Migrate to hardening_manifest.yaml

4103b3b6 · ironbank-bot · 58f83b88 · 4103b3b6 · 58f83b88 · 58f83b88
Commit 4103b3b6 authored Dec 10, 2020 by ironbank-bot
Show whitespace changes
Inline Side-by-side

Showing with 173 additions and 129 deletions

Dockerfile Dockerfile +70 -76

Jenkinsfile Jenkinsfile +0 -2

download.yaml download.yaml +0 -51

hardening_manifest.yaml hardening_manifest.yaml +103 -0

No files found.
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,12 +8,6 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 RUN groupadd -r mongodb && useradd --no-log-init -r -g mongodb mongodb; \
 	mkhomedir_helper mongodb;
-LABEL name="MongoDB Community Server" \
-	description="MongoDB Community Server image based on the Red Hat Universal Base Image for DSOP." \
-	vendor="MongoDB Inc." \
-	summary="MongoDB (Red Hat UBI)" \
-	maintainer="michael.simmons@anchore.com" \
-	version="4.4.1"
 RUN set -eux; \
 	dnf repolist; \

--- a/Jenkinsfile
+++ b/Jenkinsfile
-@Library('DCCSCR@master') _
-dccscrPipeline(version: "4.4.1")
--- a/download.yaml
+++ b/download.yaml
-resources: 
-  - url: https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-4.4.1-1.el8.x86_64.rpm
-    filename: mongodb-org.rpm
-    validation:
-      type: sha256
-      value: fdcfae773806144b2072882cdc3757293d354617940ed882bdc04fbb774f452f 
-  - url: https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-mongos-4.4.1-1.el8.x86_64.rpm
-    filename: mongodb-org-mongos.rpm
-    validation:
-      type: sha256
-      value: c9b8011ca350157a83b93e02cc7a120a0b96255d609d20b87971222a2cf8acb0
-  - url: https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-server-4.4.1-1.el8.x86_64.rpm
-    filename: mongodb-org-server.rpm
-    validation:
-      type: sha256
-      value: 76f7e65e39c5ca563f7dc15868f2accc43da6f0654eb72ef054407f7755d841f     
-  - url: https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-shell-4.4.1-1.el8.x86_64.rpm
-    filename: mongodb-org-shell.rpm
-    validation:
-      type: sha256
-      value: 9089c4d5dd05cde71c7ed509454c8158251def4c5b0cc0b9b03940dc18696cc0     
-  - url: https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-tools-4.4.1-1.el8.x86_64.rpm
-    filename: mongodb-org-tools.rpm
-    validation:
-      type: sha256
-      value: b8ef170cd79cf53a2ebda6288ee31ee8e8f6757991ffb6cfc3092b930927c832     
-  - url: https://raw.githubusercontent.com/nodeca/js-yaml/3.13.0/dist/js-yaml.js
-    filename: js-yaml.js
-    validation:
-      type: sha256
-      value: 490a40d65dabe72b9c34567fa9ce5da53c577a3c761b568ceba994751e6e74b9    
-  - url: https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64
-    filename: jq-linux64
-    validation:
-      type: sha256
-      value: af986793a515d500ab2d35f8d2aecd656e764504b789b66d7e1a0b727a124c44    
-  - url: https://github.com/tianon/gosu/releases/download/1.11/gosu-amd64
-    filename: gosu-amd64
-    validation:
-      type: sha256
-      value: 0b843df6d86e270c5b0f5cbd3c326a04e18f4b7f9b8457fa497b0454c4b138d7    
-  - url: https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-database-tools-100.2.0.x86_64.rpm
-    filename: mongodb-database-tools.rpm
-    validation:
-      type: sha256
-      value: 0d330820e283eb47bec82fe37306b0e759de7e97995b33f1ef73c9fbfd723b22    
-  - url: https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-database-tools-extra-4.4.1-1.el8.x86_64.rpm
-    filename: mongodb-org-database-tools-extra.rpm
-    validation:
-      type: sha256
-      value: b22e8118bacf3311c65bc65e6e1975dfb0e31ee86cfd4452d3e82ac64bdead64  
\ No newline at end of file
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
+---
+apiVersion: v1
+# The repository name in registry1, excluding /ironbank/
+name: "opensource/mongodb/mongodb"
+# List of tags to push for the repository in registry1
+# The most specific version should be the first tag and will be shown
+# on ironbank.dsop.io
+tags:
