Merge branch 'hardening_manifest' into 'development'

Migrate to hardening_manifest.yaml

See merge request !15

Dockerfile

@@ -6,13 +6,6 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as builder
 
 ENV PHP_INI_PATH=/usr/local/etc/php
 
-LABEL org.opencontainers.image.title="php" \
-      org.opencontainers.image.description="PHP is a popular general-purpose scripting language that is especially suited to web development." \
-      org.opencontainers.image.licenses="PHP-3.01" \
-      org.opencontainers.image.url="https://www.php.net/" \
-      org.opencontainers.image.version="7.4.13" \
-      maintainer="cht@dsop.io"
-
 COPY php.tar.gz /usr/local/src/
 COPY bison.tar.gz /
 COPY textinfo.tar.gz /

Jenkinsfile

-@Library('DCCSCR@master') _
-dccscrPipeline(version: "7.4.13")

download.yaml

-resources:
-  - url: "https://www.php.net/distributions/php-7.4.13.tar.gz"
-    filename: "php.tar.gz"
-    validation:
-      type: "sha256"
-      value: "0865cff41e7210de2537bcd5750377cfe09a9312b9b44c1a166cf372d5204b8f"
-  - url: "https://github.com/skvadrik/re2c/archive/2.0.3.tar.gz"
-    filename: "re2c.tar.gz"
-    validation:
-      type: "sha256"
-      value: "f131b3d5b618454caa5f2ddcc8288b797c78781056a40c2899c832493827c003"
-  - url: "https://github.com/jedisct1/libsodium/releases/download/1.0.18-RELEASE/libsodium-1.0.18.tar.gz"
-    filename: "libsodium.tar.gz"
-    validation:
-      type: "sha256"
-      value: "6f504490b342a4f8a4c4a02fc9b866cbef8622d5df4e5452b46be121e46636c1"
-  - url: "http://ftp.gnu.org/gnu/bison/bison-3.7.3.tar.gz"
-    filename: "bison.tar.gz"
-    validation:
-      type: "sha256"
-      value: "104fe912f2212ab4e4a59df888a93b719a046ffc38d178e943f6c54b1f27b3c7"
-  - url: "https://ftp.gnu.org/gnu/texinfo/texinfo-6.7.tar.gz"
-    filename: "textinfo.tar.gz"
-    validation:
-      type: "sha256"
-      value: "a52d05076b90032cb2523673c50e53185938746482cf3ca0213e9b4b50ac2d3e"
-
-

hardening_manifest.yaml

+---
+apiVersion: v1
+
+# The repository name in registry1, excluding /ironbank/
+name: "opensource/php/php74"
+
+# List of tags to push for the repository in registry1
+# The most specific version should be the first tag and will be shown
+# on ironbank.dsop.io
+tags:
+- "7.4.13"
+- "latest"
+
+# Build args passed to Dockerfile ARGs
+args:
+  BASE_IMAGE: "redhat/ubi/ubi8"
+  BASE_TAG: "8.3"
+
+# Docker image labels
+labels:
+  org.opencontainers.image.title: "php74"
+  org.opencontainers.image.description: "PHP is a popular general-purpose scripting language that is especially suited to web development."
+  org.opencontainers.image.licenses: "PHP-3.01"
+  org.opencontainers.image.url: "https://www.php.net/"
+  org.opencontainers.image.vendor: "The PHP Group"
+  org.opencontainers.image.version: "7.4.13"
+  mil.dso.ironbank.image.keywords: "programing,language,php,web"
+  mil.dso.ironbank.image.type: "opensource"
+  mil.dso.ironbank.product.name: "php74"
+
+# List of resources to make available to the offline build context
+resources:
+- filename: php.tar.gz
+  url: https://www.php.net/distributions/php-7.4.13.tar.gz
+  validation:
+    type: sha256
+    value: 0865cff41e7210de2537bcd5750377cfe09a9312b9b44c1a166cf372d5204b8f
+- filename: re2c.tar.gz
+  url: https://github.com/skvadrik/re2c/archive/2.0.3.tar.gz
+  validation:
+    type: sha256
+    value: f131b3d5b618454caa5f2ddcc8288b797c78781056a40c2899c832493827c003
+- filename: libsodium.tar.gz
+  url: https://github.com/jedisct1/libsodium/releases/download/1.0.18-RELEASE/libsodium-1.0.18.tar.gz
+  validation:
+    type: sha256
+    value: 6f504490b342a4f8a4c4a02fc9b866cbef8622d5df4e5452b46be121e46636c1
+- filename: bison.tar.gz
+  url: http://ftp.gnu.org/gnu/bison/bison-3.7.3.tar.gz
+  validation:
+    type: sha256
+    value: 104fe912f2212ab4e4a59df888a93b719a046ffc38d178e943f6c54b1f27b3c7
+- filename: textinfo.tar.gz
+  url: https://ftp.gnu.org/gnu/texinfo/texinfo-6.7.tar.gz
+  validation:
+    type: sha256
+    value: a52d05076b90032cb2523673c50e53185938746482cf3ca0213e9b4b50ac2d3e
+
+# List of project maintainers
+maintainers:
+- email: "seagren.tim@solute.us"
+  name: "Tim Seagren"
+  username: "seagren.tim"
+  cht_member: true

renovate.json

 {
-	"assignees": ["@seagren.tim"],
-	"baseBranches": ["development"],
+  "assignees": [
+    "@seagren.tim"
+  ],
+  "baseBranches": [
+    "development"
+  ],
   "packageRules": [
     {
-      "datasources": ["github-releases"],
-      "packageNames": ["php/php-src"],
+      "datasources": [
+        "github-releases"
+      ],
+      "packageNames": [
+        "php/php-src"
+      ],
       "separateMinorPatch": true,
       "minor": {
         "enabled": false
       }
     }
   ],
-	"regexManagers": [
-		{
-			"fileMatch": ["^Dockerfile$"],
-			"matchStrings": [
-				"version=\"(?<currentValue>.*?)\""
-			],
-			"depNameTemplate": "php/php-src",
-			"datasourceTemplate": "github-releases"
-		},
-		{
-			"fileMatch": ["^Jenkinsfile$"],
-			"matchStrings": [
-				"version:\\s+\"(?<currentValue>.*?)\""
-			],
-			"depNameTemplate": "php/php-src",
-			"datasourceTemplate": "github-releases"
-		}
-	]
-}
+  "regexManagers": [
+    {
+      "fileMatch": [
+        "^Dockerfile$"
+      ],
+      "matchStrings": [
+        "version=\"(?<currentValue>.*?)\""
+      ],
+      "depNameTemplate": "php/php-src",
+      "datasourceTemplate": "github-releases"
+    },
+    {
+      "fileMatch": [
+        "^hardening_manifest.yaml$"
+      ],
+      "matchStrings": [
+        "org\\.opencontainers\\.image\\.version:\\s+\"(?<currentValue>.+?)\""
+      ],
+      "depNameTemplate": "php/php-src",
+      "datasourceTemplate": "github-releases"
+    },
+    {
+      "fileMatch": [
+        "^hardening_manifest.yaml$"
+      ],
+      "matchStrings": [
+        "tags:\\s+-\\s+\"(?<currentValue>.+?)\""
+      ],
+      "depNameTemplate": "php/php-src",
+      "datasourceTemplate": "github-releases"
+    }
+  ]
+}
\ No newline at end of file