diff --git a/.github/workflows/alpha.yaml b/.github/workflows/alpha.yaml index e3f7b66ff9..19d2d5c248 100644 --- a/.github/workflows/alpha.yaml +++ b/.github/workflows/alpha.yaml @@ -84,7 +84,7 @@ jobs: id: scan uses: aquasecurity/trivy-action@master with: - image-ref: "cgr.dev/chainguard/rqlite:${{ steps.dotenv.outputs.RQLITE_TAG }}" + image-ref: "rqlite/rqlite:${{ steps.dotenv.outputs.RQLITE_TAG }}" format: 'template' template: '@/contrib/sarif.tpl' output: 'rqlite-scan-output.sarif' @@ -111,7 +111,7 @@ jobs: id: scan uses: aquasecurity/trivy-action@master with: - image-ref: "cgr.dev/chainguard/minio:${{ steps.dotenv.outputs.minio_tag }}" + image-ref: "minio/minio:${{ steps.dotenv.outputs.minio_tag }}" format: 'template' template: '@/contrib/sarif.tpl' output: 'minio-scan-output.sarif' @@ -139,7 +139,7 @@ jobs: id: scan uses: aquasecurity/trivy-action@master with: - image-ref: "cgr.dev/chainguard/dex:${{ steps.dotenv.outputs.dex_tag }}" + image-ref: "ghcr.io/dexidp/dex:${{ steps.dotenv.outputs.dex_tag }}" format: 'template' template: '@/contrib/sarif.tpl' output: 'dex-scan-output.sarif' diff --git a/.github/workflows/build-test.yaml b/.github/workflows/build-test.yaml index 374afd0848..17074b7728 100644 --- a/.github/workflows/build-test.yaml +++ b/.github/workflows/build-test.yaml @@ -429,8 +429,8 @@ jobs: - name: push minio for e2e run: | - docker pull cgr.dev/chainguard/minio:${{ steps.dotenv.outputs.minio_tag }} - docker tag cgr.dev/chainguard/minio:${{ steps.dotenv.outputs.minio_tag }} ttl.sh/automated-${{ github.run_id }}/minio:${{ steps.dotenv.outputs.minio_tag }} + docker pull minio/minio:${{ steps.dotenv.outputs.minio_tag }} + docker tag minio/minio:${{ steps.dotenv.outputs.minio_tag }} ttl.sh/automated-${{ github.run_id }}/minio:${{ steps.dotenv.outputs.minio_tag }} docker push ttl.sh/automated-${{ github.run_id }}/minio:${{ steps.dotenv.outputs.minio_tag }} @@ -448,8 +448,8 @@ jobs: - name: push rqlite for CI run: | - docker pull cgr.dev/chainguard/rqlite:${{ steps.dotenv.outputs.RQLITE_TAG }} - docker tag cgr.dev/chainguard/rqlite:${{ steps.dotenv.outputs.RQLITE_TAG }} ttl.sh/automated-${{ github.run_id }}/rqlite:${{ steps.dotenv.outputs.RQLITE_TAG }} + docker pull rqlite/rqlite:${{ steps.dotenv.outputs.RQLITE_TAG }} + docker tag rqlite/rqlite:${{ steps.dotenv.outputs.RQLITE_TAG }} ttl.sh/automated-${{ github.run_id }}/rqlite:${{ steps.dotenv.outputs.RQLITE_TAG }} docker push ttl.sh/automated-${{ github.run_id }}/rqlite:${{ steps.dotenv.outputs.RQLITE_TAG }} @@ -467,8 +467,7 @@ jobs: - name: push dex for CI run: | - docker pull cgr.dev/chainguard/dex:${{ steps.dotenv.outputs.DEX_TAG }} - docker tag cgr.dev/chainguard/dex:${{ steps.dotenv.outputs.DEX_TAG }} ttl.sh/automated-${{ github.run_id }}/dex:${{ steps.dotenv.outputs.DEX_TAG }} + docker build --pull -f deploy/dex.Dockerfile -t ttl.sh/automated-${{ github.run_id }}/dex:${{ steps.dotenv.outputs.DEX_TAG }} --build-arg TAG=${{ steps.dotenv.outputs.DEX_TAG }} . docker push ttl.sh/automated-${{ github.run_id }}/dex:${{ steps.dotenv.outputs.DEX_TAG }} diff --git a/.image.env b/.image.env index dd203aa0a0..cb5fd3bde3 100644 --- a/.image.env +++ b/.image.env @@ -1,8 +1,8 @@ # Generated file, do not modify. This file is generated from a text file containing a list of images. The # most recent tag is interpolated from the source repository and used to generate a fully qualified image # name. -MINIO_TAG='0.20231101-dev' +MINIO_TAG='RELEASE.2023-11-11T08-14-41Z' RQLITE_TAG='7.21.4' -DEX_TAG='2.37.0' +DEX_TAG='v2.37.0' SCHEMAHERO_TAG='0.16.0' LVP_TAG='v0.5.5' \ No newline at end of file diff --git a/Makefile b/Makefile index 43698014e4..b2c6216431 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,8 @@ include Makefile.build.mk CURRENT_USER := $(shell id -u -n) -MINIO_TAG ?= 0.20231101-dev +MINIO_TAG ?= RELEASE.2023-11-11T08-14-41Z RQLITE_TAG ?= 7.21.4 -DEX_TAG ?= 2.37.0 +DEX_TAG ?= v2.37.0 LVP_TAG ?