+- "4.4.1"
+- "latest"
+# Build args passed to Dockerfile ARGs
+args:
+  BASE_IMAGE: "redhat/ubi/ubi8"
+  BASE_TAG: "8.3"
+# Docker image labels
+labels:
+  org.opencontainers.image.title: "mongodb"
+  ## Human-readable description of the software packaged in the image
+  # org.opencontainers.image.description: "FIXME"
+  ## License(s) under which contained software is distributed
+  # org.opencontainers.image.licenses: "FIXME"
+  ## URL to find more information on the image
+  # org.opencontainers.image.url: "FIXME"
+  ## Name of the distributing entity, organization or individual
+  # org.opencontainers.image.vendor: "FIXME"
+  org.opencontainers.image.version: "4.4.1"
+  ## Keywords to help with search (ex. "cicd,gitops,golang")
+  # mil.dso.ironbank.image.keywords: "FIXME"
+  ## This value can be "opensource" or "commercial"
+  # mil.dso.ironbank.image.type: "FIXME"
+  ## Product the image belongs to for grouping multiple images
+  # mil.dso.ironbank.product.name: "FIXME"
+# List of resources to make available to the offline build context
+resources:
+- filename: mongodb-org.rpm
+  url: https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-4.4.1-1.el8.x86_64.rpm
+  validation:
+    type: sha256
+    value: fdcfae773806144b2072882cdc3757293d354617940ed882bdc04fbb774f452f
+- filename: mongodb-org-mongos.rpm
+  url: https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-mongos-4.4.1-1.el8.x86_64.rpm
+  validation:
+    type: sha256
+    value: c9b8011ca350157a83b93e02cc7a120a0b96255d609d20b87971222a2cf8acb0
+- filename: mongodb-org-server.rpm
+  url: https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-server-4.4.1-1.el8.x86_64.rpm
+  validation:
+    type: sha256
+    value: 76f7e65e39c5ca563f7dc15868f2accc43da6f0654eb72ef054407f7755d841f
+- filename: mongodb-org-shell.rpm
+  url: https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-shell-4.4.1-1.el8.x86_64.rpm
+  validation:
+    type: sha256
+    value: 9089c4d5dd05cde71c7ed509454c8158251def4c5b0cc0b9b03940dc18696cc0
+- filename: mongodb-org-tools.rpm
+  url: https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-tools-4.4.1-1.el8.x86_64.rpm
+  validation:
+    type: sha256
+    value: b8ef170cd79cf53a2ebda6288ee31ee8e8f6757991ffb6cfc3092b930927c832
+- filename: js-yaml.js
+  url: https://raw.githubusercontent.com/nodeca/js-yaml/3.13.0/dist/js-yaml.js
+  validation:
+    type: sha256
+    value: 490a40d65dabe72b9c34567fa9ce5da53c577a3c761b568ceba994751e6e74b9
+- filename: jq-linux64
+  url: https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64
+  validation:
+    type: sha256
+    value: af986793a515d500ab2d35f8d2aecd656e764504b789b66d7e1a0b727a124c44
+- filename: gosu-amd64
+  url: https://github.com/tianon/gosu/releases/download/1.11/gosu-amd64
+  validation:
+    type: sha256
+    value: 0b843df6d86e270c5b0f5cbd3c326a04e18f4b7f9b8457fa497b0454c4b138d7
+- filename: mongodb-database-tools.rpm
+  url: https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-database-tools-100.2.0.x86_64.rpm
+  validation:
+    type: sha256
+    value: 0d330820e283eb47bec82fe37306b0e759de7e97995b33f1ef73c9fbfd723b22
+- filename: mongodb-org-database-tools-extra.rpm
+  url: https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/RPMS/mongodb-org-database-tools-extra-4.4.1-1.el8.x86_64.rpm
+  validation:
+    type: sha256
+    value: b22e8118bacf3311c65bc65e6e1975dfb0e31ee86cfd4452d3e82ac64bdead64
+# List of project maintainers
+# FIXME: Fill in the following details for the current container owner in the whitelist
+# FIXME: Include any other vendor information if applicable
+maintainers:
+- email: "michael.simmons@anchore.com"
+#   # The name of the current container owner
+#   name: "FIXME"
+#   # The gitlab username of the current container owner
+#   username: "FIXME"
+#   cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT
+# - name: "FIXME"
+#   username: "FIXME"
+#   email: "FIXME"