Merge pull request #26 from Conjur-Enterprise/CNJR-4550-redhat-fix

CNJR-4550: Fix RH publishing

CHANGELOG.md

@@ -6,13 +6,18 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
-## [1.6.3] - 2023-03-21
+## [1.6.4] - 2024-04-08
+
+### Changed
+- Testing and CI improvements (CNJR-4550)
+
+## [1.6.3] - 2024-03-21
 
 ### Changed
 - Use updated RedHat preflight scan tool v1.9.1 (CNJR-3914)
 - Updated Go to 1.22 (CONJSE-1842)
 
-## [1.6.2] - 2023-03-20
+## [1.6.2] - 2024-03-20
 
 ### Security
 - Replace google.golang.org/[email protected], golang.org/x/[email protected],
@@ -327,7 +332,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Changed
   - Escape secrets with backslashes before patching in k8s
 
-[Unreleased]: https://github.com/cyberark/secrets-provider-for-k8s/compare/v1.6.3...HEAD
+[Unreleased]: https://github.com/cyberark/secrets-provider-for-k8s/compare/v1.6.4...HEAD
+[1.6.4]: https://github.com/cyberark/secrets-provider-for-k8s/compare/v1.6.3...v1.6.4
 [1.6.3]: https://github.com/cyberark/secrets-provider-for-k8s/compare/v1.6.2...v1.6.3
 [1.6.2]: https://github.com/cyberark/secrets-provider-for-k8s/compare/v1.6.1...v1.6.2
 [1.6.1]: https://github.com/cyberark/secrets-provider-for-k8s/compare/v1.6.0...v1.6.1

Jenkinsfile

@@ -184,17 +184,17 @@ pipeline {
                 scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "secrets-provider-for-k8s:latest", "NONE", true)
               }
             }
-//            stage('Scan RedHat image for fixable issues') {
-//              steps {
-//                scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "secrets-provider-for-k8s-redhat:latest", "HIGH", false)
-//              }
-//            }
+           stage('Scan RedHat image for fixable issues') {
+             steps {
+               scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "secrets-provider-for-k8s-redhat:latest", "HIGH", false)
+             }
+           }
 
-//            stage('Scan RedHat image for all issues') {
-//              steps {
-//                scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "secrets-provider-for-k8s-redhat:latest", "NONE", true)
-//              }
-//            }
+           stage('Scan RedHat image for all issues') {
+             steps {
+               scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "secrets-provider-for-k8s-redhat:latest", "NONE", true)
+             }
+           }
           }
         }
 

bin/publish

@@ -124,27 +124,27 @@ if [[ ${PROMOTE} = true ]]; then
 
 
   # Publish only latest to Redhat Registries
-#  echo "Tagging and pushing ${REDHAT_REMOTE_IMAGE} with tag ${REMOTE_TAG}"
-#  docker tag "${LOCAL_REGISTRY}/${REDHAT_LOCAL_IMAGE}:${SOURCE_TAG}" "${REDHAT_REMOTE_IMAGE}:${REMOTE_TAG}"
+ echo "Tagging and pushing ${REDHAT_REMOTE_IMAGE} with tag ${REMOTE_TAG}"
+ docker tag "${LOCAL_REGISTRY}/${REDHAT_LOCAL_IMAGE}:${SOURCE_TAG}" "${REDHAT_REMOTE_IMAGE}:${REMOTE_TAG}"
 
   # Publish RedHat image to RedHat Registry
-#  if docker login "${REDHAT_REGISTRY}" -u "${REDHAT_USER}" -p "${REDHAT_API_KEY}"; then
+ if docker login "${REDHAT_REGISTRY}" -u "${REDHAT_USER}" -p "${REDHAT_API_KEY}"; then
     # you can't push the same tag twice to redhat registry, so ignore errors
-#    if ! docker push "${REDHAT_REMOTE_IMAGE}:${REMOTE_TAG}"; then
-#      echo 'Red Hat push FAILED! (maybe the image was pushed already?)'
-#      exit 0
-#    fi
+   if ! docker push "${REDHAT_REMOTE_IMAGE}:${REMOTE_TAG}"; then
+     echo 'Red Hat push FAILED! (maybe the image was pushed already?)'
+     exit 0
+   fi
 
     # scan image with preflight tool
-#    scan_redhat_image "${REDHAT_REMOTE_IMAGE}:${REMOTE_TAG}" "${REDHAT_CERT_PID}"
+   scan_redhat_image "${REDHAT_REMOTE_IMAGE}:${REMOTE_TAG}" "${REDHAT_CERT_PID}"
 
     # Publish latest tag to Redhat Registry
-#    echo "Tagging and pushing ${REDHAT_REMOTE_IMAGE} with tag latest"
-#    docker tag "${LOCAL_REGISTRY}/${REDHAT_LOCAL_IMAGE}:${SOURCE_TAG}" "${REDHAT_REMOTE_IMAGE}:latest"
-#    docker push "${REDHAT_REMOTE_IMAGE}:latest"
-#  else
-#    echo 'Failed to log in to quay.io'
-#    exit 1
-#  fi
+   echo "Tagging and pushing ${REDHAT_REMOTE_IMAGE} with tag latest"
+   docker tag "${LOCAL_REGISTRY}/${REDHAT_LOCAL_IMAGE}:${SOURCE_TAG}" "${REDHAT_REMOTE_IMAGE}:latest"
+   docker push "${REDHAT_REMOTE_IMAGE}:latest"
+ else
+   echo 'Failed to log in to quay.io'
+   exit 1
+ fi
 
 fi

helm/secrets-provider/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
 description: A Helm chart for deploying CyberArk Secrets Provider for Kubernetes
 name: secrets-provider
-version: 1.6.3
+version: 1.6.4
 home: https://github.com/cyberark/secrets-provider-for-k8s
 icon: https://www.cyberark.com/wp-content/uploads/2015/12/cybr-aim.jpg

helm/secrets-provider/tests/secrets_provider_test.yaml

@@ -71,7 +71,7 @@ tests:
       # Confirm that default chart values have been used
       - equal:
           path: spec.template.spec.containers[0].image
-          value: docker.io/cyberark/secrets-provider-for-k8s:1.6.3
+          value: docker.io/cyberark/secrets-provider-for-k8s:1.6.4
       - equal:
           path: spec.template.spec.containers[0].imagePullPolicy
           value: IfNotPresent

helm/secrets-provider/values.yaml

@@ -12,7 +12,7 @@ rbac:
 
 secretsProvider:
   image: docker.io/cyberark/secrets-provider-for-k8s
-  tag: 1.6.3
+  tag: 1.6.4
   imagePullPolicy: IfNotPresent
   # Container name
   name: cyberark-secrets-provider-for-k8s

pkg/secrets/version.go

@@ -3,7 +3,7 @@ package secrets
 import "fmt"
 
 // Version field is a SemVer that should indicate the baked-in version
-var Version = "1.6.3"
+var Version = "1.6.4"
 
 // Tag field denotes the specific build type for the broker. It may
 // be replaced by compile-time variables if needed to provide the git