= v0.5.5 define sendMetrics @@ -118,36 +118,31 @@ build-ttl.sh: build all-ttl.sh: build-ttl.sh source .image.env && IMAGE=ttl.sh/${CURRENT_USER}/kotsadm-migrations:24h make -C migrations build_schema - docker pull cgr.dev/chainguard/minio:${MINIO_TAG} - docker tag cgr.dev/chainguard/minio:${MINIO_TAG} ttl.sh/${CURRENT_USER}/minio:${MINIO_TAG} + docker pull minio/minio:${MINIO_TAG} + docker tag minio/minio:${MINIO_TAG} ttl.sh/${CURRENT_USER}/minio:${MINIO_TAG} docker push ttl.sh/${CURRENT_USER}/minio:${MINIO_TAG} - docker pull cgr.dev/chainguard/rqlite:${RQLITE_TAG} - docker tag cgr.dev/chainguard/rqlite:${RQLITE_TAG} ttl.sh/${CURRENT_USER}/rqlite:${RQLITE_TAG} + docker pull rqlite/rqlite:${RQLITE_TAG} + docker tag rqlite/rqlite:${RQLITE_TAG} ttl.sh/${CURRENT_USER}/rqlite:${RQLITE_TAG} docker push ttl.sh/${CURRENT_USER}/rqlite:${RQLITE_TAG} +.PHONY: build-alpha +build-alpha: + docker build --pull -f deploy/Dockerfile --build-arg version=${GIT_TAG} -t kotsadm/kotsadm:alpha . + docker push kotsadm/kotsadm:alpha + .PHONY: build-release build-release: mkdir -p bin/docker-archive/kotsadm skopeo copy docker://kotsadm/kotsadm:${GIT_TAG} docker-archive:bin/docker-archive/kotsadm/${GIT_TAG} - mkdir -p bin/docker-archive/minio - docker pull cgr.dev/chainguard/minio:${MINIO_TAG} - docker tag cgr.dev/chainguard/minio:${MINIO_TAG} kotsadm/minio:${MINIO_TAG} - docker push kotsadm/minio:${MINIO_TAG} - skopeo copy docker-daemon:kotsadm/minio:${MINIO_TAG} docker-archive:bin/docker-archive/minio/${MINIO_TAG} - - mkdir -p bin/docker-archive/rqlite - docker pull cgr.dev/chainguard/rqlite:${RQLITE_TAG} - docker tag cgr.dev/chainguard/rqlite:${RQLITE_TAG} kotsadm/rqlite:${RQLITE_TAG} - docker push kotsadm/rqlite:${RQLITE_TAG} - skopeo copy docker-daemon:kotsadm/rqlite:${RQLITE_TAG} docker-archive:bin/docker-archive/rqlite/${RQLITE_TAG} - - mkdir -p bin/docker-archive/dex - docker pull cgr.dev/chainguard/dex:${DEX_TAG} - docker tag cgr.dev/chainguard/dex:${DEX_TAG} kotsadm/dex:${DEX_TAG} + docker build --pull -f deploy/dex.Dockerfile -t kotsadm/dex:${DEX_TAG} --build-arg TAG=${DEX_TAG} . docker push kotsadm/dex:${DEX_TAG} - skopeo copy docker-daemon:kotsadm/dex:${DEX_TAG} docker-archive:bin/docker-archive/dex/${DEX_TAG} + mkdir -p bin/docker-archive/dex + skopeo copy docker://kotsadm/dex:${DEX_TAG} docker-archive:bin/docker-archive/dex/${DEX_TAG} + + mkdir -p bin/docker-archive/minio + skopeo copy docker://minio/minio:${MINIO_TAG} docker-archive:bin/docker-archive/minio/${MINIO_TAG} mkdir -p bin/docker-archive/local-volume-provider skopeo copy docker://replicated/local-volume-provider:${LVP_TAG} docker-archive:bin/docker-archive/local-volume-provider/${LVP_TAG} diff --git a/cmd/imagedeps/README.md b/cmd/imagedeps/README.md index 4c25084161..8962ea024d 100644 --- a/cmd/imagedeps/README.md +++ b/cmd/imagedeps/README.md @@ -20,27 +20,27 @@ is useful to restrict release tags to a major version, or to filter out garbage | Name | Image URI | Matcher Regexp (Optional) | |------|--------------------|----------| -| Name of the image for example **minio** | Untagged image reference **cgr.dev/chainguard/minio**| An optional regular expression, only matching tags will be included. | +| Name of the image for example **minio** | Untagged image reference **ghcr.io/dexidp/dex**| An optional regular expression, only matching tags will be included. | ### Sample image-spec ```text -minio cgr.dev/chainguard/minio -rqlite cgr.dev/chainguard/rqlite -dex cgr.dev/chainguard/dex +minio minio/minio +rqlite rqlite/rqlite +dex ghcr.io/dexidp/dex ``` The preceding image spec will produce the following environment and Go files. ```shell -MINIO_TAG='0.20231025-dev' -RQLITE_TAG='7.21.4' +MINIO_TAG='RELEASE.2021-09-15T04-54-25Z' +RQLITE_TAG='7.7.0' DEX_TAG='v2.30.0' ``` ```go package image const ( - Minio = "cgr.dev/chainguard/minio:0.20231025-dev" - Rqlite = "cgr.dev/chainguard/rqlite:7.21.4" - Dex = "cgr.dev/chainguard/dex:2.30.0" + Minio = "minio/minio:RELEASE.2021-09-15T04-54-25Z" + Rqlite = "rqlite/rqlite:7.7.0" + Dex = "ghcr.io/dexidp/dex:v2.30.0" ) ``` diff --git a/cmd/imagedeps/image-spec b/cmd/imagedeps/image-spec index 4e7c9b694d..66a0ae252a 100644 --- a/cmd/imagedeps/image-spec +++ b/cmd/imagedeps/image-spec @@ -1,5 +1,5 @@ -minio cgr.dev/chainguard/minio ^\b0\.\d+\b-dev$ -rqlite cgr.dev/chainguard/rqlite ^([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)$ -dex cgr.dev/chainguard/dex ^([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)$ +minio minio/minio +rqlite rqlite/rqlite ^([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)$ +dex ghcr.io/dexidp/dex schemahero schemahero/schemahero ^([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)$ lvp replicated/local-volume-provider ^v([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)$ \ No newline at end of file diff --git a/cmd/imagedeps/main_test.go b/cmd/imagedeps/main_test.go index 713addb013..e1ac5eb665 100644 --- a/cmd/imagedeps/main_test.go +++ b/cmd/imagedeps/main_test.go @@ -12,72 +12,16 @@ import ( "github.com/stretchr/testify/require" ) -var ( - minioTags = []string{ - "sha256-00428f99c05677c91ad393c3017376e800d601708baa36e51091df3b9a67b324.att", - "latest-dev", - "latest", - "0.20231025.063325-r0-dev", - "0.20231025.063325-r0", - "0.20231025.063325-dev", - "0.20231025.063325", - "0.20231025-dev", - "0.20231025", - "0.20230904.195737-r1-dev", - "0.20230904.195737-r1", - "0.20230904.195737-dev", - "0.20230904.195737", - "0.20230904-dev", - "0.20230904", - "0-dev", - "0", - } - - schemaheroTags = []string{ - "0.13.2", - "0.13.1", - "0.12.7", - "0.12.2", - } - - rqliteTags = []string{ - "sha256-00122e405b3fa3b5105b0468f1fb72dcb32474968a971c45906a702120d55b58.att", - "latest-dev", - "latest", - "7", - "7-dev", - "7.7.0", - "7.7.0-dev", - "7.7.0-r2", - "7.7.0-r2-dev", - "7.6.2", - "7.6.1", - "7.6.0", - "6.10.2", - "6.10.1", - "6.8.2", - } - - dexTags = []string{ - "sha256-002adc734b3d83bb6be291b49eb8f3f95b905c411d404c2f4b52a759140739c9.att", - "latest-dev", - "latest", - "2.37.0", - "2.37.0-r3-dev", - "2.37.0-r3", - "2.37.0-dev", - "2.36.0", - "2.35.3", - "2.35.2", - "2.35.1", - } - - lvpTags = []string{ - "v0.3.3", - "v0.3.2", - "v0.3.1", - } -) +var releaseTags = []string{ + "RELEASE.2022-06-11T19-55-32Z.fips", + "RELEASE.2021-09-09T21-37-06Z.xxx", + "RELEASE.2021-09-09T21-37-05Z", + "RELEASE.2021-09-09T21-37-04Z", +} +var semVerTags = []string{ + "0.12.7", "0.12.6", "0.12.5", + "0.12.4", "0.12.3", "0.12.2", +} func makeReleases(tags []string) []*github.RepositoryRelease { var releases []*github.RepositoryRelease @@ -102,21 +46,29 @@ func TestFunctional(t *testing.T) { expectError bool }{ { - name: "minio", + name: "basic", fn: getTagFinder( - withRepoGetTags( - func(_ string) ([]string, error) { - return minioTags, nil + withGithubReleaseTagFinder( + func(_ string, _ string) ([]*github.RepositoryRelease, error) { + return makeReleases(releaseTags), nil }, ), ), }, { - name: "schemahero", + name: "with-overrides", fn: getTagFinder( withRepoGetTags( func(_ string) ([]string, error) { - return schemaheroTags, nil + return []string{ + "0.13.2", "0.13.1", + "0.12.7", "0.12.2", + }, nil + }, + ), + withGithubReleaseTagFinder( + func(_ string, _ string) ([]*github.RepositoryRelease, error) { + return makeReleases(releaseTags), nil }, ), ), @@ -130,17 +82,30 @@ func TestFunctional(t *testing.T) { fn: getTagFinder( withRepoGetTags( func(_ string) ([]string, error) { - return rqliteTags, nil + return []string{ + "7.7.0", "7.6.1", "7.6.0", + "6.10.2", "6.10.1", "6.8.2", + }, nil + }, + ), + ), + }, + { + name: "filter-github", + fn: getTagFinder( + withGithubReleaseTagFinder( + func(_ string, _ string) ([]*github.RepositoryRelease, error) { + return makeReleases(releaseTags), nil }, ), ), }, { - name: "dex", + name: "schemahero", fn: getTagFinder( withRepoGetTags( func(_ string) ([]string, error) { - return dexTags, nil + return semVerTags, nil }, ), ), @@ -150,7 +115,9 @@ func TestFunctional(t *testing.T) { fn: getTagFinder( withRepoGetTags( func(_ string) ([]string, error) { - return lvpTags, nil + return []string{ + "v0.3.3", + }, nil }, ), ), diff --git a/cmd/imagedeps/tag-finder.go b/cmd/imagedeps/tag-finder.go index 1d97be31ea..eac106a303 100644 --- a/cmd/imagedeps/tag-finder.go +++ b/cmd/imagedeps/tag-finder.go @@ -2,9 +2,7 @@ package main import ( "context" - "encoding/json" "fmt" - "io" "net/http" "os" "path" @@ -15,7 +13,6 @@ import ( semver "github.com/Masterminds/semver/v3" "github.com/google/go-github/v39/github" "github.com/heroku/docker-registry-client/registry" - "github.com/pkg/errors" "golang.org/x/oauth2" ) @@ -122,17 +119,17 @@ func getTagFinder(opts ...func(c *configuration)) tagFinderFn { switch imageName { case minioReference: - latestReleaseTag, err = getLatestTagFromRegistry("cgr.dev/chainguard/minio", config.repositoryTagsFinder, matcherFn) + latestReleaseTag, err = getLatestTagFromGithub(config.releaseFinder, "minio", "minio", matcherFn) if err != nil { - return nil, fmt.Errorf("failed to get release tag for %s %w", imageName, err) + return nil, fmt.Errorf("failed to get release tag for minio/minio %w", err) } case dexReference: - latestReleaseTag, err = getLatestTagFromRegistry("cgr.dev/chainguard/dex", config.repositoryTagsFinder, matcherFn) + latestReleaseTag, err = getLatestTagFromGithub(config.releaseFinder, "dexidp", "dex", matcherFn) if err != nil { - return nil, fmt.Errorf("failed to get release tag for %s %w", imageName, err) + return nil, fmt.Errorf("failed to get release tag for dexidp/dex %w", err) } case rqliteReference: - latestReleaseTag, err = getLatestTagFromRegistry("cgr.dev/chainguard/rqlite", config.repositoryTagsFinder, matcherFn) + latestReleaseTag, err = getLatestTagFromRegistry("rqlite/rqlite", config.repositoryTagsFinder, matcherFn) if err != nil { return nil, fmt.Errorf("failed to get release tag for %s %w", imageName, err) } @@ -259,120 +256,21 @@ func getReleases(owner, repo