updated tekton versions to be renovated

redhat-cop · Dec 12, 2023 · 8474a59 · 8474a59
1 parent 8d0e7c1
commit 8474a59
Show file tree

Hide file tree

Showing 9 changed files with 49 additions and 4 deletions.
diff --git a/.github/workflows/tekton-task-images-conftest-pr.yaml b/.github/workflows/tekton-task-images-conftest-pr.yaml
@@ -4,6 +4,10 @@ on:
     paths:
       - tekton-task-images/conftest/**
       - .github/workflows/tekton-task-images-conftest-pr.yaml
+
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   build:
     env:
@@ -15,7 +19,7 @@ jobs:
 
       - name: Convert VERSION to version.json
         run: |
-          version=$(cat ${{ env.context }}/VERSION | cut -d"=" -f2)
+          version=$(sed -n '2p' ${{ env.context }}/VERSION | cut -d"=" -f2)
           jq -c --null-input --arg version "v$version" '{ "version": $version }' > ${{ env.context }}/version.json
 
       - name: Check and verify version.json
@@ -33,6 +37,7 @@ jobs:
           image: ${{ env.image_name }}
           oci: true
           tags: ${{ steps.check_version.outputs.IMAGE_TAGS }}
+
       - name: Test image
         run: |
           echo "Running: podman run ${image_name}:${{ steps.check_version.outputs.VERSION }} conftest version"

diff --git a/.github/workflows/tekton-task-images-conftest-publish.yaml b/.github/workflows/tekton-task-images-conftest-publish.yaml
@@ -4,19 +4,25 @@ on:
     paths:
       - tekton-task-images/conftest/VERSION
       - .github/workflows/tekton-task-images-conftest-publish.yaml
+
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   build:
     env:
       context: tekton-task-images/conftest
       image_name: tekton-task-conftest
       REGISTRY: ${{ secrets.REGISTRY_URI }}
     runs-on: ubuntu-latest
+    permissions:
+      packages: write
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
       - name: Convert VERSION to version.json
         run: |
-          version=$(cat ${{ env.context }}/VERSION | cut -d"=" -f2)
+          version=$(sed -n '2p' ${{ env.context }}/VERSION | cut -d"=" -f2)
           jq -c --null-input --arg version "v$version" '{ "version": $version }' > ${{ env.context }}/version.json
 
       - name: Get image tags

diff --git a/.github/workflows/tekton-task-images-helm-pr.yaml b/.github/workflows/tekton-task-images-helm-pr.yaml
@@ -4,6 +4,10 @@ on:
     paths:
       - tekton-task-images/helm/**
       - .github/workflows/tekton-task-images-helm-pr.yaml
+
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   build:
     env:
@@ -33,6 +37,7 @@ jobs:
           image: ${{ env.image_name }}
           oci: true
           tags: ${{ steps.check_version.outputs.IMAGE_TAGS }}
+
       - name: Test image contains the version of the binary
         run: |
           echo "Running: podman run ${image_name}:${{ steps.check_version.outputs.VERSION }} helm version"

diff --git a/.github/workflows/tekton-task-images-helm-publish.yaml b/.github/workflows/tekton-task-images-helm-publish.yaml
@@ -4,13 +4,19 @@ on:
     paths:
       - tekton-task-images/helm/VERSION
       - .github/workflows/tekton-task-images-helm-publish.yaml
+
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   build:
     env:
       context: tekton-task-images/helm
       image_name: tekton-task-helm
       REGISTRY: ${{ secrets.REGISTRY_URI }}
     runs-on: ubuntu-latest
+    permissions:
+      packages: write
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest version is supported.
+
+## Reporting a Vulnerability
+
+For any issues or concerns, please contact: [@container-cop-core](https://github.com/orgs/redhat-cop/teams/container-cop-core)
diff --git a/renovate.json b/renovate.json
@@ -26,5 +26,16 @@
     "**/tower-ocp-custom/**",
     "**/ubi7-gitlab-runner/**",
     "**/zalenium/**"
+  ],
+  "customManagers": [
+    {
+      "customType": "regex",
+      "fileMatch": [
+        "^.+\\/VERSION$"
+      ],
+      "matchStrings": [
+        "# renovate: datasource=(?<datasource>[a-z-.]+?) depName=(?<depName>[^\\s]+?)(?: (?:lookupName|packageName)=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[^\\s]+?))?(?: extractVersion=(?<extractVersion>[^\\s]+?))?\\s+[A-Za-z0-9_]+?_VERSION=(?<currentValue>.+?)?\\s"
+      ]
+    }
   ]
 }
diff --git a/tekton-task-images/conftest/VERSION b/tekton-task-images/conftest/VERSION
@@ -1 +1,2 @@
-CONFTEST_VERSION=0.41.0
+# renovate: datasource=github-releases depName=open-policy-agent/conftest
+CONFTEST_VERSION=0.41.0
diff --git a/tekton-task-images/helm/Dockerfile b/tekton-task-images/helm/Dockerfile
@@ -2,6 +2,7 @@ FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3-1361.1699548032@sha256:c777
 
 USER root
 
+# renovate: datasource=github-releases depName=mikefarah/yq
 ARG YQ_VERSION=4.23.1
 
 RUN microdnf install -y --nodocs openssl tar git findutils gzip && \

diff --git a/tekton-task-images/helm/VERSION b/tekton-task-images/helm/VERSION
@@ -1 +1,2 @@
-HELM_VERSION=3.11.2
+# renovate: datasource=github-releases depName=helm/helm
+HELM_VERSION=3.11.2