fix: switch to node-lts chainguard image #716
Merged
+2
−4
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jeff-mccoy
requested review from
cmwylie19,
btlghrants and
schaeferka
as code owners
jeff-mccoy
changed the title
|
@cmwylie19 we should probably add grype to our CI as it would have caught this too. |
|
See the diff from the current image and the udpated lts image below. old image: new image: |
great idea, was considering this a few weeks ago too. Added an issue and we will get this prioritized #717 |
cmwylie19
approved these changes
Apr 4, 2024
btlghrants
pushed a commit
that referenced
this pull request
Apr 4, 2024
## Description Chainguard stopped publishing versioned images outside of `latest` last fall and so dependabot never picked up a newer version. This led to a stale Pepr Controller image that had vulnerabilities from not being maintained. This step in CI will fail if there are high vulnerabilities in the `pepr:dev` image which is the candidate image for release. If there are vulnerabilities it will trigger our team to research why the vulnerabilities are there, ie checking to ensure we have the latest and correct images. CC: Thanks @eddiezane @jeff-mccoy for pointing it out ## Related Issue Fixes # <!-- or --> Relates to #716 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://docs.pepr.dev/main/contribute/contributor-guide/#submitting-a-pull-request) followed --------- Signed-off-by: Case Wylie <cmwylie19@defenseunicorns.com>
mjnagel
referenced
this pull request
in defenseunicorns/uds-core
Apr 11, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---|---|---| | [defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common) | | patch | `v0.3.2` -> `v0.3.10` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [pepr](https://togithub.com/defenseunicorns/pepr) | dependencies | minor | [`0.28.7` -> `0.29.0`](https://renovatebot.com/diffs/npm/pepr/0.28.7/0.29.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [registry1.dso.mil/ironbank/opensource/defenseunicorns/pepr/controller](https://togithub.com/defenseunicorns/pepr) ([source](https://repo1.dso.mil/dsop/opensource/defenseunicorns/pepr/controller)) | | minor | `v0.28.7` -> `v0.29.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v0.3.10`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.10) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.9...v0.3.10) ##### Miscellaneous - add a full uds task and inputs ([#​95](https://togithub.com/defenseunicorns/uds-common/issues/95)) ([7e15fd2](https://togithub.com/defenseunicorns/uds-common/commit/7e15fd2ba4629ee1fae31e87f946ca32138df73c)) - add latest-bundle-release task ([#​97](https://togithub.com/defenseunicorns/uds-common/issues/97)) ([2662f6a](https://togithub.com/defenseunicorns/uds-common/commit/2662f6a697a97b2a202a128040a487f2d2e117d7)) - attempt to fix renovate ([#​98](https://togithub.com/defenseunicorns/uds-common/issues/98)) ([8155ecc](https://togithub.com/defenseunicorns/uds-common/commit/8155ecc62968e342110b0598a2d57de17b5e3914)) - **deps:** update uds common support dependencies ([#​101](https://togithub.com/defenseunicorns/uds-common/issues/101)) ([dfdf927](https://togithub.com/defenseunicorns/uds-common/commit/dfdf927b2367a0592a54fa8a97d4ee84e118e2e0)) - fix renovate env var rule overmatching ([#​99](https://togithub.com/defenseunicorns/uds-common/issues/99)) ([480497f](https://togithub.com/defenseunicorns/uds-common/commit/480497f4a72c3f25fcb87823c5902192d4e5befb)) - fix the renovate config github digest pinning ([#​100](https://togithub.com/defenseunicorns/uds-common/issues/100)) ([4603448](https://togithub.com/defenseunicorns/uds-common/commit/4603448ce94c22c614ec7e87b9520e9681e618e2)) ### [`v0.3.9`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.9) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.8...v0.3.9) ##### Miscellaneous - fix missing keys in setup actions ([#​93](https://togithub.com/defenseunicorns/uds-common/issues/93)) ([39d7395](https://togithub.com/defenseunicorns/uds-common/commit/39d73955ebb35f4e844a45fe23a7acf7d65d239a)) ### [`v0.3.8`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.8) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.7...v0.3.8) ##### Miscellaneous - add upgrade tests to common ([#​91](https://togithub.com/defenseunicorns/uds-common/issues/91)) ([bb2e590](https://togithub.com/defenseunicorns/uds-common/commit/bb2e59021355172db2cfcca7dbf5a2434ce41b6d)) - **deps:** update dependency defenseunicorns/uds-cli to v0.10.1 ([#​84](https://togithub.com/defenseunicorns/uds-common/issues/84)) ([6b455b7](https://togithub.com/defenseunicorns/uds-common/commit/6b455b7cef8ddab022c758a6309d8993f0a564b7)) - **deps:** update dependency defenseunicorns/uds-core to v0.17.0 ([#​83](https://togithub.com/defenseunicorns/uds-common/issues/83)) ([b8d8181](https://togithub.com/defenseunicorns/uds-common/commit/b8d818165c7c676f56898c2d15ae14a2f7ff5f0c)) - **deps:** update uds common package dependencies to v6.6.1 ([#​92](https://togithub.com/defenseunicorns/uds-common/issues/92)) ([862b635](https://togithub.com/defenseunicorns/uds-common/commit/862b63512b4b53ff963b85e25e8011818bb8e4e3)) - update registry login to happen in the common env setup action ([#​88](https://togithub.com/defenseunicorns/uds-common/issues/88)) ([b7bce88](https://togithub.com/defenseunicorns/uds-common/commit/b7bce888d1d62c5d382d7d88a54e59da72e0d3ae)) ### [`v0.3.7`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.7) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.6...v0.3.7) ##### Miscellaneous - remove schedule on renovate ([#​85](https://togithub.com/defenseunicorns/uds-common/issues/85)) ([fda7e57](https://togithub.com/defenseunicorns/uds-common/commit/fda7e57ad878cc70bf3905948911daa84c67db27)) - update k3d-core-istio-dev to k3d-core-slim-dev ([#​86](https://togithub.com/defenseunicorns/uds-common/issues/86)) ([aa0e6da](https://togithub.com/defenseunicorns/uds-common/commit/aa0e6dad40126ead465b102ea28a3ac961883493)) ### [`v0.3.6`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.6) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.5...v0.3.6) ##### Miscellaneous - hotfix the spoof containing a dash in the input and add a publish step ([#​81](https://togithub.com/defenseunicorns/uds-common/issues/81)) ([f9c7aac](https://togithub.com/defenseunicorns/uds-common/commit/f9c7aac4a30e5c3e627c44946f2f212af1573b39)) ### [`v0.3.5`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.5) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.4...v0.3.5) ##### Miscellaneous - fix spoof to not include a dash ([#​79](https://togithub.com/defenseunicorns/uds-common/issues/79)) ([5d1738b](https://togithub.com/defenseunicorns/uds-common/commit/5d1738ba0ca2cd19c7fdf6dfe6873339e129c3bb)) ### [`v0.3.4`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.4) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.3...v0.3.4) ##### Miscellaneous - add the ability to spoof to common ([#​77](https://togithub.com/defenseunicorns/uds-common/issues/77)) ([49634e1](https://togithub.com/defenseunicorns/uds-common/commit/49634e1b69c6b2eadcc2497f6baba8bd349f3d38)) - **deps:** update dependency defenseunicorns/uds-core to v0.16.1 ([#​72](https://togithub.com/defenseunicorns/uds-common/issues/72)) ([32d1ad6](https://togithub.com/defenseunicorns/uds-common/commit/32d1ad6812a3ef6ad750447296f5644b14ff2855)) ### [`v0.3.3`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.3) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.2...v0.3.3) ##### Miscellaneous - add an explicit architecture input ([#​75](https://togithub.com/defenseunicorns/uds-common/issues/75)) ([15825d4](https://togithub.com/defenseunicorns/uds-common/commit/15825d44bbb53b90a22ff41eced5050d84ffa251)) </details> <details> <summary>defenseunicorns/pepr (pepr)</summary> ### [`v0.29.0`](https://togithub.com/defenseunicorns/pepr/releases/tag/v0.29.0) [Compare Source](https://togithub.com/defenseunicorns/pepr/compare/v0.28.8...v0.29.0) #### features - chore: create helper functions for pepr by [@​schaeferka](https://togithub.com/schaeferka) in [https://github.com/defenseunicorns/pepr/pull/688](https://togithub.com/defenseunicorns/pepr/pull/688) **getOwnerRefFrom** - get fields needed to create an owner ref ```ts // Create a deployment that is "owned" by the WebApp instance 👍 function deployment(instance: WebApp) { const { name, namespace } = instance.metadata!; const { replicas } = instance.spec!; return { apiVersion: "apps/v1", kind: "Deployment", metadata: { ownerReferences: getOwnerRefFrom(instance), // 👈 Instance owns deploymeny name, namespace, labels: { "pepr.dev/operator": name, }, }, ``` **containers** - Get all of the containers from a pod ```ts When(a.Pod) .IsCreatedOrUpdated() .Validate(po => { const podContainers = containers(po); // containers, initContainer, ephemeralContainers 👈 for (const container of podContainers) { if ( container.securityContext?.allowPrivilegeEscalation || container.securityContext?.privileged ) { return