From 3454c94f281e7cd8a54323952bbcd71aabc598d7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 20:25:18 +0200 Subject: [PATCH 1/6] tf(deps): bump hashicorp/google in /configs/terraform/core (#11917) Bumps [hashicorp/google](https://github.com/hashicorp/terraform-provider-google) from 6.2.0 to 6.3.0. - [Release notes](https://github.com/hashicorp/terraform-provider-google/releases) - [Changelog](https://github.com/hashicorp/terraform-provider-google/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/terraform-provider-google/compare/v6.2.0...v6.3.0) --- updated-dependencies: - dependency-name: hashicorp/google dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- configs/terraform/core/apis.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configs/terraform/core/apis.tf b/configs/terraform/core/apis.tf index 0f134523086e..46ac9cca1c2c 100644 --- a/configs/terraform/core/apis.tf +++ b/configs/terraform/core/apis.tf @@ -6,7 +6,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "6.2.0" + version = "6.3.0" } } } From af720dcea82d31f5265c7caf1914cbbe21ecaa77 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 21:05:17 +0200 Subject: [PATCH 2/6] gomod(deps): bump github.com/zricethezav/gitleaks/v8 (#11918) Bumps [github.com/zricethezav/gitleaks/v8](https://github.com/zricethezav/gitleaks) from 8.18.4 to 8.19.2. - [Release notes](https://github.com/zricethezav/gitleaks/releases) - [Changelog](https://github.com/gitleaks/gitleaks/blob/master/.goreleaser.yml) - [Commits](https://github.com/zricethezav/gitleaks/compare/v8.18.4...v8.19.2) --- updated-dependencies: - dependency-name: github.com/zricethezav/gitleaks/v8 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 3bd055a689a5..8c08c49f9fd7 100644 --- a/go.mod +++ b/go.mod @@ -36,7 +36,7 @@ require ( github.com/spf13/viper v1.19.0 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.17.3 - github.com/zricethezav/gitleaks/v8 v8.18.4 + github.com/zricethezav/gitleaks/v8 v8.19.2 go.uber.org/zap v1.27.0 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 golang.org/x/net v0.29.0 diff --git a/go.sum b/go.sum index 7c8b76485d5c..e255eb92cc44 100644 --- a/go.sum +++ b/go.sum @@ -671,8 +671,8 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/zricethezav/gitleaks/v8 v8.18.4 h1:mWOfVGO8ksok21iOb7h4DZMcUxyvsol8l6o1uNOQxww= -github.com/zricethezav/gitleaks/v8 v8.18.4/go.mod h1:3EFYK+ZNDHPNQinyZTVGHG7/sFsApEZ9DrCGA1AP63M= +github.com/zricethezav/gitleaks/v8 v8.19.2 h1:tpV/mAdMy1FMgPb6KYaYHfCsIFqvHaVYyd18AN4txYI= +github.com/zricethezav/gitleaks/v8 v8.19.2/go.mod h1:3EFYK+ZNDHPNQinyZTVGHG7/sFsApEZ9DrCGA1AP63M= go.einride.tech/aip v0.68.0 h1:4seM66oLzTpz50u4K1zlJyOXQ3tCzcJN7I22tKkjipw= go.einride.tech/aip v0.68.0/go.mod h1:7y9FF8VtPWqpxuAxl0KQWqaULxW4zFIesD6zF5RIHHg= go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= From f47e5e9b20aae383476286ca952ffe39e6ee7fca Mon Sep 17 00:00:00 2001 From: Kyma Bot Date: Mon, 16 Sep 2024 21:55:17 +0200 Subject: [PATCH 3/6] Bumping test-infra and testimages and test-infra-prod and image-builder (#11919) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit No eu.gcr.io/kyma-project/test-infra/ changes. No europe-docker.pkg.dev/kyma-project/prod/testimages/ changes. europe-docker.pkg.dev/kyma-project/prod/test-infra/ changes: https://github.com/kyma-project/test-infra/compare/fcc91334...af720dce (2024‑09‑12 → 2024‑09‑16) europe-docker.pkg.dev/kyma-project/prod/image-builder changes: https://github.com/kyma-project/test-infra/compare/fcc91334...af720dce (2024‑09‑12 → 2024‑09‑16) --- .../environments/dev/secrets-rotator/terraform.tfvars | 4 ++-- configs/terraform/environments/prod/terraform.tfvars | 4 ++-- .../api-gateway/api-gateway-manager-build.yaml | 4 ++-- .../eventing-webhook-certificates-build.yaml | 4 ++-- .../eventing-webhook-certificates-release.yaml | 2 +- .../eventing-auth-manager-generic.yaml | 6 +++--- .../eventing-manager/eventing-manager-generic.yaml | 