diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS new file mode 100644 index 0000000000000000000000000000000000000000..64a2c68c3ababda8d526d6cd995f02cd36f837ab --- /dev/null +++ b/.gitlab/CODEOWNERS @@ -0,0 +1,6 @@ +[Pipelines] +.gitlab-ci.yml @ironbank-notifications/cht +.gitlab-ci.yaml @ironbank-notifications/cht + +[Gitlab Configuration Files] +.gitlab/* @ironbank-notifications/cht diff --git a/.gitlab/issue_templates/Access Request.md b/.gitlab/issue_templates/Access Request.md new file mode 100644 index 0000000000000000000000000000000000000000..1a7b224d6ccdad95fef69b5c8be1ce2b543f338e --- /dev/null +++ b/.gitlab/issue_templates/Access Request.md @@ -0,0 +1,16 @@ +## Summary + +The following individuals are requesting access to this project (one per line): +(List or tag all individuals here) + + +The access level should be: +- [ ] Developer access +- [ ] Remove access + + +## Definition of Done +- [ ] All accounts have been provided the necessary accesses + + +/label ~"Access" ~"To Do" \ No newline at end of file diff --git a/.gitlab/issue_templates/Application - Archive.md b/.gitlab/issue_templates/Application - Archive.md new file mode 100644 index 0000000000000000000000000000000000000000..9f3b5fe4d8d43ae9f82411a391b200d4b43f2668 --- /dev/null +++ b/.gitlab/issue_templates/Application - Archive.md @@ -0,0 +1,21 @@ +## Summary + +Requesting this application be archived due to one of the following reasons: +- [ ] Version is no longer supported by vendor +- [ ] Application is End-Of-Life +- [ ] License violation. +- [ ] Other. See below. + +## Detailed Description + +(Please provide a detailed description of why this application should be archived) + + +## Definition of Done +- [ ] Application has been reviewed for archival +- [ ] Project is officially marked as stale +- [ ] Iron Bank frontend no longer lists application as available or approved + + +/label ~"Container::Archive" +/cc @ironbank-notifications/archive \ No newline at end of file diff --git a/.gitlab/issue_templates/Application - Initial.md b/.gitlab/issue_templates/Application - Initial.md new file mode 100644 index 0000000000000000000000000000000000000000..6594a0580b941815c0c7c6264cdfc42e28231f57 --- /dev/null +++ b/.gitlab/issue_templates/Application - Initial.md @@ -0,0 +1,32 @@ +## Summary + +Requesting application to be hardened. This is only for initial hardening of a container. + + +## Version Information + +Current version: (State the current version of the application as you see it) + +Under support: (Is the updated version within the same major version of the application or is this a new major version?) + + +## Definition of Done +Hardening: +- [ ] Container builds successfully +- [ ] Greylist file has been created (requires a member from container hardening) +- [ ] Branch has been merged into `development` + +Justifications: +- [ ] All findings have been justified per the above documentation +- [ ] Justifications have been provided to the container hardening team + +Approval Process (container hardening team processes): +- [ ] Peer review from Container Hardening Team +- [ ] Findings Approver has reviewed and approved all justifications +- [ ] Approval request has been sent to Authorizing Official +- [ ] Approval request has been processed by Authorizing Official + + + +/label ~"Container::Initial" +/cc @ironbank-notifications/cht \ No newline at end of file diff --git a/.gitlab/issue_templates/Application - Update.md b/.gitlab/issue_templates/Application - Update.md new file mode 100644 index 0000000000000000000000000000000000000000..caebb3e9aab279c7f109ec0fbfa246b8add6d972 --- /dev/null +++ b/.gitlab/issue_templates/Application - Update.md @@ -0,0 +1,35 @@ +## Summary + +Requesting application be updated to a newer version. + + + +## Version Information + +Current version: (State the current version of the application as you see it) + +Updated version: (State the version you would like the application updated to) + +Under support: (Is the updated version within the same major version of the application or is this a new major version?) + + +## Definition of Done +Hardening: +- [ ] Container builds successfully +- [ ] Container version has been updated in greylist file +- [ ] Branch has been merged into `development` + +Justifications: +- [ ] All findings have been justified per the above documentation +- [ ] Justifications have been provided to the container hardening team + +Approval Process: +- [ ] Peer review from Container