Merge pull request #19 from defenseunicorns/feat--chainguard-images

defenseunicorns · Jun 21, 2024 · c87aa7c · c87aa7c
2 parents 0c977a2 + dc3be27
commit c87aa7c
Show file tree

Hide file tree

Showing 12 changed files with 92 additions and 68 deletions.
diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml
@@ -12,7 +12,7 @@ jobs:
     timeout-minutes: 20
     strategy:
       matrix:
-        flavor: [registry1]
+        flavor: [registry1, chainguard]
         type: [install, upgrade]
     steps:
       - name: Shim for ${{ matrix.type }} ${{ matrix.flavor }}

diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml
@@ -12,4 +12,4 @@ on:
 jobs:
   validate:
     name: Validate
-    uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2
+    uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -20,7 +20,7 @@ jobs:
           fetch-depth: 0
 
       - name: Environment setup
-        uses: defenseunicorns/uds-common/.github/actions/setup@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2
+        uses: defenseunicorns/uds-common/.github/actions/setup@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0
         with:
           registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
           registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}

diff --git a/.github/workflows/tag-and-release.yaml b/.github/workflows/tag-and-release.yaml
@@ -26,7 +26,7 @@ jobs:
     name: Publish package
     strategy:
       matrix:
-        flavor: [registry1]
+        flavor: [registry1, chainguard]
 
     permissions:
       contents: read
@@ -36,7 +36,7 @@ jobs:
       - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
 
       - name: Environment setup
-        uses: defenseunicorns/uds-common/.github/actions/setup@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2
+        uses: defenseunicorns/uds-common/.github/actions/setup@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0
         with:
           registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
           registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
@@ -47,6 +47,6 @@ jobs:
 
       - name: Save logs
         if: always()
-        uses: defenseunicorns/uds-common/.github/actions/save-logs@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2
+        uses: defenseunicorns/uds-common/.github/actions/save-logs@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0
         with:
           suffix: '${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}'
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -38,28 +38,28 @@ jobs:
     timeout-minutes: 25
     strategy:
       matrix:
-        flavor: [registry1]
+        flavor: [registry1, chainguard]
         type: [install, upgrade]
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
 
       - name: Environment setup
-        uses: defenseunicorns/uds-common/.github/actions/setup@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2
+        uses: defenseunicorns/uds-common/.github/actions/setup@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0
         with:
           registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
           registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
           ghToken: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Test
-        uses: defenseunicorns/uds-common/.github/actions/test@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2
+        uses: defenseunicorns/uds-common/.github/actions/test@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0
         with:
           flavor: ${{ matrix.flavor }}
           type: ${{ matrix.type }}
 
       - name: Save logs
         if: always()
-        uses: defenseunicorns/uds-common/.github/actions/save-logs@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2
+        uses: defenseunicorns/uds-common/.github/actions/save-logs@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0
         with:
           suffix: ${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
diff --git a/README.md b/README.md
@@ -1,50 +1,36 @@
-# uds-package-jenkins
-Platform One Jenkins deployed via flux
+# 🚚 UDS Jenkins Zarf Package
 
-## Pre-req
-- Minimum compute requirements for single node deployment are at LEAST 64 GB RAM and 32 virtual CPU threads (aws `m6i.8xlarge` instance type should do)
-- k3d installed on machine
+[![Latest Release](https://img.shields.io/github/v/release/defenseunicorns/uds-package-jenkins)](https://github.com/defenseunicorns/uds-package-jenkins/releases)
+[![Build Status](https://img.shields.io/github/actions/workflow/status/defenseunicorns/uds-package-jenkins/tag-and-release.yaml)](https://github.com/defenseunicorns/uds-package-jenkins/actions/workflows/tag-and-release.yaml)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/uds-package-jenkins/badge)](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/uds-package-jenkins)
 
-## Deploy
+This package is designed to be deployed on [UDS Core](https://github.com/defenseunicorns/uds-core), and is based on the upstream [Jenkins](https://github.com/jenkinsci/helm-charts/tree/main/charts/jenkins) chart.
 
-### Use zarf to login to the needed registries i.e. registry1.dso.mil
+## Pre-requisites
 
-```bash
-# Download Zarf
-make build/zarf
+The Jenkins Package expects to be deployed on top of [UDS Core](https://github.com/defenseunicorns/uds-core).
 
-# Login to the registry
-set +o history
+## Flavors
 
-# registry1.dso.mil (To access registry1 images needed during build time)
-export REGISTRY1_USERNAME="YOUR-USERNAME-HERE"
-export REGISTRY1_TOKEN="YOUR-TOKEN-HERE"
-echo $REGISTRY1_TOKEN | build/zarf tools registry login registry1.dso.mil --username $REGISTRY1_USERNAME --password-stdin
+| Flavor | Description | Example Creation |
+| ------ | ----------- | ---------------- |
+| registry1 | Uses images from registry1.dso.mil within the package. | `zarf package create . -f registry1` |
+| chainguard | Uses images from cgr.dev within the package. | `zarf package create . -f chainguard` |
 
-set -o history
-```
+> [!IMPORTANT]
+> **NOTE:** To create the registry1 or the chainguard flavor you will need to be logged into Iron Bank - you can find instructions on how to do this in the [Big Bang Zarf Tutorial](https://docs.zarf.dev/tutorials/6-big-bang/#setup).
 
-### Build and Deploy Everything via Makefile and local package
+## Releases
 
-```bash
-# This will run make build/all, make cluster/reset, and make deploy/all. Follow the breadcrumbs in the Makefile to see what and how its doing it.
-make all
-```
+The released packages can be found in [ghcr](https://github.com/defenseunicorns/uds-package-jenkins/pkgs/container/packages%2Fuds%2Fjenkins).
 
-## Declare This Package In Your UDS Bundle
-Below is an example of how to use this projects zarf package in your UDS Bundle
+## UDS Tasks (for local dev and CI)
 
-```yaml
-kind: UDSBundle
-metadata:
-  name: example-bundle
-  description: An Example UDS Bundle
-  version: 0.0.1
-  architecture: amd64
+*For local dev, this requires you install [uds-cli](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install)
 
-zarf-packages:
-  # Jenkins
-  - name: jenkins
-    repository: ghcr.io/defenseunicorns/uds-package/jenkins
-    ref: x.x.x
-```
+> [!TIP]
+> To get a list of tasks to run you can use `uds run --list`!
+
+## Contributing
+
+Please see the [CONTRIBUTING.md](./CONTRIBUTING.md)
diff --git a/common/zarf.yaml b/common/zarf.yaml
@@ -33,7 +33,7 @@ components:
       - name: jenkins
         namespace: jenkins
         url: https://charts.jenkins.io
-        version: 5.1.26
+        version: 5.3.1
         repoName: jenkins
         releaseName: jenkins
         valuesFiles:

diff --git a/tasks.yaml b/tasks.yaml
@@ -1,58 +1,58 @@
 includes:
   - cleanup: ./tasks/cleanup.yaml
   - test: ./tasks/test.yaml
-  - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/create.yaml
-  - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/lint.yaml
-  - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/pull.yaml
-  - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/deploy.yaml
-  - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/setup.yaml
+  - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/create.yaml
+  - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/lint.yaml
+  - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/pull.yaml
+  - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/deploy.yaml
+  - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/setup.yaml
 
 tasks:
   - name: default
     description: Create K3D Cluster with UDS-Core + Jenkins
     actions:
-      - task: create-jenkins-test-bundle
+      - task: create-test-bundle
       - task: setup:k3d-test-cluster
       - task: deploy:test-bundle
 
-  - name: create-jenkins-package
+  - name: create-package
     description: Create UDS Jenkins Package
     actions:
       - task: create:package
         with:
           options: "--skip-sbom"
 
-  - name: create-jenkins-test-bundle
+  - name: create-test-bundle
     description: Create a local UDS Jenkins bundle
     actions:
-      - task: create-jenkins-package
+      - task: create-package
       - task: create:test-bundle
 
