From 5bd8e3ef054b93486596dd42000da34fa30792a1 Mon Sep 17 00:00:00 2001
From: Jason Thomas <jason@openc3.com>
Date: Sat, 11 Jan 2025 12:02:09 -0700
Subject: [PATCH 1/4] Parameterize the traefik version and bump to 3.3.1

---
 openc3-minio/Dockerfile           | 1 +
 openc3-traefik/Dockerfile         | 4 +++-
 scripts/linux/openc3_build_ubi.sh | 1 +
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/openc3-minio/Dockerfile b/openc3-minio/Dockerfile
index 95f1e0a59d..1680718a96 100644
--- a/openc3-minio/Dockerfile
+++ b/openc3-minio/Dockerfile
@@ -1,4 +1,5 @@
 ARG OPENC3_DEPENDENCY_REGISTRY=docker.io
+# Consider updating openc3_build_ubi.sh when changing the release version
 ARG OPENC3_MINIO_RELEASE=RELEASE.2024-12-18T13-15-44Z
 FROM ${OPENC3_DEPENDENCY_REGISTRY}/minio/minio:${OPENC3_MINIO_RELEASE}
 
diff --git a/openc3-traefik/Dockerfile b/openc3-traefik/Dockerfile
index 0adeb66a70..e1cdd2a658 100644
--- a/openc3-traefik/Dockerfile
+++ b/openc3-traefik/Dockerfile
@@ -1,6 +1,8 @@
 ARG OPENC3_DEPENDENCY_REGISTRY=docker.io
 ARG TRAEFIK_CONFIG=traefik.yaml
-FROM ${OPENC3_DEPENDENCY_REGISTRY}/traefik:v3.2.3
+# Consider updating openc3_build_ubi.sh when changing the release version
+ARG OPENC3_TRAEFIK_RELEASE=v3.3.1
+FROM ${OPENC3_DEPENDENCY_REGISTRY}/traefik:${OPENC3_TRAEFIK_RELEASE}
 
 # An ARG declared before a FROM is outside of a build stage, so it can’t be
 # used in any instruction after a FROM. So we need to re-ARG.
diff --git a/scripts/linux/openc3_build_ubi.sh b/scripts/linux/openc3_build_ubi.sh
index c370a9f051..808b62bfc8 100755
--- a/scripts/linux/openc3_build_ubi.sh
+++ b/scripts/linux/openc3_build_ubi.sh
@@ -133,6 +133,7 @@ docker build \
   --network host \
   --build-arg OPENC3_DEPENDENCY_REGISTRY=${OPENC3_UBI_REGISTRY}/ironbank/opensource/traefik \
   --build-arg TRAEFIK_CONFIG=$TRAEFIK_CONFIG \
+  --build-arg OPENC3_TRAEFIK_RELEASE=v3.3.1 \
   --platform linux/amd64 \
   -t "${OPENC3_REGISTRY}/${OPENC3_NAMESPACE}/openc3-traefik-ubi:${OPENC3_TAG}" \
   .

From fd745108375c58f88a9c70a3d3522e5ab883bf0a Mon Sep 17 00:00:00 2001
From: Jason Thomas <jason@openc3.com>
Date: Sat, 11 Jan 2025 12:07:10 -0700
Subject: [PATCH 2/4] Add link to IronBank

---
 scripts/linux/openc3_build_ubi.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scripts/linux/openc3_build_ubi.sh b/scripts/linux/openc3_build_ubi.sh
index 808b62bfc8..daf5bb3013 100755
--- a/scripts/linux/openc3_build_ubi.sh
+++ b/scripts/linux/openc3_build_ubi.sh
@@ -62,6 +62,8 @@ docker build \
 cd ..
 
 # openc3-minio
+# NOTE: Ensure the release is on IronBank:
+# https://ironbank.dso.mil/repomap/details;registry1Path=opensource%252Fminio%252Fminio
 # NOTE: RELEASE.2023-10-16T04-13-43Z is the last MINIO release to support UBI8
 cd openc3-minio
 docker build \
@@ -133,6 +135,8 @@ docker build \
   --network host \
   --build-arg OPENC3_DEPENDENCY_REGISTRY=${OPENC3_UBI_REGISTRY}/ironbank/opensource/traefik \
   --build-arg TRAEFIK_CONFIG=$TRAEFIK_CONFIG \
+  # NOTE: Ensure the release is on IronBank:
+  # https://ironbank.dso.mil/repomap/details;registry1Path=opensource%252Ftraefik%252Ftraefik
   --build-arg OPENC3_TRAEFIK_RELEASE=v3.3.1 \
   --platform linux/amd64 \
   -t "${OPENC3_REGISTRY}/${OPENC3_NAMESPACE}/openc3-traefik-ubi:${OPENC3_TAG}" \

From 04ad554b2c9419e308c97c074d142c594d6d3447 Mon Sep 17 00:00:00 2001
From: Jason Thomas <jason@openc3.com>
Date: Wed, 15 Jan 2025 11:22:51 -0700
Subject: [PATCH 3/4] Install ironbank cert