po.Deny("Privilege escalation is not allowed"); } } return po.Approve(); }); ``` **writeEvent** - write an event ```ts async function updateStatus(instance: WebApp, status: Status) { await writeEvent(instance, {phase: status}, "Normal", "CreatedOrUpdate", instance.metadata.name, instance.metadata.name); await K8s(WebApp).PatchStatus({ metadata: { name: instance.metadata!.name, namespace: instance.metadata!.namespace, }, status, }); } kubectl describe wa webapp-light-en -n webapps ### output Name: webapp-light-en Namespace: webapps API Version: pepr.io/v1alpha1 Kind: WebApp Metadata: ... Spec: Language: en Replicas: 1 Theme: light Status: Observed Generation: 1 Phase: Ready Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal InstanceCreatedOrUpdated 36s webapp-light-en Pending 👈 Normal InstanceCreatedOrUpdated 36s webapp-light-en Ready 👈 ``` Take a look at the [sdk functions](https://togithub.com/defenseunicorns/pepr/blob/main/src/sdk/sdk.ts). Good job [@​schaeferka](https://togithub.com/schaeferka) 👏 #### What's Changed - chore: onschedule runs always in dev mode by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/725](https://togithub.com/defenseunicorns/pepr/pull/725) - chore: update docs on the operator by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/726](https://togithub.com/defenseunicorns/pepr/pull/726) - chore: bump chainguard/node-lts from `cc860c4` to `8c5f0eb` by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/721](https://togithub.com/defenseunicorns/pepr/pull/721) - chore: bump [@​types/node](https://togithub.com/types/node) from 18.19.29 to 18.19.30 in the development-dependencies group by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/720](https://togithub.com/defenseunicorns/pepr/pull/720) **Full Changelog**: defenseunicorns/pepr@v0.28.8...v0.29.0 ### [`v0.28.8`](https://togithub.com/defenseunicorns/pepr/releases/tag/v0.28.8) [Compare Source](https://togithub.com/defenseunicorns/pepr/compare/v0.28.7...v0.28.8) #### What's Changed - fix: switch to node-lts chainguard image by [@​jeff-mccoy](https://togithub.com/jeff-mccoy) in [https://github.com/defenseunicorns/pepr/pull/716](https://togithub.com/defenseunicorns/pepr/pull/716) - chore: update readme to have inclusive language by [@​schristoff](https://togithub.com/schristoff) in [https://github.com/defenseunicorns/pepr/pull/681](https://togithub.com/defenseunicorns/pepr/pull/681) - chore: update Contributor Guide Link by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/700](https://togithub.com/defenseunicorns/pepr/pull/700) - chore: excellent examples new path by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/709](https://togithub.com/defenseunicorns/pepr/pull/709) - chore: pipeline test by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/710](https://togithub.com/defenseunicorns/pepr/pull/710) - chore: test exception ci by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/707](https://togithub.com/defenseunicorns/pepr/pull/707) - chore: e2e integration by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/712](https://togithub.com/defenseunicorns/pepr/pull/712) - Excellent examples integration by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/713](https://togithub.com/defenseunicorns/pepr/pull/713) - chore: vulnerability scan by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/718](https://togithub.com/defenseunicorns/pepr/pull/718) - chore: testing the e2e test by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/701](https://togithub.com/defenseunicorns/pepr/pull/701) - chore: bump the development-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/705](https://togithub.com/defenseunicorns/pepr/pull/705) - chore: bump the production-dependencies group with 1 update by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/704](https://togithub.com/defenseunicorns/pepr/pull/704) - chore: bump actions/setup-node from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/703](https://togithub.com/defenseunicorns/pepr/pull/703) - chore: bump actions/checkout from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/702](https://togithub.com/defenseunicorns/pepr/pull/702) - chore: bump the development-dependencies group with 1 update by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/708](https://togithub.com/defenseunicorns/pepr/pull/708) - chore: bump actions/checkout from 4.1.1 to 4.1.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/719](https://togithub.com/defenseunicorns/pepr/pull/719) #### New Contributors - [@​schristoff](https://togithub.com/schristoff) made their first contribution in [https://github.com/defenseunicorns/pepr/pull/681](https://togithub.com/defenseunicorns/pepr/pull/681) **Full Changelog**: defenseunicorns/pepr@v0.28.7...v0.28.8 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNjkuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