6 +++--- .../eventing-publisher-proxy-generic.yaml | 6 +++--- prow/jobs/kyma-project/istio/istio-manager.yaml | 4 ++-- .../kyma-metrics-collector-generic.yaml | 6 +++--- .../kyma-project/nats-manager/nats-manager-generic.yaml | 6 +++--- prow/jobs/kyma-project/test-infra/buildpack.yaml | 8 ++++---- prow/jobs/kyma-project/test-infra/images.yaml | 4 ++-- templates/config.yaml | 4 ++-- templates/data/eventing-webhook-certificates-build.yaml | 4 ++-- templates/data/eventing-webhook-certificates-release.yaml | 2 +- templates/data/istio-module-data.yaml | 2 +- 17 files changed, 38 insertions(+), 38 deletions(-) diff --git a/configs/terraform/environments/dev/secrets-rotator/terraform.tfvars b/configs/terraform/environments/dev/secrets-rotator/terraform.tfvars index 8d25c982ed2e..17579024e7c3 100644 --- a/configs/terraform/environments/dev/secrets-rotator/terraform.tfvars +++ b/configs/terraform/environments/dev/secrets-rotator/terraform.tfvars @@ -1,8 +1,8 @@ project_id = "sap-kyma-neighbors-dev" region = "europe-west3" service_account_keys_rotator_service_name = "service-account-keys-rotator" -service_account_keys_rotator_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20240912-fcc91334" #gitleaks:allow +service_account_keys_rotator_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20240916-af720dce" #gitleaks:allow service_account_keys_cleaner_service_name = "service-account-keys-cleaner" -service_account_keys_cleaner_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20240912-fcc91334" #gitleaks:allow +service_account_keys_cleaner_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20240916-af720dce" #gitleaks:allow service_account_key_latest_version_min_age = 24 service_account_keys_cleaner_scheduler_cron_schedule = "0 0 * * 1-5" diff --git a/configs/terraform/environments/prod/terraform.tfvars b/configs/terraform/environments/prod/terraform.tfvars index 1078f2c1de34..56de88cb0e12 100644 --- a/configs/terraform/environments/prod/terraform.tfvars +++ b/configs/terraform/environments/prod/terraform.tfvars @@ -8,8 +8,8 @@ kyma_project_artifact_registry_collection = { }, } service_account_keys_rotator_service_name = "service-account-keys-rotator" -service_account_keys_rotator_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20240912-fcc91334" #gitleaks:allow +service_account_keys_rotator_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20240916-af720dce" #gitleaks:allow service_account_keys_cleaner_service_name = "service-account-keys-cleaner" -service_account_keys_cleaner_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20240912-fcc91334" #gitleaks:allow +service_account_keys_cleaner_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20240916-af720dce" #gitleaks:allow service_account_key_latest_version_min_age = 24 service_account_keys_cleaner_scheduler_cron_schedule = "0 0 * * 1-5" \ No newline at end of file diff --git a/prow/jobs/kyma-project/api-gateway/api-gateway-manager-build.yaml b/prow/jobs/kyma-project/api-gateway/api-gateway-manager-build.yaml index a1f83ac73834..8d8774292dc4 100644 --- a/prow/jobs/kyma-project/api-gateway/api-gateway-manager-build.yaml +++ b/prow/jobs/kyma-project/api-gateway/api-gateway-manager-build.yaml @@ -20,7 +20,7 @@ presubmits: # runs on PRs - ^release-\d+\.\d+(-.*)?$ spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: @@ -75,7 +75,7 @@ postsubmits: # runs on main channel: goat-int spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: diff --git a/prow/jobs/kyma-project/api-gateway/eventing-webhook/eventing-webhook-certificates-build.yaml b/prow/jobs/kyma-project/api-gateway/eventing-webhook/eventing-webhook-certificates-build.yaml index eb7215ee471a..8ea627ed495a 100644 --- a/prow/jobs/kyma-project/api-gateway/eventing-webhook/eventing-webhook-certificates-build.yaml +++ b/prow/jobs/kyma-project/api-gateway/eventing-webhook/eventing-webhook-certificates-build.yaml @@ -21,7 +21,7 @@ presubmits: # runs on PRs - ^release-1.8$ spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: @@ -74,7 +74,7 @@ postsubmits: # runs on main - ^release-1.8$ spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: diff --git a/prow/jobs/kyma-project/api-gateway/eventing-webhook/eventing-webhook-certificates-release.yaml b/prow/jobs/kyma-project/api-gateway/eventing-webhook/eventing-webhook-certificates-release.yaml index 90177afb2fdf..a2d602839175 100644 --- a/prow/jobs/kyma-project/api-gateway/eventing-webhook/eventing-webhook-certificates-release.yaml +++ b/prow/jobs/kyma-project/api-gateway/eventing-webhook/eventing-webhook-certificates-release.yaml @@ -22,7 +22,7 @@ postsubmits: # runs on main - ^release-1.8$ spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: diff --git a/prow/jobs/kyma-project/eventing-auth-manager/eventing-auth-manager-generic.yaml b/prow/jobs/kyma-project/eventing-auth-manager/eventing-auth-manager-generic.yaml index 6796105dffd0..3cf4718b5ede 100644 --- a/prow/jobs/kyma-project/eventing-auth-manager/eventing-auth-manager-generic.yaml +++ b/prow/jobs/kyma-project/eventing-auth-manager/eventing-auth-manager-generic.yaml @@ -19,7 +19,7 @@ presubmits: # runs on PRs max_concurrency: 10 spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: @@ -73,7 +73,7 @@ postsubmits: # runs on main max_concurrency: 10 spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: @@ -128,7 +128,7 @@ postsubmits: # runs on main - ^\d+\.\d+\.\d+(?:-.*)?$ # Watches for new Tag spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: diff --git a/prow/jobs/kyma-project/eventing-manager/eventing-manager-generic.yaml b/prow/jobs/kyma-project/eventing-manager/eventing-manager-generic.yaml index 33045b2bb560..3b2631e2bfb6 100644 --- a/prow/jobs/kyma-project/eventing-manager/eventing-manager-generic.yaml +++ b/prow/jobs/kyma-project/eventing-manager/eventing-manager-generic.yaml @@ -18,7 +18,7 @@ presubmits: # runs on PRs max_concurrency: 10 spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: @@ -72,7 +72,7 @@ postsubmits: # runs on main - ^release-\d+\.\d+$ spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: @@ -124,7 +124,7 @@ postsubmits: # runs on main - ^\d+\.\d+\.\d+(?:-.*)?$ # Watches for new Tag spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: diff --git a/prow/jobs/kyma-project/eventing-publisher-proxy/eventing-publisher-proxy-generic.yaml b/prow/jobs/kyma-project/eventing-publisher-proxy/eventing-publisher-proxy-generic.yaml index 07b8f4d322ae..b1788254095b 100644 --- a/prow/jobs/kyma-project/eventing-publisher-proxy/eventing-publisher-proxy-generic.yaml +++ b/prow/jobs/kyma-project/eventing-publisher-proxy/eventing-publisher-proxy-generic.yaml @@ -18,7 +18,7 @@ presubmits: # runs on PRs max_concurrency: 10 spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: @@ -71,7 +71,7 @@ postsubmits: # runs on main - ^main$ spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: @@ -123,7 +123,7 @@ postsubmits: # runs on main - ^\d+\.\d+\.\d+(?:-.*)?$ # Watches for new Tag spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: diff --git a/prow/jobs/kyma-project/istio/istio-manager.yaml b/prow/jobs/kyma-project/istio/istio-manager.yaml index e40ce6dcfab0..c8bc9fe260ff 100644 --- a/prow/jobs/kyma-project/istio/istio-manager.yaml +++ b/prow/jobs/kyma-project/istio/istio-manager.yaml @@ -26,7 +26,7 @@ postsubmits: # runs on main channel: goat-int spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: @@ -82,7 +82,7 @@ postsubmits: # runs on main channel: goat-int spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: diff --git a/prow/jobs/kyma-project/kyma-metrics-collector/kyma-metrics-collector-generic.yaml b/prow/jobs/kyma-project/kyma-metrics-collector/kyma-metrics-collector-generic.yaml index 2c25ceda65f4..6b123d89e636 100644 --- a/prow/jobs/kyma-project/kyma-metrics-collector/kyma-metrics-collector-generic.yaml +++ b/prow/jobs/kyma-project/kyma-metrics-collector/kyma-metrics-collector-generic.yaml @@ -18,7 +18,7 @@ presubmits: # runs on PRs max_concurrency: 10 spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: @@ -71,7 +71,7 @@ postsubmits: # runs on main - ^main$ spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: @@ -123,7 +123,7 @@ postsubmits: # runs on main - ^\d+\.