Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wip: new(config): integrate pigeon. #1483

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

wip: new(config): integrate pigeon. #1483

wants to merge 1 commit into from

Conversation

FedeDP
Copy link
Contributor

@FedeDP FedeDP commented May 6, 2024
edited
Loading

FedeDP
FedeDP commented May 6, 2024
View reviewed changes
config/secrets.yaml
orgs:
falcosecurity:
actions:
secrets:
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are the org-wide secrets being used at the moment.

FedeDP
FedeDP commented May 6, 2024
View reviewed changes
config/secrets.yaml
- DOCKERHUB_SECRET
- DOCKERHUB_USER
repos:
libs:
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are the repo-specific secrets being used atm.

@FedeDP
new(config): integrate pigeon.
4fe6e86 
Signed-off-by: Federico Di Pierro <[email protected]>
@FedeDP FedeDP force-pushed the new/integrate_pigeon branch from 11a30d3 to 4fe6e86 Compare May 6, 2024 08:53
@poiana poiana requested review from jonahjon and maxgio92 May 6, 2024 09:01
@poiana
Copy link
Contributor

poiana commented May 6, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: FedeDP

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

1 similar comment
@poiana
Copy link
Contributor

poiana commented May 6, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: FedeDP

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

FedeDP
FedeDP commented May 6, 2024
View reviewed changes
config/secrets.yaml
- GPG_KEY
libs:
actions:
secrets:
Copy link
Contributor Author

@FedeDP FedeDP May 6, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of these secrets are NOT present in our 1-password store. We should:

  • move FEDEDP_GIST_SECRET to POIANA_GIST_SECRET
  • add all of them

@FedeDP
Copy link
Contributor Author

FedeDP commented May 6, 2024
edited
Loading

FYI @maxgio92

FedeDP
FedeDP commented May 6, 2024
View reviewed changes
config/jobs/update-secrets/update-secrets.yaml
run_if_changed: '^config/secrets.yaml$'
spec:
containers:
- image: ghcr.io/falcosecurity/pigeon:v0.3.0
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We also need 3 env variables to be defined to connect to our 1password store: https://github.com/falcosecurity/pigeon/blob/main/pkg/pigeon/secrets_onepassword.go#L35

//   - `OP_CONNECT_TOKEN`: the API token to be used to authenticate the client
//     to your 1Password Connect instance.
//   - `OP_CONNECT_HOST`: the hostname of your 1Password Connect instance.
//   - `OP_VAULT`: a vault UUID from which retrieving the secrets.

@poiana
Copy link
Contributor

poiana commented Aug 4, 2024

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

@poiana
Copy link
Contributor

poiana commented Sep 3, 2024

Stale issues rot after 30d of inactivity.

Mark the issue as fresh with /remove-lifecycle rotten.

Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle rotten

@FedeDP
Copy link
Contributor Author

FedeDP commented Sep 3, 2024

/remove-lifecycle rotten

@poiana
Copy link
Contributor

poiana commented Dec 2, 2024

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

@FedeDP
Copy link
Contributor Author

FedeDP commented Dec 2, 2024

/remove-lifecycle stale

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonahjon jonahjon Awaiting requested review from jonahjon

@maxgio92 maxgio92 Awaiting requested review from maxgio92

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
approved dco-signoff: yes do-not-merge/hold do-not-merge/work-in-progress size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@FedeDP @poiana