From 8319b4e62c04e80d5b747bcffeef61a71f02387a Mon Sep 17 00:00:00 2001 From: Olcne-Builder Jenkins Date: Fri, 29 Aug 2025 04:57:32 +0000 Subject: [PATCH 1/2] Updated to 1.30.10 from https://github.com/kiwigrid/k8s-sidecar.git Generated from template at 265aa3a3fff59578ba3cc61b7d638769ff17a426 --- SECURITY.md | 38 ++++++++++++++++++++++++++++++++++++++ olm/build-image.sh | 15 +++++++++++++++ olm/builds/Dockerfile | 18 ++++++++++++++++++ olm/jenkins/ci/Jenkinsfile | 14 ++++++++++++++ 4 files changed, 85 insertions(+) create mode 100644 SECURITY.md create mode 100644 olm/build-image.sh create mode 100644 olm/builds/Dockerfile create mode 100644 olm/jenkins/ci/Jenkinsfile diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..2ca8102 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,38 @@ +# Reporting security vulnerabilities + +Oracle values the independent security research community and believes that +responsible disclosure of security vulnerabilities helps us ensure the security +and privacy of all our users. + +Please do NOT raise a GitHub Issue to report a security vulnerability. If you +believe you have found a security vulnerability, please submit a report to +[secalert_us@oracle.com][1] preferably with a proof of concept. Please review +some additional information on [how to report security vulnerabilities to Oracle][2]. +We encourage people who contact Oracle Security to use email encryption using +[our encryption key][3]. + +We ask that you do not use other channels or contact the project maintainers +directly. + +Non-vulnerability related security issues including ideas for new or improved +security features are welcome on GitHub Issues. + +## Security updates, alerts and bulletins + +Security updates will be released on a regular cadence. Many of our projects +will typically release security fixes in conjunction with the +Oracle Critical Patch Update program. Additional +information, including past advisories, is available on our [security alerts][4] +page. + +## Security-related information + +We will provide security related information such as a threat model, considerations +for secure use, or any known security issues in our documentation. Please note +that labs and sample code are intended to demonstrate a concept and may not be +sufficiently hardened for production use. + +[1]: mailto:secalert_us@oracle.com +[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html +[3]: https://www.oracle.com/security-alerts/encryptionkey.html +[4]: https://www.oracle.com/security-alerts/ diff --git a/olm/build-image.sh b/olm/build-image.sh new file mode 100644 index 0000000..4375899 --- /dev/null +++ b/olm/build-image.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +set -x + +CONTAINER_CLI="${CONTAINER_CLI:-podman}" + +name="k8s-sidecar" +version="1.30.10" +registry="container-registry.oracle.com/olcne" +docker_tag=${registry}/${name}:v${version} + +"${CONTAINER_CLI}" build --pull \ + --build-arg https_proxy=${https_proxy} \ + --volume /etc/yum.repos.d:/etc/yum.repos.d \ + --tag ${docker_tag} -f ./olm/builds/Dockerfile . diff --git a/olm/builds/Dockerfile b/olm/builds/Dockerfile new file mode 100644 index 0000000..c324cc3 --- /dev/null +++ b/olm/builds/Dockerfile @@ -0,0 +1,18 @@ +FROM container-registry.oracle.com/os/oraclelinux:9-slim + +COPY LICENSE SECURITY.md THIRD_PARTY_LICENSES.txt /usr/share/licenses/ + +COPY . /usr/src/k8s-sidecar + +RUN microdnf install -y python3-pip && \ + microdnf clean all && \ + python3 -m pip install -r /usr/src/k8s-sidecar/src/requirements.txt + +ENV PYTHONUNBUFFERED=1 +WORKDIR /usr/src/k8s-sidecar/src + +# Use the nobody user's numeric UID/GID to satisfy MustRunAsNonRoot PodSecurityPolicies +# https://kubernetes.io/docs/concepts/policy/pod-security-policy/#users-and-groups +USER 65534:65534 + +CMD [ "python3", "-u", "./sidecar.py" ] diff --git a/olm/jenkins/ci/Jenkinsfile b/olm/jenkins/ci/Jenkinsfile new file mode 100644 index 0000000..1815a76 --- /dev/null +++ b/olm/jenkins/ci/Jenkinsfile @@ -0,0 +1,14 @@ +@Library('olcne-pipeline') _ +import com.oracle.olcne.pipeline.BranchPattern + +imagePipeline( + branchPattern: new BranchPattern(master: 'oracle/release/1.30.10', feature: '(?!^release/.*$)(^.*$)'), + containers: ['container-registry.oracle.com/olcne/k8s-sidecar:v1.30.10': 'olcne/k8s-sidecar:v1.30.10'], + platforms: ['ol9'], + architectures: ['x86_64', 'aarch64'], + yumOL9Repos: ['ol9_appstream', 'ol9_baseos_latest'], + customPlatformSteps: [ + ol9: [container: [enabled: true], buildContainerRpms: [enabled: true]], + ], + buildScript: "sh olm/build-image.sh" +) \ No newline at end of file From fcf9d2628654d13f747de8cd05ae9e0e6a92402b Mon Sep 17 00:00:00 2001 From: oracle-cne-bot Date: Fri, 29 Aug 2025 05:02:21 +0000 Subject: [PATCH 2/2] Added file THIRD_PARTY_LICENSES.txt --- THIRD_PARTY_LICENSES.txt | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 THIRD_PARTY_LICENSES.txt diff --git a/THIRD_PARTY_LICENSES.txt b/THIRD_PARTY_LICENSES.txt new file mode 100644 index 0000000..129f02d --- /dev/null +++ b/THIRD_PARTY_LICENSES.txt @@ -0,0 +1,7 @@ +=== Public License Template === + +------------------------------ Top-Level License ------------------------------- + + +---------------------------------- Copyright ----------------------------------- +(no copyrights found)