-  - name: create-jenkins-latest-release-bundle
+  - name: create-latest-release-bundle
     description: Create UDS Jenkins bundle based on the latest release
     actions:
       - task: pull:latest-package-release
         with:
           spoof_release: "true"
       - task: create:test-bundle
 
-  - name: deploy-jenkins-test-bundle
+  - name: deploy-test-bundle
     description: Deploy the Jenkins test bundle to local cluster
     actions:
       - task: deploy:test-bundle
 
   - name: local-all
     description: Create then deploy local jenkins bundle
     actions:
-      - task: create-jenkins-test-bundle
+      - task: create-test-bundle
       - task: deploy:test-bundle
 
 # CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names
 
   - name: test-package
     description: Test the Jenkins package from the current branch
     actions:
-      - task: create-jenkins-test-bundle
+      - task: create-test-bundle
       - task: setup:k3d-test-cluster
       - task: deploy:test-bundle
       - task: test:health-check
@@ -61,10 +61,10 @@ tasks:
   - name: test-upgrade
     description: Test an upgrade from the latest released package to the current branch
     actions:
-      - task: create-jenkins-latest-release-bundle
+      - task: create-latest-release-bundle
       - task: setup:k3d-test-cluster
       - task: deploy:test-bundle
-      - task: create-jenkins-test-bundle
+      - task: create-test-bundle
       - task: deploy:test-bundle
       - task: test:health-check
       - task: test:ingress
diff --git a/tasks/publish.yaml b/tasks/publish.yaml
@@ -1,7 +1,7 @@
 includes:
   - dependencies: ./dependencies.yaml
-  - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/create.yaml
-  - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/publish.yaml
+  - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/create.yaml
+  - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/publish.yaml
 
 tasks:
   - name: package

diff --git a/values/chainguard.yaml b/values/chainguard.yaml
@@ -0,0 +1,19 @@
+controller:
+  image:
+    registry: "cgr.dev"
+    repository: "chainguard/jenkins"
+    tag: "latest"
+  sidecars:
+    configAutoReload:
+      image:
+        registry: "cgr.dev"
+        repository: "chainguard/k8s-sidecar"
+        tag: "latest"
+
+# TODO get a chainguard version of this image
+agent:
+  image:
+    # -- Repository to pull the agent jnlp image from
+    repository: "registry1.dso.mil/ironbank/opensource/jenkins/inbound-agent"
+    # -- Tag of the image to pull
+    tag: "3186.vc3b_7249b_87eb_-1"
diff --git a/values/registry1.yaml b/values/registry1.yaml
@@ -2,7 +2,7 @@ controller:
   image:
     registry: "registry1.dso.mil"
     repository: "ironbank/opensource/jenkins/jenkins"
-    tag: "2.452.1-lts"
+    tag: "2.452.2-lts"
   sidecars:
     configAutoReload:
       image:

diff --git a/zarf.yaml b/zarf.yaml
@@ -34,7 +34,26 @@ components:
         valuesFiles:
           - values/registry1.yaml
     images:
-      - registry1.dso.mil/ironbank/opensource/jenkins/jenkins:2.452.1-lts
+      - registry1.dso.mil/ironbank/opensource/jenkins/jenkins:2.452.2-lts
       - registry1.dso.mil/ironbank/opensource/jenkins/inbound-agent:3186.vc3b_7249b_87eb_-1
       - registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar:1.27.2
       - registry1.dso.mil/ironbank/opensource/bats/bats:v1.10.0-ubi9
+
+# Note: chainguard flavor is experimental
+  - name: jenkins
+    required: true
+    description: "Deploy jenkins with registry1 images"
+    import:
+      path: common
+    only:
+      flavor: chainguard
+      cluster:
+        architecture: amd64
+    charts:
+      - name: jenkins
+        valuesFiles:
+          - values/chainguard.yaml
+    images:
+      - cgr.dev/chainguard/jenkins:latest
+      - registry1.dso.mil/ironbank/opensource/jenkins/inbound-agent:3186.vc3b_7249b_87eb_-1
+      - cgr.dev/chainguard/k8s-sidecar:latest