bumped base images and renovate binaries (#646)

redhat-cop · Dec 13, 2023 · 1351aae · 1351aae
1 parent 9e1ea53
commit 1351aae
Show file tree

Hide file tree

Showing 32 changed files with 162 additions and 151 deletions.
diff --git a/.github/workflows/build-s2i-python-kopf-publish.yaml b/.github/workflows/build-s2i-python-kopf-publish.yaml
@@ -14,7 +14,6 @@ jobs:
     env:
       CONTEXT_DIR: build-s2i-python-kopf
       IMAGE_NAME: python-kopf-s2i
-      REGISTRY: ${{ secrets.REGISTRY_URI }}
     runs-on: ubuntu-latest
     permissions:
       packages: write
@@ -39,7 +38,7 @@ jobs:
 
       - name: Push to ghcr.io
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
-        if: ${{ !contains(github.head_ref, 'renovate') }}
+        if: ${{ !contains(github.ref, 'renovate') }}
         with:
           image: ${{ steps.build_image.outputs.image }}
           registry: ghcr.io/${{ github.repository }}
@@ -48,8 +47,9 @@ jobs:
           tags: ${{ steps.build_image.outputs.tags }}
 
       - name: Push to Quay
-        if: ${{ env.REGISTRY }} != "" && ${{ !contains(github.head_ref, 'renovate') }}
-        id: push_to_quay
+        env:
+          REGISTRY_URI: ${{ secrets.REGISTRY_URI }}
+        if: ${{ env.REGISTRY_URI  != '' && !contains(github.ref, 'renovate') }}
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
         with:
           image: ${{ steps.build_image.outputs.image }}

diff --git a/.github/workflows/jenkins-agent-ci-pr.yaml b/.github/workflows/jenkins-agent-ci-pr.yaml
diff --git a/.github/workflows/jenkins-agent-image-mgmt-publish.yaml b/.github/workflows/jenkins-agent-image-mgmt-publish.yaml
@@ -13,7 +13,6 @@ jobs:
     env:
       context: jenkins-agents/jenkins-agent-image-mgmt
       image_name: jenkins-agent-image-mgmt
-      REGISTRY: ${{ secrets.REGISTRY_URI }}
     runs-on: ubuntu-latest
     permissions:
       packages: write
@@ -38,7 +37,7 @@ jobs:
 
       - name: Push to ghcr.io
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
-        if: ${{ !contains(github.head_ref, 'renovate') }}
+        if: ${{ !contains(github.ref, 'renovate') }}
         with:
           image: ${{ steps.build_image.outputs.image }}
           registry: ghcr.io/${{ github.repository }}
@@ -47,8 +46,9 @@ jobs:
           tags: ${{ steps.build_image.outputs.tags }}
 
       - name: Push to Quay
-        if: ${{ env.REGISTRY }} != "" && ${{ !contains(github.head_ref, 'renovate') }}
-        id: push_to_quay
+        env:
+          REGISTRY_URI: ${{ secrets.REGISTRY_URI }}
+        if: ${{ env.REGISTRY_URI  != '' && !contains(github.ref, 'renovate') }}
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
         with:
           image: ${{ steps.build_image.outputs.image }}

diff --git a/.github/workflows/jenkins-agent-python-pr.yaml b/.github/workflows/jenkins-agent-python-pr.yaml
@@ -16,6 +16,18 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        with:
+          fetch-depth: 0
+
+      - name: Check if version.json has been bumped
+        id: changes
+        run: echo "changed=$(git --no-pager diff --name-only origin/master HEAD | grep "${context}/version.json" | wc -l)" >> $GITHUB_OUTPUT
+
+      - name: Fail if version.json not bumped
+        if: steps.changes.outputs.changed == 0
+        run: |
+          echo "${context}/version.json has not changed. Publishing the same tag removes the SHA, which causes issues. Failing."
+          exit 1
 
       - name: Check and verify version.json
         id: check_version

diff --git a/.github/workflows/jenkins-agent-python-publish.yaml b/.github/workflows/jenkins-agent-python-publish.yaml
@@ -13,7 +13,6 @@ jobs:
     env:
       context: jenkins-agents/jenkins-agent-python
       image_name: jenkins-agent-python
-      REGISTRY: ${{ secrets.REGISTRY_URI }}
     runs-on: ubuntu-latest
     permissions:
       packages: write
@@ -38,7 +37,7 @@ jobs:
 
