diff --git a/.github/workflows/build-s2i-python-kopf-publish.yaml b/.github/workflows/build-s2i-python-kopf-publish.yaml index d7661d449..038269d13 100644 --- a/.github/workflows/build-s2i-python-kopf-publish.yaml +++ b/.github/workflows/build-s2i-python-kopf-publish.yaml @@ -14,7 +14,6 @@ jobs: env: CONTEXT_DIR: build-s2i-python-kopf IMAGE_NAME: python-kopf-s2i - REGISTRY: ${{ secrets.REGISTRY_URI }} runs-on: ubuntu-latest permissions: packages: write @@ -39,7 +38,7 @@ jobs: - name: Push to ghcr.io uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 - if: ${{ !contains(github.head_ref, 'renovate') }} + if: ${{ !contains(github.ref, 'renovate') }} with: image: ${{ steps.build_image.outputs.image }} registry: ghcr.io/${{ github.repository }} @@ -48,8 +47,9 @@ jobs: tags: ${{ steps.build_image.outputs.tags }} - name: Push to Quay - if: ${{ env.REGISTRY }} != "" && ${{ !contains(github.head_ref, 'renovate') }} - id: push_to_quay + env: + REGISTRY_URI: ${{ secrets.REGISTRY_URI }} + if: ${{ env.REGISTRY_URI != '' && !contains(github.ref, 'renovate') }} uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 with: image: ${{ steps.build_image.outputs.image }} diff --git a/.github/workflows/jenkins-agent-ci-pr.yaml b/.github/workflows/jenkins-agent-ci-pr.yaml deleted file mode 100644 index 41ec9c988..000000000 --- a/.github/workflows/jenkins-agent-ci-pr.yaml +++ /dev/null @@ -1,35 +0,0 @@ - ---- -name: jenkins-agent-ci-pr -on: - pull_request: - paths: - - _test/kind/** - - .github/workflows/jenkins-agent-ci-pr.yaml - -# Declare default permissions as read only. -permissions: read-all - -jobs: - build: - env: - context: jenkins-agents/jenkins-agent-ansible - image_name: jenkins-agent-ansible - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - - - name: Build image - uses: redhat-actions/buildah-build@b4dc19b4ba891854660ab1f88a097d45aa158f76 # v2 - with: - context: ${{ env.context }} - dockerfiles: | - ./${{ env.context }}/Dockerfile - image: ${{ env.image_name }} - oci: true - tags: "latest" - - - name: Test image - run: | - echo "Testing ${{ env.image_name }}" - ./_test/kind/setup.sh ${{ env.image_name }} diff --git a/.github/workflows/jenkins-agent-image-mgmt-publish.yaml b/.github/workflows/jenkins-agent-image-mgmt-publish.yaml index 1e526b8ea..daa9422b5 100644 --- a/.github/workflows/jenkins-agent-image-mgmt-publish.yaml +++ b/.github/workflows/jenkins-agent-image-mgmt-publish.yaml @@ -13,7 +13,6 @@ jobs: env: context: jenkins-agents/jenkins-agent-image-mgmt image_name: jenkins-agent-image-mgmt - REGISTRY: ${{ secrets.REGISTRY_URI }} runs-on: ubuntu-latest permissions: packages: write @@ -38,7 +37,7 @@ jobs: - name: Push to ghcr.io uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 - if: ${{ !contains(github.head_ref, 'renovate') }} + if: ${{ !contains(github.ref, 'renovate') }} with: image: ${{ steps.build_image.outputs.image }} registry: ghcr.io/${{ github.repository }} @@ -47,8 +46,9 @@ jobs: tags: ${{ steps.build_image.outputs.tags }} - name: Push to Quay - if: ${{ env.REGISTRY }} != "" && ${{ !contains(github.head_ref, 'renovate') }} - id: push_to_quay + env: + REGISTRY_URI: ${{ secrets.REGISTRY_URI }} + if: ${{ env.REGISTRY_URI != '' && !contains(github.ref, 'renovate') }} uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 with: image: ${{ steps.build_image.outputs.image }} diff --git a/.github/workflows/jenkins-agent-python-pr.yaml b/.github/workflows/jenkins-agent-python-pr.yaml index 8fa3b2671..50b9167ea 100644 --- a/.github/workflows/jenkins-agent-python-pr.yaml +++ b/.github/workflows/jenkins-agent-python-pr.yaml @@ -16,6 +16,18 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + with: + fetch-depth: 0 + + - name: Check if version.json has been bumped + id: changes + run: echo "changed=$(git --no-pager diff --name-only origin/master HEAD | grep "${context}/version.json" | wc -l)" >> $GITHUB_OUTPUT + + - name: Fail if version.json not bumped + if: steps.changes.outputs.changed == 0 + run: | + echo "${context}/version.json has not changed. Publishing the same tag removes the SHA, which causes issues. Failing." + exit 1 - name: Check and verify version.json id: check_version diff --git a/.github/workflows/jenkins-agent-python-publish.yaml b/.github/workflows/jenkins-agent-python-publish.yaml index 05577c6a4..981ae2be1 100644 --- a/.github/workflows/jenkins-agent-python-publish.yaml +++ b/.github/workflows/jenkins-agent-python-publish.yaml @@ -13,7 +13,6 @@ jobs: env: context: jenkins-agents/jenkins-agent-python