From a4a28b4e82ad0f8c3c28b46319c9c776563b82aa Mon Sep 17 00:00:00 2001 From: Steven Terhar Date: Thu, 14 Jan 2021 13:41:15 +0000 Subject: [PATCH 1/3] Update Gitlab to 13.7.4 Security Release --- Dockerfile | 13 +++++++++++-- build-scripts/build.sh | 2 +- download.yaml | 11 +++++++++++ 3 files changed, 23 insertions(+), 3 deletions(-) create mode 100644 download.yaml diff --git a/Dockerfile b/Dockerfile index 467689d..8c03e8e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,8 @@ -ARG GITLAB_VERSION=v13.7.2-ubi8 +ARG GITLAB_VERSION=v13.7.4-ubi8 ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082 ARG BASE_IMAGE=gitlab/gitlab/gitlab-rails -ARG BASE_TAG=13.7.2 +ARG BASE_TAG=13.7.4 ARG RAILS_IMAGE=${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} @@ -12,6 +12,15 @@ ARG GITLAB_VERSION ARG GITLAB_USER=git ARG DNF_OPTS +LABEL source="https://gitlab.com/gitlab-org/build/CNG/-/tree/master/gitlab-task-runner" \ + name="GitLab Task Runner" \ + maintainer="GitLab Distribution Team" \ + vendor="GitLab" \ + version=${GITLAB_VERSION} \ + release=${GITLAB_VERSION} \ + summary="Task Runner is an entry point for interaction with other containers in the cluster." \ + description="Task Runner is an entry point for interaction with other containers in the cluster. It contains scripts for running Rake tasks, backup, restore, and tools to intract with object storage." + ADD gitlab-task-runner-ee.tar.gz / ADD gitlab-python.tar.gz / diff --git a/build-scripts/build.sh b/build-scripts/build.sh index b6c1e67..cd2d6b4 100755 --- a/build-scripts/build.sh +++ b/build-scripts/build.sh @@ -4,7 +4,7 @@ set -euxo pipefail -TAG=${1:-13.7.2} +TAG=${1:-13.7.4} REPOSITORY=${2:-} DOCKER_OPTS=${DOCKER_OPTS:-""} diff --git a/download.yaml b/download.yaml new file mode 100644 index 0000000..5c493f1 --- /dev/null +++ b/download.yaml @@ -0,0 +1,11 @@ +resources: + - url: "https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v13.7.4-ubi8/gitlab-task-runner-ee.tar.gz" + filename: "gitlab-task-runner-ee.tar.gz" + validation: + type: "sha256" + value: "551abf4b19c1e3c0732ab03174a75d84aed6f8f4bd039baaf0911d083bfb7f8d" + - url: "https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v13.7.4-ubi8/gitlab-python.tar.gz" + filename: "gitlab-python.tar.gz" + validation: + type: "sha256" + value: "938506e3a8e963662685f471bc0631a39d78f35b523decab5e00d0fecad4c1ac" -- GitLab From 2150b68d95eda5b9b876fafb95bf9107f5a88229 Mon Sep 17 00:00:00 2001 From: Al Fontaine Date: Fri, 15 Jan 2021 20:50:03 +0000 Subject: [PATCH 2/3] Update hardening_manifest.yaml --- hardening_manifest.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 33a7605..58726ac 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,13 +8,13 @@ name: "gitlab/gitlab/gitlab-task-runner" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "13.7.2" +- "13.7.4" - "latest" # Build args passed to Dockerfile ARGs args: BASE_IMAGE: "gitlab/gitlab/gitlab-rails" - BASE_TAG: "13.7.2" + BASE_TAG: "13.7.4" # Docker image labels labels: @@ -27,7 +27,7 @@ labels: org.opencontainers.image.url: "https://about.gitlab.com/" ## Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "Gitlab" - org.opencontainers.image.version: "13.7.2" + org.opencontainers.image.version: "13.7.4" ## Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "gitlab, git, gitops" ## This value can be "opensource" or "commercial" @@ -39,15 +39,15 @@ labels: # List of resources to make available to the offline build context resources: - filename: gitlab-task-runner-ee.tar.gz - url: http://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v13.7.2-ubi8/gitlab-task-runner-ee.tar.gz + url: https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v13.7.4-ubi8/gitlab-task-runner-ee.tar.gz validation: type: sha256 - value: d18a9cbbd0d0b9f3019b81b51e01b749f390a1d466dcdbbcff7ac458efcf49a6 + value: 551abf4b19c1e3c0732ab03174a75d84aed6f8f4bd039baaf0911d083bfb7f8d - filename: gitlab-python.tar.gz - url: http://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v13.7.2-ubi8/gitlab-python.tar.gz + url: https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v13.7.4-ubi8/gitlab-python.tar.gz validation: type: sha256 - value: 101df55159a1e40ec6ccd03bb5788f57d6192019e4a9f5889bc49fad821010af + value: 938506e3a8e963662685f471bc0631a39d78f35b523decab5e00d0fecad4c1ac # List of project maintainers # FIXME: Fill in the following details for the current container owner in the whitelist -- GitLab From bf31f7fbf4f3157443190173a35d50823419a666 Mon Sep 17 00:00:00 2001 From: Al Fontaine Date: Fri, 15 Jan 2021 20:50:20 +0000 Subject: [PATCH 3/3] Delete download.yaml --- download.yaml | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 download.yaml diff --git a/download.yaml b/download.yaml deleted file mode 100644 index 5c493f1..0000000 --- a/download.yaml +++ /dev/null @@ -1,11 +0,0 @@ -resources: - - url: "https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v13.7.4-ubi8/gitlab-task-runner-ee.tar.gz" - filename: "gitlab-task-runner-ee.tar.gz" - validation: - type: "sha256" - value: "551abf4b19c1e3c0732ab03174a75d84aed6f8f4bd039baaf0911d083bfb7f8d" - - url: "https://gitlab-ubi.s3.amazonaws.com/ubi8-build-dependencies-v13.7.4-ubi8/gitlab-python.tar.gz" - filename: "gitlab-python.tar.gz" - validation: - type: "sha256" - value: "938506e3a8e963662685f471bc0631a39d78f35b523decab5e00d0fecad4c1ac" -- GitLab