feat: add registry1 zarf flavors to uds core

.github/actions/setup/action.yaml

@@ -1,6 +1,16 @@
 # action.yml
 name: "Setup Environment"
 description: "UDS Environment Setup"
+inputs:
+  gh_token:
+    description: 'GITHUB_TOKEN'
+    required: true
+  ib_user:
+    description: 'IRON_BANK_ROBOT_USERNAME'
+    required: true
+  ib_password:
+    description: 'IRON_BANK_ROBOT_PASSWORD'
+    required: true
 
 runs:
   using: "composite"
@@ -27,4 +37,21 @@ runs:
     - name: Install UDS CLI
       shell: bash
       # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
-      run: brew install defenseunicorns/tap/uds@0.5.3
+      run: brew install defenseunicorns/tap/uds@0.6.1
+
+    - name: Login to GHCR
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: dummy
+        password: ${{ inputs.gh_token }}
+
+    # Retries intermittent registry1 login action
+    - uses: Wandalen/wretry.action@v1
+      with:
+        attempt_limit: 3
+        action: docker/login-action@v3
+        with: |
+          registry: registry1.dso.mil
+          username: ${{ inputs.ib_user }}
+          password: ${{ inputs.ib_password }}

.github/workflows/pull-request-conditionals.yaml

@@ -15,9 +15,32 @@ defaults:
   run:
     shell: bash -e -o pipefail {0} # Ensures that scripts fail on error and pipefail is set.
 
+# Abort prior jobs in the same workflow / PR
+concurrency:
+  group: test-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
+  lint-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Use Node.js latest
+        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+        with:
+          node-version: 20
+      - name: Set up Homebrew
+        uses: Homebrew/actions/setup-homebrew@master
+      - name: Install UDS CLI
+        shell: bash
+        # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
+        run: brew install defenseunicorns/tap/uds@0.6.1
+      - name: Run Formatting Checks
+        run: uds run lint-check
+
   # This job checks if there are changes in specific paths source packages.
   check-paths:
+    needs: lint-check
     runs-on: ubuntu-latest
     name: Select Jobs
     outputs:
@@ -41,7 +64,22 @@ jobs:
     strategy:
       matrix:
         package: ${{ fromJSON(needs.check-paths.outputs.packages) }}
+        flavor: [upstream, registry1]
     uses: ./.github/workflows/test.yaml
     with:
       package: ${{ matrix.package }}
+      flavor: ${{ matrix.flavor }}
+    secrets: inherit # Inherits all secrets from the parent workflow.
+
+  # This job triggers a separate workflow for each flavor core package.
+  run-package-upgrade-test:
+    needs: check-paths
+    name: Schedule
+    strategy:
+      matrix:
+        package: [all]
+        flavor: [upstream, registry1]
+    uses: ./.github/workflows/test-upgrade.yaml
+    with:
+      flavor: ${{ matrix.flavor }}
     secrets: inherit # Inherits all secrets from the parent workflow.

.github/workflows/tag-and-release.yml

@@ -22,6 +22,9 @@ jobs:
         run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> $GITHUB_OUTPUT
 
   publish-uds-core:
+    strategy:
+      matrix:
+        flavor: [upstream, registry1]
     needs: tag-new-version
     if: ${{ needs.tag-new-version.outputs.release_created == 'true'}}
     runs-on: ubuntu-latest
@@ -36,16 +39,13 @@ jobs:
 
       - name: Environment setup
         uses: ./.github/actions/setup
-
-      - name: Login to GHCR
-        uses: docker/login-action@v3
         with:
-          registry: ghcr.io
-          username: dummy
-          password: ${{ secrets.GITHUB_TOKEN }}
+          gh_token: ${{ secrets.GITHUB_TOKEN }}
+          ib_user: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
+          ib_password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
 
       - name: Publish UDS Zarf Package
-        run: uds run -f tasks/publish.yaml packages
+        run: uds run -f tasks/publish.yaml packages --set FLAVOR=${{ matrix.flavor }}
 