       - name: Push to ghcr.io
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
-        if: ${{ !contains(github.head_ref, 'renovate') }}
+        if: ${{ !contains(github.ref, 'renovate') }}
         with:
           image: ${{ steps.build_image.outputs.image }}
           registry: ghcr.io/${{ github.repository }}
@@ -47,8 +46,9 @@ jobs:
           tags: ${{ steps.build_image.outputs.tags }}
 
       - name: Push to Quay
-        if: ${{ env.REGISTRY }} != "" && ${{ !contains(github.head_ref, 'renovate') }}
-        id: push_to_quay
+        env:
+          REGISTRY_URI: ${{ secrets.REGISTRY_URI }}
+        if: ${{ env.REGISTRY_URI  != '' && !contains(github.ref, 'renovate') }}
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
         with:
           image: ${{ steps.build_image.outputs.image }}

diff --git a/.github/workflows/tekton-task-images-conftest-publish.yaml b/.github/workflows/tekton-task-images-conftest-publish.yaml
@@ -13,7 +13,6 @@ jobs:
     env:
       context: tekton-task-images/conftest
       image_name: tekton-task-conftest
-      REGISTRY: ${{ secrets.REGISTRY_URI }}
     runs-on: ubuntu-latest
     permissions:
       packages: write
@@ -43,7 +42,7 @@ jobs:
 
       - name: Push to ghcr.io
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
-        if: ${{ !contains(github.head_ref, 'renovate') }}
+        if: ${{ !contains(github.ref, 'renovate') }}
         with:
           image: ${{ steps.build_image.outputs.image }}
           registry: ghcr.io/${{ github.repository }}
@@ -52,8 +51,9 @@ jobs:
           tags: ${{ steps.build_image.outputs.tags }}
 
       - name: Push to Quay
-        if: ${{ env.REGISTRY }} != "" && ${{ !contains(github.head_ref, 'renovate') }}
-        id: push_to_quay
+        env:
+          REGISTRY_URI: ${{ secrets.REGISTRY_URI }}
+        if: ${{ env.REGISTRY_URI  != '' && !contains(github.ref, 'renovate') }}
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
         with:
           image: ${{ steps.build_image.outputs.image }}

diff --git a/.github/workflows/tekton-task-images-helm-publish.yaml b/.github/workflows/tekton-task-images-helm-publish.yaml
@@ -13,7 +13,6 @@ jobs:
     env:
       context: tekton-task-images/helm
       image_name: tekton-task-helm
-      REGISTRY: ${{ secrets.REGISTRY_URI }}
     runs-on: ubuntu-latest
     permissions:
       packages: write
@@ -43,7 +42,7 @@ jobs:
 
       - name: Push to ghcr.io
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
-        if: ${{ !contains(github.head_ref, 'renovate') }}
+        if: ${{ !contains(github.ref, 'renovate') }}
         with:
           image: ${{ steps.build_image.outputs.image }}
           registry: ghcr.io/${{ github.repository }}
@@ -52,8 +51,9 @@ jobs:
           tags: ${{ steps.build_image.outputs.tags }}
 
       - name: Push to Quay
-        if: ${{ env.REGISTRY }} != "" && ${{ !contains(github.head_ref, 'renovate') }}
-        id: push_to_quay
+        env:
+          REGISTRY_URI: ${{ secrets.REGISTRY_URI }}
+        if: ${{ env.REGISTRY_URI  != '' && !contains(github.ref, 'renovate') }}
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
         with:
           image: ${{ steps.build_image.outputs.image }}

diff --git a/.github/workflows/toolbox-publish.yaml b/.github/workflows/toolbox-publish.yaml
@@ -13,7 +13,6 @@ jobs:
     env:
       context: tool-box
       image_name: toolbox
-      REGISTRY: ${{ secrets.REGISTRY_URI }}
     runs-on: ubuntu-latest
     permissions:
       packages: write
@@ -38,7 +37,7 @@ jobs:
 