image_name: jenkins-agent-python - REGISTRY: ${{ secrets.REGISTRY_URI }} runs-on: ubuntu-latest permissions: packages: write @@ -38,7 +37,7 @@ jobs: - name: Push to ghcr.io uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 - if: ${{ !contains(github.head_ref, 'renovate') }} + if: ${{ !contains(github.ref, 'renovate') }} with: image: ${{ steps.build_image.outputs.image }} registry: ghcr.io/${{ github.repository }} @@ -47,8 +46,9 @@ jobs: tags: ${{ steps.build_image.outputs.tags }} - name: Push to Quay - if: ${{ env.REGISTRY }} != "" && ${{ !contains(github.head_ref, 'renovate') }} - id: push_to_quay + env: + REGISTRY_URI: ${{ secrets.REGISTRY_URI }} + if: ${{ env.REGISTRY_URI != '' && !contains(github.ref, 'renovate') }} uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 with: image: ${{ steps.build_image.outputs.image }} diff --git a/.github/workflows/tekton-task-images-conftest-publish.yaml b/.github/workflows/tekton-task-images-conftest-publish.yaml index aee6148bf..42e6504c3 100644 --- a/.github/workflows/tekton-task-images-conftest-publish.yaml +++ b/.github/workflows/tekton-task-images-conftest-publish.yaml @@ -13,7 +13,6 @@ jobs: env: context: tekton-task-images/conftest image_name: tekton-task-conftest - REGISTRY: ${{ secrets.REGISTRY_URI }} runs-on: ubuntu-latest permissions: packages: write @@ -43,7 +42,7 @@ jobs: - name: Push to ghcr.io uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 - if: ${{ !contains(github.head_ref, 'renovate') }} + if: ${{ !contains(github.ref, 'renovate') }} with: image: ${{ steps.build_image.outputs.image }} registry: ghcr.io/${{ github.repository }} @@ -52,8 +51,9 @@ jobs: tags: ${{ steps.build_image.outputs.tags }} - name: Push to Quay - if: ${{ env.REGISTRY }} != "" && ${{ !contains(github.head_ref, 'renovate') }} - id: push_to_quay + env: + REGISTRY_URI: ${{ secrets.REGISTRY_URI }} + if: ${{ env.REGISTRY_URI != '' && !contains(github.ref, 'renovate') }} uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 with: image: ${{ steps.build_image.outputs.image }} diff --git a/.github/workflows/tekton-task-images-helm-publish.yaml b/.github/workflows/tekton-task-images-helm-publish.yaml index b319da7bf..40c295578 100644 --- a/.github/workflows/tekton-task-images-helm-publish.yaml +++ b/.github/workflows/tekton-task-images-helm-publish.yaml @@ -13,7 +13,6 @@ jobs: env: context: tekton-task-images/helm image_name: tekton-task-helm - REGISTRY: ${{ secrets.REGISTRY_URI }} runs-on: ubuntu-latest permissions: packages: write @@ -43,7 +42,7 @@ jobs: - name: Push to ghcr.io uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 - if: ${{ !contains(github.head_ref, 'renovate') }} + if: ${{ !contains(github.ref, 'renovate') }} with: image: ${{ steps.build_image.outputs.image }} registry: ghcr.io/${{ github.repository }} @@ -52,8 +51,9 @@ jobs: tags: ${{ steps.build_image.outputs.tags }} - name: Push to Quay - if: ${{ env.REGISTRY }} != "" && ${{ !contains(github.head_ref, 'renovate') }} - id: push_to_quay + env: + REGISTRY_URI: ${{ secrets.REGISTRY_URI }} + if: ${{ env.REGISTRY_URI != '' && !contains(github.ref, 'renovate') }} uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 with: image: ${{ steps.build_image.outputs.image }} diff --git a/.github/workflows/toolbox-publish.yaml b/.github/workflows/toolbox-publish.yaml index b3e5df4b4..09e92776b 100644 --- a/.github/workflows/toolbox-publish.yaml +++ b/.github/workflows/toolbox-publish.yaml @@ -13,7 +13,6 @@ jobs: env: context: tool-box image_name: toolbox - REGISTRY: ${{ secrets.REGISTRY_URI }} runs-on: ubuntu-latest permissions: packages: write @@ -38,7 +37,7 @@ jobs: - name: Push to ghcr.io uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 - if: ${{ !contains(github.head_ref, 'renovate') }} + if: ${{ !contains(github.ref, 'renovate') }} with: image: ${{ steps.build_image.outputs.image }} registry: ghcr.io/${{ github.repository }} @@ -47,8 +46,9 @@ jobs: tags: ${{ steps.build_image.outputs.tags }} - name: Push to Quay - if: ${{ env.REGISTRY }} != "" && ${{ !contains(github.head_ref, 'renovate') }} - id: push_to_quay + env: + REGISTRY_URI: ${{ secrets.REGISTRY_URI }} + if: ${{ env.REGISTRY_URI != '' && !contains(github.ref, 'renovate') }} uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 with: image: ${{ steps.build_image.outputs.image }} diff --git a/.github/workflows/ubi8-asciidoctor-publish.yaml b/.github/workflows/ubi8-asciidoctor-publish.yaml index f8e364c63..a671646c7 100644 --- a/.github/workflows/ubi8-asciidoctor-publish.yaml +++ b/.github/workflows/ubi8-asciidoctor-publish.yaml @@ -15,7 +15,6 @@ jobs: env: context: utilities/ubi8-asciidoctor image_name: ubi8-asciidoctor - REGISTRY: ${{ secrets.REGISTRY_URI }} runs-on: ubuntu-latest permissions: packages: write @@ -46,7 +45,7 @@ jobs: - name: Push to ghcr.io uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 - if: ${{ !contains(github.head_ref, 'renovate') }} + if: ${{ !contains(github.ref, 'renovate') }} with: image: ${{ steps.build_image.outputs.image }} registry: ghcr.io/${{ github.repository }} @@ -55,8 +54,9 @@ jobs: tags: ${{ steps.build_image.outputs.tags }} - name: Push to Quay - if: ${{ env.REGISTRY }} != "" && ${{ !contains(github.head_ref, 'renovate') }} - id: push_to_quay + env: + REGISTRY_URI: ${{ secrets.REGISTRY_URI }} + if: ${{ env.REGISTRY_URI != '' && !contains(github.ref, 'renovate') }} uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 with: image: ${{ steps.build_image.outputs.image }} diff --git a/.github/workflows/ubi8-bats-publish.yaml b/.github/workflows/ubi8-bats-publish.yaml index 33593a2a5..912198dbe 100644 --- a/.github/workflows/ubi8-bats-publish.yaml +++ b/.github/workflows/ubi8-bats-publish.yaml @@ -13,7 +13,6 @@ jobs: env: context: utilities/ubi8-bats image_name: ubi8-bats - REGISTRY: ${{ secrets.REGISTRY_URI }} runs-on: ubuntu-latest permissions: packages: write @@ -38,7 +37,7 @@ jobs: - name: Push to ghcr.io uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 - if: ${{ !contains(github.head_ref, 'renovate') }} + if: ${{ !contains(github.ref, 'renovate') }} with: image: ${{ steps.build_image.outputs.image }} registry: ghcr.io/${{ github.repository }} @@ -47,8 +46,9 @@ jobs: tags: ${{ steps.build_image.outputs.tags }} - name: Push to Quay - if: ${{ env.REGISTRY }} != "" && ${{ !contains(github.head_ref, 'renovate') }} - id: push_to_quay + env: + REGISTRY_URI: ${{ secrets.REGISTRY_URI }} + if: ${{ env.REGISTRY_URI != '' && !contains(github.ref, 'renovate') }} uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 with: image: ${{ steps.build_image.outputs.image }} diff --git a/.github/workflows/ubi8-git-publish.yaml b/.github/workflows/ubi8-git-publish.yaml index 44f0cbe78..899337cff 100644 --- a/.github/workflows/ubi8-git-publish.yaml +++ b/.github/workflows/ubi8-git-publish.yaml @@ -13,7 +13,6 @@ jobs: env: context: utilities/ubi8-git image_name: ubi8-git - REGISTRY: ${{ secrets.REGISTRY_URI }} runs-on: ubuntu-latest permissions: packages: write @@ -38,7 +37,7 @@ jobs: - name: Push to ghcr.io uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 - if: ${{ !contains(github.head_ref, 'renovate') }} + if: ${{ !contains(github.ref, 'renovate') }} with: image: ${{ steps.build_image.outputs.image }} registry: ghcr.io/${{ github.repository }} @@ -47,8 +46,9 @@ jobs: tags: ${{ steps.build_image.outputs.tags }} - name: Push to Quay - if: ${{ env.REGISTRY }} != "" && ${{ !contains(github.head_ref, 'renovate') }} - id: push_to_quay + env: + REGISTRY_URI: ${{ secrets.REGISTRY_URI }} + if: ${{ env.REGISTRY_URI != '' && !contains(github.ref, 'renovate') }} uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 with: image: ${{ steps.build_image.outputs.image }} diff --git a/.github/workflows/ubi8-google-api-python-client-publish.yaml b/.github/workflows/ubi8-google-api-python-client-publish.yaml index 698863ff7..fd3e98725 100644 --- a/.github/workflows/ubi8-google-api-python-client-publish.yaml +++ b/.github/workflows/ubi8-google-api-python-client-publish.yaml @@ -13,7 +13,6 @@ jobs: env: context: utilities/ubi8-google-api-python-client image_name: ubi8-google-api-python-client - REGISTRY: ${{ secrets.REGISTRY_URI }} runs-on: ubuntu-latest permissions: packages: write @@ -38,7 +37,7 @@ jobs: - name: Push to ghcr.io uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 - if: ${{ !contains(github.head_ref, 'renovate') }} + if: ${{ !contains(github.ref, 'renovate') }} with: image: ${{ steps.build_image.outputs.image }} registry: ghcr.io/${{ github.repository }} @@ -47,8 +46,9 @@ jobs: tags: ${{ steps.build_image.outputs.tags }} - name: Push to Quay - if: ${{ env.REGISTRY }} != "" && ${{ !contains(github.head_ref, 'renovate') }} - id: push_to_quay + env: + REGISTRY_URI: ${{ secrets.REGISTRY_URI }} + if: ${{ env.REGISTRY_URI != '' && !contains(github.ref, 'renovate') }} uses: redhat-actions/push-to-registry@9986a6552bc4571882a4a67e016b17361412b4df # v2 with: image: ${{ steps.build_image.outputs.image }} diff --git a/_test/kind/setup.sh b/_test/kind/setup.sh index 9c1f35615..18c636ceb 100755 --- a/_test/kind/setup.sh +++ b/_test/kind/setup.sh @@ -3,6 +3,7 @@ set -euo pipefail AGENT=$1 +## todo: renovate config for below JENKINS_CHART_VERSION="4.9.1" AGENT_PATH="jenkins-agents/${AGENT}" SCRIPT_DIR=$(dirname -- "$(readlink -f "${BASH_SOURCE[0]}" || realpath "${BASH_SOURCE[0]}")") diff --git a/jenkins-agents/jenkins-agent-ansible/Dockerfile b/jenkins-agents/jenkins-agent-ansible/Dockerfile index 673ac0f0f..c0433171d 100644 --- a/jenkins-agents/jenkins-agent-ansible/Dockerfile +++ b/jenkins-agents/jenkins-agent-ansible/Dockerfile @@ -1,9 +1,11 @@ FROM quay.io/openshift/origin-jenkins-agent-base:4.9 + +# renovate: datasource=pypi depName=ansible ARG ANSIBLE_VERSION=2.9.13 LABEL \ release="1" \ - version="4.8" \ + version="4.14" \ architecture="x86_64" \ io.k8s.display-name="Jenkins Agent Ansible" \ name="openshift/origin-jenkins-agent-ansible-ubi8" \ diff --git a/jenkins-agents/jenkins-agent-arachni/Dockerfile b/jenkins-agents/jenkins-agent-arachni/Dockerfile index 9abcbe4af..9fdea0718 100644 --- a/jenkins-agents/jenkins-agent-arachni/Dockerfile +++ b/jenkins-agents/jenkins-agent-arachni/Dockerfile @@ -1,14 +1,14 @@ -FROM quay.io/openshift/origin-jenkins-agent-base:4.9 +FROM quay.io/openshift/origin-jenkins-agent-base:4.14 -ARG VERSION=1.5.1 +ARG ARACHNI_VERSION=1.5.1 ARG WEB_VERSION=0.5.12 WORKDIR /arachni -RUN curl -sLo- https://github.com/Arachni/arachni/releases/download/v${VERSION}/arachni-${VERSION}-${WEB_VERSION}-linux-x86_64.tar.gz | tar xvz -C /arachni --strip-components=1 && \ +RUN curl -sLo- https://github.com/Arachni/arachni/releases/download/v${ARACHNI_VERSION}/arachni-${ARACHNI_VERSION}-${WEB_VERSION}-linux-x86_64.tar.gz | tar xvz -C /arachni --strip-components=1 && \ chown -R root:root /arachni && \ chmod -R 775 /arachni -COPY reporters ./system/gems/gems/arachni-${VERSION}/components/reporters +COPY reporters ./system/gems/gems/arachni-${ARACHNI_VERSION}/components/reporters USER 1001 diff --git a/jenkins-agents/jenkins-agent-argocd/Dockerfile b/jenkins-agents/jenkins-agent-argocd/Dockerfile index add648538..234aa2c32 100644 --- a/jenkins-agents/jenkins-agent-argocd/Dockerfile +++ b/jenkins-agents/jenkins-agent-argocd/Dockerfile @@ -1,9 +1,11 @@ -FROM quay.io/openshift/origin-jenkins-agent-base:4.9 +FROM quay.io/openshift/origin-jenkins-agent-base:4.14 -ENV ARGOCD_VERSION=2.2.3 \ - YQ_VERSION=v4.16.2 +# renovate: datasource=github-releases depName=argoproj/argo-cd +ENV ARGOCD_VERSION=v2.2.3 +# renovate: datasource=github-releases depName=mikefarah/yq +ENV YQ_VERSION=v4.16.2 -RUN curl -sL https://github.com/argoproj/argo-cd/releases/download/v${ARGOCD_VERSION}/argocd-linux-amd64 -o /usr/local/bin/argocd && \ +RUN curl -sL https://github.com/argoproj/argo-cd/releases/download/${ARGOCD_VERSION}/argocd-linux-amd64 -o /usr/local/bin/argocd && \ chmod -R 775 /usr/local/bin/argocd && \ curl -sL https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -o /usr/local/bin/yq && \ chmod -R 775 /usr/local/bin/yq diff --git a/jenkins-agents/jenkins-agent-conftest/Dockerfile b/jenkins-agents/jenkins-agent-conftest/Dockerfile index f2b8cdd62..fde7337bf 100644 --- a/jenkins-agents/jenkins-agent-conftest/Dockerfile +++ b/jenkins-agents/jenkins-agent-conftest/Dockerfile @@ -1,15 +1,18 @@ -FROM quay.io/redhat-cop/jenkins-agent-python:v1.1@sha256:64caef557f4045bc3dbe3e8b55b6ccf36a1ffc0963d0dbdaca3200ed7c2763e6 +FROM quay.io/redhat-cop/jenkins-agent-python:v1.1@sha256:5a6ed0e5066d0a58c88158cfdcc66a199178d282094510f910e53c6b5ef9cad3 # ^ needed to install the python yq library 🐍 -ARG BATS_VERSION=1.2.0 +# renovate: datasource=github-releases depName=bats-core/bats-core +ARG BATS_VERSION=v1.2.0 +# renovate: datasource=pypi depName=yq ARG YQ_VERSION=2.12.0 -ARG CONFTEST_VERSION=0.23.0 +# renovate: datasource=github-releases depName=open-policy-agent/conftest +ARG CONFTEST_VERSION=v0.46.0 USER root -RUN curl --fail -sL https://github.com/open-policy-agent/conftest/releases/download/v${CONFTEST_VERSION}/conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz | tar zxf - -C /usr/local/bin conftest && \ - curl --fail -sL https://github.com/bats-core/bats-core/archive/v${BATS_VERSION}.tar.gz | tar zxf - -C /tmp && \ - ./tmp/bats-core-${BATS_VERSION}/install.sh /usr/local && \ +RUN curl --fail -sL https://github.com/open-policy-agent/conftest/releases/download/${CONFTEST_VERSION}/conftest_${CONFTEST_VERSION//v}_Linux_x86_64.tar.gz | tar zxf - -C /usr/local/bin conftest && \ + curl --fail -sL https://github.com/bats-core/bats-core/archive/${BATS_VERSION}.tar.gz | tar zxf - -C /tmp && \ + ./tmp/bats-core-${BATS_VERSION//v}/install.sh /usr/local && \ echo "na na na na na na na na na 🦇👨‍🦰" && \ rm -rf /tmp/bats* && \ pip install yq==${YQ_VERSION} diff --git a/jenkins-agents/jenkins-agent-cosign/Dockerfile b/jenkins-agents/jenkins-agent-cosign/Dockerfile index 9f4975214..ba4cb0265 100644 --- a/jenkins-agents/jenkins-agent-cosign/Dockerfile +++ b/jenkins-agents/jenkins-agent-cosign/Dockerfile @@ -1,11 +1,12 @@ -FROM quay.io/openshift/origin-jenkins-agent-base:4.9 +FROM quay.io/openshift/origin-jenkins-agent-base:4.14 USER root -ARG COSIGN_VERSION=2.0.2 +# renovate: datasource=github-releases depName=sigstore/cosign +ARG COSIGN_VERSION=v2.0.2 # Install cosign -RUN curl -sL -o /usr/local/bin/cosign https://github.com/sigstore/cosign/releases/download/v${COSIGN_VERSION}/cosign-linux-amd64 && \ +RUN curl -L -o /usr/local/bin/cosign https://github.com/sigstore/cosign/releases/download/${COSIGN_VERSION}/cosign-linux-amd64 && \ chmod 755 /usr/local/bin/cosign USER 1001 diff --git a/jenkins-agents/jenkins-agent-erlang/Dockerfile b/jenkins-agents/jenkins-agent-erlang/Dockerfile index 431e66029..c29259244 100644 --- a/jenkins-agents/jenkins-agent-erlang/Dockerfile +++ b/jenkins-agents/jenkins-agent-erlang/Dockerfile @@ -1,6 +1,8 @@ -FROM quay.io/openshift/origin-jenkins-agent-base:4.9 +FROM quay.io/openshift/origin-jenkins-agent-base:4.14 +# renovate: datasource=github-releases depName=rabbitmq/erlang-rpm ARG ERLANG_VERSION=22.1.4 +# renovate: datasource=github-releases depName=erlang/rebar3 ARG REBAR3_VERSION=3.12.0 RUN set -xe && \ diff --git a/jenkins-agents/jenkins-agent-golang/Dockerfile b/jenkins-agents/jenkins-agent-golang/Dockerfile index e4491ab8c..1dd5d42dc 100644 --- a/jenkins-agents/jenkins-agent-golang/Dockerfile +++ b/jenkins-agents/jenkins-agent-golang/Dockerfile @@ -1,6 +1,7 @@ -FROM quay.io/openshift/origin-jenkins-agent-base:4.9 +FROM quay.io/openshift/origin-jenkins-agent-base:4.14 -ARG GO_VERSION=1.15.6 +# renovate: datasource=golang-version depName=go +ARG GO_VERSION=1.20 ARG SONAR_SCANNER_VERSION=4.5.0.2216 ENV GOROOT=/usr/local/go \ GOPATH=/usr/src/go @@ -16,10 +17,11 @@ RUN curl -L -o /tmp/sonar-scanner.zip https://binaries.sonarsource.com/Distribut mv sonar-scanner-* sonar-scanner && \ ln -s /opt/sonar-scanner/bin/sonar-scanner /usr/local/bin/sonar-scanner && \ chmod 755 /usr/local/bin/sonar-scanner + RUN curl -L https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz \ | tar zxf - -C /usr/local/ && \ mkdir -p /usr/src/go/src/redhat && \ - go get -u github.com/golang/dep/cmd/dep && \ + mkdir -p ${HOME}/.cache/go-build && \ chown -R 1001 /usr/src/go && \ chown -R 1001 /usr/local/go && \ chown -R 1001 ${HOME}/.cache/go-build && \ diff --git a/jenkins-agents/jenkins-agent-graalvm/Dockerfile b/jenkins-agents/jenkins-agent-graalvm/Dockerfile index 07751d71a..11b573ac7 100644 --- a/jenkins-agents/jenkins-agent-graalvm/Dockerfile +++ b/jenkins-agents/jenkins-agent-graalvm/Dockerfile @@ -1,11 +1,16 @@ FROM quay.io/openshift/origin-jenkins-agent-maven:4.14@sha256:4a8671c25216b1b44bf47a363ec37d503568fa2f75ef1a010e2284ac1cc5df46 + ARG GRAAL_VERSION=20.3.3.0-Final ENV GRAALVM_HOME=/opt/mandrelJDK ENV GRAAL_CE_URL=https://github.com/graalvm/mandrel/releases/download/mandrel-${GRAAL_VERSION}/mandrel-java11-linux-amd64-${GRAAL_VERSION}.tar.gz -ARG HELM_VERSION=3.6.3 +# renovate: datasource=github-releases depName=helm/helm +ARG HELM_VERSION=v3.6.3 +# renovate: datasource=github-releases depName=stedolan/jq ARG JQ_VERSION=1.6 -ARG OC_VERSION=4.8 -ARG YQ_VERSION=4.11.2 +# renovate: datasource=repology depName=homebrew/openshift-cli +ARG OC_VERSION=4.8.0 +# renovate: datasource=github-releases depName=mikefarah/yq +ARG YQ_VERSION=v4.11.2 ADD settings.xml $HOME/.m2/settings.xml ADD ubi8.repo /tmp/ubi8.repo @@ -21,11 +26,11 @@ RUN rm -f /etc/yum.repos.d/*.repo && \ curl -fsSL $GRAAL_CE_URL | tar -xzC ${GRAALVM_HOME} --strip-components=1 && \ curl -Lo /usr/local/bin/jq https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 && \ chmod +x /usr/local/bin/jq && \ - curl -L https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz | tar --strip-components=1 -C /usr/local/bin -xzf - linux-amd64/helm && \ - curl -Lo /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_amd64 && \ + curl -L https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar --strip-components=1 -C /usr/local/bin -xzf - linux-amd64/helm && \ + curl -Lo /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 && \ chmod +x /usr/local/bin/yq && \ rm -f /usr/bin/oc && \ - curl -sL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable-${OC_VERSION}/openshift-client-linux.tar.gz \ + curl -sL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OC_VERSION}/openshift-client-linux.tar.gz \ | tar zxf - -C /usr/local/bin oc kubectl && \ ### Cleanup dnf clean all && \ diff --git a/jenkins-agents/jenkins-agent-helm/Dockerfile b/jenkins-agents/jenkins-agent-helm/Dockerfile index 2ccbdc365..d32d14a07 100644 --- a/jenkins-agents/jenkins-agent-helm/Dockerfile +++ b/jenkins-agents/jenkins-agent-helm/Dockerfile @@ -1,11 +1,17 @@ FROM quay.io/openshift/origin-jenkins-agent-base:4.9 -ARG VERSION=3.5.2 +# renovate: datasource=github-releases depName=helm/helm +ARG HELM_VERSION=v3.13.2 +# renovate: datasource=github-releases depName=mikefarah/yq ARG YQ_VERSION=v4.5.1 -ARG CT_VERSION=3.3.1 -ARG OPENSHIFT_CLIENT_VERSION=4.8 -ARG CONFTEST_VERSION=0.23.0 -ARG KUBE_LINTER_VERSION=0.2.3 +# renovate: datasource=github-releases depName=helm/chart-testing +ARG CT_VERSION=v3.3.1 +# renovate: datasource=repology depName=homebrew/openshift-cli +ARG OPENSHIFT_CLIENT_VERSION=4.8.0 +# renovate: datasource=github-releases depName=open-policy-agent/conftest +ARG CONFTEST_VERSION=v0.47.0 +# renovate: datasource=github-releases depName=stackrox/kube-linter +ARG KUBE_LINTER_VERSION=v0.6.4 ## Required in order to avoid ct "ascii codec can't encode character" error ENV PYTHONIOENCODING=utf-8 \ @@ -16,14 +22,14 @@ ENV PYTHONIOENCODING=utf-8 \ COPY ubi8.repo /tmp/ ## Install helm, yq, conftest & kube-linter -RUN curl -sL https://get.helm.sh/helm-v${VERSION}-linux-amd64.tar.gz | tar zxf - -C /usr/local/bin --strip-components=1 linux-amd64/helm && \ - curl -sL https://github.com/open-policy-agent/conftest/releases/download/v${CONFTEST_VERSION}/conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz | tar zxf - -C /usr/local/bin conftest && \ +RUN curl -sL https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar zxf - -C /usr/local/bin --strip-components=1 linux-amd64/helm && \ + curl -sL https://github.com/open-policy-agent/conftest/releases/download/${CONFTEST_VERSION}/conftest_${CONFTEST_VERSION//v}_Linux_x86_64.tar.gz | tar zxf - -C /usr/local/bin conftest && \ curl -sL https://github.com/stackrox/kube-linter/releases/download/${KUBE_LINTER_VERSION}/kube-linter-linux.tar.gz | tar zxf - -C /usr/local/bin kube-linter && \ curl -sL https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -o /usr/local/bin/yq && \ chmod -R 755 /usr/local/bin/yq ## Install ct -RUN curl -sL -o /tmp/chart-testing.tar.gz https://github.com/helm/chart-testing/releases/download/v${CT_VERSION}/chart-testing_${CT_VERSION}_linux_amd64.tar.gz && \ +RUN curl -sL -o /tmp/chart-testing.tar.gz https://github.com/helm/chart-testing/releases/download/${CT_VERSION}/chart-testing_${CT_VERSION//v}_linux_amd64.tar.gz && \ mkdir ${HOME}/.ct && \ tar zxf /tmp/chart-testing.tar.gz -C /usr/local/bin ct && \ tar zxf /tmp/chart-testing.tar.gz -C ${HOME}/.ct --strip-components=1 etc && \ @@ -42,7 +48,7 @@ RUN INSTALL_PKGS="git python38 python38-pip" && \ chmod -R 775 /etc/alternatives ## Install oc and kubectl -RUN curl -sL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable-${OPENSHIFT_CLIENT_VERSION}/openshift-client-linux.tar.gz \ +RUN curl -sL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OPENSHIFT_CLIENT_VERSION}/openshift-client-linux.tar.gz \ | tar zxf - -C /usr/local/bin oc kubectl USER 1001 diff --git a/jenkins-agents/jenkins-agent-hugo/Dockerfile b/jenkins-agents/jenkins-agent-hugo/Dockerfile index e3db0024c..8826b2124 100644 --- a/jenkins-agents/jenkins-agent-hugo/Dockerfile +++ b/jenkins-agents/jenkins-agent-hugo/Dockerfile @@ -1,8 +1,9 @@ -FROM quay.io/openshift/origin-jenkins-agent-base:4.9 +FROM quay.io/openshift/origin-jenkins-agent-base:4.14 -ENV HUGO_VERSION=0.83.1 +# renovate: datasource=github-releases depName=gohugoio/hugo +ENV HUGO_VERSION=v0.83.1 -RUN curl -sL https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_Linux-64bit.tar.gz \ +RUN curl -sL https://github.com/gohugoio/hugo/releases/download/${HUGO_VERSION}/hugo_extended_${HUGO_VERSION//v}_Linux-64bit.tar.gz \ | tar zxf - -C /usr/local/bin hugo USER 1001 diff --git a/jenkins-agents/jenkins-agent-image-mgmt/Dockerfile b/jenkins-agents/jenkins-agent-image-mgmt/Dockerfile index d099725ed..cd340adc1 100644 --- a/jenkins-agents/jenkins-agent-image-mgmt/Dockerfile +++ b/jenkins-agents/jenkins-agent-image-mgmt/Dockerfile @@ -1,17 +1,19 @@ -FROM registry.access.redhat.com/ubi8/go-toolset:latest as builder +FROM registry.access.redhat.com/ubi8/go-toolset:1.20 as builder -ARG SKOPEO_VERSION=1.5.2 +# renovate: datasource=github-releases depName=containers/skopeo +ARG SKOPEO_VERSION=v1.13.0 USER root -RUN curl -L https://github.com/containers/skopeo/archive/v${SKOPEO_VERSION}.tar.gz | tar -C /tmp -zxf - && \ - mv /tmp/skopeo-${SKOPEO_VERSION} /tmp/skopeo && \ +RUN curl -L https://github.com/containers/skopeo/archive/${SKOPEO_VERSION}.tar.gz | tar -C /tmp -zxf - && \ + mv /tmp/skopeo-${SKOPEO_VERSION//v} /tmp/skopeo && \ cd /tmp/skopeo && \ make BUILDTAGS=containers_image_openpgp DISABLE_DOCS=1 CGO_ENABLED=0 GO_DYN_FLAGS= -FROM quay.io/openshift/origin-jenkins-agent-base:4.9 +FROM quay.io/openshift/origin-jenkins-agent-base:4.14 -ARG OC_VERSION=4.9 +# renovate: datasource=repology depName=homebrew/openshift-cli +ARG OC_VERSION=4.14.0 MAINTAINER Andrew Block @@ -25,7 +27,7 @@ LABEL com.redhat.component="jenkins-agent-image-mgmt" \ USER root RUN mkdir -p /etc/containers && \ - curl -L https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable-${OC_VERSION}/openshift-client-linux.tar.gz | tar zxvf - -C /usr/bin oc + curl -L https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OC_VERSION}/openshift-client-linux.tar.gz | tar zxvf - -C /usr/bin oc COPY --from=builder /tmp/skopeo/default-policy.json /etc/containers/policy.json COPY --from=builder /tmp/skopeo/bin/skopeo /usr/bin/ diff --git a/jenkins-agents/jenkins-agent-mongodb/Dockerfile b/jenkins-agents/jenkins-agent-mongodb/Dockerfile index 67960a95a..aa7107bf2 100644 --- a/jenkins-agents/jenkins-agent-mongodb/Dockerfile +++ b/jenkins-agents/jenkins-agent-mongodb/Dockerfile @@ -1,4 +1,4 @@ -FROM quay.io/openshift/origin-jenkins-agent-base:4.9 +FROM quay.io/openshift/origin-jenkins-agent-base:4.14 USER root diff --git a/jenkins-agents/jenkins-agent-npm/Dockerfile b/jenkins-agents/jenkins-agent-npm/Dockerfile index cafc3e3f7..4985a9b59 100644 --- a/jenkins-agents/jenkins-agent-npm/Dockerfile +++ b/jenkins-agents/jenkins-agent-npm/Dockerfile @@ -1,8 +1,11 @@ #invoke npm in jenkinsfile: sh "scl enable rh-nodejs6 'npm run build'" -FROM quay.io/openshift/origin-jenkins-agent-base:4.9 +FROM quay.io/openshift/origin-jenkins-agent-base:4.14 +# renovate: datasource=github-releases depName=stedolan/jq ARG JQ_VERSION=1.6 -ARG OC_VERSION=4.8 +# renovate: datasource=repology depName=homebrew/openshift-cli +ARG OC_VERSION=4.8.0 +# renovate: datasource=github-releases depName=mikefarah/yq ARG YQ_VERSION=4.6.3 ENV NODEJS_VERSION=16 \ @@ -25,7 +28,7 @@ RUN INSTALL_PKGS="nodejs" && \ curl -Lo /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_linux_amd64 && \ chmod +x /usr/local/bin/yq && \ rm -f /usr/bin/oc && \ - curl -sL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable-${OC_VERSION}/openshift-client-linux.tar.gz \ + curl -sL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OC_VERSION}/openshift-client-linux.tar.gz \ | tar zxf - -C /usr/local/bin oc kubectl USER 1001 diff --git a/jenkins-agents/jenkins-agent-python/Dockerfile b/jenkins-agents/jenkins-agent-python/Dockerfile index d416c1438..308fb8758 100644 --- a/jenkins-agents/jenkins-agent-python/Dockerfile +++ b/jenkins-agents/jenkins-agent-python/Dockerfile @@ -1,4 +1,4 @@ -FROM quay.io/openshift/origin-jenkins-agent-base:4.9 +FROM quay.io/openshift/origin-jenkins-agent-base:4.14 EXPOSE 8080 diff --git a/jenkins-agents/jenkins-agent-python/version.json b/jenkins-agents/jenkins-agent-python/version.json index 20d114234..fa8d311d7 100644 --- a/jenkins-agents/jenkins-agent-python/version.json +++ b/jenkins-agents/jenkins-agent-python/version.json @@ -1 +1 @@ -{"version":"v1.1.0"} +{"version":"v1.2.0"} diff --git a/jenkins-agents/jenkins-agent-ruby/Dockerfile b/jenkins-agents/jenkins-agent-ruby/Dockerfile index 1b0614778..ec88b84f7 100644 --- a/jenkins-agents/jenkins-agent-ruby/Dockerfile +++ b/jenkins-agents/jenkins-agent-ruby/Dockerfile @@ -1,7 +1,8 @@ FROM quay.io/openshift/origin-jenkins-agent-base:4.9 ARG RUBY_VERSION=3.1 -ARG OC_VERSION=4.14 +# renovate: datasource=repology depName=homebrew/openshift-cli +ARG OC_VERSION=4.14.0 ENV SUMMARY="Platform for building and running Ruby $RUBY_VERSION applications" \ DESCRIPTION="Ruby $RUBY_VERSION available as docker container is a base platform for \ @@ -41,7 +42,7 @@ RUN rm -f /etc/yum.repos.d/*.repo && \ dnf clean all -y && \ rm -rf /var/cache/dnf -RUN curl -sL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable-${OC_VERSION}/openshift-client-linux.tar.gz \ +RUN curl -sL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OC_VERSION}/openshift-client-linux.tar.gz \ | tar zxf - -C /usr/local/bin oc kubectl # Copy extra files to the image. diff --git a/jenkins-agents/jenkins-agent-rust/Dockerfile b/jenkins-agents/jenkins-agent-rust/Dockerfile index c30ed37cf..0717bcfa0 100644 --- a/jenkins-agents/jenkins-agent-rust/Dockerfile +++ b/jenkins-agents/jenkins-agent-rust/Dockerfile @@ -1,8 +1,8 @@ -FROM quay.io/openshift/origin-jenkins-agent-base:4.9 +FROM quay.io/openshift/origin-jenkins-agent-base:4.14 LABEL com.redhat.component="jenkins-agent-rust-ubi7-docker" \ name="openshift/origin-jenkins-agent-rust-ubi7" \ - version="4.8" \ + version="4.14" \ architecture="x86_64" \ release="1" \ io.k8s.display_name="Jenkins Agent Rust" \ diff --git a/renovate.json b/renovate.json index b87305877..3b5c543c7 100644 --- a/renovate.json +++ b/renovate.json @@ -2,6 +2,7 @@ "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ "config:best-practices", + "regexManagers:dockerfileVersions", "schedule:earlyMondays" ], "ignorePaths": [ diff --git a/tool-box/Dockerfile b/tool-box/Dockerfile index 73b9c698a..dfe00c472 100644 --- a/tool-box/Dockerfile +++ b/tool-box/Dockerfile @@ -1,21 +1,22 @@ FROM registry.access.redhat.com/ubi8:8.9-1028@sha256:449da7f8f2ef6285a8445a1e31af57a97b9dae5dcf009b1629c59742c89c68c3 ENV HOME=/home/tool-box \ - INSTALL_PKGS="git iputils procps-ng python39 vim unzip zip" \ - # renovate: datasource=repology depName=homebrew/openshift-cli - OC_VERSION=stable-4.12 \ - # renovate: datasource=github-releases depName=openshift/rosa - ROSA_VERSION=1.2.15 \ - # renovate: datasource=github-releases depName=redhat-developer/odo - ODO_VERSION=v3.9.0 \ - # renovate: datasource=pypi depName=ansible-core - ANSIBLE_VERSION=2.14.5 \ - # renovate: datasource=github-releases depName=stedolan/jq - JQ_VERSION=1.6 \ - # renovate: datasource=github-releases depName=helm/helm - HELM_VERSION=v3.11.3 \ - # renovate: datasource=github-releases depName=tektoncd/cli - TEKTON_VERSION=0.30.1 + INSTALL_PKGS="git iputils procps-ng python311 vim unzip zip" + +# renovate: datasource=repology depName=homebrew/openshift-cli +ENV OC_VERSION=stable-4.12 +# renovate: datasource=github-releases depName=openshift/rosa +ENV ROSA_VERSION=v1.2.15 +# renovate: datasource=github-releases depName=redhat-developer/odo +ENV ODO_VERSION=v3.9.0 +# renovate: datasource=pypi depName=ansible-core +ENV ANSIBLE_CORE_VERSION=2.14.5 +# renovate: datasource=github-releases depName=stedolan/jq +ENV JQ_VERSION=1.6 +# renovate: datasource=github-releases depName=helm/helm +ENV HELM_VERSION=v3.11.3 +# renovate: datasource=github-releases depName=tektoncd/cli +ENV TEKTON_VERSION=v0.30.1 RUN yum -y update && \ yum -y install $INSTALL_PKGS && \ @@ -27,17 +28,18 @@ RUN curl -o jq --fail -sL https://github.com/stedolan/jq/releases/download/jq-${ RUN mkdir -m 775 $HOME && \ chmod 775 /etc/passwd && \ - pip3 install --upgrade pip && \ - pip3 install ansible-core==${ANSIBLE_VERSION} + python3 -m ensurepip --default-pip && \ + python3 -m pip install --upgrade pip && \ + python3 -m pip install ansible-core==${ANSIBLE_CORE_VERSION} RUN curl --fail -s https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar -xvz && \ chmod u+x linux-amd64/helm && mv linux-amd64/helm /usr/local/bin/ && rm -rf linux-amd64 -RUN curl --fail -sL https://github.com/tektoncd/cli/releases/download/v${TEKTON_VERSION}/tkn_${TEKTON_VERSION}_Linux_x86_64.tar.gz | tar --no-same-owner -xvz -C /usr/local/bin/ tkn +RUN curl --fail -sL https://github.com/tektoncd/cli/releases/download/${TEKTON_VERSION}/tkn_${TEKTON_VERSION//v}_Linux_x86_64.tar.gz | tar --no-same-owner -xvz -C /usr/local/bin/ tkn RUN curl --fail -sL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OC_VERSION}/openshift-client-linux.tar.gz | tar --no-same-owner -C /usr/local/bin/ -xzf - -RUN curl --fail -sL https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/rosa/${ROSA_VERSION}/rosa-linux.tar.gz | tar --no-same-owner -C /usr/local/bin/ -xzf - +RUN curl --fail -sL https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/rosa/${ROSA_VERSION//v}/rosa-linux.tar.gz | tar --no-same-owner -C /usr/local/bin/ -xzf - RUN curl --fail -sL https://mirror.openshift.com/pub/openshift-v4/clients/odo/${ODO_VERSION}/odo-linux-amd64 -o /usr/local/bin/odo && \ chmod +x /usr/local/bin/odo