       - name: Publish UDS Bundles
         run: uds run -f tasks/publish.yaml bundles

.github/workflows/test-upgrade.yaml

@@ -0,0 +1,50 @@
+name: Test Upgrade of UDS Core
+
+on:
+  # Manual trigger
+  workflow_dispatch:
+    inputs:
+      flavor:
+        type: string
+        description: "Flavor of the core package to test"
+        required: true
+  # Triggered by pull-request-conditionals.yaml
+  workflow_call:
+    inputs:
+      flavor:
+        type: string
+        description: "Flavor of the core package to test"
+        required: true
+
+permissions:
+  contents: read
+
+jobs:
+  test-upgrade:
+    runs-on: "uds-ubuntu-big-boy-8-core"
+    timeout-minutes: 30
+    name: Test Upgrade
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Environment setup
+        uses: ./.github/actions/setup
+        with:
+          gh_token: ${{ secrets.GITHUB_TOKEN }}
+          ib_user: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
+          ib_password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
+
+      - name: Test upgrade
+        run: uds run test-uds-core-upgrade --set FLAVOR=${{ inputs.flavor }}
+
+      - name: Debug Output
+        if: ${{ !cancelled() }}
+        run: |
+          kubectl get all -A
+          kubectl get package -A
+
+      - name: Save logs
+        if: always()
+        uses: ./.github/actions/save-logs

.github/workflows/test.yaml

@@ -8,18 +8,21 @@ on:
         type: string
         description: "The name of the source package to test"
         required: true
+      flavor:
+        type: string
+        description: "Flavor of the source package to test"
+        required: true
   # Triggered by pull-request-conditionals.yaml
   workflow_call:
     inputs:
       package:
         type: string
         description: "The name of the source package to test"
         required: true
-
-# Abort prior jobs in the same workflow / PR
-concurrency:
-  group: test-${{ github.ref }}-${{ inputs.package }}
-  cancel-in-progress: true
+      flavor:
+        type: string
+        description: "Flavor of the source package to test"
+        required: true
 
 permissions:
   contents: read
@@ -28,7 +31,7 @@ jobs:
   test:
     runs-on: "${{ inputs.package == 'all' && 'uds-ubuntu-big-boy-8-core' || 'ubuntu-latest'}}"
     timeout-minutes: 30
-    name: Test
+    name: Test Install
     env:
       UDS_PKG: ${{ inputs.package }}
 
@@ -38,43 +41,21 @@ jobs:
 
       - name: Environment setup
         uses: ./.github/actions/setup
+        with:
+          gh_token: ${{ secrets.GITHUB_TOKEN }}
+          ib_user: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
+          ib_password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
 
       - name: Test a single source package
         if: ${{ inputs.package != 'all' }}
-        run: uds run test-single-package
+        run: uds run test-single-package --set FLAVOR=${{ inputs.flavor }}
 
       - name: Test UDS Core
         if: ${{ inputs.package == 'all' }}
-        run: uds run test-uds-core
-
-      - name: Debug Output
-        if: ${{ !cancelled() }}
-        run: |
-          kubectl get all -A
-          kubectl get package -A
-
-      - name: Save logs
-        if: always()
-        uses: ./.github/actions/save-logs
-
-  test-upgrade:
-    if: ${{ inputs.package == 'all' }}
-    runs-on: "uds-ubuntu-big-boy-8-core"
-    timeout-minutes: 30
-    name: Test Upgrade
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-      - name: Environment setup
-        uses: ./.github/actions/setup
-
-      - name: Test upgrade
-        run: uds run test-uds-core-upgrade
+        run: uds run test-uds-core --set FLAVOR=${{ inputs.flavor }}
 
       - name: Debug Output
-        if: ${{ !cancelled() }}
+        if: ${{ inputs.package != 'all' && !cancelled() }}
         run: |
           kubectl get all -A
           kubectl get package -A