       - name: Push to ghcr.io
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
-        if: ${{ !contains(github.head_ref, 'renovate') }}
+        if: ${{ !contains(github.ref, 'renovate') }}
         with:
           image: ${{ steps.build_image.outputs.image }}
           registry: ghcr.io/${{ github.repository }}
@@ -47,8 +46,9 @@ jobs:
           tags: ${{ steps.build_image.outputs.tags }}
 
       - name: Push to Quay
-        if: ${{ env.REGISTRY }} != "" && ${{ !contains(github.head_ref, 'renovate') }}
-        id: push_to_quay
+        env:
+          REGISTRY_URI: ${{ secrets.REGISTRY_URI }}
+        if: ${{ env.REGISTRY_URI  != '' && !contains(github.ref, 'renovate') }}
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
         with:
           image: ${{ steps.build_image.outputs.image }}

diff --git a/.github/workflows/ubi8-asciidoctor-publish.yaml b/.github/workflows/ubi8-asciidoctor-publish.yaml
@@ -15,7 +15,6 @@ jobs:
     env:
       context: utilities/ubi8-asciidoctor
       image_name: ubi8-asciidoctor
-      REGISTRY: ${{ secrets.REGISTRY_URI }}
     runs-on: ubuntu-latest
     permissions:
       packages: write
@@ -46,7 +45,7 @@ jobs:
 
       - name: Push to ghcr.io
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
-        if: ${{ !contains(github.head_ref, 'renovate') }}
+        if: ${{ !contains(github.ref, 'renovate') }}
         with:
           image: ${{ steps.build_image.outputs.image }}
           registry: ghcr.io/${{ github.repository }}
@@ -55,8 +54,9 @@ jobs:
           tags: ${{ steps.build_image.outputs.tags }}
 
       - name: Push to Quay
-        if: ${{ env.REGISTRY }} != "" && ${{ !contains(github.head_ref, 'renovate') }}
-        id: push_to_quay
+        env:
+          REGISTRY_URI: ${{ secrets.REGISTRY_URI }}
+        if: ${{ env.REGISTRY_URI  != '' && !contains(github.ref, 'renovate') }}
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
         with:
           image: ${{ steps.build_image.outputs.image }}

diff --git a/.github/workflows/ubi8-bats-publish.yaml b/.github/workflows/ubi8-bats-publish.yaml
@@ -13,7 +13,6 @@ jobs:
     env:
       context: utilities/ubi8-bats
       image_name: ubi8-bats
-      REGISTRY: ${{ secrets.REGISTRY_URI }}
     runs-on: ubuntu-latest
     permissions:
       packages: write
@@ -38,7 +37,7 @@ jobs:
 
       - name: Push to ghcr.io
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
-        if: ${{ !contains(github.head_ref, 'renovate') }}
+        if: ${{ !contains(github.ref, 'renovate') }}
         with:
           image: ${{ steps.build_image.outputs.image }}
           registry: ghcr.io/${{ github.repository }}
@@ -47,8 +46,9 @@ jobs:
           tags: ${{ steps.build_image.outputs.tags }}
 
       - name: Push to Quay
-        if: ${{ env.REGISTRY }} != "" && ${{ !contains(github.head_ref, 'renovate') }}
-        id: push_to_quay
+        env:
+          REGISTRY_URI: ${{ secrets.REGISTRY_URI }}
+        if: ${{ env.REGISTRY_URI  != '' && !contains(github.ref, 'renovate') }}
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
         with:
           image: ${{ steps.build_image.outputs.image }}

diff --git a/.github/workflows/ubi8-git-publish.yaml b/.github/workflows/ubi8-git-publish.yaml
@@ -13,7 +13,6 @@ jobs:
     env:
       context: utilities/ubi8-git
       image_name: ubi8-git
-      REGISTRY: ${{ secrets.REGISTRY_URI }}
     runs-on: ubuntu-latest
     permissions:
       packages: write
@@ -38,7 +37,7 @@ jobs:
 
       - name: Push to ghcr.io
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
-        if: ${{ !contains(github.head_ref, 'renovate') }}
+        if: ${{ !contains(github.ref, 'renovate') }}
         with:
           image: ${{ steps.build_image.outputs.image }}
           registry: ghcr.io/${{ github.repository }}
@@ -47,8 +46,9 @@ jobs:
           tags: ${{ steps.build_image.outputs.tags }}
 
       - name: Push to Quay
-        if: ${{ env.REGISTRY }} != "" && ${{ !contains(github.head_ref, 'renovate') }}
-        id: push_to_quay
+        env:
+          REGISTRY_URI: ${{ secrets.REGISTRY_URI }}
+        if: ${{ env.REGISTRY_URI  != '' && !contains(github.ref, 'renovate') }}
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
         with:
           image: ${{ steps.build_image.outputs.image }}

diff --git a/.github/workflows/ubi8-google-api-python-client-publish.yaml b/.github/workflows/ubi8-google-api-python-client-publish.yaml
@@ -13,7 +13,6 @@ jobs:
     env:
       context: utilities/ubi8-google-api-python-client
       image_name: ubi8-google-api-python-client
-      REGISTRY: ${{ secrets.REGISTRY_URI }}
     runs-on: ubuntu-latest
     permissions:
       packages: write
@@ -38,7 +37,7 @@ jobs:
 
       - name: Push to ghcr.io
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
-        if: ${{ !contains(github.head_ref, 'renovate') }}
+        if: ${{ !contains(github.ref, 'renovate') }}
         with:
           image: ${{ steps.build_image.outputs.image }}
           registry: ghcr.io/${{ github.repository }}
@@ -47,8 +46,9 @@ jobs:
           tags: ${{ steps.build_image.outputs.tags }}
 
       - name: Push to Quay
-        if: ${{ env.REGISTRY }} != "" && ${{ !contains(github.head_ref, 'renovate') }}
-        id: push_to_quay
+        env:
+          REGISTRY_URI: ${{ secrets.REGISTRY_URI }}
+        if: ${{ env.REGISTRY_URI  != '' && !contains(github.ref, 'renovate') }}
         uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2
         with:
           image: ${{ steps.build_image.outputs.image }}

diff --git a/_test/kind/setup.sh b/_test/kind/setup.sh
@@ -3,6 +3,7 @@
 set -euo pipefail
 
 AGENT=$1
+## todo: renovate config for below
 JENKINS_CHART_VERSION="4.9.1"
 AGENT_PATH="jenkins-agents/${AGENT}"
 SCRIPT_DIR=$(dirname -- "$(readlink -f "${BASH_SOURCE[0]}" || realpath "${BASH_SOURCE[0]}")")

diff --git a/jenkins-agents/jenkins-agent-ansible/Dockerfile b/jenkins-agents/jenkins-agent-ansible/Dockerfile
@@ -1,9 +1,11 @@
 FROM quay.io/openshift/origin-jenkins-agent-base:4.9
+
+# renovate: datasource=pypi depName=ansible
 ARG ANSIBLE_VERSION=2.9.13
 
 LABEL \
       release="1" \
-      version="4.8" \
+      version="4.14" \
       architecture="x86_64" \
       io.k8s.display-name="Jenkins Agent Ansible" \
       name="openshift/origin-jenkins-agent-ansible-ubi8" \

diff --git a/jenkins-agents/jenkins-agent-arachni/Dockerfile b/jenkins-agents/jenkins-agent-arachni/Dockerfile
@@ -1,14 +1,14 @@
-FROM quay.io/openshift/origin-jenkins-agent-base:4.9
+FROM quay.io/openshift/origin-jenkins-agent-base:4.14
 
-ARG VERSION=1.5.1
+ARG ARACHNI_VERSION=1.5.1
 ARG WEB_VERSION=0.5.12
 
 WORKDIR /arachni
 
-RUN curl -sLo- https://github.com/Arachni/arachni/releases/download/v${VERSION}/arachni-${VERSION}-${WEB_VERSION}-linux-x86_64.tar.gz | tar xvz -C /arachni --strip-components=1 && \
+RUN curl -sLo- https://github.com/Arachni/arachni/releases/download/v${ARACHNI_VERSION}/arachni-${ARACHNI_VERSION}-${WEB_VERSION}-linux-x86_64.tar.gz | tar xvz -C /arachni --strip-components=1 && \
     chown -R root:root /arachni && \
     chmod -R 775 /arachni
 
-COPY reporters ./system/gems/gems/arachni-${VERSION}/components/reporters
+COPY reporters ./system/gems/gems/arachni-${ARACHNI_VERSION}/components/reporters
 
 USER 1001