](https://renovatebot.com){kind=link}
rjferguson21
referenced
this pull request
in defenseunicorns/uds-core
Jul 11, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---|---|---| | [defenseunicorns/uds-common](https://togithub.com/defenseunicorns/uds-common) | | patch | `v0.3.2` -> `v0.3.10` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [pepr](https://togithub.com/defenseunicorns/pepr) | dependencies | minor | [`0.28.7` -> `0.29.0`](https://renovatebot.com/diffs/npm/pepr/0.28.7/0.29.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [registry1.dso.mil/ironbank/opensource/defenseunicorns/pepr/controller](https://togithub.com/defenseunicorns/pepr) ([source](https://repo1.dso.mil/dsop/opensource/defenseunicorns/pepr/controller)) | | minor | `v0.28.7` -> `v0.29.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>defenseunicorns/uds-common (defenseunicorns/uds-common)</summary> ### [`v0.3.10`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.10) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.9...v0.3.10) ##### Miscellaneous - add a full uds task and inputs ([#​95](https://togithub.com/defenseunicorns/uds-common/issues/95)) ([7e15fd2](https://togithub.com/defenseunicorns/uds-common/commit/7e15fd2ba4629ee1fae31e87f946ca32138df73c)) - add latest-bundle-release task ([#​97](https://togithub.com/defenseunicorns/uds-common/issues/97)) ([2662f6a](https://togithub.com/defenseunicorns/uds-common/commit/2662f6a697a97b2a202a128040a487f2d2e117d7)) - attempt to fix renovate ([#​98](https://togithub.com/defenseunicorns/uds-common/issues/98)) ([8155ecc](https://togithub.com/defenseunicorns/uds-common/commit/8155ecc62968e342110b0598a2d57de17b5e3914)) - **deps:** update uds common support dependencies ([#​101](https://togithub.com/defenseunicorns/uds-common/issues/101)) ([dfdf927](https://togithub.com/defenseunicorns/uds-common/commit/dfdf927b2367a0592a54fa8a97d4ee84e118e2e0)) - fix renovate env var rule overmatching ([#​99](https://togithub.com/defenseunicorns/uds-common/issues/99)) ([480497f](https://togithub.com/defenseunicorns/uds-common/commit/480497f4a72c3f25fcb87823c5902192d4e5befb)) - fix the renovate config github digest pinning ([#​100](https://togithub.com/defenseunicorns/uds-common/issues/100)) ([4603448](https://togithub.com/defenseunicorns/uds-common/commit/4603448ce94c22c614ec7e87b9520e9681e618e2)) ### [`v0.3.9`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.9) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.8...v0.3.9) ##### Miscellaneous - fix missing keys in setup actions ([#​93](https://togithub.com/defenseunicorns/uds-common/issues/93)) ([39d7395](https://togithub.com/defenseunicorns/uds-common/commit/39d73955ebb35f4e844a45fe23a7acf7d65d239a)) ### [`v0.3.8`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.8) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.7...v0.3.8) ##### Miscellaneous - add upgrade tests to common ([#​91](https://togithub.com/defenseunicorns/uds-common/issues/91)) ([bb2e590](https://togithub.com/defenseunicorns/uds-common/commit/bb2e59021355172db2cfcca7dbf5a2434ce41b6d)) - **deps:** update dependency defenseunicorns/uds-cli to v0.10.1 ([#​84](https://togithub.com/defenseunicorns/uds-common/issues/84)) ([6b455b7](https://togithub.com/defenseunicorns/uds-common/commit/6b455b7cef8ddab022c758a6309d8993f0a564b7)) - **deps:** update dependency defenseunicorns/uds-core to v0.17.0 ([#​83](https://togithub.com/defenseunicorns/uds-common/issues/83)) ([b8d8181](https://togithub.com/defenseunicorns/uds-common/commit/b8d818165c7c676f56898c2d15ae14a2f7ff5f0c)) - **deps:** update uds common package dependencies to v6.6.1 ([#​92](https://togithub.com/defenseunicorns/uds-common/issues/92)) ([862b635](https://togithub.com/defenseunicorns/uds-common/commit/862b63512b4b53ff963b85e25e8011818bb8e4e3)) - update registry login to happen in the common env setup action ([#​88](https://togithub.com/defenseunicorns/uds-common/issues/88)) ([b7bce88](https://togithub.com/defenseunicorns/uds-common/commit/b7bce888d1d62c5d382d7d88a54e59da72e0d3ae)) ### [`v0.3.7`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.7) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.6...v0.3.7) ##### Miscellaneous - remove schedule on renovate ([#​85](https://togithub.com/defenseunicorns/uds-common/issues/85)) ([fda7e57](https://togithub.com/defenseunicorns/uds-common/commit/fda7e57ad878cc70bf3905948911daa84c67db27)) - update k3d-core-istio-dev to k3d-core-slim-dev ([#​86](https://togithub.com/defenseunicorns/uds-common/issues/86)) ([aa0e6da](https://togithub.com/defenseunicorns/uds-common/commit/aa0e6dad40126ead465b102ea28a3ac961883493)) ### [`v0.3.6`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.6) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.5...v0.3.6) ##### Miscellaneous - hotfix the spoof containing a dash in the input and add a publish step ([#​81](https://togithub.com/defenseunicorns/uds-common/issues/81)) ([f9c7aac](https://togithub.com/defenseunicorns/uds-common/commit/f9c7aac4a30e5c3e627c44946f2f212af1573b39)) ### [`v0.3.5`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.5) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.4...v0.3.5) ##### Miscellaneous - fix spoof to not include a dash ([#​79](https://togithub.com/defenseunicorns/uds-common/issues/79)) ([5d1738b](https://togithub.com/defenseunicorns/uds-common/commit/5d1738ba0ca2cd19c7fdf6dfe6873339e129c3bb)) ### [`v0.3.4`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.4) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.3...v0.3.4) ##### Miscellaneous - add the ability to spoof to common ([#​77](https://togithub.com/defenseunicorns/uds-common/issues/77)) ([49634e1](https://togithub.com/defenseunicorns/uds-common/commit/49634e1b69c6b2eadcc2497f6baba8bd349f3d38)) - **deps:** update dependency defenseunicorns/uds-core to v0.16.1 ([#​72](https://togithub.com/defenseunicorns/uds-common/issues/72)) ([32d1ad6](https://togithub.com/defenseunicorns/uds-common/commit/32d1ad6812a3ef6ad750447296f5644b14ff2855)) ### [`v0.3.3`](https://togithub.com/defenseunicorns/uds-common/releases/tag/v0.3.3) [Compare Source](https://togithub.com/defenseunicorns/uds-common/compare/v0.3.2...v0.3.3) ##### Miscellaneous - add an explicit architecture input ([#​75](https://togithub.com/defenseunicorns/uds-common/issues/75)) ([15825d4](https://togithub.com/defenseunicorns/uds-common/commit/15825d44bbb53b90a22ff41eced5050d84ffa251)) </details> <details> <summary>defenseunicorns/pepr (pepr)</summary> ### [`v0.29.0`](https://togithub.com/defenseunicorns/pepr/releases/tag/v0.29.0) [Compare Source](https://togithub.com/defenseunicorns/pepr/compare/v0.28.8...v0.29.0) #### features - chore: create helper functions for pepr by [@​schaeferka](https://togithub.com/schaeferka) in [https://github.com/defenseunicorns/pepr/pull/688](https://togithub.com/defenseunicorns/pepr/pull/688) **getOwnerRefFrom** - get fields needed to create an owner ref ```ts // Create a deployment that is "owned" by the WebApp instance 👍 function deployment(instance: WebApp) { const { name, namespace } = instance.metadata!; const { replicas } = instance.spec!; return { apiVersion: "apps/v1", kind: "Deployment", metadata: { ownerReferences: getOwnerRefFrom(instance), // 👈 Instance owns deploymeny name, namespace, labels: { "pepr.dev/operator": name, }, }, ``` **containers** - Get all of the containers from a pod ```ts When(a.Pod) .IsCreatedOrUpdated() .Validate(po => { const podContainers = containers(po); // containers, initContainer, ephemeralContainers 👈 for (const container of podContainers) { if ( container.securityContext?.allowPrivilegeEscalation || container.securityContext?.privileged ) { return po.Deny("Privilege escalation is not allowed"); } } return po.Approve(); }); ``` **writeEvent** - write an event ```ts async function updateStatus(instance: WebApp, status: Status) { await writeEvent(instance, {phase: status}, "Normal", "CreatedOrUpdate", instance.metadata.name, instance.metadata.name); await K8s(WebApp).PatchStatus({ metadata: { name: instance.metadata!.name, namespace: instance.metadata!.namespace, }, status, }); } kubectl describe wa webapp-light-en -n webapps ### output Name: webapp-light-en Namespace: webapps API Version: pepr.io/v1alpha1 Kind: WebApp Metadata: ... Spec: Language: en Replicas: 1 Theme: light Status: Observed Generation: 1 Phase: Ready Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal InstanceCreatedOrUpdated 36s webapp-light-en Pending 👈 Normal InstanceCreatedOrUpdated 36s webapp-light-en Ready 👈 ``` Take a look at the [sdk functions](https://togithub.com/defenseunicorns/pepr/blob/main/src/sdk/sdk.ts). Good