Hardening Team +- [ ] Findings Approver has reviewed and approved all justifications +- [ ] Approval request has been sent to Authorizing Official +- [ ] Approval request has been processed by Authorizing Official + + + +/label ~"Container::Update" +/cc @ironbank-notifications/updates \ No newline at end of file diff --git a/.gitlab/issue_templates/Bug.md b/.gitlab/issue_templates/Bug.md new file mode 100644 index 0000000000000000000000000000000000000000..1427a0caed1833bccd3b1e5f8c5f6eafde05266c --- /dev/null +++ b/.gitlab/issue_templates/Bug.md @@ -0,0 +1,37 @@ +## Summary + +(Summarize the bug encountered concisely) + + +## Steps to reproduce + +(How one can reproduce the issue - this is very important) + + +## What is the current bug behavior? + +(What actually happens) + + +## What is the expected correct behavior? + +(What you should see instead) + + +## Relevant logs and/or screenshots + +(Paste any relevant logs - please use code blocks (```) to format console output, +logs, and code as it's very hard to read otherwise.) + + +## Possible fixes + +(If you can, link to the line of code that might be responsible for the problem) + + +## Defintion of Done +- [ ] Bug has been identified and corrected within the container + + +/label ~Bug +/cc @ironbank-notifications/bug \ No newline at end of file diff --git a/.gitlab/issue_templates/Feature Request.md b/.gitlab/issue_templates/Feature Request.md new file mode 100644 index 0000000000000000000000000000000000000000..a0e2f195dc66e4187264381c5e96e8aa96db8a09 --- /dev/null +++ b/.gitlab/issue_templates/Feature Request.md @@ -0,0 +1,32 @@ +## Feature description + +(Detailed description of the feature being requested) + + +## Use cases + + +(Detailed description of the use case for this feature) + + +## Benefits + +(How does this benefit others) + + +## Requirements + +(Any requirements for this feature to be enabled?) + + +## Links / references + +(List of links or references that support this feature) + + +## Definition of Done +- [ ] Feature has been implemented + + +/label ~Feature +/cc @ironbank-notifications/feature \ No newline at end of file diff --git a/.gitlab/issue_templates/Leadership Question.md b/.gitlab/issue_templates/Leadership Question.md new file mode 100644 index 0000000000000000000000000000000000000000..4674f82f930085f34f51b4ecbb4d396519f53192 --- /dev/null +++ b/.gitlab/issue_templates/Leadership Question.md @@ -0,0 +1,7 @@ +## Leadership question + +(Detailed description of the question you'd like to ask the leadership team) + + +/label ~"Question::Leadership" ~"To Do" +/cc @ironbank-notifications/leadership \ No newline at end of file diff --git a/.gitlab/issue_templates/New Findings.md b/.gitlab/issue_templates/New Findings.md new file mode 100644 index 0000000000000000000000000000000000000000..068d029d89cb62dd4d4da5e03924c608172d97d6 --- /dev/null +++ b/.gitlab/issue_templates/New Findings.md @@ -0,0 +1,20 @@ +## Summary + +Container has new findings discovered during continuous monitoring. + + + +## Definition of Done +Justifications: +- [ ] All findings have been justified +- [ ] Justifications have been provided to the container hardening team + +Approval Process: +- [ ] Findings Approver has reviewed and approved all justifications +- [ ] Approval request has been sent to Authorizing Official +- [ ] Approval request has been processed by Authorizing Official + + + +/label ~"Container::New Findings" +/cc @ironbank-notifications/security \ No newline at end of file diff --git a/.gitlab/issue_templates/Onboarding Question.md b/.gitlab/issue_templates/Onboarding Question.md new file mode 100644 index 0000000000000000000000000000000000000000..77dea11e56c87d3fb65a1cf2ce7901621058f970 --- /dev/null +++ b/.gitlab/issue_templates/Onboarding Question.md @@ -0,0 +1,7 @@ +## Onboarding question + +(Detailed description of the question you'd like to ask the onboarding team) + + +/label ~"Question::Onboarding" ~"To Do" +/cc @ironbank-notifications/onboarding \ No newline at end of file diff --git a/.gitlab/issue_templates/Pipeline Failure.md b/.gitlab/issue_templates/Pipeline Failure.md new file mode 100644 index 0000000000000000000000000000000000000000..28b82a9454358a542efaa4b9c1c99542e3487fd6 --- /dev/null +++ b/.gitlab/issue_templates/Pipeline Failure.md @@ -0,0 +1,31 @@ +## Summary + +(Summarize the pipeline issue encountered concisely) + + +## Link to failed pipeline + +(Link to the failed pipeline) + + +## What is the current bug behavior? + +(What