Migrate to hardening_manifest.yaml

Dockerfile

@@ -76,13 +76,6 @@ RUN groupadd --gid 1000 ${ELASTIC_PRODUCT} && useradd --uid 1000 --gid 1000 --gr
 USER ${ELASTIC_PRODUCT}
 ENV ELASTIC_PRODUCT=${ELASTIC_PRODUCT}
 
-LABEL org.label-schema.schema-version="1.0" \
-  org.label-schema.vendor="Elastic" \
-  org.label-schema.name="${ELASTIC_PRODUCT}" \
-  org.label-schema.version="${ELASTIC_STACK}" \
-  org.label-schema.url="https://www.elastic.co/products/beats/${ELASTIC_PRODUCT}" \
-  org.label-schema.vcs-url="https://github.com/elastic/${ELASTIC_PRODUCT}" \
-  org.label-schema.license="Elastic License" license="Elastic License"
 
 ENTRYPOINT ["/usr/local/bin/dumb-init", "--", "/usr/share/metricbeat/metricbeat", "-E", "http.enabled=true", "-E", "http.host=unix:///usr/share/metricbeat/data/metricbeat.sock"]
 CMD ["-environment", "container"]

Jenkinsfile

-@Library('DCCSCR@master') _
-dccscrPipeline(version: '7.10.0')

download.json

-{
-  "resources": [
-    {
-      "url": "https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.10.0-linux-x86_64.tar.gz",
-      "filename": "metricbeat-7.10.0-linux-x86_64.tar.gz",
-      "validation": {
-        "type": "sha512",
-        "value": "d29f809ce1fe81aff4a20f8626c2ee4aeec0842ba5346d83b62db7d1bbe22bc7a123bc513c8fbd5f1de2ecf5c064790e72e3da89d9a2691f43b56c84e4bb743d"
-      }
-    },
-    {
-      "url": "https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_amd64",
-      "filename": "dumb-init",
-      "validation": {
-        "type": "sha256",
-        "value": "37f2c1f0372a45554f1b89924fbb134fc24c3756efaedf11e07f599494e0eff9"
-      }
-    }
-  ]
-}

hardening_manifest.yaml

+---
+apiVersion: v1
+
+# The repository name in registry1, excluding /ironbank/
+name: "elastic/beats/metricbeat"
+
+# List of tags to push for the repository in registry1
+# The most specific version should be the first tag and will be shown
+# on ironbank.dsop.io
+tags:
+- "7.10.0"
+- "latest"
+
+# Build args passed to Dockerfile ARGs
+args:
+  BASE_IMAGE: "redhat/ubi/ubi8"
+  BASE_TAG: "8.3"
+
+# Docker image labels
+labels:
+  org.opencontainers.image.title: "metricbeat"
+  ## Human-readable description of the software packaged in the image
+  # org.opencontainers.image.description: "FIXME"
+  ## License(s) under which contained software is distributed
+  # org.opencontainers.image.licenses: "FIXME"
+  ## URL to find more information on the image
+  # org.opencontainers.image.url: "FIXME"
+  ## Name of the distributing entity, organization or individual
+  # org.opencontainers.image.vendor: "FIXME"
+  org.opencontainers.image.version: "7.10.0"
+  ## Keywords to help with search (ex. "cicd,gitops,golang")
+  # mil.dso.ironbank.image.keywords: "FIXME"
+  ## This value can be "opensource" or "commercial"
+  # mil.dso.ironbank.image.type: "FIXME"
+  ## Product the image belongs to for grouping multiple images
+  # mil.dso.ironbank.product.name: "FIXME"
+
+# List of resources to make available to the offline build context
+resources:
+- filename: metricbeat-7.10.0-linux-x86_64.tar.gz
+  url: https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.10.0-linux-x86_64.tar.gz
+  validation:
+    type: sha512
+    value: d29f809ce1fe81aff4a20f8626c2ee4aeec0842ba5346d83b62db7d1bbe22bc7a123bc513c8fbd5f1de2ecf5c064790e72e3da89d9a2691f43b56c84e4bb743d
+- filename: dumb-init
+  url: https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_amd64
+  validation:
+    type: sha256
+    value: 37f2c1f0372a45554f1b89924fbb134fc24c3756efaedf11e07f599494e0eff9
+
+# List of project maintainers
+# FIXME: Fill in the following details for the current container owner in the whitelist
+# FIXME: Include any other vendor information if applicable
+maintainers:
+- email: "nassim.kammah@elastic.co"
+#   # The name of the current container owner
+#   name: "FIXME"
+#   # The gitlab username of the current container owner
+#   username: "FIXME"
+#   cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT
+# - name: "FIXME"
+#   username: "FIXME"
+#   email: "FIXME"