/containers/images/#updating-images
     dockerPullPolicy: null
 
@@ -67,6 +67,16 @@ OperationsCenter:
   # OperationsCenter.ImagePullSecrets -- Name of image pull secret to pull private Docker images or an array of image pull secrets
   ImagePullSecrets: null
 
+  # Configuration as Code (CasC) for Operations Center.
+  CasC:
+    # OperationsCenter.CasC.Enabled -- enable or disable CasC for Operations Center.
+    Enabled: false
+    # OperationsCenter.CasC.ConfigMapName -- the name of the ConfigMap used to configure Operations Center.
+    # Note: this property can point to a ConfigMap defined in OperationsCenter.ExtraConfigMaps,
+    # or any ConfigMap that exists in the cluster. If CasC is enabled and the ConfigMap doesn't exist,
+    # Operations Center will start up normally as if no CasC bundle is installed.
+    ConfigMapName: oc-casc-bundle
+
   # OperationsCenter.Platform -- Enables specific settings depending on the platform
   # platform specific values are: `eks`, `aws`, `gke`, `aks`, `openshift`, `openshift4`
   # Note: `openshift` maps to OpenShift 3.x
@@ -262,7 +272,7 @@ Master:
   # Docker image inserted in Operations Center automatically
   Image:
     # Master.Image.dockerImage -- Used to override the default docker image
-    dockerImage: dcar/core-mm:2.289.2.2-ra
+    dockerImage: dcar/core-mm:2.289.3.2-ra
   # Master.JavaOpts -- Additional Java options to pass to managed masters. For example, setting up a JMX port
   JavaOpts: null
 
@@ -279,7 +289,7 @@ Agents:
     Create: false
   Image:
     # Agents.Image.dockerImage -- Used to override the default docker image used for agents
-    dockerImage: dcar/agent:2.289.2.2-ra
+    dockerImage: dcar/agent:2.289.3.2-ra
   # Image pull secrets
   # Enable this option when using a private registry.
   # https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line
diff --git a/scripts/usr/local/bin/jenkins.sh b/scripts/usr/local/bin/jenkins.sh
index 96864fe..21d8c25 100644
--- a/scripts/usr/local/bin/jenkins.sh
+++ b/scripts/usr/local/bin/jenkins.sh
@@ -52,7 +52,7 @@ find /usr/share/jenkins/ref/ -type f -exec bash -c "copy_reference_file '{}'" \;
 
 # if `docker run` first argument start with `--` the user is passing jenkins launcher arguments
 if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then
-  eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=c96254800631d0ea4eff5ff0347232e658eaac0b /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\""
+  eval "exec java ${JAVA_OPTS:-} -jar -Dcb.distributable.name=\"Docker Common CJE\" -Dcb.distributable.commit_sha=fcdc87a35cf67052d4222b11ced2e6c42678402d /usr/share/jenkins/jenkins.war $JENKINS_OPTS \"\$@\""
 fi
 
 # As argument is not jenkins, assume user want to run his own process, for sample a `bash` shell to explore this image
-- 
GitLab