From 774ec5625edfd3b2d26ce5071d5ff40b5fbd42c2 Mon Sep 17 00:00:00 2001
From: Steven Terhar <sterhar@gitlab.com>
Date: Thu, 5 Aug 2021 20:34:55 +0000
Subject: [PATCH] Added manifest, license, and readme

---
 LICENSE                 | 22 ++++++++++++++++++
 README.md               | 41 +++++++++++++++++++++++++++++++++
 hardening_manifest.yaml | 51 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 114 insertions(+)
 create mode 100644 LICENSE
 create mode 100644 README.md
 create mode 100644 hardening_manifest.yaml

diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..4077ae5
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2017
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..1ccac53
--- /dev/null
+++ b/README.md
@@ -0,0 +1,41 @@
+# gitlab-toolbox-container
+
+Gitlab Toolbox is an entry point for interaction with other containers in the cluster. It contains scripts for running Rake tasks, backup, restore, and tools to intract with object storage.
+
+## GitLab Build
+
+The hardened containers for GitLab require the gitlab correctly version assets blob to be available for download.
+
+There are some included scripts to make this easier for user building images offline on their machine.
+
+
+## Building
+
+1. Switch to the desired versioned directory
+2. Run `./build-scripts/build.sh`
+   * Runs docker build, and takes care of setting the appropriate build args for users running locally
+
+
+`build-script/build.sh` is provided as an example and helpful for building locally. You can also instead call docker build and pass build-args directly.
+
+## Build Phases
+
+Some of the GitLab containers are build ontop of previous containers, building the containers in ordered phases is necessary to build all containers.
+
+- Phase One
+  * kubectl
+  * gitlab-ruby
+  * gitlab-container-registry
+- Phase Two
+  * git-base
+  * gitlab-exporter
+  * gitlab-mailroom
+  * gitlab-shell
+  * gitlab-rails
+  * gitlab-workhorse
+- Phase 3
+  * gitaly
+- Phase 4
+  * gitlab-sidekiq
+  * gitlab-toolbox
+  * gitlab-webservice
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
new file mode 100644
index 0000000..6fdab78
--- /dev/null
+++ b/hardening_manifest.yaml
@@ -0,0 +1,51 @@
+apiVersion: v1
+# The repository name in registry1, excluding /ironbank/
+name: "gitlab/gitlab/gitlab-toolbox"
+# List of tags to push for the repository in registry1
+# The most specific version should be the first tag and will be shown
+# on ironbank.dsop.io
+tags:
+  - "14.1.2"
+  - "latest"
+# Build args passed to Dockerfile ARGs
+args:
+  BASE_IMAGE: "gitlab/gitlab/gitlab-rails"
+  BASE_TAG: "14.1.2"
+# Docker image labels
+labels:
+  org.opencontainers.image.title: "Gitlab Toolbox"
+  ## Human-readable description of the software packaged in the image
+  org.opencontainers.image.description: "GitLab Toolbox is an entry point for interaction with other containers in the cluster. It contains scripts for running Rake tasks, backup, restore, and tools to intract with object storage."
+  ## License(s) under which contained software is distributed
+  org.opencontainers.image.licenses: "MIT License"
+  ## URL to find more information on the image
+  org.opencontainers.image.url: "https://about.gitlab.com/"
+  ## Name of the distributing entity, organization or individual
+  org.opencontainers.image.vendor: "Gitlab"
+  org.opencontainers.image.version: "14.1.2"
+  ## Keywords to help with search (ex. "cicd,gitops,golang")
+  mil.dso.ironbank.image.keywords: "gitlab, git, gitops"
+  ## This value can be "opensource" or "commercial"
+  mil.dso.ironbank.image.type: "commercial"
+  ## Product the image belongs to for grouping multiple images
+  mil.dso.ironbank.product.name: "gitlab"
+# List of project maintainers
+# FIXME: Fill in the following details for the current container owner in the whitelist
+# FIXME: Include any other vendor information if applicable
+maintainers:
+  - email: "dj@gitlab.com "
+    #   # The name of the current container owner
+    name: "DJ Mountney"
+    #   # The gitlab username of the current container owner
+    username: "twk3"
+  #   cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT
+  - name: "Al Fontaine"
+    username: "alfontaine"
+    email: "alan.fontaine@centauricorp.com"
+  - email: "adam.martin@rancherfederal.com"
+    name: "Adam Martin"
+    username: "adam.martin"
+    cht_member: true
+resources: 
+
+
-- 
GitLab