Skip to content
Snippets Groups Projects
Commit 896cbf7f authored by JH_CNG_SYNC_TOKEN's avatar JH_CNG_SYNC_TOKEN
Browse files

Merge remote-tracking branch 'origin/master' into main-jh

parents b1a7764c db396273
Branches
Tags
No related merge requests found
Pipeline #320737 passed with stages
in 1 hour, 21 minutes, and 9 seconds
# Component versions can be referenced with `@[COMMIT_SHA|tag|branch]`
# IMAGES NOT CURRENTLY IN UBI/FIPS
# - ${CI_REGISTRY_IMAGE}/gitlab-zoekt-webserver
# - ${CI_REGISTRY_IMAGE}/gitlab-zoekt-dynamic-indexserver
# - ${CI_REGISTRY_IMAGE}/gitlab-zoekt-indexer
# - ${CI_REGISTRY_IMAGE}/gitaly-init-cgroups
include:
## This is the configuration of the
- local: .gitlab/ci/fips-verify/com.gitlab-ci.yml
rules:
# meant to cover any non-Dev host.
- if: $CI_SERVER_FQDN != "dev.gitlab.org"
- local: .gitlab/ci/fips-verify/dev.gitlab-ci.yml
rules:
- if: $CI_SERVER_FQDN == "dev.gitlab.org"
.fips_verify_inputs: &fips-verify-inputs
job_stage: container-scanning
allow_failure: true
authenticate_registry: false
.fips_verify_component: &fips-verify-component
component: gitlab.com/gitlab-org/cloud-native/distroless/container-dependencies-finder/rpm-verify-fips@main
include:
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: certificates
container_image: ${CI_REGISTRY_IMAGE}/certificates:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: cfssl-self-sign
container_image: ${CI_REGISTRY_IMAGE}/cfssl-self-sign:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitaly
container_image: ${CI_REGISTRY_IMAGE}/gitaly:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-base
container_image: ${CI_REGISTRY_IMAGE}/gitlab-base:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-container-registry
container_image: ${CI_REGISTRY_IMAGE}/gitlab-container-registry:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-exporter
container_image: ${CI_REGISTRY_IMAGE}/gitlab-exporter:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-geo-logcursor
container_image: ${CI_REGISTRY_IMAGE}/gitlab-geo-logcursor:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-kas
container_image: ${CI_REGISTRY_IMAGE}/gitlab-kas:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-mailroom
container_image: ${CI_REGISTRY_IMAGE}/gitlab-mailroom:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-pages
container_image: ${CI_REGISTRY_IMAGE}/gitlab-pages:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-rails-ee
container_image: ${CI_REGISTRY_IMAGE}/gitlab-rails-ee:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-ruby
container_image: ${CI_REGISTRY_IMAGE}/gitlab-ruby:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-shell
container_image: ${CI_REGISTRY_IMAGE}/gitlab-shell:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-sidekiq-ee
container_image: ${CI_REGISTRY_IMAGE}/gitlab-sidekiq-ee:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-toolbox-ee
container_image: ${CI_REGISTRY_IMAGE}/gitlab-toolbox-ee:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-webservice-ee
container_image: ${CI_REGISTRY_IMAGE}/gitlab-webservice-ee:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-workhorse-ee
container_image: ${CI_REGISTRY_IMAGE}/gitlab-workhorse-ee:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: kubectl
container_image: ${CI_REGISTRY_IMAGE}/kubectl:${CI_COMMIT_REF_SLUG}-fips
.fips_verify_inputs: &fips-verify-inputs
job_stage: container-scanning
allow_failure: true
authenticate_registry: true
.fips_verify_component: &fips-verify-component
component: dev.gitlab.org/gitlab/cloud-native/container-dependencies-finder/rpm-verify-fips-dev@main
include:
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: certificates
container_image: ${CI_REGISTRY_IMAGE}/certificates:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: cfssl-self-sign
container_image: ${CI_REGISTRY_IMAGE}/cfssl-self-sign:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitaly
container_image: ${CI_REGISTRY_IMAGE}/gitaly:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-base
container_image: ${CI_REGISTRY_IMAGE}/gitlab-base:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-container-registry
container_image: ${CI_REGISTRY_IMAGE}/gitlab-container-registry:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-exporter
container_image: ${CI_REGISTRY_IMAGE}/gitlab-exporter:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-geo-logcursor
container_image: ${CI_REGISTRY_IMAGE}/gitlab-geo-logcursor:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-kas
container_image: ${CI_REGISTRY_IMAGE}/gitlab-kas:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-mailroom
container_image: ${CI_REGISTRY_IMAGE}/gitlab-mailroom:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-pages
container_image: ${CI_REGISTRY_IMAGE}/gitlab-pages:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-rails-ee
container_image: ${CI_REGISTRY_IMAGE}/gitlab-rails-ee:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-ruby
container_image: ${CI_REGISTRY_IMAGE}/gitlab-ruby:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-shell
container_image: ${CI_REGISTRY_IMAGE}/gitlab-shell:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-sidekiq-ee
container_image: ${CI_REGISTRY_IMAGE}/gitlab-sidekiq-ee:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-toolbox-ee
container_image: ${CI_REGISTRY_IMAGE}/gitlab-toolbox-ee:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-webservice-ee
container_image: ${CI_REGISTRY_IMAGE}/gitlab-webservice-ee:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: gitlab-workhorse-ee
container_image: ${CI_REGISTRY_IMAGE}/gitlab-workhorse-ee:${CI_COMMIT_REF_SLUG}-fips
- <<: *fips-verify-component
inputs:
<<: *fips-verify-inputs
job_prefix: kubectl
container_image: ${CI_REGISTRY_IMAGE}/kubectl:${CI_COMMIT_REF_SLUG}-fips
include:
# use ubi as base
- local: .gitlab/ci/ubi.gitlab-ci.yml
# include CDF rpm-verify
- local: .gitlab/ci/fips-verify.gitlab-ci.yml
# Build images
.build-job-base: &build-job-base
......
......@@ -40,13 +40,13 @@ variables:
OPENSSL_GEM_VERSION: "~>3.2.0"
RUST_VERSION: 1.73.0
PYTHON_VERSION: "3.9.20"
KUBECTL_VERSION: "1.31.0"
KUBECTL_VERSION: "1.31.1"
YQ_VERSION: "4.44.3"
PG_VERSION: "16.4"
CA_PKG_VERSION: "20220614-r0"
CFSSL_VERSION: "1.6.1"
CFSSL_CHECKSUM_SHA256: "89e600cd5203a025f8b47c6cd5abb9a74b06e3c7f7f7dd3f5b2a00975b15a491"
AWSCLI_VERSION: "1.34.30"
AWSCLI_VERSION: "1.35.15"
S3CMD_VERSION: "2.4.0"
GM_VERSION: "1.3.36"
GM_CHECKSUM_SHA256: "5d5b3fde759cdfc307aaf21df9ebd8c752e3f088bb051dd5df8aac7ba7338f46"
......
......@@ -13,7 +13,7 @@ FROM --platform=$TARGETPLATFORM ${GITALY_IMAGE} AS gitaly
FROM --platform=$TARGETPLATFORM ${FROM_IMAGE}:${TAG}
ARG TARGETARCH
ARG AWSCLI_VERSION="1.34.30"
ARG AWSCLI_VERSION="1.35.15"
ARG S3CMD_VERSION="2.4.0"
ARG GSUTIL_VERSION="5.31"
ARG AZCOPY_STATIC_URL="https://azcopyvnext.azureedge.net/releases/release-10.26.0-20240731/azcopy_linux_${TARGETARCH}_10.26.0.tar.gz"
......
......@@ -3,7 +3,7 @@ ARG BUILD_IMAGE=
FROM ${BUILD_IMAGE}
ARG TARGETARCH
ARG AWSCLI_VERSION=1.34.30
ARG AWSCLI_VERSION=1.35.15
ARG S3CMD_VERSION=2.4.0
ARG GSUTIL_VERSION=5.31
ARG AZCOPY_STATIC_URL="https://azcopyvnext.azureedge.net/releases/release-10.26.0-20240731/azcopy_linux_${TARGETARCH}_10.26.0.tar.gz"
......
## FINAL IMAGE ##
ARG DEBIAN_IMAGE=debian:bookworm-slim
ARG KUBECTL_VERSION="1.31.0"
ARG KUBECTL_VERSION="1.31.1"
ARG YQ_VERSION="4.44.3"
FROM --platform=${TARGETPLATFORM} ${DEBIAN_IMAGE}
......
......@@ -2,7 +2,7 @@ ARG UBI_IMAGE=registry.access.redhat.com/ubi9/ubi-minimal:9.4
FROM ${UBI_IMAGE}
ARG KUBECTL_VERSION=1.31.0
ARG KUBECTL_VERSION=1.31.1
ARG YQ_VERSION=4.44.3
ADD https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl /assets/usr/local/bin/kubectl
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment