chore: Update resource types to use hardened images

cloud-gov · Feb 16, 2024 · 5590c02 · 5590c02
1 parent 73e9ccb
commit 5590c02
Show file tree

Hide file tree

Showing 6 changed files with 436 additions and 458 deletions.
diff --git a/apps/metrics/ci/pipeline.yml b/apps/metrics/ci/pipeline.yml
@@ -10,10 +10,15 @@ env-cf: &env-cf
   CF_STACK: cflinuxfs4
 
 node-image: &node-image
-  type: docker-image
-  source:
-    repository: node
-    tag: 20.9-bullseye
+  platform: linux
+  image_resource:
+    type: registry-image
+    source:
+      aws_access_key_id: ((ecr-aws-key))
+      aws_secret_access_key: ((ecr-aws-secret))
+      repository: pages-node-v20
+      aws_region: us-gov-west-1
+      tag: latest
 
 cf-image: &cf-image
   platform: linux
@@ -31,9 +36,7 @@ test-metrics: &test-metrics
     output_mapping:
       src-metrics: src-metrics-dev
     config:
-      platform: linux
-      image_resource:
-        <<: *node-image
+      <<: *node-image
       inputs: [name: src-metrics]
       outputs: [name: src-metrics]
       run:
@@ -44,9 +47,7 @@ test-metrics: &test-metrics
   - in_parallel:
     - task: lint-metrics
       config:
-        platform: linux
-        image_resource:
-          <<: *node-image
+        <<: *node-image
         inputs: [name: src-metrics-dev]
         run:
           dir: src-metrics-dev/apps/metrics
@@ -55,9 +56,7 @@ test-metrics: &test-metrics
 
     - task: test-metrics
       config:
-        platform: linux
-        image_resource:
-          <<: *node-image
+        <<: *node-image
         inputs: [name: src-metrics-dev]
         run:
           dir: src-metrics-dev/apps/metrics
@@ -128,19 +127,19 @@ jobs:
         passed: [set-pipeline-((deploy-env))]
         params: {depth: 1}
         trigger: true
-      - put: gh-status
-        inputs: [src-metrics]
-        params: {state: pending}
+      - put: pr-((git-branch))
+        params:
+          path: pull-request
+          status: pending
+          context: concourse
 
       - do: *test-metrics
 
       - task: install-prod-deps-metrics
         output_mapping:
           src-metrics: src-metrics-prod
         config:
-          platform: linux
-          image_resource:
-            <<: *node-image
+          <<: *node-image
           inputs: [name: src-metrics]
           outputs: [name: src-metrics]
           run:
@@ -176,9 +175,11 @@ jobs:
 
     on_failure:
       in_parallel:
-        - put: gh-status
-          inputs: [src-metrics]
-          params: {state: failure}
+        - put: pr-((git-branch))
+          params:
+            path: pull-request
+            status: failure
+            context: concourse
         - put: slack
           params:
             text: |
@@ -190,9 +191,11 @@ jobs:
 
     on_success:
       in_parallel:
-        - put: gh-status
-          inputs: [src-metrics]
-          params: {state: success}
+        - put: pr-((git-branch))
+          params:
+            path: pull-request
+            status: success
+            context: concourse
         - put: slack
           params:
             text: |
@@ -261,15 +264,6 @@ resources:
     source:
       url: ((slack-webhook-url))
 
-  - name: gh-status
-    type: cogito
-    check_every: 1h
-    source:
-      owner: 18F
-      repo: federalist
-      access_token: ((gh-access-token))
-      context_prefix: concourse
-
   - name: nightly
     type: time
     source:
@@ -283,18 +277,29 @@ resources:
 
 resource_types:
 
-  - name: cogito
-    type: docker-image
-    check_every: 24h
-    source:
-      repository: pix4d/cogito
-
   - name: pull-request
-    type: docker-image
+    type: registry-image
     source:
-      repository: teliaoss/github-pr-resource
+      aws_access_key_id: ((ecr_aws_key))
+      aws_secret_access_key: ((ecr_aws_secret))
+      repository: github-pr-resource
+      aws_region: us-gov-west-1
+      tag: latest
 
   - name: slack-notification
-    type: docker-image
+    type: registry-image
+    source:
+      aws_access_key_id: ((ecr_aws_key))
+      aws_secret_access_key: ((ecr_aws_secret))
+      repository: slack-notification-resource
+      aws_region: us-gov-west-1
+      tag: latest
+
+  - name: time
+    type: registry-image
     source:
-      repository: cfcommunity/slack-notification-resource
+      aws_access_key_id: ((ecr_aws_key))
+      aws_secret_access_key: ((ecr_aws_secret))
+      repository: time-resource
+      aws_region: us-gov-west-1
+      tag: latest
diff --git a/ci/docker/entrypoint.sh b/ci/docker/entrypoint.sh
@@ -93,12 +93,6 @@ start_docker() {
 
   local docker_opts="${DOCKER_OPTS:-}"
 
-  # Pass through `--garden-mtu` from gardian container
-  if [[ "${docker_opts}" != *'--mtu'* ]]; then
-    local mtu="$(cat /sys/class/net/$(ip route get 8.8.8.8|awk '{ print $5 }')/mtu)"
-    docker_opts+=" --mtu ${mtu}"
-  fi
-
   # Use Concourse's scratch volume to bypass the graph filesystem by default
   if [[ "${docker_opts}" != *'--data-root'* ]] && [[ "${docker_opts}" != *'--graph'* ]]; then
     docker_opts+=' --data-root /scratch/docker'

diff --git a/ci/partials/test-api.yml b/ci/partials/test-api.yml
@@ -2,13 +2,15 @@ platform: linux
 image_resource:
   type: registry-image
   source:
-    repository: cloudgov/concourse-dcind
-    tag: original
+    aws_access_key_id: ((ecr-aws-key))
+    aws_secret_access_key: ((ecr-aws-secret))
+    repository: pages-dind-v25
+    aws_region: us-gov-west-1
+    tag: latest
 inputs:
   - name: src
   - name: redis
   - name: postgres
-  - name: node
 run:
   dir: src
   path: ci/docker/entrypoint.sh
@@ -20,4 +22,4 @@ run:
       docker-compose -f ci/docker/docker-compose.yml run app app/ci/tasks/test-api.sh
       docker-compose -f ci/docker/docker-compose.yml down
       docker volume rm $(docker volume ls -q)
-      docker network prune -f
+      docker network prune -f