From 21374a6a2b0e21e55b755b7d402b9aa405682c93 Mon Sep 17 00:00:00 2001
From: Michael-Kruggel <michael.kruggel@defenseunicorns.com>
Date: Thu, 25 Jul 2024 20:41:37 +0000
Subject: [PATCH] feat: add upstream and unicorn flavors

---
 .github/workflows/ci-docs-shim.yaml    |  2 +-
 .github/workflows/tag-and-release.yaml | 19 ++++++++++--
 .github/workflows/test.yaml            |  4 ++-
 values/registry1.yaml                  | 11 +------
 values/unicorn.yaml                    | 18 +++++++++++
 values/upstream.yaml                   | 18 +++++++++++
 zarf.yaml                              | 42 ++++++++++++++++++++++++--
 7 files changed, 98 insertions(+), 16 deletions(-)
 create mode 100644 values/unicorn.yaml
 create mode 100644 values/upstream.yaml

diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml
index 68c175e..be02cfa 100644
--- a/.github/workflows/ci-docs-shim.yaml
+++ b/.github/workflows/ci-docs-shim.yaml
@@ -12,7 +12,7 @@ jobs:
     timeout-minutes: 20
     strategy:
       matrix:
-        flavor: [registry1]
+        flavor: [upstream, registry1, unicorn]
         type: [install, upgrade]
     steps:
       - name: Shim for ${{ matrix.type }} ${{ matrix.flavor }}
diff --git a/.github/workflows/tag-and-release.yaml b/.github/workflows/tag-and-release.yaml
index 2df527c..86f493d 100644
--- a/.github/workflows/tag-and-release.yaml
+++ b/.github/workflows/tag-and-release.yaml
@@ -26,7 +26,7 @@ jobs:
     name: Publish package
     strategy:
       matrix:
-        flavor: [registry1]
+        flavor: [upstream, registry1, unicorn]
 
     permissions:
       contents: read
@@ -41,9 +41,24 @@ jobs:
           registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
           registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
           ghToken: ${{ secrets.GITHUB_TOKEN }}
+          chainguardIdentity: ${{ secrets.CHAINGUARD_IDENTITY }}
+
+      # Determine repository to publish to
+      - name: Determine destination repository
+        id: repo
+        run: |
+          repo=ghcr.io/defenseunicorns/packages
+          # Publish unicorn flavor to private repository
+          if [ "${{ matrix.flavor }}" = "unicorn" ]; then
+            repo+=/private
+          fi
+          repo+=/uds
+
+          echo "repo=${repo}" >> "$GITHUB_OUTPUT"
+          echo "Publishing packages and bundles to ${repo}"
 
       - name: Publish Package
-        run: uds run -f tasks/publish.yaml package --set FLAVOR=${{ matrix.flavor }}
+        run: uds run -f tasks/publish.yaml package --set FLAVOR=${{ matrix.flavor }} --set TARGET_REPO=${{ steps.repo.outputs.repo }} --no-progress
 
       - name: Save logs
         if: always()
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 2e82ddf..001c712 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -30,6 +30,7 @@ concurrency:
 
 permissions:
   contents: read
+  id-token: write
 
 jobs:
   run-test:
@@ -38,7 +39,7 @@ jobs:
     timeout-minutes: 25
     strategy:
       matrix:
-        flavor: [registry1]
+        flavor: [upstream, registry1, unicorn]
         type: [install, upgrade]
 
     steps:
@@ -51,6 +52,7 @@ jobs:
           registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
           registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
           ghToken: ${{ secrets.GITHUB_TOKEN }}
+          chainguardIdentity: ${{ secrets.CHAINGUARD_IDENTITY }}
 
