From 3ee323971589f1409eb27e82faf173627624a798 Mon Sep 17 00:00:00 2001 From: Zachariah Miller Date: Mon, 28 Oct 2024 14:51:53 -0400 Subject: [PATCH 1/5] add 1736 unicorn flavor --- .github/workflows/release.yaml | 2 +- .github/workflows/test.yaml | 2 +- values/unicorn-values.yaml | 73 ++++++++++++++++++++++++++++++++++ zarf.yaml | 60 ++++++++++++++++++++++++++++ 4 files changed, 135 insertions(+), 2 deletions(-) create mode 100644 values/unicorn-values.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 6bfed1c9..3425984b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -36,7 +36,7 @@ jobs: if: ${{ needs.tag-new-version.outputs.release_created == 'true' }} strategy: matrix: - flavor: [upstream, registry1] + flavor: [upstream, registry1, unicorn] architecture: [amd64, arm64] exclude: - flavor: registry1 diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 790e41f6..dc203e3e 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -55,7 +55,7 @@ jobs: fail-fast: true matrix: type: [install, upgrade] - flavor: [upstream, registry1] + flavor: [upstream, registry1, unicorn] uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2 with: upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }} diff --git a/values/unicorn-values.yaml b/values/unicorn-values.yaml new file mode 100644 index 00000000..696fe2aa --- /dev/null +++ b/values/unicorn-values.yaml @@ -0,0 +1,73 @@ +gitlab: + webservice: + image: + repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ee #registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ee + tag: v17.3.6 + workhorse: + image: registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee #registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee + # renovate: datasource=docker depName=cgr.dev/du-uds-defenseunicorns/gitlab-workhorse-ee-fips versioning=semver + tag: v17.3.6 + sidekiq: + image: + repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ee + tag: v17.3.6 + migrations: + # image: + # repository: cgr.dev/du-uds-defenseunicorns/gitlab-toolbox-ee-fips # registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ee + # tag: 17.3.6 + image: + repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ee # registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ee + tag: v17.3.6 + gitaly: + image: + repository: registry.gitlab.com/gitlab-org/build/cng/gitaly + tag: v17.3.6 + gitlab-exporter: + image: + repository: cgr.dev/du-uds-defenseunicorns/gitlab-exporter-fips + tag: 17.3.6 + gitlab-pages: + image: + repository: cgr.dev/du-uds-defenseunicorns/gitlab-pages-fips + tag: 17.3.6 + gitlab-shell: + image: + repository: cgr.dev/du-uds-defenseunicorns/gitlab-shell-fips + tag: 17.3.6 + praefect: + image: + repository: registry.gitlab.com/gitlab-org/build/cng/gitaly #cgr.dev/du-uds-defenseunicorns/gitaly-fips + tag: v17.3.6 + toolbox: + image: + repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ee + tag: v17.3.6 +global: + certificates: + image: + repository: cgr.dev/du-uds-defenseunicorns/gitlab-certificates-fips + tag: 17.3.6 + gitlabBase: + image: + repository: cgr.dev/du-uds-defenseunicorns/gitlab-base-fips + tag: 17.3.6 + kubectl: + image: + repository: cgr.dev/du-uds-defenseunicorns/gitlab-kubectl-fips + tag: 1.31.1 + +registry: + image: + repository: cgr.dev/du-uds-defenseunicorns/gitlab-container-registry-fips + tag: 17.3.6 + +shared-secrets: + selfsign: + image: + repository: cgr.dev/du-uds-defenseunicorns/cfssl-self-sign-fips + tag: 17.3.6 + +upgradeCheck: + image: + repository: cgr.dev/du-uds-defenseunicorns/gitlab-base-fips + tag: 17.3.6 diff --git a/zarf.yaml b/zarf.yaml index 93b4ced8..57b1ef76 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -96,3 +96,63 @@ components: - "registry.gitlab.com/gitlab-org/build/cng/kubectl:v17.3.6" - "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.3.6" - "registry.gitlab.com/gitlab-org/build/cng/gitlab-exporter:v17.3.6" + + # Note: upstream flavor is experimental + - name: gitlab + required: true + description: "Deploy gitlab" + import: + path: common + only: + flavor: upstream + charts: + - name: gitlab + valuesFiles: + - values/upstream-values.yaml + - name: uds-gitlab-settings + valuesFiles: + - values/upstream-values.yaml + images: + - "registry.gitlab.com/gitlab-org/build/cng/certificates:v17.3.6" + - "registry.gitlab.com/gitlab-org/build/cng/cfssl-self-sign:v17.3.6" + - "registry.gitlab.com/gitlab-org/build/cng/gitaly:v17.3.6" + - "registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v17.3.6" + - "registry.gitlab.com/gitlab-org/build/cng/gitlab-pages:v17.3.6" + - "registry.gitlab.com/gitlab-org/build/cng/gitlab-shell:v17.3.6" + - "registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ee:v17.3.6" + - "registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ee:v17.3.6" + - "registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ee:v17.3.6" + - "registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee:v17.3.6" + - "registry.gitlab.com/gitlab-org/build/cng/kubectl:v17.3.6" + - "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.3.6" + - "registry.gitlab.com/gitlab-org/build/cng/gitlab-exporter:v17.3.6" + + # Note: unicorn flavor is experimental + - name: gitlab + required: true + description: "Deploy gitlab with chainguard images" + import: + path: common + only: + flavor: unicorn + charts: + - name: gitlab + valuesFiles: + - values/unicorn-values.yaml + - name: uds-gitlab-settings + valuesFiles: + - values/unicorn-values.yaml + images: + - "cgr.dev/du-uds-defenseunicorns/gitlab-certificates-fips:17.3.6" + - "cgr.dev/du-uds-defenseunicorns/cfssl-self-sign-fips:17.3.6" + - "registry.gitlab.com/gitlab-org/build/cng/gitaly:v17.3.6" + - "cgr.dev/du-uds-defenseunicorns/gitlab-container-registry-fips:17.3.6" + - "cgr.dev/du-uds-defenseunicorns/gitlab-pages-fips:17.3.6" + - "cgr.dev/du-uds-defenseunicorns/gitlab-shell-fips:17.3.6" + - "registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ee:v17.3.6" + - "registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ee:v17.3.6" + - "registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ee:v17.3.6" + - "registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee:v17.3.6" + - "cgr.dev/du-uds-defenseunicorns/gitlab-kubectl-fips:1.31.1" + - "cgr.dev/du-uds-defenseunicorns/gitlab-base-fips:17.3.6" + - "cgr.dev/du-uds-defenseunicorns/gitlab-exporter-fips:17.3.6" From 86c0a10d389b3a0d5caacce7dc5ed87be8666eed Mon Sep 17 00:00:00 2001 From: Zachariah Miller Date: Mon, 28 Oct 2024 14:54:11 -0400 Subject: [PATCH 2/5] cleanup comments in values file --- values/unicorn-values.yaml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/values/unicorn-values.yaml b/values/unicorn-values.yaml index 696fe2aa..4bc81b59 100644 --- a/values/unicorn-values.yaml +++ b/values/unicorn-values.yaml @@ -1,10 +1,10 @@ gitlab: webservice: image: - repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ee #registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ee + repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ee tag: v17.3.6 workhorse: - image: registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee #registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee + image: registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee # renovate: datasource=docker depName=cgr.dev/du-uds-defenseunicorns/gitlab-workhorse-ee-fips versioning=semver tag: v17.3.6 sidekiq: @@ -12,11 +12,8 @@ gitlab: repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ee tag: v17.3.6 migrations: - # image: - # repository: cgr.dev/du-uds-defenseunicorns/gitlab-toolbox-ee-fips # registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ee - # tag: 17.3.6 image: - repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ee # registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ee + repository: registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ee tag: v17.3.6 gitaly: image: @@ -36,7 +33,7 @@ gitlab: tag: 17.3.6 praefect: image: - repository: registry.gitlab.com/gitlab-org/build/cng/gitaly #cgr.dev/du-uds-defenseunicorns/gitaly-fips + repository: registry.gitlab.com/gitlab-org/build/cng/gitaly tag: v17.3.6 toolbox: image: From c833b43a165fa8a6b5000ef0b7f66351248c7d02 Mon Sep 17 00:00:00 2001 From: Zachariah Miller Date: Mon, 28 Oct 2024 14:55:39 -0400 Subject: [PATCH 3/5] add missing license header --- values/unicorn-values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/values/unicorn-values.yaml b/values/unicorn-values.yaml index 4bc81b59..a842c1bb 100644 --- a/values/unicorn-values.yaml +++ b/values/unicorn-values.yaml @@ -1,3 +1,6 @@ +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + gitlab: webservice: image: From 1c9710278d0b33fe1a2f5b688eac558864ccc259 Mon Sep 17 00:00:00 2001 From: Zachariah Miller Date: Mon, 28 Oct 2024 15:01:14 -0400 Subject: [PATCH 4/5] remove duplicate component --- zarf.yaml | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/zarf.yaml b/zarf.yaml index 57b1ef76..b3901992 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -97,36 +97,6 @@ components: - "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.3.6" - "registry.gitlab.com/gitlab-org/build/cng/gitlab-exporter:v17.3.6" - # Note: upstream flavor is experimental - - name: gitlab - required: true - description: "Deploy gitlab" - import: - path: common - only: - flavor: upstream - charts: - - name: gitlab - valuesFiles: - - values/upstream-values.yaml - - name: uds-gitlab-settings - valuesFiles: - - values/upstream-values.yaml - images: - - "registry.gitlab.com/gitlab-org/build/cng/certificates:v17.3.6" - - "registry.gitlab.com/gitlab-org/build/cng/cfssl-self-sign:v17.3.6" - - "registry.gitlab.com/gitlab-org/build/cng/gitaly:v17.3.6" - - "registry.gitlab.com/gitlab-org/build/cng/gitlab-container-registry:v17.3.6" - - "registry.gitlab.com/gitlab-org/build/cng/gitlab-pages:v17.3.6" - - "registry.gitlab.com/gitlab-org/build/cng/gitlab-shell:v17.3.6" - - "registry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ee:v17.3.6" - - "registry.gitlab.com/gitlab-org/build/cng/gitlab-toolbox-ee:v17.3.6" - - "registry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ee:v17.3.6" - - "registry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee:v17.3.6" - - "registry.gitlab.com/gitlab-org/build/cng/kubectl:v17.3.6" - - "registry.gitlab.com/gitlab-org/build/cng/gitlab-base:v17.3.6" - - "registry.gitlab.com/gitlab-org/build/cng/gitlab-exporter:v17.3.6" - # Note: unicorn flavor is experimental - name: gitlab required: true From 9307b4ac019039f2a202b5f9ba852091d6a8439b Mon Sep 17 00:00:00 2001 From: zamaz <71521611+zachariahmiller@users.noreply.github.com> Date: Mon, 28 Oct 2024 15:25:07 -0400 Subject: [PATCH 5/5] update docshim matrix --- .github/workflows/ci-docs-shim.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml index 25d3f503..24c24028 100644 --- a/.github/workflows/ci-docs-shim.yaml +++ b/.github/workflows/ci-docs-shim.yaml @@ -17,7 +17,7 @@ jobs: strategy: matrix: type: [install, upgrade] - flavor: [upstream, registry1] + flavor: [upstream, registry1, unicorn] uses: defenseunicorns/uds-common/.github/workflows/callable-ci-docs-shim.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2 with: flavor: ${{ matrix.flavor }}