From e175c324023afc7c239ca27ed1067d32c617a255 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Tue, 29 Oct 2024 12:36:34 -0600 Subject: [PATCH] feat: add unicorn flavor (#34) * feat: add unicorn flavor * add unicorn to workflows * revert create config * swap back curl * bump back curl * rollback tuf server --- .github/workflows/ci-docs-shim.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/test.yaml | 2 +- src/ctlog/chart/templates/uds-package.yaml | 6 ++--- src/ctlog/values/unicorn-values.yaml | 27 ++++++++++++++++++++++ src/ctlog/zarf.yaml | 16 +++++++++++++ src/fulcio/values/unicorn-values.yaml | 8 +++++++ src/fulcio/values/upstream-values.yaml | 6 ----- src/fulcio/zarf.yaml | 13 +++++++++++ src/rekor/values/unicorn-values.yaml | 27 ++++++++++++++++++++++ src/rekor/values/upstream-values.yaml | 2 +- src/rekor/zarf.yaml | 18 ++++++++++++++- src/trillian/values/unicorn-values.yaml | 26 +++++++++++++++++++++ src/trillian/zarf.yaml | 16 +++++++++++++ src/tsa/values/unicorn-values.yaml | 8 +++++++ src/tsa/zarf.yaml | 13 +++++++++++ src/tuf/values/unicorn-values.yaml | 8 +++++++ src/tuf/zarf.yaml | 13 +++++++++++ 18 files changed, 199 insertions(+), 14 deletions(-) create mode 100644 src/ctlog/values/unicorn-values.yaml create mode 100644 src/fulcio/values/unicorn-values.yaml create mode 100644 src/rekor/values/unicorn-values.yaml create mode 100644 src/trillian/values/unicorn-values.yaml create mode 100644 src/tsa/values/unicorn-values.yaml create mode 100644 src/tuf/values/unicorn-values.yaml diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml index 25b089b..8e11eb2 100644 --- a/.github/workflows/ci-docs-shim.yaml +++ b/.github/workflows/ci-docs-shim.yaml @@ -17,7 +17,7 @@ jobs: strategy: matrix: type: [install, upgrade] - flavor: [upstream] + flavor: [upstream, unicorn] uses: defenseunicorns/uds-common/.github/workflows/callable-ci-docs-shim.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2 with: flavor: ${{ matrix.flavor }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f378b36..34c3206 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -36,7 +36,7 @@ jobs: if: ${{ needs.tag-new-version.outputs.release_created == 'true' }} strategy: matrix: - flavor: [upstream] + flavor: [upstream, unicorn] architecture: [amd64, arm64] exclude: - flavor: registry1 diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index c63c138..1b32d18 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -55,7 +55,7 @@ jobs: fail-fast: true matrix: type: [install, upgrade] - flavor: [upstream] + flavor: [upstream, unicorn] uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@c52077c870a576d01f169f96d74d1b393c6488ba # v1.1.2 with: upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }} diff --git a/src/ctlog/chart/templates/uds-package.yaml b/src/ctlog/chart/templates/uds-package.yaml index 79d4800..b1703a2 100644 --- a/src/ctlog/chart/templates/uds-package.yaml +++ b/src/ctlog/chart/templates/uds-package.yaml @@ -23,18 +23,18 @@ spec: remoteNamespace: trillian-system remoteSelector: app.kubernetes.io/component: log-server - + # allow ctlog to talk to the fulcio log server - direction: Egress remoteNamespace: fulcio-system remoteSelector: app.kubernetes.io/name: fulcio port: 5555 - + # allow fulcio to talk to ctlog - direction: Ingress remoteNamespace: fulcio-system - remoteselector: + remoteSelector: app.kubernetes.io/name: fulcio # Custom rules to allow clients to connect diff --git a/src/ctlog/values/unicorn-values.yaml b/src/ctlog/values/unicorn-values.yaml new file mode 100644 index 0000000..d39e211 --- /dev/null +++ b/src/ctlog/values/unicorn-values.yaml @@ -0,0 +1,27 @@ +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + +server: + image: + registry: cgr.dev + repository: du-uds-defenseunicorns/ctlog-trillian-ctserver-fips + version: "1.2.1" + +createtree: + image: + registry: cgr.dev + repository: du-uds-defenseunicorns/sigstore-scaffolding-trillian-createtree-fips + version: "0.7.13" + +createctconfig: + initContainerImage: + curl: + registry: docker.io + repository: curlimages/curl + # renovate: datasource=docker depName=curlimages/curl versioning=semver + version: "8.10.1" + + image: + registry: cgr.dev + repository: du-uds-defenseunicorns/sigstore-scaffolding-ctlog-createctconfig-fips + version: "0.7.11" diff --git a/src/ctlog/zarf.yaml b/src/ctlog/zarf.yaml index 4aeba0a..a9e8a1f 100644 --- a/src/ctlog/zarf.yaml +++ b/src/ctlog/zarf.yaml @@ -33,3 +33,19 @@ components: - ghcr.io/sigstore/scaffolding/createctconfig:v0.7.13 - ghcr.io/sigstore/scaffolding/createtree:v0.7.13 - ghcr.io/sigstore/scaffolding/ct_server:v0.7.13 + + - name: ctlog + required: true + only: + flavor: unicorn + import: + path: common + charts: + - name: ctlog + valuesFiles: + - ./values/unicorn-values.yaml + images: + - docker.io/curlimages/curl:8.10.1 + - cgr.dev/du-uds-defenseunicorns/sigstore-scaffolding-ctlog-createctconfig-fips:0.7.11 + - cgr.dev/du-uds-defenseunicorns/sigstore-scaffolding-trillian-createtree-fips:0.7.13 + - cgr.dev/du-uds-defenseunicorns/ctlog-trillian-ctserver-fips:1.2.1 diff --git a/src/fulcio/values/unicorn-values.yaml b/src/fulcio/values/unicorn-values.yaml new file mode 100644 index 0000000..128220e --- /dev/null +++ b/src/fulcio/values/unicorn-values.yaml @@ -0,0 +1,8 @@ +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + +server: + image: + registry: cgr.dev + repository: du-uds-defenseunicorns/fulcio-fips + version: "1.6.5" diff --git a/src/fulcio/values/upstream-values.yaml b/src/fulcio/values/upstream-values.yaml index e23f8b1..4190f21 100644 --- a/src/fulcio/values/upstream-values.yaml +++ b/src/fulcio/values/upstream-values.yaml @@ -6,9 +6,3 @@ server: registry: gcr.io repository: projectsigstore/fulcio version: v1.6.5 - -createcerts: - image: - registry: ghcr.io - repository: sigstore/scaffolding/createcerts - version: v0.7.13 diff --git a/src/fulcio/zarf.yaml b/src/fulcio/zarf.yaml index 1e1e8a8..862afb7 100644 --- a/src/fulcio/zarf.yaml +++ b/src/fulcio/zarf.yaml @@ -26,3 +26,16 @@ components: - ./values/upstream-values.yaml images: - gcr.io/projectsigstore/fulcio:v1.6.5 + + - name: fulcio + required: true + only: + flavor: unicorn + import: + path: common + charts: + - name: fulcio + valuesFiles: + - ./values/unicorn-values.yaml + images: + - cgr.dev/du-uds-defenseunicorns/fulcio-fips:1.6.5 diff --git a/src/rekor/values/unicorn-values.yaml b/src/rekor/values/unicorn-values.yaml new file mode 100644 index 0000000..e7a4ebb --- /dev/null +++ b/src/rekor/values/unicorn-values.yaml @@ -0,0 +1,27 @@ +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + +initContainerImage: + curl: + registry: docker.io + repository: curlimages/curl + # renovate: datasource=docker depName=curlimages/curl versioning=semver + version: "8.10.1" + +redis: + image: + registry: cgr.dev + repository: du-uds-defenseunicorns/valkey-fips + version: "8.0.1" + +server: + image: + registry: cgr.dev + repository: du-uds-defenseunicorns/rekor-server-fips + version: "1.3.6" + +createtree: + image: + registry: ghcr.io + repository: sigstore/scaffolding/createtree + version: v0.7.13 diff --git a/src/rekor/values/upstream-values.yaml b/src/rekor/values/upstream-values.yaml index 9c95079..bed93dd 100644 --- a/src/rekor/values/upstream-values.yaml +++ b/src/rekor/values/upstream-values.yaml @@ -12,7 +12,7 @@ redis: image: registry: docker.io repository: valkey/valkey - version: 7.2.5-alpine3.19 + version: 8.0.1-alpine server: image: diff --git a/src/rekor/zarf.yaml b/src/rekor/zarf.yaml index 560824e..6585a7d 100644 --- a/src/rekor/zarf.yaml +++ b/src/rekor/zarf.yaml @@ -20,6 +20,22 @@ components: - ./values/upstream-values.yaml