From 84582caa0aaac682706613ec367e802f83742db9 Mon Sep 17 00:00:00 2001 From: ironbank-bot Date: Thu, 10 Dec 2020 01:12:46 +0000 Subject: [PATCH 1/5] Migrate to hardening_manifest.yaml --- Dockerfile | 5 ---- Jenkinsfile | 2 -- download.yaml | 3 --- hardening_manifest.yaml | 55 +++++++++++++++++++++++++++++++++++++++++ renovate.json | 34 +++++++++++++++++++------ 5 files changed, 82 insertions(+), 17 deletions(-) delete mode 100644 Jenkinsfile delete mode 100644 download.yaml create mode 100644 hardening_manifest.yaml diff --git a/Dockerfile b/Dockerfile index 960012d..e7fdf91 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,11 +6,6 @@ FROM node:10.23 as base FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -LABEL org.opencontainers.image.title="Node.js" \ - org.opencontainers.image.description="Node.js is an open-source, cross-platform, JavaScript runtime environment." \ - org.opencontainers.image.licenses="MIT" \ - org.opencontainers.image.version="10.23" \ - maintainer="ironbank@dsop.io" ENV HOME=/home/node \ USER=node diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index 690c44e..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,2 +0,0 @@ -@Library('DCCSCR@master') _ -dccscrPipeline(version: "10.23") diff --git a/download.yaml b/download.yaml deleted file mode 100644 index d40330b..0000000 --- a/download.yaml +++ /dev/null @@ -1,3 +0,0 @@ -resources: - - url: "docker://docker.io/library/node@sha256:69c6890c8dc83f1cf0b1e5120a918180ed3c1e08b43c981d595377f3462ffcc8" - tag: "node:10.23" diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml new file mode 100644 index 0000000..5dcce01 --- /dev/null +++ b/hardening_manifest.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: v1 + +# The repository name in registry1, excluding /ironbank/ +name: "opensource/nodejs/nodejs10" + +# List of tags to push for the repository in registry1 +# The most specific version should be the first tag and will be shown +# on ironbank.dsop.io +tags: +- "10.23" +- "latest" + +# Build args passed to Dockerfile ARGs +args: + BASE_IMAGE: "redhat/ubi/ubi8" + BASE_TAG: "8.3" + +# Docker image labels +labels: + org.opencontainers.image.title: "nodejs10" + ## Human-readable description of the software packaged in the image + # org.opencontainers.image.description: "FIXME" + ## License(s) under which contained software is distributed + # org.opencontainers.image.licenses: "FIXME" + ## URL to find more information on the image + # org.opencontainers.image.url: "FIXME" + ## Name of the distributing entity, organization or individual + # org.opencontainers.image.vendor: "FIXME" + org.opencontainers.image.version: "10.23" + ## Keywords to help with search (ex. "cicd,gitops,golang") + # mil.dso.ironbank.image.keywords: "FIXME" + ## This value can be "opensource" or "commercial" + # mil.dso.ironbank.image.type: "FIXME" + ## Product the image belongs to for grouping multiple images + # mil.dso.ironbank.product.name: "FIXME" + +# List of resources to make available to the offline build context +resources: +- tag: node:10.23 + url: docker://docker.io/library/node@sha256:69c6890c8dc83f1cf0b1e5120a918180ed3c1e08b43c981d595377f3462ffcc8 + +# List of project maintainers +# FIXME: Fill in the following details for the current container owner in the whitelist +# FIXME: Include any other vendor information if applicable +maintainers: +- email: "cvernooy@oteemo.com" +# # The name of the current container owner +# name: "FIXME" +# # The gitlab username of the current container owner +# username: "FIXME" +# cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT +# - name: "FIXME" +# username: "FIXME" +# email: "FIXME" diff --git a/renovate.json b/renovate.json index f78d2a7..ecfba58 100644 --- a/renovate.json +++ b/renovate.json @@ -1,16 +1,24 @@ { - "assignees": ["@sean.melissari"], - "baseBranches": ["development"], + "assignees": [ + "@sean.melissari" + ], + "baseBranches": [ + "development" + ], "packageRules": [ { - "packagePatterns": ["node"], + "packagePatterns": [ + "node" + ], "groupName": "node", "managerBranchPrefix": "" } ], "regexManagers": [ { - "fileMatch": ["^Dockerfile$"], + "fileMatch": [ + "^Dockerfile$" + ], "matchStrings": [ "version=\"(?.*?)\"" ], @@ -18,12 +26,24 @@ "datasourceTemplate": "docker" }, { - "fileMatch": ["^Jenkinsfile$"], + "fileMatch": [ + "^hardening_manifest.yaml$" + ], + "matchStrings": [ + "org\\.opencontainers\\.image\\.version:\\s+\"(?.+?)\"" + ], + "depNameTemplate": "node", + "datasourceTemplate": "docker" + }, + { + "fileMatch": [ + "^hardening_manifest.yaml$" + ], "matchStrings": [ - "version:\\s+\"(?.*?)\"" + "tags:\\s+-\\s+\"(?.+?)