string) ([]*github.RepositoryRelease, error) { // getRegistryTags queries a Docker Registry HTTP API V2 compliant registry to get the tags for an image. func getRegistryTags(untaggedRef string) ([]string, error) { - parts := strings.Split(untaggedRef, "/") - - if len(parts) > 0 && parts[0] == "cgr.dev" { - // this is chainguard's registry and it only accepts a token (not username/password) - token, err := getCGRToken(untaggedRef) - if err != nil { - return nil, fmt.Errorf("could not get cgr token %w", err) - } - tags, err := getCGRImageTags(untaggedRef, token) - if err != nil { - return nil, fmt.Errorf("could not get tags from cgr %w", err) - } - return tags, nil - } - registryUri := dockerRegistryUrl imageRef := untaggedRef userName, password := "", "" - + parts := strings.Split(untaggedRef, "/") if len(parts) > 2 { registryUri = fmt.Sprintf("https://%s", parts[0]) imageRef = path.Join(parts[1:]...) } - hub, err := registry.New(registryUri, userName, password) if err != nil { return nil, fmt.Errorf("could not connect to registry %q %w", registryUri, err) } - tags, err := hub.Tags(imageRef) if err != nil { return nil, fmt.Errorf("could not fetch tags for image %q %w", imageRef, err) } - return tags, nil } - -func getCGRToken(untaggedRef string) (string, error) { - parts := strings.Split(untaggedRef, "/") - if len(parts) < 2 { - return "", fmt.Errorf("invalid ref %q", untaggedRef) - } - - repo := strings.Join(parts[1:], "/") - scope := fmt.Sprintf("repository:%s:pull", repo) - url := fmt.Sprintf("https://cgr.dev/token?scope=%s", scope) - - resp, err := http.Get(url) - if err != nil { - return "", errors.Wrap(err, "failed to get token") - } - defer resp.Body.Close() - - body, err := io.ReadAll(resp.Body) - if err != nil { - return "", fmt.Errorf("failed to read body %w", err) - } - - if resp.StatusCode != http.StatusOK { - return "", fmt.Errorf("failed to get token: %s", body) - } - - var token struct { - Token string `json:"token"` - } - if err := json.Unmarshal(body, &token); err != nil { - return "", fmt.Errorf("failed to unmarshal body %w", err) - } - - return token.Token, nil -} - -func getCGRImageTags(untaggedRef string, token string) ([]string, error) { - parts := strings.Split(untaggedRef, "/") - if len(parts) < 2 { - return nil, fmt.Errorf("invalid ref %q", untaggedRef) - } - - repo := strings.Join(parts[1:], "/") - url := fmt.Sprintf("https://cgr.dev/v2/%s/tags/list", repo) - - req, err := http.NewRequest("GET", url, nil) - if err != nil { - return nil, fmt.Errorf("failed to create request %w", err) - } - - req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) - - resp, err := http.DefaultClient.Do(req) - if err != nil { - return nil, errors.Wrap(err, "failed to get tags") - } - - body, err := io.ReadAll(resp.Body) - if err != nil { - return nil, fmt.Errorf("failed to read body %w", err) - } - - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("failed to get tags: %s", body) - } - - var tags struct { - Tags []string `json:"tags"` - } - if err := json.Unmarshal(body, &tags); err != nil { - return nil, fmt.Errorf("failed to unmarshal body %w", err) - } - - // reverse array order so that most recent is first - for i := len(tags.Tags)/2 - 1; i >= 0; i-- { - opp := len(tags.Tags) - 1 - i - tags.Tags[i], tags.Tags[opp] = tags.Tags[opp], tags.Tags[i] - } - - return tags.Tags, nil -} diff --git a/cmd/imagedeps/testdata/minio/.image.env b/cmd/imagedeps/testdata/basic/.image.env similarity index 83% rename from cmd/imagedeps/testdata/minio/.image.env rename to cmd/imagedeps/testdata/basic/.image.env index 05c7a93417..2999afe7b5 100644 --- a/cmd/imagedeps/testdata/minio/.image.env +++ b/cmd/imagedeps/testdata/basic/.image.env @@ -1,4 +1,4 @@ # Generated file, do not modify. This file is generated from a text file containing a list of images. The # most recent tag is interpolated from the source repository and used to generate a fully qualified image # name. -MINIO_TAG='0.20231025-dev' \ No newline at end of file +MINIO_TAG='RELEASE.2022-06-11T19-55-32Z.fips' \ No newline at end of file diff --git a/cmd/imagedeps/testdata/dex/constants.go b/cmd/imagedeps/testdata/basic/constants.go similarity index 81% rename from cmd/imagedeps/testdata/dex/constants.go rename to cmd/imagedeps/testdata/basic/constants.go index 4537788f47..240e8c0597 100644 --- a/cmd/imagedeps/testdata/dex/constants.go +++ b/cmd/imagedeps/testdata/basic/constants.go @@ -5,5 +5,5 @@ package image // image name. const ( - Dex = "cgr.dev/chainguard/dex:2.37.0" + Minio = "minio/minio:RELEASE.2022-06-11T19-55-32Z.fips" ) diff --git a/cmd/imagedeps/testdata/basic/input-spec