---
 .github/workflows/build_ubi.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/build_ubi.yml b/.github/workflows/build_ubi.yml
index d52b09683f..79c7e1d776 100644
--- a/.github/workflows/build_ubi.yml
+++ b/.github/workflows/build_ubi.yml
@@ -29,6 +29,8 @@ jobs:
         # This `shell` line is required to get around a known issue: https://github.com/actions/runner/issues/241#issuecomment-745902718
         shell: 'script -q -e -c "bash {0}"'
         run: echo ${{ secrets.IRONBANK_REGISTRY_CLI }} | docker login registry1.dso.mil -u jmthomas --password-stdin
+      - name: install cert
+        run: echo "${{ secrets.IRONBANK_CERT }}" > /tmp/ironbank.crt && sudo cp /tmp/ironbank.crt /etc/ssl/certs/ironbank.crt && sudo update-ca-certificates
       - name: openc3.sh build-ubi
         # This `shell` line is required to get around a known issue: https://github.com/actions/runner/issues/241#issuecomment-745902718
         shell: 'script -q -e -c "bash {0}"'

From 06135d7b876f97fd8635bfe927fda7c4fa0fd934 Mon Sep 17 00:00:00 2001
From: Jason Thomas <jason@openc3.com>
Date: Wed, 15 Jan 2025 11:39:02 -0700
Subject: [PATCH 4/4] Fix comment in shell script and bump to 3.3.2

---
 .github/workflows/build_ubi.yml   | 2 --
 openc3-traefik/Dockerfile         | 2 +-
 scripts/linux/openc3_build_ubi.sh | 6 +++---
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/build_ubi.yml b/.github/workflows/build_ubi.yml
index 79c7e1d776..d52b09683f 100644
--- a/.github/workflows/build_ubi.yml
+++ b/.github/workflows/build_ubi.yml
@@ -29,8 +29,6 @@ jobs:
         # This `shell` line is required to get around a known issue: https://github.com/actions/runner/issues/241#issuecomment-745902718
         shell: 'script -q -e -c "bash {0}"'
         run: echo ${{ secrets.IRONBANK_REGISTRY_CLI }} | docker login registry1.dso.mil -u jmthomas --password-stdin
-      - name: install cert
-        run: echo "${{ secrets.IRONBANK_CERT }}" > /tmp/ironbank.crt && sudo cp /tmp/ironbank.crt /etc/ssl/certs/ironbank.crt && sudo update-ca-certificates
       - name: openc3.sh build-ubi
         # This `shell` line is required to get around a known issue: https://github.com/actions/runner/issues/241#issuecomment-745902718
         shell: 'script -q -e -c "bash {0}"'
diff --git a/openc3-traefik/Dockerfile b/openc3-traefik/Dockerfile
index e1cdd2a658..2798130d4f 100644
--- a/openc3-traefik/Dockerfile
+++ b/openc3-traefik/Dockerfile
@@ -1,7 +1,7 @@
 ARG OPENC3_DEPENDENCY_REGISTRY=docker.io
 ARG TRAEFIK_CONFIG=traefik.yaml
 # Consider updating openc3_build_ubi.sh when changing the release version
-ARG OPENC3_TRAEFIK_RELEASE=v3.3.1
+ARG OPENC3_TRAEFIK_RELEASE=v3.3.2
 FROM ${OPENC3_DEPENDENCY_REGISTRY}/traefik:${OPENC3_TRAEFIK_RELEASE}
 
 # An ARG declared before a FROM is outside of a build stage, so it can’t be
diff --git a/scripts/linux/openc3_build_ubi.sh b/scripts/linux/openc3_build_ubi.sh
index daf5bb3013..078b876e7e 100755
--- a/scripts/linux/openc3_build_ubi.sh
+++ b/scripts/linux/openc3_build_ubi.sh
@@ -130,14 +130,14 @@ cd ..
 if [[ -z $TRAEFIK_CONFIG ]]; then
   export TRAEFIK_CONFIG=traefik.yaml
 fi
+# NOTE: Ensure OPENC3_TRAEFIK_RELEASE is on IronBank:
+# https://ironbank.dso.mil/repomap/details;registry1Path=opensource%252Ftraefik%252Ftraefik
 cd openc3-traefik
 docker build \
   --network host \
   --build-arg OPENC3_DEPENDENCY_REGISTRY=${OPENC3_UBI_REGISTRY}/ironbank/opensource/traefik \
   --build-arg TRAEFIK_CONFIG=$TRAEFIK_CONFIG \
-  # NOTE: Ensure the release is on IronBank:
-  # https://ironbank.dso.mil/repomap/details;registry1Path=opensource%252Ftraefik%252Ftraefik
-  --build-arg OPENC3_TRAEFIK_RELEASE=v3.3.1 \
+  --build-arg OPENC3_TRAEFIK_RELEASE=v3.3.2 \
   --platform linux/amd64 \
   -t "${OPENC3_REGISTRY}/${OPENC3_NAMESPACE}/openc3-traefik-ubi:${OPENC3_TAG}" \
   .