\"" ], "depNameTemplate": "node", "datasourceTemplate": "docker" } ] -} +} \ No newline at end of file -- GitLab From 8abbb9b9856ed2b1208a8254ef699bd4d31d4886 Mon Sep 17 00:00:00 2001 From: cvernooy Date: Thu, 10 Dec 2020 18:48:14 +0000 Subject: [PATCH 2/5] Update hardening_manifest.yaml --- hardening_manifest.yaml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 5dcce01..8b63b1b 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -20,20 +20,20 @@ args: labels: org.opencontainers.image.title: "nodejs10" ## Human-readable description of the software packaged in the image - # org.opencontainers.image.description: "FIXME" + org.opencontainers.image.description: "FIXME" ## License(s) under which contained software is distributed - # org.opencontainers.image.licenses: "FIXME" + org.opencontainers.image.licenses: "FIXME" ## URL to find more information on the image - # org.opencontainers.image.url: "FIXME" + org.opencontainers.image.url: "FIXME" ## Name of the distributing entity, organization or individual - # org.opencontainers.image.vendor: "FIXME" + org.opencontainers.image.vendor: "FIXME" org.opencontainers.image.version: "10.23" ## Keywords to help with search (ex. "cicd,gitops,golang") - # mil.dso.ironbank.image.keywords: "FIXME" + mil.dso.ironbank.image.keywords: "FIXME" ## This value can be "opensource" or "commercial" - # mil.dso.ironbank.image.type: "FIXME" + mil.dso.ironbank.image.type: "opensource" ## Product the image belongs to for grouping multiple images - # mil.dso.ironbank.product.name: "FIXME" + mil.dso.ironbank.product.name: "nodejs10" # List of resources to make available to the offline build context resources: @@ -46,10 +46,10 @@ resources: maintainers: - email: "cvernooy@oteemo.com" # # The name of the current container owner -# name: "FIXME" + name: "Christopher Vernooy" # # The gitlab username of the current container owner -# username: "FIXME" -# cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT -# - name: "FIXME" -# username: "FIXME" -# email: "FIXME" + username: "cvernooy" + cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT + - name: "Christopher Vernooy" + username: "cvernooy" + email: "cvernooy@oteemo.com" -- GitLab From f8d934ccc581c4415b54fe9606058c327203c759 Mon Sep 17 00:00:00 2001 From: cvernooy Date: Thu, 10 Dec 2020 19:04:49 +0000 Subject: [PATCH 3/5] Update hardening_manifest.yaml --- hardening_manifest.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 8b63b1b..f76c015 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -20,16 +20,16 @@ args: labels: org.opencontainers.image.title: "nodejs10" ## Human-readable description of the software packaged in the image - org.opencontainers.image.description: "FIXME" + org.opencontainers.image.description: "base nodejs 10 image" ## License(s) under which contained software is distributed - org.opencontainers.image.licenses: "FIXME" + org.opencontainers.image.licenses: "MIT" ## URL to find more information on the image - org.opencontainers.image.url: "FIXME" + org.opencontainers.image.url: "docker.io/library/node@sha256:69c6890c8dc83f1cf0b1e5120a918180ed3c1e08b43c981d595377f3462ffcc8" ## Name of the distributing entity, organization or individual - org.opencontainers.image.vendor: "FIXME" + org.opencontainers.image.vendor: "node" org.opencontainers.image.version: "10.23" ## Keywords to help with search (ex. "cicd,gitops,golang") - mil.dso.ironbank.image.keywords: "FIXME" + mil.dso.ironbank.image.keywords: "node,node10,nodejs,nodejs10" ## This value can be "opensource" or "commercial" mil.dso.ironbank.image.type: "opensource" ## Product the image belongs to for grouping multiple images -- GitLab From f6bfafab857b37b7819d8552e972f03f7f9d9bcc Mon Sep 17 00:00:00 2001 From: cvernooy Date: Thu, 10 Dec 2020 19:20:36 +0000 Subject: [PATCH 4/5] Update hardening_manifest.yaml --- hardening_manifest.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index f76c015..7c04599 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -45,11 +45,9 @@ resources: # FIXME: Include any other vendor information if applicable maintainers: - email: "cvernooy@oteemo.com" -# # The name of the current container owner name: "Christopher Vernooy" -# # The gitlab username of the current container owner username: "cvernooy" cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT - - name: "Christopher Vernooy" - username: "cvernooy" - email: "cvernooy@oteemo.com" + - name: "Christopher Vernooy" + username: "cvernooy" + email: "cvernooy@oteemo.com" -- GitLab From 41ca9f46282fcc9faa70cc8066300c644e2bdf19 Mon Sep 17 00:00:00 2001 From: cvernooy Date: Thu, 10 Dec 2020 19:23:07 +0000 Subject: [PATCH 5/5] Update hardening_manifest.yaml --- hardening_manifest.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 7c04599..4f2426f 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -48,6 +48,6 @@ maintainers: name: "Christopher Vernooy" username: "cvernooy" cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT - - name: "Christopher Vernooy" - username: "cvernooy" - email: "cvernooy@oteemo.com" +# - name: "Christopher Vernooy" +# username: "cvernooy" +# email: "cvernooy@oteemo.com" -- GitLab