b/cmd/imagedeps/testdata/basic/input-spec new file mode 100644 index 0000000000..7c0313fd1f --- /dev/null +++ b/cmd/imagedeps/testdata/basic/input-spec @@ -0,0 +1 @@ +minio minio/minio \ No newline at end of file diff --git a/cmd/imagedeps/testdata/dex/input-spec b/cmd/imagedeps/testdata/dex/input-spec deleted file mode 100644 index 5a572f7155..0000000000 --- a/cmd/imagedeps/testdata/dex/input-spec +++ /dev/null @@ -1 +0,0 @@ -dex cgr.dev/chainguard/dex ^([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)$ \ No newline at end of file diff --git a/cmd/imagedeps/testdata/dex/.image.env b/cmd/imagedeps/testdata/filter-github/.image.env similarity index 83% rename from cmd/imagedeps/testdata/dex/.image.env rename to cmd/imagedeps/testdata/filter-github/.image.env index 3077a28796..1055c8ca12 100644 --- a/cmd/imagedeps/testdata/dex/.image.env +++ b/cmd/imagedeps/testdata/filter-github/.image.env @@ -1,4 +1,4 @@ # Generated file, do not modify. This file is generated from a text file containing a list of images. The # most recent tag is interpolated from the source repository and used to generate a fully qualified image # name. -DEX_TAG='2.37.0' \ No newline at end of file +MINIO_TAG='RELEASE.2021-09-09T21-37-06Z.xxx' \ No newline at end of file diff --git a/cmd/imagedeps/testdata/minio/constants.go b/cmd/imagedeps/testdata/filter-github/constants.go similarity index 81% rename from cmd/imagedeps/testdata/minio/constants.go rename to cmd/imagedeps/testdata/filter-github/constants.go index 8b7ad5cb11..4c28919a57 100644 --- a/cmd/imagedeps/testdata/minio/constants.go +++ b/cmd/imagedeps/testdata/filter-github/constants.go @@ -5,5 +5,5 @@ package image // image name. const ( - Minio = "cgr.dev/chainguard/minio:0.20231025-dev" + Minio = "minio/minio:RELEASE.2021-09-09T21-37-06Z.xxx" ) diff --git a/cmd/imagedeps/testdata/filter-github/input-spec b/cmd/imagedeps/testdata/filter-github/input-spec new file mode 100644 index 0000000000..80c831f8a5 --- /dev/null +++ b/cmd/imagedeps/testdata/filter-github/input-spec @@ -0,0 +1 @@ +minio minio/minio xxx$ \ No newline at end of file diff --git a/cmd/imagedeps/testdata/minio/input-spec b/cmd/imagedeps/testdata/minio/input-spec deleted file mode 100644 index afcdce5ca2..0000000000 --- a/cmd/imagedeps/testdata/minio/input-spec +++ /dev/null @@ -1 +0,0 @@ -minio cgr.dev/chainguard/minio ^\b0\.\d+\b-dev$ \ No newline at end of file diff --git a/cmd/imagedeps/testdata/rqlite/constants.go b/cmd/imagedeps/testdata/rqlite/constants.go index 872adeba02..ab99db1066 100644 --- a/cmd/imagedeps/testdata/rqlite/constants.go +++ b/cmd/imagedeps/testdata/rqlite/constants.go @@ -5,5 +5,5 @@ package image // image name. const ( - Rqlite = "cgr.dev/chainguard/rqlite:7.7.0" + Rqlite = "rqlite/rqlite:7.7.0" ) diff --git a/cmd/imagedeps/testdata/rqlite/input-spec b/cmd/imagedeps/testdata/rqlite/input-spec index fc65a896c9..c4772a98f3 100644 --- a/cmd/imagedeps/testdata/rqlite/input-spec +++ b/cmd/imagedeps/testdata/rqlite/input-spec @@ -1 +1 @@ -rqlite cgr.dev/chainguard/rqlite ^([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)$ +rqlite rqlite/rqlite ^([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)$ diff --git a/cmd/imagedeps/testdata/schemahero/.image.env b/cmd/imagedeps/testdata/schemahero/.image.env index 4615bd4e65..931c6000ca 100644 --- a/cmd/imagedeps/testdata/schemahero/.image.env +++ b/cmd/imagedeps/testdata/schemahero/.image.env @@ -1,4 +1,4 @@ # Generated file, do not modify. This file is generated from a text file containing a list of images. The # most recent tag is interpolated from the source repository and used to generate a fully qualified image # name. -SCHEMAHERO_TAG='0.13.2' \ No newline at end of file +SCHEMAHERO_TAG='0.12.7' \ No newline at end of file diff --git a/cmd/imagedeps/testdata/schemahero/constants.go b/cmd/imagedeps/testdata/schemahero/constants.go index 3b8bc02ce8..50a8eca1f2 100644 --- a/cmd/imagedeps/testdata/schemahero/constants.go +++ b/cmd/imagedeps/testdata/schemahero/constants.go @@ -5,5 +5,5 @@ package image // image name. const ( - Schemahero = "schemahero/schemahero:0.13.2" + Schemahero = "schemahero/schemahero:0.12.7" ) diff --git a/cmd/imagedeps/testdata/with-overrides/.image.env b/cmd/imagedeps/testdata/with-overrides/.image.env new file mode 100644 index 0000000000..f8ab2a50cc --- /dev/null +++ b/cmd/imagedeps/testdata/with-overrides/.image.env @@ -0,0 +1,5 @@ +# Generated file, do not modify. This file is generated from a text file containing a list of images. The +# most recent tag is interpolated from the source repository and used to generate a fully qualified image +# name. +MINIO_TAG='RELEASE.2022-06-11T19-55-32Z.fips' +SCHEMAHERO_TAG='0.13.2' \ No newline at end of file diff --git a/cmd/imagedeps/testdata/with-overrides/constants.go b/cmd/imagedeps/testdata/with-overrides/constants.go new file mode 100644 index 0000000000..99df410f88 --- /dev/null +++ b/cmd/imagedeps/testdata/with-overrides/constants.go @@ -0,0 +1,10 @@ +package image + +// Generated file, do not modify. This file is generated from a text file containing a list of images. The +// most recent tag is interpolated from the source repository and used to generate a fully qualified +// image name. + +const ( + Minio = "minio/minio:RELEASE.2022-06-11T19-55-32Z.fips" + Schemahero = "schemahero/schemahero:0.13.2" +) diff --git a/cmd/imagedeps/testdata/with-overrides/input-spec b/cmd/imagedeps/testdata/with-overrides/input-spec new file mode 100644 index 0000000000..b2a4505a31 --- /dev/null +++ b/cmd/imagedeps/testdata/with-overrides/input-spec @@ -0,0 +1,2 @@ +minio minio/minio +schemahero schemahero/schemahero ^([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)\.([0-9]|[1-9][0-9]*)$ diff --git a/cmd/imagedeps/testdata/schemahero/replacers/expected/test.Dockerfile b/cmd/imagedeps/testdata/with-overrides/replacers/expected/test.Dockerfile similarity index 100% rename from cmd/imagedeps/testdata/schemahero/replacers/expected/test.Dockerfile rename to cmd/imagedeps/testdata/with-overrides/replacers/expected/test.Dockerfile diff --git a/cmd/imagedeps/testdata/schemahero/replacers/expected/test.mk b/cmd/imagedeps/testdata/with-overrides/replacers/expected/test.mk similarity index 100% rename from cmd/imagedeps/testdata/schemahero/replacers/expected/test.mk rename to cmd/imagedeps/testdata/with-overrides/replacers/expected/test.mk diff --git a/cmd/imagedeps/testdata/schemahero/replacers/input/test.Dockerfile b/cmd/imagedeps/testdata/with-overrides/replacers/input/test.Dockerfile similarity index 100% rename from cmd/imagedeps/testdata/schemahero/replacers/input/test.Dockerfile rename to cmd/imagedeps/testdata/with-overrides/replacers/input/test.Dockerfile diff --git a/cmd/imagedeps/testdata/schemahero/replacers/input/test.mk b/cmd/imagedeps/testdata/with-overrides/replacers/input/test.mk similarity index 100% rename from cmd/imagedeps/testdata/schemahero/replacers/input/test.mk rename to cmd/imagedeps/testdata/with-overrides/replacers/input/test.mk diff --git a/deploy/dex.Dockerfile b/deploy/dex.Dockerfile new file mode 100644 index 0000000000..7db7f0ff67 --- /dev/null +++ b/deploy/dex.Dockerfile @@ -0,0 +1,2 @@ +ARG TAG=v2.32.0 +FROM ghcr.io/dexidp/dex:$TAG diff --git a/deploy/kurl/kotsadm/template/base/Manifest b/deploy/kurl/kotsadm/template/base/Manifest index f1fb302415..0e57a590cf 100644 --- a/deploy/kurl/kotsadm/template/base/Manifest +++ b/deploy/kurl/kotsadm/template/base/Manifest @@ -1,7 +1,7 @@ image kotsadm-migrations __KOTSADM_MIGRATIONS_IMAGE__ image kotsadm __KOTSADM_IMAGE__ image kurl-proxy __KURL_PROXY_IMAGE__ -image rqlite __RQLITE_IMAGE__ +image rqlite rqlite/rqlite:__RQLITE_TAG__ image dex __DEX_IMAGE__ asset kots.tar.gz __KOTSADM_BINARY__ diff --git a/deploy/kurl/kotsadm/template/base/rqlite.yaml b/deploy/kurl/kotsadm/template/base/rqlite.yaml index d4fa133d75..2a78dd37b1 100644 --- a/deploy/kurl/kotsadm/template/base/rqlite.yaml +++ b/deploy/kurl/kotsadm/template/base/rqlite.yaml @@ -50,7 +50,7 @@ spec: - kotsadm-rqlite topologyKey: "kubernetes.io/hostname" containers: - - image: __RQLITE_IMAGE__ + - image: rqlite/rqlite:__RQLITE_TAG__ name: rqlite args: - -disco-mode=dns diff --git a/deploy/kurl/kotsadm/template/generate.sh b/deploy/kurl/kotsadm/template/generate.sh index a3f82b516a..234ea3cd60 100755 --- a/deploy/kurl/kotsadm/template/generate.sh +++ b/deploy/kurl/kotsadm/template/generate.sh @@ -28,8 +28,7 @@ function generate() { sed -i -e "s|__KOTSADM_BINARY__|$kotsadm_binary|g" "${dir}/Manifest" # The following environment variables will be exported by the .image.env file - local rqlite_image="$kotsadm_image_registry/$kotsadm_image_namespace/rqlite:$RQLITE_TAG" - find "$dir" -type f -exec sed -i -e "s|__RQLITE_IMAGE__|$rqlite_image|g" {} \; + find "$dir" -type f -exec sed -i -e "s|__RQLITE_TAG__|$RQLITE_TAG|g" {} \; local dex_image="$kotsadm_image_registry/$kotsadm_image_namespace/dex:$DEX_TAG" find "$dir" -type f -exec sed -i -e "s|__DEX_IMAGE__|$dex_image|g" {} \; } diff --git a/integration/database/rqlite_migration_test.go b/integration/database/rqlite_migration_test.go index ac4cf78dc5..78765e0032 100644 --- a/integration/database/rqlite_migration_test.go +++ b/integration/database/rqlite_migration_test.go @@ -71,14 +71,11 @@ func TestMigrateFromPostgresToRqlite(t *testing.T) { rqliteTag, _ := image.GetTag(image.Rqlite) rqliteRunOptions := &dockertest.RunOptions{ Name: "rqlite", - Repository: "cgr.dev/chainguard/rqlite", + Repository: "rqlite/rqlite", Tag: rqliteTag, Mounts: []string{ fmt.Sprintf("%s:/auth/config.json", rqliteAuthConfigPath), }, - ExposedPorts: []string{ - "4001/tcp", - }, PortBindings: map[docker.Port][]docker.PortBinding{ "4001/tcp": { { diff --git a/migrations/Makefile b/migrations/Makefile index 662b4c3d14..011acb5480 100644 --- a/migrations/Makefile +++ b/migrations/Makefile @@ -1,5 +1,6 @@ SHELL:=/bin/bash PROJECT_NAME ?= kotsadm-migrations +RQLITE_TAG ?= 7.21.4 SCHEMAHERO_TAG ?= 0.16.0 .PHONY: schema-alpha @@ -11,6 +12,8 @@ schema-release: IMAGE = kotsadm/${PROJECT_NAME}:${GIT_TAG} schema-release: build_schema mkdir -p bin/docker-archive/${PROJECT_NAME} skopeo copy docker-daemon:kotsadm/${PROJECT_NAME}:${GIT_TAG} docker-archive:bin/docker-archive/${PROJECT_NAME}/${GIT_TAG} + mkdir -p bin/docker-archive/rqlite + skopeo copy docker://rqlite/rqlite:${RQLITE_TAG} docker-archive:bin/docker-archive/rqlite/${RQLITE_TAG} build_schema: docker build --pull --build-arg SCHEMAHERO_TAG=${SCHEMAHERO_TAG} -f deploy/Dockerfile -t ${IMAGE} . diff --git a/migrations/kustomize/overlays/dev/rqlite.yaml b/migrations/kustomize/overlays/dev/rqlite.yaml index a2efe22f2e..e23b13defe 100644 --- a/migrations/kustomize/overlays/dev/rqlite.yaml +++ b/migrations/kustomize/overlays/dev/rqlite.yaml @@ -59,7 +59,7 @@ spec: spec: containers: - name: rqlite - image: cgr.dev/chainguard/rqlite:7.21.4 + image: rqlite/rqlite:7.9.2 imagePullPolicy: IfNotPresent args: - -disco-mode=dns diff --git a/migrations/kustomize/overlays/okteto/rqlite.yaml b/migrations/kustomize/overlays/okteto/rqlite.yaml index a2efe22f2e..e23b13defe 100644 --- a/migrations/kustomize/overlays/okteto/rqlite.yaml +++ b/migrations/kustomize/overlays/okteto/rqlite.yaml @@ -59,7 +59,7 @@ spec: spec: containers: - name: rqlite - image: cgr.dev/chainguard/rqlite:7.21.4 + image: rqlite/rqlite:7.9.2 imagePullPolicy: IfNotPresent args: - -disco-mode=dns diff --git a/pkg/identity/deploy/deploy.go b/pkg/identity/deploy/deploy.go index 90d09a795d..b7b050a2b8 100644 --- a/pkg/identity/deploy/deploy.go +++ b/pkg/identity/deploy/deploy.go @@ -462,7 +462,7 @@ func deploymentResource(issuerURL, configChecksum string, options Options) (*app Image: image, ImagePullPolicy: corev1.PullIfNotPresent, Name: "dex", - Command: []string{"dex", "serve", "/etc/dex/cfg/dexConfig.yaml"}, + Command: []string{"/usr/local/bin/dex", "serve", "/etc/dex/cfg/dexConfig.yaml"}, Ports: []corev1.ContainerPort{ {Name: "http", ContainerPort: 5556}, }, diff --git a/pkg/image/constants.go b/pkg/image/constants.go index 0440c91d5c..f1b491f53d 100644 --- a/pkg/image/constants.go +++ b/pkg/image/constants.go @@ -5,9 +5,9 @@ package image // image name. const ( - Minio = "cgr.dev/chainguard/minio:0.20231101-dev" - Rqlite = "cgr.dev/chainguard/rqlite:7.21.4" - Dex = "cgr.dev/chainguard/dex:2.37.0" + Minio = "minio/minio:RELEASE.2023-11-11T08-14-41Z" + Rqlite = "rqlite/rqlite:7.21.4" + Dex = "ghcr.io/dexidp/dex:v2.37.0" Schemahero = "schemahero/schemahero:0.16.0" Lvp = "replicated/local-volume-provider:v0.5.5" ) diff --git a/pkg/kotsadm/minio.go b/pkg/kotsadm/minio.go index 6c440b701e..7385b989e9 100644 --- a/pkg/kotsadm/minio.go +++ b/pkg/kotsadm/minio.go @@ -25,7 +25,6 @@ import ( ) var ( - MinioCGRImageTagRegexp = regexp.MustCompile(`:0\.\d+`) MinioImageTagDateRegexp = regexp.MustCompile(`RELEASE\.(\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}Z)`) // MigrateToMinioXlBeforeTime is the time that the minio version was released that removed the legacy backend // that we need to migrate from: https://github.com/minio/minio/releases/tag/RELEASE.2022-10-29T06-21-33Z @@ -128,7 +127,6 @@ func ensureMinioStatefulset(deployOptions types.DeployOptions, clientset kuberne existingMinio.Spec.Template.Spec.Volumes = desiredMinio.Spec.Template.Spec.DeepCopy().Volumes existingMinio.Spec.Template.Spec.Containers[0].Image = desiredMinio.Spec.Template.Spec.Containers[0].Image existingMinio.Spec.Template.Spec.Containers[0].VolumeMounts = desiredMinio.Spec.Template.Spec.Containers[0].DeepCopy().VolumeMounts - existingMinio.Spec.Template.Spec.Containers[0].Command = desiredMinio.Spec.Template.Spec.Containers[0].Command existingMinio.Spec.Template.Spec.InitContainers = desiredMinio.Spec.Template.Spec.DeepCopy().InitContainers _, err = clientset.AppsV1().StatefulSets(deployOptions.Namespace).Update(ctx, existingMinio, metav1.UpdateOptions{}) @@ -395,12 +393,6 @@ func IsMinioXlMigrationNeeded(clientset kubernetes.Interface, namespace string) // imageNeedsMinioXlMigration returns true if the minio image is older than the migrate before time (2022-10-29T06-21-33Z). func imageNeedsMinioXlMigration(minioImage string) (bool, error) { - isCGRImage := len(MinioCGRImageTagRegexp.FindStringSubmatch(minioImage)) > 0 - if isCGRImage { - // chainguard minio images are all new and don't need to be migrated - return false, nil - } - existingImageTagDateMatch := MinioImageTagDateRegexp.FindStringSubmatch(minioImage) if len(existingImageTagDateMatch) != 2 { return false, errors.New("failed to parse existing image tag date") diff --git a/pkg/kotsadm/minio_test.go b/pkg/kotsadm/minio_test.go index 6c80e1a321..f10fec56b1 100644 --- a/pkg/kotsadm/minio_test.go +++ b/pkg/kotsadm/minio_test.go @@ -91,13 +91,6 @@ func Test_IsMinioXlMigrationNeeded(t *testing.T) { wantMinioImage: "minio/minio:RELEASE.2023-02-10T18-48-39Z", wantErr: false, }, - { - name: "should not migrate cgr image", - clientset: fake.NewSimpleClientset(minioStsWithImage("cgr.dev/chainguard/minio:0.20231025-dev")), - wantMigration: false, - wantMinioImage: "cgr.dev/chainguard/minio:0.20231025-dev", - wantErr: false, - }, { name: "should not migrate if no minio", clientset: fake.NewSimpleClientset(), diff --git a/pkg/kotsadm/objects/images.go b/pkg/kotsadm/objects/images.go index 926b2eb78b..1d097d2611 100644 --- a/pkg/kotsadm/objects/images.go +++ b/pkg/kotsadm/objects/images.go @@ -18,8 +18,8 @@ func GetAdminConsoleImages(deployOptions types.DeployOptions) map[string]string rqliteTag, _ := image.GetTag(image.Rqlite) dexTag, _ := image.GetTag(image.Dex) - minioImage := fmt.Sprintf("kotsadm/minio:%s", minioTag) - rqliteImage := fmt.Sprintf("kotsadm/rqlite:%s", rqliteTag) + minioImage := fmt.Sprintf("minio/minio:%s", minioTag) + rqliteImage := fmt.Sprintf("rqlite/rqlite:%s", rqliteTag) dexImage := fmt.Sprintf("kotsadm/dex:%s", dexTag) if s := kotsadmversion.KotsadmPullSecret(deployOptions.Namespace, deployOptions.RegistryConfig); s != nil { @@ -43,15 +43,12 @@ func GetAdminConsoleImages(deployOptions types.DeployOptions) map[string]string } func GetOriginalAdminConsoleImages(deployOptions types.DeployOptions) map[string]string { - minioTag, _ := image.GetTag(image.Minio) - rqliteTag, _ := image.GetTag(image.Rqlite) - dexTag, _ := image.GetTag(image.Dex) - + dexTag, _ := image.GetTag(image.Dex) // dex image is special; we host a copy return map[string]string{ "kotsadm-migrations": fmt.Sprintf("kotsadm/kotsadm-migrations:%s", kotsadmversion.KotsadmTag(deployOptions.RegistryConfig)), "kotsadm": fmt.Sprintf("kotsadm/kotsadm:%s", kotsadmversion.KotsadmTag(deployOptions.RegistryConfig)), - "minio": fmt.Sprintf("kotsadm/minio:%s", minioTag), - "rqlite": fmt.Sprintf("kotsadm/rqlite:%s", rqliteTag), + "minio": image.Minio, + "rqlite": image.Rqlite, "dex": fmt.Sprintf("kotsadm/dex:%s", dexTag), } } diff --git a/pkg/kotsadm/objects/minio_objects.go b/pkg/kotsadm/objects/minio_objects.go index 4ae3acfc76..56c12594c7 100644 --- a/pkg/kotsadm/objects/minio_objects.go +++ b/pkg/kotsadm/objects/minio_objects.go @@ -136,7 +136,7 @@ func MinioStatefulset(deployOptions types.DeployOptions, size resource.Quantity) Command: []string{ "/bin/sh", "-ce", - "minio -C /home/minio/.minio/ --quiet server /export", + "/usr/bin/docker-entrypoint.sh minio -C /home/minio/.minio/ --quiet server /export", }, Ports: []corev1.ContainerPort{ { diff --git a/pkg/kotsadm/objects/scripts/import-minio-data.sh b/pkg/kotsadm/objects/scripts/import-minio-data.sh index 2eb1aef9eb..65acbe11fd 100644 --- a/pkg/kotsadm/objects/scripts/import-minio-data.sh +++ b/pkg/kotsadm/objects/scripts/import-minio-data.sh @@ -33,7 +33,7 @@ shopt -s dotglob rm -rfv /export/* echo "starting new minio instance" -/bin/sh -ce "minio -C /home/minio/.minio/ server /export" & +/bin/sh -ce "/usr/bin/docker-entrypoint.sh minio -C /home/minio/.minio/ server /export" & MINIO_PID=$! # alias the minio instance diff --git a/pkg/snapshot/filesystem_minio.go b/pkg/snapshot/filesystem_minio.go index f8b0c03d0d..cfebe071bd 100644 --- a/pkg/snapshot/filesystem_minio.go +++ b/pkg/snapshot/filesystem_minio.go @@ -269,7 +269,7 @@ func fileSystemMinioDeploymentResource(clientset kubernetes.Interface, secretChe if err != nil { return nil, errors.Wrap(err, "failed to get minio image tag") } - minioImage := fmt.Sprintf("kotsadm/minio:%s", minioTag) + minioImage := fmt.Sprintf("minio/minio:%s", minioTag) imagePullSecrets := []corev1.LocalObjectReference{} isKurl, err := kurl.IsKurl(clientset)