\d+\.\d+(?:-.*)?$ # Watches for new Tag spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: diff --git a/prow/jobs/kyma-project/nats-manager/nats-manager-generic.yaml b/prow/jobs/kyma-project/nats-manager/nats-manager-generic.yaml index bd035229415d..627410307241 100644 --- a/prow/jobs/kyma-project/nats-manager/nats-manager-generic.yaml +++ b/prow/jobs/kyma-project/nats-manager/nats-manager-generic.yaml @@ -18,7 +18,7 @@ presubmits: # runs on PRs max_concurrency: 10 spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: @@ -71,7 +71,7 @@ postsubmits: # runs on main - ^\d+\.\d+\.\d+(?:-.*)?$ # Watches for new Tag with the format x.y.z where x, y and z are multi-digit integers. spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: @@ -127,7 +127,7 @@ postsubmits: # runs on main - ^release-\d+\.\d+$ spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: diff --git a/prow/jobs/kyma-project/test-infra/buildpack.yaml b/prow/jobs/kyma-project/test-infra/buildpack.yaml index 02623035b62a..1610b7b83b94 100644 --- a/prow/jobs/kyma-project/test-infra/buildpack.yaml +++ b/prow/jobs/kyma-project/test-infra/buildpack.yaml @@ -17,7 +17,7 @@ presubmits: # runs on PRs - ^main$ spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: @@ -67,7 +67,7 @@ presubmits: # runs on PRs - ^main$ spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: @@ -120,7 +120,7 @@ postsubmits: # runs on main - ^main$ spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: @@ -171,7 +171,7 @@ postsubmits: # runs on main - ^main$ spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: diff --git a/prow/jobs/kyma-project/test-infra/images.yaml b/prow/jobs/kyma-project/test-infra/images.yaml index eaf8c7620dee..b26ee868480e 100644 --- a/prow/jobs/kyma-project/test-infra/images.yaml +++ b/prow/jobs/kyma-project/test-infra/images.yaml @@ -16,7 +16,7 @@ presubmits: # runs on PRs max_concurrency: 10 spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: @@ -99,7 +99,7 @@ postsubmits: max_concurrency: 10 spec: containers: - - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" securityContext: privileged: false seccompProfile: diff --git a/templates/config.yaml b/templates/config.yaml index 07292a8b5889..1e7d449a2e28 100644 --- a/templates/config.yaml +++ b/templates/config.yaml @@ -37,7 +37,7 @@ globalSets: decorate: "true" pubsub_project: "sap-kyma-prow" pubsub_topic: "prowjobs" - image: europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334 + image: europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce command: /image-builder request_memory: "1.5Gi" request_cpu: "1" @@ -60,7 +60,7 @@ globalSets: decorate: "true" pubsub_project: "sap-kyma-prow" pubsub_topic: "prowjobs" - image: europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334 + image: europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce command: /image-builder request_memory: "1.5Gi" request_cpu: "1" diff --git a/templates/data/eventing-webhook-certificates-build.yaml b/templates/data/eventing-webhook-certificates-build.yaml index 45e0e8d2ebc6..400b30a39b8d 100644 --- a/templates/data/eventing-webhook-certificates-build.yaml +++ b/templates/data/eventing-webhook-certificates-build.yaml @@ -7,7 +7,7 @@ templates: jobs: - jobConfig: name: pull-eventing-webhook-certificates-build - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" annotations: owner: skydivingtunas description: Image to generate certificates for eventing webhooks. @@ -25,7 +25,7 @@ templates: - jobConfig_presubmit - jobConfig: name: post-eventing-webhook-certificates-build - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" annotations: owner: skydivingtunas description: Image to generate certificates for eventing webhooks. diff --git a/templates/data/eventing-webhook-certificates-release.yaml b/templates/data/eventing-webhook-certificates-release.yaml index f4148232b5a6..c72f67554752 100644 --- a/templates/data/eventing-webhook-certificates-release.yaml +++ b/templates/data/eventing-webhook-certificates-release.yaml @@ -18,7 +18,7 @@ templates: jobs: - jobConfig: name: rel-eventing-webhook-certificates-build - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" annotations: owner: skydivingtunas description: Image to generate certificates for eventing webhooks. diff --git a/templates/data/istio-module-data.yaml b/templates/data/istio-module-data.yaml index 806b4381c505..d5d85737889c 100644 --- a/templates/data/istio-module-data.yaml +++ b/templates/data/istio-module-data.yaml @@ -15,7 +15,7 @@ templates: decorate: "true" pubsub_project: "sap-kyma-prow" pubsub_topic: "prowjobs" - image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334" + image: "europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce" command: /image-builder request_memory: "1.5Gi" request_cpu: "1" From adb55c8fdd6d05b0625d993bc31b70fad80fb0a9 Mon Sep 17 00:00:00 2001 From: Kyma Bot Date: Mon, 16 Sep 2024 22:01:17 +0200 Subject: [PATCH 4/6] Bumping sec-scanners-config.yaml (#11920) --- sec-scanners-config.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sec-scanners-config.yaml b/sec-scanners-config.yaml index 55c72df17bde..ea03f3d4033f 100644 --- a/sec-scanners-config.yaml +++ b/sec-scanners-config.yaml @@ -3,7 +3,7 @@ protecode: - docker.io/library/nginx:1.25.4-alpine - europe-docker.pkg.dev/gardener-project/releases/ci-infra/cla-assistant:v20240412-d22f4bf - europe-docker.pkg.dev/gcr-cleaner/gcr-cleaner/gcr-cleaner-cli:0.12.0 - - europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240912-fcc91334 + - europe-docker.pkg.dev/kyma-project/prod/image-builder:v20240916-af720dce - europe-docker.pkg.dev/kyma-project/prod/test-infra/ginkgo:v20240909-95731ea6 - europe-docker.pkg.dev/kyma-project/prod/test-infra/golangci-lint:v20240910-83aca12b - europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/automated-approver:v20240909-fe70e5ff @@ -27,8 +27,8 @@ protecode: - europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/search-github-issue:v20240909-fe70e5ff - europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/usersmapchecker:v20240909-fe70e5ff - europe-docker.pkg.dev/kyma-project/prod/test-infra/ko/vmscollector:v20240909-fe70e5ff - - europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20240912-fcc91334 - - europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20240912-fcc91334 + - europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20240916-af720dce + - europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20240916-af720dce - europe-docker.pkg.dev/kyma-project/prod/test-infra/slackmessagesender:v20240910-c199525c - europe-docker.pkg.dev/kyma-project/prod/testimages/alpine-hadolint:v20240910-541771db - europe-docker.pkg.dev/kyma-project/prod/testimages/alpine-shellcheck:v20240910-541771db From bfcbf9068b5d237b5065fb8cb142f1fd0bf26b88 Mon Sep 17 00:00:00 2001 From: Andreas Thaler Date: Tue, 17 Sep 2024 09:53:16 +0200 Subject: [PATCH 5/6] update fluentbit image to 3.1.8 (#11922) --- cmd/image-syncer/external-images.