Merge branch 'development' into 'master'

Development See merge request !30

Merge branch 'development' into 'master'
Development See merge request !30
29de5cf0 · Andy Maksymowicz · a2968fba · 6955551c · 29de5cf0 · a2968fba
Commit 29de5cf0 authored Dec 29, 2020 by Andy Maksymowicz
Showing with 79 additions and 24 deletions

Dockerfile Dockerfile +5 -12

Jenkinsfile Jenkinsfile +0 -3

download.yaml download.yaml +0 -3

hardening_manifest.yaml hardening_manifest.yaml +50 -0

renovate.json renovate.json +24 -6

No files found.
--- a/Dockerfile
+++ b/Dockerfile
-ARG BASE_REGISTRY=nexus-docker-secure.levelup-dev.io
+ARG BASE_REGISTRY=registry1.dsop.io
 ARG BASE_IMAGE=ubi8
-ARG BASE_TAG=8.2
+ARG BASE_TAG=8.3
-FROM vault:1.6.0 AS source
+FROM vault:1.6.1 AS source
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
-LABEL org.opencontainers.image.title="vault" \
-      org.opencontainers.image.description="Vault is a tool for securely accessing secrets." \
-      org.opencontainers.image.licenses="MPL-2.0" \
-      org.opencontainers.image.url="https://www.vaultproject.io/" \
-      org.opencontainers.image.version="1.6.0" \
-      maintainer="cht@dsop.io"
 COPY --from=source /bin/vault /bin/vault
 COPY scripts/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
@@ -23,11 +16,11 @@ RUN groupadd -g 1001 vault && \
    mkdir -p /vault/config && \
    chown -R vault:vault /vault
-EXPOSE 8200 
+EXPOSE 8200
 USER vault
 HEALTHCHECK --interval=5m --timeout=30s --start-period=1m --retries=3 \
-  CMD curl -f http://locahost:8200/v1/sys/health?standbyok=true || exit 1 
+  CMD curl -f http://locahost:8200/v1/sys/health?standbyok=true || exit 1
 ENTRYPOINT ["docker-entrypoint.sh"]
 CMD ["server"]
--- a/Jenkinsfile
+++ b/Jenkinsfile
-@Library('DCCSCR@master') _
-dccscrPipeline(version: "1.6.0")
--- a/download.yaml
+++ b/download.yaml
-resources:
-  - url: "docker://docker.io/library/vault@sha256:b04266db3e7ece92690df720fcf98ecf138a92ed3d1edc14dc86fe814c33ab9b"
-    tag: "vault:1.6.0"
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
+---
+apiVersion: v1
+# The repository name in registry1, excluding /ironbank/
+name: "hashicorp/vault/vault"
+# List of tags to push for the repository in registry1
+# The most specific version should be the first tag and will be shown
+# on ironbank.dsop.io
+tags:
+- "1.6.1"
+- "latest"
+# Build args passed to Dockerfile ARGs
+args:
+  BASE_IMAGE: "redhat/ubi/ubi8"
+  BASE_TAG: "8.3"
+# Docker image labels
+labels:
+  org.opencontainers.image.title: "vault"
+  ## Human-readable description of the software packaged in the image
+  org.opencontainers.image.description: "Vault is a tool for securely accessing secrets."
+  ## License(s) under which contained software is distributed
+  org.opencontainers.image.licenses: "MPL-2.0"
+  ## URL to find more information on the image
+  org.opencontainers.image.url: "https://www.vaultproject.io/"
+  ## Name of the distributing entity, organization or individual
+  org.opencontainers.image.vendor: "Hashicorp"
+  org.opencontainers.image.version: "1.6.1"
+  ## Keywords to help with search (ex. "cicd,gitops,golang")
+  mil.dso.ironbank.image.keywords: "opensource"
+  ## This value can be "opensource" or "commercial"
+  mil.dso.ironbank.image.type: "opensource"
+  ## Product the image belongs to for grouping multiple images
+  mil.dso.ironbank.product.name: "Apache vault"
+# List of resources to make available to the offline build context
+resources:
+- tag: vault:1.6.1
+  url: docker://docker.io/library/vault@sha256:e2fedbd8dadb71d909c7f989c8182b82052107aeb09f62ec18e5fb24fc622c53
+# List of project maintainers
+maintainers:
+- email: "shen_vickie@bah.com"
+#   # The name of the current container owner
+  name: "Vickie Shen"
+#   # The gitlab username of the current container owner
+  username: "shen_vickie"
+  cht_member: true
--- a/renovate.json
+++ b/renovate.json
 {
-  "assignees": ["@sean.melissari"],
+  "assignees": [
-  "baseBranches": ["development"],
+    "@sean.melissari"
+  ],
+  "baseBranches": [
+    "development"
+  ],
  "regexManagers": [
    {
-      "fileMatch": ["^Dockerfile$"],
+      "fileMatch": [
+        "^Dockerfile$"
+      ],
      "matchStrings": [
        "version=\"(?<currentValue>.*?)\""
      ],
@@ -11,12 +17,24 @@
      "datasourceTemplate": "docker"
    },
    {
-      "fileMatch": ["^Jenkinsfile$"],
+      "fileMatch": [
+        "^hardening_manifest.yaml$"
+      ],
+      "matchStrings": [
+        "org\\.opencontainers\\.image\\.version:\\s+\"(?<currentValue>.+?)\""
+      ],
+      "depNameTemplate": "vault",
+      "datasourceTemplate": "docker"
+    },
+    {
+      "fileMatch": [
+        "^hardening_manifest.yaml$"
+      ],
      "matchStrings": [
-        "version:\\s+\"(?<currentValue>.*?)\""
+        "tags:\\s+-\\s+\"(?<currentValue>.+?)\""
      ],
      "depNameTemplate": "vault",
      "datasourceTemplate": "docker"
    }
  ]
 }
\ No newline at end of file