job [@​schaeferka](https://togithub.com/schaeferka) 👏 #### What's Changed - chore: onschedule runs always in dev mode by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/725](https://togithub.com/defenseunicorns/pepr/pull/725) - chore: update docs on the operator by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/726](https://togithub.com/defenseunicorns/pepr/pull/726) - chore: bump chainguard/node-lts from `cc860c4` to `8c5f0eb` by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/721](https://togithub.com/defenseunicorns/pepr/pull/721) - chore: bump [@​types/node](https://togithub.com/types/node) from 18.19.29 to 18.19.30 in the development-dependencies group by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/720](https://togithub.com/defenseunicorns/pepr/pull/720) **Full Changelog**: defenseunicorns/pepr@v0.28.8...v0.29.0 ### [`v0.28.8`](https://togithub.com/defenseunicorns/pepr/releases/tag/v0.28.8) [Compare Source](https://togithub.com/defenseunicorns/pepr/compare/v0.28.7...v0.28.8) #### What's Changed - fix: switch to node-lts chainguard image by [@​jeff-mccoy](https://togithub.com/jeff-mccoy) in [https://github.com/defenseunicorns/pepr/pull/716](https://togithub.com/defenseunicorns/pepr/pull/716) - chore: update readme to have inclusive language by [@​schristoff](https://togithub.com/schristoff) in [https://github.com/defenseunicorns/pepr/pull/681](https://togithub.com/defenseunicorns/pepr/pull/681) - chore: update Contributor Guide Link by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/700](https://togithub.com/defenseunicorns/pepr/pull/700) - chore: excellent examples new path by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/709](https://togithub.com/defenseunicorns/pepr/pull/709) - chore: pipeline test by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/710](https://togithub.com/defenseunicorns/pepr/pull/710) - chore: test exception ci by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/707](https://togithub.com/defenseunicorns/pepr/pull/707) - chore: e2e integration by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/712](https://togithub.com/defenseunicorns/pepr/pull/712) - Excellent examples integration by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/713](https://togithub.com/defenseunicorns/pepr/pull/713) - chore: vulnerability scan by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/718](https://togithub.com/defenseunicorns/pepr/pull/718) - chore: testing the e2e test by [@​cmwylie19](https://togithub.com/cmwylie19) in [https://github.com/defenseunicorns/pepr/pull/701](https://togithub.com/defenseunicorns/pepr/pull/701) - chore: bump the development-dependencies group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/705](https://togithub.com/defenseunicorns/pepr/pull/705) - chore: bump the production-dependencies group with 1 update by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/704](https://togithub.com/defenseunicorns/pepr/pull/704) - chore: bump actions/setup-node from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/703](https://togithub.com/defenseunicorns/pepr/pull/703) - chore: bump actions/checkout from 2 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/702](https://togithub.com/defenseunicorns/pepr/pull/702) - chore: bump the development-dependencies group with 1 update by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/708](https://togithub.com/defenseunicorns/pepr/pull/708) - chore: bump actions/checkout from 4.1.1 to 4.1.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/defenseunicorns/pepr/pull/719](https://togithub.com/defenseunicorns/pepr/pull/719) #### New Contributors - [@​schristoff](https://togithub.com/schristoff) made their first contribution in [https://github.com/defenseunicorns/pepr/pull/681](https://togithub.com/defenseunicorns/pepr/pull/681) **Full Changelog**: defenseunicorns/pepr@v0.28.7...v0.28.8 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/defenseunicorns/uds-core). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNjkuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Chainguard stopped publishing versioned images outside of
latestlast fall and so dependabot never picked up a newer version. Thanks to @eddiezane pointing this out, we were using a very stale image. This switches the upstream image to the equivalent lts version of Node, which will change version in the next couple of months, but matches our current NodeJS compatibility for Pepr.