       - name: Test
         uses: defenseunicorns/uds-common/.github/actions/test@a7549ad75a9bbd8e71ce2236ec17c1e33ec4df61 # v0.8.1
diff --git a/values/registry1.yaml b/values/registry1.yaml
index 91ba4b3..aa5a3ca 100644
--- a/values/registry1.yaml
+++ b/values/registry1.yaml
@@ -2,7 +2,7 @@ controller:
   image:
     registry: "registry1.dso.mil"
     repository: "ironbank/opensource/jenkins/jenkins"
-    tag: "2.452.3-lts"
+    tag: "2.469-jdk17"
   sidecars:
     configAutoReload:
       image:
@@ -16,12 +16,3 @@ agent:
     repository: "registry1.dso.mil/ironbank/opensource/jenkins/inbound-agent"
     # -- Tag of the image to pull
     tag: "3186.vc3b_7249b_87eb_-1"
-
-helmtest:
-  # A testing framework for bash
-  bats:
-    # Bash Automated Testing System (BATS)
-    image:
-      registry: "registry1.dso.mil"
-      repository: "ironbank/opensource/bats/bats"
-      tag: "v1.10.0-ubi9"
diff --git a/values/unicorn.yaml b/values/unicorn.yaml
new file mode 100644
index 0000000..a831c0c
--- /dev/null
+++ b/values/unicorn.yaml
@@ -0,0 +1,18 @@
+controller:
+  image:
+    registry: "cgr.dev"
+    repository: "du-uds-defenseunicorns/jenkins"
+    tag: "2.469"
+  sidecars:
+    configAutoReload:
+      image:
+        registry: "cgr.dev"
+        repository: "du-uds-defenseunicorns/k8s-sidecar"
+        tag: "1.27.5"
+
+agent:
+  image:
+    # -- Repository to pull the agent jnlp image from
+    repository: "registry1.dso.mil/ironbank/opensource/jenkins/inbound-agent"
+    # -- Tag of the image to pull
+    tag: "3186.vc3b_7249b_87eb_-1"
diff --git a/values/upstream.yaml b/values/upstream.yaml
new file mode 100644
index 0000000..123f494
--- /dev/null
+++ b/values/upstream.yaml
@@ -0,0 +1,18 @@
+controller:
+  image:
+    registry: "docker.io"
+    repository: "jenkins/jenkins"
+    tag: "2.469-jdk17"
+  sidecars:
+    configAutoReload:
+      image:
+        registry: "docker.io"
+        repository: "kiwigrid/k8s-sidecar"
+        tag: "1.27.5"
+
+agent:
+  image:
+    # -- Repository to pull the agent jnlp image from
+    repository: "docker.io/jenkins/inbound-agent"
+    # -- Tag of the image to pull
+    tag: "3256.v88a_f6e922152-1"
diff --git a/zarf.yaml b/zarf.yaml
index ef499c1..33f91f0 100644
--- a/zarf.yaml
+++ b/zarf.yaml
@@ -18,6 +18,26 @@ components:
     description: "SSO secret for jenkins"
     import:
       path: common
+
+  # Note: upstream flavor is experimental
+  - name: jenkins
+    required: true
+    description: "Deploy jenkins with upstream images"
+    import:
+      path: common
+    only:
+      flavor: upstream
+      cluster:
+        architecture: amd64
+    charts:
+      - name: jenkins
+        valuesFiles:
+          - values/upstream.yaml
+    images:
+      - docker.io/jenkins/jenkins:2.469-jdk17
+      - docker.io/kiwigrid/k8s-sidecar:1.27.5
+      - docker.io/jenkins/inbound-agent:3256.v88a_f6e922152-1
+
   - name: jenkins
     required: true
     description: "Deploy jenkins with registry1 images"
@@ -32,7 +52,25 @@ components:
         valuesFiles:
           - values/registry1.yaml
     images:
-      - registry1.dso.mil/ironbank/opensource/jenkins/jenkins:2.452.3-lts
+      - registry1.dso.mil/ironbank/opensource/jenkins/jenkins:2.469-jdk17
       - registry1.dso.mil/ironbank/opensource/jenkins/inbound-agent:3186.vc3b_7249b_87eb_-1
       - registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar:1.27.5
-      - registry1.dso.mil/ironbank/opensource/bats/bats:v1.10.0-ubi9
+
+  # Note: unicorn flavor is experimental
+  - name: jenkins
+    required: true
+    description: "Deploy jenkins with unicorn images"
+    import:
+      path: common
+    only:
+      flavor: unicorn
+      cluster:
+        architecture: amd64
+    charts:
+      - name: jenkins
+        valuesFiles:
+          - values/unicorn.yaml
+    images:
+      - cgr.dev/du-uds-defenseunicorns/jenkins:2.469
+      - registry1.dso.mil/ironbank/opensource/jenkins/inbound-agent:3186.vc3b_7249b_87eb_-1
+      - cgr.dev/du-uds-defenseunicorns/k8s-sidecar:1.27.5