From 65ceb01053bb96fd6116181f1be48a94f57828f5 Mon Sep 17 00:00:00 2001 From: Michael-Kruggel Date: Thu, 20 Jun 2024 18:29:53 +0000 Subject: [PATCH 1/4] feat: add chainguard flavor and update readme --- .github/workflows/ci-docs-shim.yaml | 2 +- .github/workflows/tag-and-release.yaml | 2 +- .github/workflows/test.yaml | 2 +- README.md | 62 ++++++++++---------------- values/chainguard.yaml | 18 ++++++++ zarf.yaml | 19 ++++++++ 6 files changed, 64 insertions(+), 41 deletions(-) create mode 100644 values/chainguard.yaml diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml index 68c175e..cc04591 100644 --- a/.github/workflows/ci-docs-shim.yaml +++ b/.github/workflows/ci-docs-shim.yaml @@ -12,7 +12,7 @@ jobs: timeout-minutes: 20 strategy: matrix: - flavor: [registry1] + flavor: [registry1, chainguard] type: [install, upgrade] steps: - name: Shim for ${{ matrix.type }} ${{ matrix.flavor }} diff --git a/.github/workflows/tag-and-release.yaml b/.github/workflows/tag-and-release.yaml index b57e323..585babe 100644 --- a/.github/workflows/tag-and-release.yaml +++ b/.github/workflows/tag-and-release.yaml @@ -26,7 +26,7 @@ jobs: name: Publish package strategy: matrix: - flavor: [registry1] + flavor: [registry1, chainguard] permissions: contents: read diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index df3bd13..973c063 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -38,7 +38,7 @@ jobs: timeout-minutes: 25 strategy: matrix: - flavor: [registry1] + flavor: [registry1, chainguard] type: [install, upgrade] steps: diff --git a/README.md b/README.md index 3a15fe7..7b6adc3 100644 --- a/README.md +++ b/README.md @@ -1,50 +1,36 @@ -# uds-package-jenkins -Platform One Jenkins deployed via flux +# 🚚 UDS Jenkins Zarf Package -## Pre-req -- Minimum compute requirements for single node deployment are at LEAST 64 GB RAM and 32 virtual CPU threads (aws `m6i.8xlarge` instance type should do) -- k3d installed on machine +[![Latest Release](https://img.shields.io/github/v/release/defenseunicorns/uds-package-jenkins)](https://github.com/defenseunicorns/uds-package-jenkins/releases) +[![Build Status](https://img.shields.io/github/actions/workflow/status/defenseunicorns/uds-package-jenkins/tag-and-release.yaml)](https://github.com/defenseunicorns/uds-package-jenkins/actions/workflows/tag-and-release.yaml) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/uds-package-jenkins/badge)](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/uds-package-jenkins) -## Deploy +This package is designed to be deployed on [UDS Core](https://github.com/defenseunicorns/uds-core), and is based on the upstream [Jenkins](https://github.com/jenkinsci/helm-charts/tree/main/charts/jenkins) chart. -### Use zarf to login to the needed registries i.e. registry1.dso.mil +## Pre-requisites -```bash -# Download Zarf -make build/zarf +The Jenkins Package expects to be deployed on top of [UDS Core](https://github.com/defenseunicorns/uds-core). -# Login to the registry -set +o history +## Flavors -# registry1.dso.mil (To access registry1 images needed during build time) -export REGISTRY1_USERNAME="YOUR-USERNAME-HERE" -export REGISTRY1_TOKEN="YOUR-TOKEN-HERE" -echo $REGISTRY1_TOKEN | build/zarf tools registry login registry1.dso.mil --username $REGISTRY1_USERNAME --password-stdin +| Flavor | Description | Example Creation | +| ------ | ----------- | ---------------- | +| registry1 | Uses images from registry1.dso.mil within the package. | `zarf package create . -f registry1` | +| chainguard | Uses images from cgr.dev within the package. | `zarf package create . -f chainguard` | -set -o history -``` +> [!IMPORTANT] +> **NOTE:** To create the registry1 or the chainguard flavor you will need to be logged into Iron Bank - you can find instructions on how to do this in the [Big Bang Zarf Tutorial](https://docs.zarf.dev/tutorials/6-big-bang/#setup). -### Build and Deploy Everything via Makefile and local package +## Releases -```bash -# This will run make build/all, make cluster/reset, and make deploy/all. Follow the breadcrumbs in the Makefile to see what and how its doing it. -make all -``` +The released packages can be found in [ghcr](https://github.com/defenseunicorns/uds-package-jenkins/pkgs/container/packages%2Fuds%2Fjenkins). -## Declare This Package In Your UDS Bundle -Below is an example of how to use this projects zarf package in your UDS Bundle +## UDS Tasks (for local dev and CI) -```yaml -kind: UDSBundle -metadata: - name: example-bundle - description: An Example UDS Bundle - version: 0.0.1 - architecture: amd64 +*For local dev, this requires you install [uds-cli](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install) -zarf-packages: - # Jenkins - - name: jenkins - repository: ghcr.io/defenseunicorns/uds-package/jenkins - ref: x.x.x -``` +> [!TIP] +> To get a list of tasks to run you can use `uds run --list`! + +## Contributing + +Please see the [CONTRIBUTING.md](./CONTRIBUTING.md) \ No newline at end of file diff --git a/values/chainguard.yaml b/values/chainguard.yaml new file mode 100644 index 0000000..9d9cbc9 --- /dev/null +++ b/values/chainguard.yaml @@ -0,0 +1,18 @@ +controller: + image: + registry: "cgr.dev" + repository: "chainguard/jenkins" + tag: "latest" + sidecars: + configAutoReload: + image: + registry: "cgr.dev" + repository: "chainguard/k8s-sidecar" + tag: "latest" + +agent: + image: + # -- Repository to pull the agent jnlp image from + repository: "registry1.dso.mil/ironbank/opensource/jenkins/inbound-agent" + # -- Tag of the image to pull + tag: "3186.vc3b_7249b_87eb_-1" diff --git a/zarf.yaml b/zarf.yaml index 86fa141..bec35b8 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -38,3 +38,22 @@ components: - registry1.dso.mil/ironbank/opensource/jenkins/inbound-agent:3186.vc3b_7249b_87eb_-1 - registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar:1.27.2 - registry1.dso.mil/ironbank/opensource/bats/bats:v1.10.0-ubi9 + +# Note: chainguard flavor is experimental + - name: jenkins + required: true + description: "Deploy jenkins with registry1 images" + import: + path: common + only: + flavor: chainguard + cluster: + architecture: amd64 + charts: + - name: jenkins + valuesFiles: + - values/chainguard.yaml + images: + - cgr.dev/chainguard/jenkins:latest + - registry1.dso.mil/ironbank/opensource/jenkins/inbound-agent:3186.vc3b_7249b_87eb_-1 + - cgr.dev/chainguard/k8s-sidecar:latest \ No newline at end of file From c12afbc09d9aba4c13b6247f53702528c9876a4d Mon Sep 17 00:00:00 2001 From: Michael-Kruggel Date: Thu, 20 Jun 2024 18:34:37 +0000 Subject: [PATCH 2/4] fix: lint --- zarf.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zarf.yaml b/zarf.yaml index bec35b8..a64941e 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -56,4 +56,4 @@ components: images: - cgr.dev/chainguard/jenkins:latest - registry1.dso.mil/ironbank/opensource/jenkins/inbound-agent:3186.vc3b_7249b_87eb_-1 - - cgr.dev/chainguard/k8s-sidecar:latest \ No newline at end of file + - cgr.dev/chainguard/k8s-sidecar:latest From 887010d901ecb3eb07d32df8816f0a2a195bbbb4 Mon Sep 17 00:00:00 2001 From: Michael-Kruggel Date: Fri, 21 Jun 2024 17:54:30 +0000 Subject: [PATCH 3/4] feat: update task files and add todo comment for image --- .github/workflows/commitlint.yaml | 2 +- .github/workflows/lint.yaml | 2 +- .github/workflows/tag-and-release.yaml | 4 ++-- .github/workflows/test.yaml | 6 +++--- tasks.yaml | 30 +++++++++++++------------- tasks/publish.yaml | 4 ++-- values/chainguard.yaml | 1 + 7 files changed, 25 insertions(+), 24 deletions(-) diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml index 9bdc427..8817893 100644 --- a/.github/workflows/commitlint.yaml +++ b/.github/workflows/commitlint.yaml @@ -12,4 +12,4 @@ on: jobs: validate: name: Validate - uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 + uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index f92ec8b..3b09809 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -20,7 +20,7 @@ jobs: fetch-depth: 0 - name: Environment setup - uses: defenseunicorns/uds-common/.github/actions/setup@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 + uses: defenseunicorns/uds-common/.github/actions/setup@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0 with: registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} diff --git a/.github/workflows/tag-and-release.yaml b/.github/workflows/tag-and-release.yaml index 585babe..41ef8f2 100644 --- a/.github/workflows/tag-and-release.yaml +++ b/.github/workflows/tag-and-release.yaml @@ -36,7 +36,7 @@ jobs: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Environment setup - uses: defenseunicorns/uds-common/.github/actions/setup@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 + uses: defenseunicorns/uds-common/.github/actions/setup@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0 with: registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} @@ -47,6 +47,6 @@ jobs: - name: Save logs if: always() - uses: defenseunicorns/uds-common/.github/actions/save-logs@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 + uses: defenseunicorns/uds-common/.github/actions/save-logs@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0 with: suffix: '${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}' diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 973c063..44523aa 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -46,20 +46,20 @@ jobs: uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Environment setup - uses: defenseunicorns/uds-common/.github/actions/setup@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 + uses: defenseunicorns/uds-common/.github/actions/setup@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0 with: registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} ghToken: ${{ secrets.GITHUB_TOKEN }} - name: Test - uses: defenseunicorns/uds-common/.github/actions/test@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 + uses: defenseunicorns/uds-common/.github/actions/test@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0 with: flavor: ${{ matrix.flavor }} type: ${{ matrix.type }} - name: Save logs if: always() - uses: defenseunicorns/uds-common/.github/actions/save-logs@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 + uses: defenseunicorns/uds-common/.github/actions/save-logs@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0 with: suffix: ${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }} diff --git a/tasks.yaml b/tasks.yaml index 5e880f5..2e1f6e2 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -1,34 +1,34 @@ includes: - cleanup: ./tasks/cleanup.yaml - test: ./tasks/test.yaml - - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/create.yaml - - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/lint.yaml - - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/pull.yaml - - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/deploy.yaml - - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/setup.yaml + - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/create.yaml + - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/lint.yaml + - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/pull.yaml + - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/deploy.yaml + - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/setup.yaml tasks: - name: default description: Create K3D Cluster with UDS-Core + Jenkins actions: - - task: create-jenkins-test-bundle + - task: create-test-bundle - task: setup:k3d-test-cluster - task: deploy:test-bundle - - name: create-jenkins-package + - name: create-package description: Create UDS Jenkins Package actions: - task: create:package with: options: "--skip-sbom" - - name: create-jenkins-test-bundle + - name: create-test-bundle description: Create a local UDS Jenkins bundle actions: - - task: create-jenkins-package + - task: create-package - task: create:test-bundle - - name: create-jenkins-latest-release-bundle + - name: create-latest-release-bundle description: Create UDS Jenkins bundle based on the latest release actions: - task: pull:latest-package-release @@ -36,7 +36,7 @@ tasks: spoof_release: "true" - task: create:test-bundle - - name: deploy-jenkins-test-bundle + - name: deploy-test-bundle description: Deploy the Jenkins test bundle to local cluster actions: - task: deploy:test-bundle @@ -44,7 +44,7 @@ tasks: - name: local-all description: Create then deploy local jenkins bundle actions: - - task: create-jenkins-test-bundle + - task: create-test-bundle - task: deploy:test-bundle # CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names @@ -52,7 +52,7 @@ tasks: - name: test-package description: Test the Jenkins package from the current branch actions: - - task: create-jenkins-test-bundle + - task: create-test-bundle - task: setup:k3d-test-cluster - task: deploy:test-bundle - task: test:health-check @@ -61,10 +61,10 @@ tasks: - name: test-upgrade description: Test an upgrade from the latest released package to the current branch actions: - - task: create-jenkins-latest-release-bundle + - task: create-latest-release-bundle - task: setup:k3d-test-cluster - task: deploy:test-bundle - - task: create-jenkins-test-bundle + - task: create-test-bundle - task: deploy:test-bundle - task: test:health-check - task: test:ingress diff --git a/tasks/publish.yaml b/tasks/publish.yaml index a559d11..6d9bd7c 100644 --- a/tasks/publish.yaml +++ b/tasks/publish.yaml @@ -1,7 +1,7 @@ includes: - dependencies: ./dependencies.yaml - - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/create.yaml - - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/publish.yaml + - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/create.yaml + - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/publish.yaml tasks: - name: package diff --git a/values/chainguard.yaml b/values/chainguard.yaml index 9d9cbc9..1faab9a 100644 --- a/values/chainguard.yaml +++ b/values/chainguard.yaml @@ -10,6 +10,7 @@ controller: repository: "chainguard/k8s-sidecar" tag: "latest" +# TODO get a chainguard version of this image agent: image: # -- Repository to pull the agent jnlp image from From dc3be275363a97cd6b5dc257569cd82a24313b13 Mon Sep 17 00:00:00 2001 From: Michael-Kruggel Date: Fri, 21 Jun 2024 18:21:34 +0000 Subject: [PATCH 4/4] feat: update jenkins chart and image --- common/zarf.yaml | 2 +- values/registry1.yaml | 2 +- zarf.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/common/zarf.yaml b/common/zarf.yaml index 06a9aeb..1c2ba79 100644 --- a/common/zarf.yaml +++ b/common/zarf.yaml @@ -33,7 +33,7 @@ components: - name: jenkins namespace: jenkins url: https://charts.jenkins.io - version: 5.1.26 + version: 5.3.1 repoName: jenkins releaseName: jenkins valuesFiles: diff --git a/values/registry1.yaml b/values/registry1.yaml index a22a608..2139da6 100644 --- a/values/registry1.yaml +++ b/values/registry1.yaml @@ -2,7 +2,7 @@ controller: image: registry: "registry1.dso.mil" repository: "ironbank/opensource/jenkins/jenkins" - tag: "2.452.1-lts" + tag: "2.452.2-lts" sidecars: configAutoReload: image: diff --git a/zarf.yaml b/zarf.yaml index e6e60be..899bb46 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -34,7 +34,7 @@ components: valuesFiles: - values/registry1.yaml images: - - registry1.dso.mil/ironbank/opensource/jenkins/jenkins:2.452.1-lts + - registry1.dso.mil/ironbank/opensource/jenkins/jenkins:2.452.2-lts - registry1.dso.mil/ironbank/opensource/jenkins/inbound-agent:3186.vc3b_7249b_87eb_-1 - registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar:1.27.2 - registry1.dso.mil/ironbank/opensource/bats/bats:v1.10.0-ubi9