.vscode/settings.json

@@ -9,12 +9,12 @@
   },
   "yaml.schemas": {
     // renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
-    "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.5.3/uds.schema.json": [
+    "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.6.1/uds.schema.json": [
       "uds-bundle.yaml"
     ],
 
     // renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
-    "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.5.3/tasks.schema.json": [
+    "https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.6.1/tasks.schema.json": [
       "tasks.yaml",
       "tasks/**/*.yaml",
       "src/**/validate.yaml"

.yamllint

@@ -0,0 +1,39 @@
+yaml-files:
+  - '**/*.y*ml'
+  - '.yamllint'
+
+# Ignore files from upstream
+ignore:
+  - 'k3d/local/manifests/metallb/metallb-native.yaml'
+  - '**/.terraform/**'
+  - '**/chart/templates**'
+  - 'node_modules/**'
+
+rules:
+  anchors: enable
+  braces: enable
+  brackets: enable
+  colons: enable
+  commas: enable
+  comments:
+    level: warning
+  comments-indentation:
+    level: warning
+  document-end: disable
+  document-start:
+    level: warning
+  empty-lines: enable
+  empty-values: disable
+  float-values: disable
+  hyphens: enable
+  indentation: enable
+  key-duplicates: enable
+  key-ordering: disable
+  line-length: disable
+  new-line-at-end-of-file: enable
+  new-lines: enable
+  octal-values: disable
+  quoted-strings: disable
+  trailing-spaces: enable
+  truthy:
+    level: warning

README.md

@@ -28,7 +28,7 @@ The core applications are:
 | Dependency                                                     | Minimum Version |
 | -------------------------------------------------------------- | --------------- |
 | [Zarf](https://github.com/defenseunicorns/zarf/releases)       | 0.32.1          |
-| [UDS CLI](https://github.com/defenseunicorns/uds-cli/releases) | 0.5.3           |
+| [UDS CLI](https://github.com/defenseunicorns/uds-cli/releases) | 0.6.1           |
 | [NodeJS](https://nodejs.org/en/download/)                      | LTS or Current  |
 
 <!-- endtable -->
@@ -41,10 +41,10 @@ A common need is bootstrapping a new UDS Core environment for development or tes
 
 ```bash
 # ARM version
-uds deploy oci://ghcr.io/defenseunicorns/packages/uds/bundles/k3d-core:arm64
+uds deploy oci://ghcr.io/defenseunicorns/packages/uds/bundles/upstream/k3d-core:arm64
 
 # AMD version
-uds deploy oci://ghcr.io/defenseunicorns/packages/uds/bundles/k3d-core:amd64
+uds deploy oci://ghcr.io/defenseunicorns/packages/uds/bundles/upstream/k3d-core:amd64
 ```
 
 The bundle includes the uds.dev certs by default. You can use the UDS environment variables to override the default values. E.g.
@@ -58,7 +58,15 @@ UDS_TENANT_TLS_KEY=$(cat tenant.key)
 
 UDS_DOMAIN=example.com
 
-uds deploy oci://ghcr.io/defenseunicorns/package/uds/bundles/k3d-core:amd64
+uds deploy oci://ghcr.io/defenseunicorns/package/uds/bundles/upstream/k3d-core:amd64
+```
+
+Note: In order to deploy using Iron Bank images, update the registry path replaceing ```upstream``` with ```registry1``` For example:
+
+```bash
+# ARM version
+uds deploy oci://ghcr.io/defenseunicorns/packages/uds/bundles/registry1/k3d-core:arm64
+
 ```
 
 ### UDS Core Packages
@@ -114,3 +122,10 @@ UDS_PKG=neuvector uds run deploy-single-package
 ```bash
 uds run -f src/neuvector/tasks/validate.yaml run
 ```
+
+Note: The run tasks above default to targetting the upstream (oss) package flavor.
+In order to run any of the above commands against the registry1 flavor the command must be updated with ```--set FLAVOR=registry1``` For example:
+
+```bash
+uds run test-uds-core --set FLAVOR=registry1
+```