actually happens) + + +## What is the expected correct behavior? + +(What you should see instead) + + +## Possible fixes + +(If you can, link to the line of code that might be responsible for the problem) + + +## Definition of Done +- [ ] Pipeline failure has been resolved + + +/label ~Pipeline +/cc @ironbank-notifications/pipelines \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 7f0fb539cd5713a8545cdd359c652456623b8fd7..dc80799ebb559afeb20dd7d362df9124a8d7c61d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082 ARG BASE_IMAGE=redhat/ubi/ubi8 -ARG BASE_TAG=8.2 +ARG BASE_TAG=8.3 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} MAINTAINER terrana_steven@bah.com @@ -17,8 +17,8 @@ LABEL name="Solutions Delivery Platform: Helm" \ COPY LICENSE /licenses ARG OC_VERSION=v3.11.0 -ARG HELM_VERSION=v3.3.0 -ARG KUBECTL_VERSION=v1.18.0 +ARG HELM_VERSION=v3.4.1 +ARG KUBECTL_VERSION=v1.19.0 ARG user=sdp ARG group=sdp ARG uid=1000 @@ -33,7 +33,7 @@ RUN mkdir -p $SDP_HOME \ && groupadd -g ${gid} ${group} \ && useradd -d "$SDP_HOME" -u ${uid} -g ${gid} -m -s /bin/bash ${user} -ARG TARBALL=helm-dependencies-dcar-1.4.tar.gz +ARG TARBALL=helm-dependencies-dcar-1.7.tar.gz RUN mkdir /root/tmp COPY ./${TARBALL} /root/tmp diff --git a/Jenkinsfile b/Jenkinsfile index f7de82d99e9cc803c1b5fb8fca25b5653a2746d1..7985b3798c95c4d60331856c0c72b0ddbc4e3faa 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,2 @@ @Library('DCCSCR@master') _ -dccscrPipeline(version: "3.3.0") +dccscrPipeline(version: "3.4.1") diff --git a/README.md b/README.md index fd333d0f355c42c2c04d3c48eef8fb1a6b5d8bec..44d27fb7135db9c7cca0f0c2fbbb2683681372ff 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Openshift Helm Container Application Version 3.3.0 +# Openshift Helm Container Application Version 3.4.1 ## Introduction This container hosts the OpenShift Helm application to be used as part of the Solution Delivery Platform. @@ -11,8 +11,8 @@ ARG BASE_REGISTRY = defines the registry portion of the OS image to be u ARG BASE_IMAGE = defines the image portion of the OS image to be used in the FROM command. ARG BASE_TAG = defines the tag portion of the OS image to be used in the FROM command. ARG OC_VERSION = version of the OpenShift Client application used in the container (v3.11.0) -ARG HELM_VERSION = version of the Helm application used in the container (v3.3.0) -ARG KUBECTL_VERSION = version of the Kubectl application used in the container (v1.18.0) +ARG HELM_VERSION = version of the Helm application used in the container (v3.4.1) +ARG KUBECTL_VERSION = version of the Kubectl application used in the container (v1.19.0) ARG user = non-root user name ARG group = non-root user group name ARG uid = non-root user id (1000 by default) @@ -22,7 +22,7 @@ ARG TARBALL = name of the tarball dependency bundle containing the ``` ## Notes -When building the container image, feel free to alter the BASE_REGISTRY, BASE_IMAGE, and BASE_TAG variables to load an appropriate OS image. By default, an UBI8.2 image will be used. +When building the container image, feel free to alter the BASE_REGISTRY, BASE_IMAGE, and BASE_TAG variables to load an appropriate OS image. By default, an UBI8.3 image will be used. No special considerations to be taken when running the container image. The image is intended to be utilized by a Jenkins Agent container, but can be used manually. By default no applications start at runtime and will have to be started by using the container CLI or explicitly calling each application at runtime. To explicitly use the Helm, OpenShift Client, and Kubectl applications use: ``` docker run /bin/bash diff --git a/download.yaml b/download.yaml index 834ef2a9e7340b9d95b78143839953e0f4d3acc5..1814e1ebe9a35f39ce22d3bd4ec48aff875d8af7 100644 --- a/download.yaml +++ b/download.yaml @@ -1,6 +1,6 @@ resources: - - url: "https://github.com/boozallen/sdp-images/releases/download/dcar-1.4/helm-dependencies-dcar-1.4.tar.gz" - filename: "helm-dependencies-dcar-1.4.tar.gz" # [required field] desired staging name for the build context + - url: "https://github.com/boozallen/sdp-images/releases/download/dcar-1.7/helm-dependencies-dcar-1.7.tar.gz" + filename: "helm-dependencies-dcar-1.7.tar.gz" # [required field] desired staging name for the build context validation: type: "sha256" # supported: sha256, sha1, sha224, sha512, PGP - value: "024373a86653eeebb4a94804bad37f03ae44fd51d07a7fa471f74f3ce9e75a87" + value: "a68209d455917dec1c76bee1f88e92b8b4942a4f64f204fc34715e8ff56dda8a"