Add build data for 2.0.2

SECURITY.md

@@ -0,0 +1,38 @@
+# Reporting security vulnerabilities
+
+Oracle values the independent security research community and believes that
+responsible disclosure of security vulnerabilities helps us ensure the security
+and privacy of all our users.
+
+Please do NOT raise a GitHub Issue to report a security vulnerability. If you
+believe you have found a security vulnerability, please submit a report to
+[[email protected]][1] preferably with a proof of concept. Please review
+some additional information on [how to report security vulnerabilities to Oracle][2].
+We encourage people who contact Oracle Security to use email encryption using
+[our encryption key][3].
+
+We ask that you do not use other channels or contact the project maintainers
+directly.
+
+Non-vulnerability related security issues including ideas for new or improved
+security features are welcome on GitHub Issues.
+
+## Security updates, alerts and bulletins
+
+Security updates will be released on a regular cadence. Many of our projects
+will typically release security fixes in conjunction with the
+Oracle Critical Patch Update program. Additional
+information, including past advisories, is available on our [security alerts][4]
+page.
+
+## Security-related information
+
+We will provide security related information such as a threat model, considerations
+for secure use, or any known security issues in our documentation. Please note
+that labs and sample code are intended to demonstrate a concept and may not be
+sufficiently hardened for production use.
+
+[1]: mailto:[email protected]
+[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html
+[3]: https://www.oracle.com/security-alerts/encryptionkey.html
+[4]: https://www.oracle.com/security-alerts/

olm/build-image.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+set -x
+
+CONTAINER_CLI="${CONTAINER_CLI:-podman}"
+
+name="k8s-sidecar"
+version="2.0.2"
+registry="container-registry.oracle.com/olcne"
+docker_tag=${registry}/${name}:v${version}
+
+"${CONTAINER_CLI}" build --pull \
+    --build-arg https_proxy=${https_proxy} \
+    --volume /etc/yum.repos.d:/etc/yum.repos.d \
+    --tag ${docker_tag} -f ./olm/builds/Dockerfile .

olm/builds/Dockerfile

@@ -0,0 +1,18 @@
+FROM container-registry.oracle.com/os/oraclelinux:9-slim
+
+COPY LICENSE SECURITY.md THIRD_PARTY_LICENSES.txt /usr/share/licenses/
+
+COPY . /usr/src/k8s-sidecar
+
+RUN microdnf install -y python3-pip && \
+    microdnf clean all && \
+    python3 -m pip install -r /usr/src/k8s-sidecar/src/requirements.txt
+
+ENV         PYTHONUNBUFFERED=1
+WORKDIR     /usr/src/k8s-sidecar/src
+
+# Use the nobody user's numeric UID/GID to satisfy MustRunAsNonRoot PodSecurityPolicies
+# https://kubernetes.io/docs/concepts/policy/pod-security-policy/#users-and-groups
+USER        65534:65534
+
+CMD         [ "python3", "-u", "./sidecar.py" ]

olm/jenkins/ci/Jenkinsfile

@@ -0,0 +1,14 @@
+@Library('olcne-pipeline') _
+import com.oracle.olcne.pipeline.BranchPattern
+
+imagePipeline(
+  branchPattern: new BranchPattern(master: 'oracle/release/2.0.2', feature: '(?!^release/.*$)(^.*$)'),
+  containers: ['container-registry.oracle.com/olcne/k8s-sidecar:v2.0.2': 'olcne/k8s-sidecar:v2.0.2'],
+        platforms: ['ol9'],
+        architectures: ['x86_64', 'aarch64'],
+        yumOL9Repos: ['ol9_appstream', 'ol9_baseos_latest'],
+        customPlatformSteps: [
+                ol9: [container: [enabled: true], buildContainerRpms: [enabled: true]],
+        ],
+        buildScript: "sh olm/build-image.sh"
+)