diff --git a/CHANGELOG.md b/CHANGELOG.md index bdc0b3bd..46f8ce1b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,13 +6,18 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [Unreleased] -## [1.6.3] - 2023-03-21 +## [1.6.4] - 2024-04-08 + +### Changed +- Testing and CI improvements (CNJR-4550) + +## [1.6.3] - 2024-03-21 ### Changed - Use updated RedHat preflight scan tool v1.9.1 (CNJR-3914) - Updated Go to 1.22 (CONJSE-1842) -## [1.6.2] - 2023-03-20 +## [1.6.2] - 2024-03-20 ### Security - Replace google.golang.org/grpc@v1.27.0, golang.org/x/crypto@v0.14.0, @@ -327,7 +332,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ### Changed - Escape secrets with backslashes before patching in k8s -[Unreleased]: https://github.com/cyberark/secrets-provider-for-k8s/compare/v1.6.3...HEAD +[Unreleased]: https://github.com/cyberark/secrets-provider-for-k8s/compare/v1.6.4...HEAD +[1.6.4]: https://github.com/cyberark/secrets-provider-for-k8s/compare/v1.6.3...v1.6.4 [1.6.3]: https://github.com/cyberark/secrets-provider-for-k8s/compare/v1.6.2...v1.6.3 [1.6.2]: https://github.com/cyberark/secrets-provider-for-k8s/compare/v1.6.1...v1.6.2 [1.6.1]: https://github.com/cyberark/secrets-provider-for-k8s/compare/v1.6.0...v1.6.1 diff --git a/Jenkinsfile b/Jenkinsfile index 4e479228..3857c2dc 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -184,17 +184,17 @@ pipeline { scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "secrets-provider-for-k8s:latest", "NONE", true) } } -// stage('Scan RedHat image for fixable issues') { -// steps { -// scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "secrets-provider-for-k8s-redhat:latest", "HIGH", false) -// } -// } + stage('Scan RedHat image for fixable issues') { + steps { + scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "secrets-provider-for-k8s-redhat:latest", "HIGH", false) + } + } -// stage('Scan RedHat image for all issues') { -// steps { -// scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "secrets-provider-for-k8s-redhat:latest", "NONE", true) -// } -// } + stage('Scan RedHat image for all issues') { + steps { + scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "secrets-provider-for-k8s-redhat:latest", "NONE", true) + } + } } } diff --git a/bin/publish b/bin/publish index 8ab8bac9..ce7b2ad1 100755 --- a/bin/publish +++ b/bin/publish @@ -124,27 +124,27 @@ if [[ ${PROMOTE} = true ]]; then # Publish only latest to Redhat Registries -# echo "Tagging and pushing ${REDHAT_REMOTE_IMAGE} with tag ${REMOTE_TAG}" -# docker tag "${LOCAL_REGISTRY}/${REDHAT_LOCAL_IMAGE}:${SOURCE_TAG}" "${REDHAT_REMOTE_IMAGE}:${REMOTE_TAG}" + echo "Tagging and pushing ${REDHAT_REMOTE_IMAGE} with tag ${REMOTE_TAG}" + docker tag "${LOCAL_REGISTRY}/${REDHAT_LOCAL_IMAGE}:${SOURCE_TAG}" "${REDHAT_REMOTE_IMAGE}:${REMOTE_TAG}" # Publish RedHat image to RedHat Registry -# if docker login "${REDHAT_REGISTRY}" -u "${REDHAT_USER}" -p "${REDHAT_API_KEY}"; then + if docker login "${REDHAT_REGISTRY}" -u "${REDHAT_USER}" -p "${REDHAT_API_KEY}"; then # you can't push the same tag twice to redhat registry, so ignore errors -# if ! docker push "${REDHAT_REMOTE_IMAGE}:${REMOTE_TAG}"; then -# echo 'Red Hat push FAILED! (maybe the image was pushed already?)' -# exit 0 -# fi + if ! docker push "${REDHAT_REMOTE_IMAGE}:${REMOTE_TAG}"; then + echo 'Red Hat push FAILED! (maybe the image was pushed already?)' + exit 0 + fi # scan image with preflight tool -# scan_redhat_image "${REDHAT_REMOTE_IMAGE}:${REMOTE_TAG}" "${REDHAT_CERT_PID}" + scan_redhat_image "${REDHAT_REMOTE_IMAGE}:${REMOTE_TAG}" "${REDHAT_CERT_PID}" # Publish latest tag to Redhat Registry -# echo "Tagging and pushing ${REDHAT_REMOTE_IMAGE} with tag latest" -# docker tag "${LOCAL_REGISTRY}/${REDHAT_LOCAL_IMAGE}:${SOURCE_TAG}" "${REDHAT_REMOTE_IMAGE}:latest" -# docker push "${REDHAT_REMOTE_IMAGE}:latest" -# else -# echo 'Failed to log in to quay.io' -# exit 1 -# fi + echo "Tagging and pushing ${REDHAT_REMOTE_IMAGE} with tag latest" + docker tag "${LOCAL_REGISTRY}/${REDHAT_LOCAL_IMAGE}:${SOURCE_TAG}" "${REDHAT_REMOTE_IMAGE}:latest" + docker push "${REDHAT_REMOTE_IMAGE}:latest" + else + echo 'Failed to log in to quay.io' + exit 1 + fi fi diff --git a/helm/secrets-provider/Chart.yaml b/helm/secrets-provider/Chart.yaml index 9a820954..3147583a 100644 --- a/helm/secrets-provider/Chart.yaml +++ b/helm/secrets-provider/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 description: A Helm chart for deploying CyberArk Secrets Provider for Kubernetes name: secrets-provider -version: 1.6.3 +version: 1.6.4 home: https://github.com/cyberark/secrets-provider-for-k8s icon: https://www.cyberark.com/wp-content/uploads/2015/12/cybr-aim.jpg diff --git a/helm/secrets-provider/tests/secrets_provider_test.yaml b/helm/secrets-provider/tests/secrets_provider_test.yaml index 54accb87..1f475f48 100644 --- a/helm/secrets-provider/tests/secrets_provider_test.yaml +++ b/helm/secrets-provider/tests/secrets_provider_test.yaml @@ -71,7 +71,7 @@ tests: # Confirm that default chart values have been used - equal: path: spec.template.spec.containers[0].image - value: docker.io/cyberark/secrets-provider-for-k8s:1.6.3 + value: docker.io/cyberark/secrets-provider-for-k8s:1.6.4 - equal: path: spec.template.spec.containers[0].imagePullPolicy value: IfNotPresent diff --git a/helm/secrets-provider/values.yaml b/helm/secrets-provider/values.yaml index 120e38b2..8dd1e06a 100644 --- a/helm/secrets-provider/values.yaml +++ b/helm/secrets-provider/values.yaml @@ -12,7 +12,7 @@ rbac: secretsProvider: image: docker.io/cyberark/secrets-provider-for-k8s - tag: 1.6.3 + tag: 1.6.4 imagePullPolicy: IfNotPresent # Container name name: cyberark-secrets-provider-for-k8s diff --git a/pkg/secrets/version.go b/pkg/secrets/version.go index 1228161b..e93cda2f 100644 --- a/pkg/secrets/version.go +++ b/pkg/secrets/version.go @@ -3,7 +3,7 @@ package secrets import "fmt" // Version field is a SemVer that should indicate the baked-in version -var Version = "1.6.3" +var Version = "1.6.4" // Tag field denotes the specific build type for the broker. It may // be replaced by compile-time variables if needed to provide the git