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/image-syncer/external-images.yaml b/cmd/image-syncer/external-images.yaml index f11823fb5d11..3ef1f01c2af6 100644 --- a/cmd/image-syncer/external-images.yaml +++ b/cmd/image-syncer/external-images.yaml @@ -53,7 +53,7 @@ images: - source: "python@sha256:11d30cce970c40aee8e993d302a15f8bc8204ecab7af1bae26b3fd00eb75ada2" tag: "3.12-slim-bullseye" - source: "fluent/fluent-bit@sha256:def31c22bfc23002354d0cc2beb177e4da1d87c68f49e8fee76c896e8c6fdd44" - tag: "3.1.6" # used by the kyma telemetry module + tag: "3.1.8" # used by the kyma telemetry module - source: "node@sha256:ba898e86c2cc720c8cf2ae05f8d2d4697fe0c8ca3e920d6fbf14a6cbf50bb9ca" tag: "alpine3.20" - source: "moby/buildkit:v0.15.2-rootless" From 3612578a40c03ce2cff88b7a3f35759ea38cb79b Mon Sep 17 00:00:00 2001 From: Przemek Pokrywka <12400578+dekiel@users.noreply.github.com> Date: Tue, 17 Sep 2024 12:35:16 +0200 Subject: [PATCH 6/6] Support bearer access token authentication. (#11908) * Support bearer access token authentication. * Read target key file if path provided * Apply suggestions from code review Co-authored-by: Patryk Dobrowolski --------- Co-authored-by: Patryk Dobrowolski --- cmd/image-syncer/main.go | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/cmd/image-syncer/main.go b/cmd/image-syncer/main.go index 529117a47878..7b2ff0b2dc9c 100644 --- a/cmd/image-syncer/main.go +++ b/cmd/image-syncer/main.go @@ -7,12 +7,11 @@ import ( "os/signal" "syscall" - "github.com/kyma-project/test-infra/pkg/imagesync" - "github.com/google/go-containerregistry/pkg/authn" "github.com/google/go-containerregistry/pkg/name" "github.com/google/go-containerregistry/pkg/v1/remote" "github.com/google/go-containerregistry/pkg/v1/remote/transport" + "github.com/kyma-project/test-infra/pkg/imagesync" "github.com/pkg/errors" "github.com/jamiealquiza/envy" @@ -28,6 +27,7 @@ var ( type Config struct { ImagesFile string TargetKeyFile string + AccessToken string DryRun bool Debug bool } @@ -180,7 +180,12 @@ func SyncImage(ctx context.Context, src, dest string, dryRun bool, auth authn.Au // SyncImages is a main syncing function that takes care of copying images. func SyncImages(ctx context.Context, cfg *Config, images *imagesync.SyncDef, authCfg []byte) error { - auth := &authn.Basic{Username: "_json_key", Password: string(authCfg)} + var auth authn.Authenticator + if cfg.TargetKeyFile != "" { + auth = &authn.Basic{Username: "_json_key", Password: string(authCfg)} + } else { + auth = &authn.Bearer{Token: string(authCfg)} + } for _, img := range images.Images { target, err := getTarget(img.Source, images.TargetRepoPrefix, img.Tag) imageType := "Index" @@ -224,6 +229,7 @@ func main() { Long: `image-syncer copies docker images. It compares checksum between source and target and protects target images against overriding`, //nolint:revive Run: func(cmd *cobra.Command, args []string) { + var authCfg []byte logLevel := logrus.InfoLevel if cfg.Debug { logLevel = logrus.DebugLevel @@ -237,9 +243,11 @@ func main() { if err != nil { log.WithError(err).Fatal("Could not parse images file") } - authCfg, err := os.ReadFile(cfg.TargetKeyFile) - if err != nil { - log.WithError(err).Fatal("Could not open target auth key JSON") + if cfg.TargetKeyFile != "" { + authCfg, err = os.ReadFile(cfg.TargetKeyFile) + if err != nil { + log.WithError(err).Fatal("Could not open target auth key JSON") + } } if cfg.DryRun { @@ -260,11 +268,12 @@ func main() { rootCmd.PersistentFlags().StringVarP(&cfg.ImagesFile, "images-file", "i", "", "Specifies the path to the YAML file that contains list of images") rootCmd.PersistentFlags().StringVarP(&cfg.TargetKeyFile, "target-repo-auth-key", "t", "", "Specifies the JSON key file used for authorization to the target repository") + rootCmd.PersistentFlags().StringVarP(&cfg.AccessToken, "access-token", "a", "", "Specifies the access token used for authorization to the target repository") rootCmd.PersistentFlags().BoolVar(&cfg.DryRun, "dry-run", false, "Enables the dry-run mode") rootCmd.PersistentFlags().BoolVar(&cfg.Debug, "debug", false, "Enables the debug mode") rootCmd.MarkPersistentFlagRequired("images-file") - rootCmd.MarkPersistentFlagRequired("target-repo-auth-key") + rootCmd.MarkFlagsOneRequired("target-repo-auth-key", "access-token") envy.ParseCobra(rootCmd, envy.CobraConfig{Prefix: "SYNCER", Persistent: true, Recursive: false}) if err := rootCmd.Execute(); err != nil {