images: - docker.io/curlimages/curl:8.10.1 - - docker.io/valkey/valkey:7.2.5-alpine3.19 + - docker.io/valkey/valkey:8.0.1-alpine - gcr.io/projectsigstore/rekor-server:v1.3.6 - ghcr.io/sigstore/scaffolding/createtree:v0.7.13 + + - name: rekor + required: true + only: + flavor: unicorn + import: + path: common + charts: + - name: rekor + valuesFiles: + - ./values/unicorn-values.yaml + images: + - docker.io/curlimages/curl:8.10.1 + - cgr.dev/du-uds-defenseunicorns/valkey-fips:8.0.1 + - cgr.dev/du-uds-defenseunicorns/rekor-server-fips:1.3.6 + - ghcr.io/sigstore/scaffolding/createtree:v0.7.13 diff --git a/src/trillian/values/unicorn-values.yaml b/src/trillian/values/unicorn-values.yaml new file mode 100644 index 0000000..411fb6d --- /dev/null +++ b/src/trillian/values/unicorn-values.yaml @@ -0,0 +1,26 @@ +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + +initContainerImage: + netcat: + registry: cgr.dev + repository: chainguard/netcat + version: latest + +mysql: + image: + registry: gcr.io + repository: trillian-opensource-ci/db_server + version: v1.5.3 + +logServer: + image: + registry: cgr.dev + repository: du-uds-defenseunicorns/trillian-logserver-fips + version: "1.6.1" + +logSigner: + image: + registry: cgr.dev + repository: du-uds-defenseunicorns/trillian-logsigner-fips + version: "1.6.1" diff --git a/src/trillian/zarf.yaml b/src/trillian/zarf.yaml index 07d656e..161c371 100644 --- a/src/trillian/zarf.yaml +++ b/src/trillian/zarf.yaml @@ -23,3 +23,19 @@ components: - gcr.io/trillian-opensource-ci/db_server:v1.5.3 - ghcr.io/sigstore/scaffolding/trillian_log_server:v1.6.1 - ghcr.io/sigstore/scaffolding/trillian_log_signer:v1.6.1 + + - name: trillian + required: true + only: + flavor: unicorn + import: + path: common + charts: + - name: trillian + valuesFiles: + - ./values/unicorn-values.yaml + images: + - cgr.dev/chainguard/netcat:latest + - gcr.io/trillian-opensource-ci/db_server:v1.5.3 + - cgr.dev/du-uds-defenseunicorns/trillian-logserver-fips:1.6.1 + - cgr.dev/du-uds-defenseunicorns/trillian-logsigner-fips:1.6.1 diff --git a/src/tsa/values/unicorn-values.yaml b/src/tsa/values/unicorn-values.yaml new file mode 100644 index 0000000..2949c43 --- /dev/null +++ b/src/tsa/values/unicorn-values.yaml @@ -0,0 +1,8 @@ +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + +server: + image: + registry: cgr.dev + repository: du-uds-defenseunicorns/timestamp-authority-server + version: "1.2.3" diff --git a/src/tsa/zarf.yaml b/src/tsa/zarf.yaml index 199968a..4e9c162 100644 --- a/src/tsa/zarf.yaml +++ b/src/tsa/zarf.yaml @@ -26,3 +26,16 @@ components: - ./values/upstream-values.yaml images: - ghcr.io/sigstore/timestamp-server:v1.2.3 + + - name: tsa + required: true + only: + flavor: unicorn + import: + path: common + charts: + - name: tsa + valuesFiles: + - ./values/unicorn-values.yaml + images: + - cgr.dev/du-uds-defenseunicorns/timestamp-authority-server:1.2.3 diff --git a/src/tuf/values/unicorn-values.yaml b/src/tuf/values/unicorn-values.yaml new file mode 100644 index 0000000..538bfce --- /dev/null +++ b/src/tuf/values/unicorn-values.yaml @@ -0,0 +1,8 @@ +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + +deployment: + registry: ghcr.io + repository: sigstore/scaffolding/server + # renovate: datasource=docker depName=ghcr.io/sigstore/scaffolding/server versioning=semver + version: v0.7.13 diff --git a/src/tuf/zarf.yaml b/src/tuf/zarf.yaml index f8b89c9..cdf3b7c 100644 --- a/src/tuf/zarf.yaml +++ b/src/tuf/zarf.yaml @@ -39,3 +39,16 @@ components: - ./values/upstream-values.yaml images: - ghcr.io/sigstore/scaffolding/server:v0.7.13 + + - name: tuf + required: true + only: + flavor: unicorn + import: + path: common + charts: + - name: tuf + valuesFiles: + - ./values/unicorn-values.yaml + images: + - ghcr.io/sigstore/scaffolding/server:v0.7.13