From 885542fa2d185dae3ade703a706846430c591858 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kacper=20Ma=C5=82achowski?= <38684517+KacperMalachowski@users.noreply.github.com> Date: Fri, 31 Jan 2025 11:19:08 +0100 Subject: [PATCH 1/4] Fix getting report (#12619) * Strip timestamps before searching report string * Move regex up, to match reprotRegex * Fix parsing build report * Add debug logs, cean up code --- cmd/image-builder/main.go | 16 +++++----- pkg/imagebuilder/report.go | 15 ++------- pkg/imagebuilder/report_test.go | 56 ++++++++++++++++++++++++++------- 3 files changed, 55 insertions(+), 32 deletions(-) diff --git a/cmd/image-builder/main.go b/cmd/image-builder/main.go index bc37e09edbbd..0f468502b50b 100644 --- a/cmd/image-builder/main.go +++ b/cmd/image-builder/main.go @@ -383,6 +383,8 @@ func buildInADO(o options) error { if err != nil { return fmt.Errorf("build in ADO failed, failed parsing build report from ADO pipeline run logs, err: %s", err) } + + o.logger.Debugw("Parsed build report from ADO logs", "buildReport", buildReport) } else { dryRunPipelineRunResult := pipelines.RunResult("Succeeded") pipelineRunResult = &dryRunPipelineRunResult @@ -394,27 +396,25 @@ func buildInADO(o options) error { if o.ciSystem == GithubActions { fmt.Println("Setting GitHub outputs.") images := buildReport.GetImages() - if !o.dryRun { - fmt.Printf("Extracted built images from ADO logs: %v\n", images) - } else { - fmt.Println("Running in dry-run mode. Skipping extracting images and results from ADO.") - images = []string{"registry/repo/image1:tag1", "registry/repo/image2:tag2"} - } + + o.logger.Debugw("Extracted built images from ADO logs", "images", images) + data, err := json.Marshal(images) if err != nil { return fmt.Errorf("cannot marshal list of images: %w", err) } + o.logger.Debugw("Set GitHub outputs", "images", string(data), "adoResult", string(*pipelineRunResult)) + err = actions.SetOutput("images", string(data)) if err != nil { return fmt.Errorf("cannot set images GitHub output: %w", err) } - fmt.Println("images GitHub output set") + err = actions.SetOutput("adoResult", string(*pipelineRunResult)) if err != nil { return fmt.Errorf("cannot set adoResult GitHub output: %w", err) } - fmt.Println("adoResult GitHub output set") } if o.buildReportPath != "" { diff --git a/pkg/imagebuilder/report.go b/pkg/imagebuilder/report.go index 8af1cac90442..6f51d5ca6a4d 100644 --- a/pkg/imagebuilder/report.go +++ b/pkg/imagebuilder/report.go @@ -11,7 +11,7 @@ import ( var ( reportRegex = regexp.MustCompile(`(?s)---IMAGE BUILD REPORT---\n(.*)\n---END OF IMAGE BUILD REPORT---`) - timestampRegex = regexp.MustCompile(`\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d+Z\s+`) + timestampRegex = regexp.MustCompile(`\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d+Z\s`) ) type BuildReport struct { @@ -36,10 +36,6 @@ type ImageSpec struct { func (br *BuildReport) GetImages() []string { var images []string - if br == nil { - return images - } - for _, tag := range br.ImageSpec.Tags { images = append(images, fmt.Sprintf("%s%s:%s", br.ImageSpec.RepositoryPath, br.ImageSpec.Name, tag)) } @@ -54,7 +50,7 @@ func NewBuildReportFromLogs(log string) (*BuildReport, error) { // Find the report in the log matches := reportRegex.FindStringSubmatch(log) if len(matches) < 2 { - return nil, nil + return nil, fmt.Errorf("no image build report found in log") } // Parse the report data @@ -72,13 +68,8 @@ func WriteReportToFile(report *BuildReport, path string) error { return fmt.Errorf("failed to marshal report: %w", err) } - file, err := os.Open(path) + err = os.WriteFile(path, data, os.ModePerm) if err != nil { - return fmt.Errorf("failed to open file: %w", err) - } - defer file.Close() - - if _, err := file.Write(data); err != nil { return fmt.Errorf("failed to write report to file: %w", err) } diff --git a/pkg/imagebuilder/report_test.go b/pkg/imagebuilder/report_test.go index be99455821d6..5bb7e085de11 100644 --- a/pkg/imagebuilder/report_test.go +++ b/pkg/imagebuilder/report_test.go @@ -51,18 +51,26 @@ var _ = Describe("Report", func() { Expect(actual).To(Equal(expectedReport)) }) + + It("returns an error if the log does not contain the image build report", func() { + logs := `2025-01-31T08:32:23.5327056Z ##[section]Starting: prepare_image_build_report` + + _, err := NewBuildReportFromLogs(logs) + Expect(err).To(HaveOccurred()) + }) }) Describe("GetImages", func() { - report := &BuildReport{ - ImageSpec: ImageSpec{ - Name: "ginkgo-test-image/ginkgo", - Tags: []string{"1.23.0-50049457", "wartosc", "innytag", "v20250129-50049457", "1.23.0"}, - RepositoryPath: "europe-docker.pkg.dev/kyma-project/prod/", - }, - } - It("returns the list of images", func() { + It("returns the list of images from build report", func() { + report := &BuildReport{ + ImageSpec: ImageSpec{ + Name: "ginkgo-test-image/ginkgo", + Tags: []string{"1.23.0-50049457", "wartosc", "innytag", "v20250129-50049457", "1.23.0"}, + RepositoryPath: "europe-docker.pkg.dev/kyma-project/prod/", + }, + } + expectedImages := []string{ "europe-docker.pkg.dev/kyma-project/prod/ginkgo-test-image/ginkgo:1.23.0-50049457", "europe-docker.pkg.dev/kyma-project/prod/ginkgo-test-image/ginkgo:wartosc", @@ -75,13 +83,37 @@ var _ = Describe("Report", func() { }) It("returns an empty list if there are no tags", func() { - report.ImageSpec.Tags = []string{} + report := &BuildReport{ + ImageSpec: ImageSpec{ + Name: "ginkgo-test-image/ginkgo", + Tags: []string{}, + RepositoryPath: "europe-docker.pkg.dev/kyma-project/prod/", + }, + } + Expect(report.GetImages()).To(BeEmpty()) }) + }) + + Describe("WriteReportToFile", func() { + report := &BuildReport{ + Status: "Succeeded", + IsPushed: true, + IsSigned: false, + IsProduction: false, + ImageSpec: ImageSpec{ + Name: "github-tools-sap/conduit-cli", + Tags: []string{"PR-477"}, + RepositoryPath: "europe-docker.pkg.dev/kyma-project/dev/", + }, + } + + It("writes the report to a file", func() { + path := "/tmp/report.json" + err := WriteReportToFile(report, path) + Expect(err).ToNot(HaveOccurred()) - It("returns an empty list if build report is nil", func() { - var nilReport *BuildReport - Expect(nilReport.GetImages()).To(BeEmpty()) + Expect(path).To(BeAnExistingFile()) }) }) }) From 0732d42ed6a103e7d36fa3db704f7c153f2ac3b3 Mon Sep 17 00:00:00 2001 From: Kyma Bot Date: Fri, 31 Jan 2025 11:44:19 +0100 Subject: [PATCH 2/4] Bumping test-infra and testimages (#12620) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit No eu.gcr.io/kyma-project/test-infra/ changes. europe-docker.pkg.dev/kyma-project/prod/ changes: https://github.com/kyma-project/test-infra/compare/871459a2...885542fa (2025‑01‑31 → 2025‑01‑31) --- .github/actions/image-builder/action.yml | 2 +- .github/workflows/autobump-docs-index-md.yml | 2 +- .github/workflows/autobump-security-config.yaml | 2 +- .github/workflows/image-syncer.yml | 2 +- .github/workflows/pull-validate-kaniko-build-config.yml | 2 +- .../environments/dev/secrets-rotator/terraform.tfvars | 4 ++-- configs/terraform/environments/prod/terraform.tfvars | 4 ++-- configs/terraform/modules/cors-proxy/cors-proxy.tf | 2 +- .../github-webhook-gateway/github-webhook-gateway.tf | 2 +- .../modules/secrets-leaks-log-scanner/gcs-bucket-mover.tf | 2 +- .../secrets-leaks-log-scanner/github-issue-creator.tf | 2 +- .../secrets-leaks-log-scanner/github-issue-finder.tf | 2 +- .../secrets-leaks-log-scanner/secrets-leak-log-scanner.tf | 2 +- .../security-dashboard-token/security-dashboard-token.tf | 2 +- .../components/automated-approver_external-plugin.yaml | 2 +- .../external-secrets/external_secrets_checker_prow.yaml | 6 +++--- 16 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/actions/image-builder/action.yml b/.github/actions/image-builder/action.yml index 90c7c01cfa65..be5e9485e48a 100644 --- a/.github/actions/image-builder/action.yml +++ b/.github/actions/image-builder/action.yml @@ -82,7 +82,7 @@ runs: id: prepare-tags shell: bash - - uses: docker://europe-docker.pkg.dev/kyma-project/prod/image-builder:v20250131-871459a2 + - uses: docker://europe-docker.pkg.dev/kyma-project/prod/image-builder:v20250131-885542fa id: build with: args: --name=${{ inputs.image-name }} --context=${{ inputs.context }} --dockerfile=${{ inputs.dockerfile }} --azure-access-token=${{ inputs.ado-token }} --oidc-token=${{ inputs.oidc-token }} ${{ steps.prepare-build-args.outputs.build-args }} ${{ steps.prepare-tags.outputs.tags }} --export-tags=${{ inputs.export-tags }} --config=${{ inputs.config }} --env-file=${{ inputs.env-file }} --build-in-ado=true --use-go-internal-sap-modules=${{ inputs.use-go-internal-sap-modules }} \ No newline at end of file diff --git a/.github/workflows/autobump-docs-index-md.yml b/.github/workflows/autobump-docs-index-md.yml index 02a450609724..7dcd05e8d04d 100644 --- a/.github/workflows/autobump-docs-index-md.yml +++ b/.github/workflows/autobump-docs-index-md.yml @@ -59,6 +59,6 @@ jobs: --workdir /github/test-infra \ --privileged \ --cap-drop ALL \ - europe-docker.pkg.dev/kyma-project/prod/markdown-index:v20250131-871459a2 \ + europe-docker.pkg.dev/kyma-project/prod/markdown-index:v20250131-885542fa \ --config=${{ env.AUTOBUMP_CONFIG_PATH }} \ --labels-override=kind/chore,area/documentation diff --git a/.github/workflows/autobump-security-config.yaml b/.github/workflows/autobump-security-config.yaml index 398a73cbb2c6..f72530454cbd 100644 --- a/.github/workflows/autobump-security-config.yaml +++ b/.github/workflows/autobump-security-config.yaml @@ -71,7 +71,7 @@ jobs: --rm \ --privileged \ --cap-drop ALL \ - europe-docker.pkg.dev/kyma-project/prod/image-detector:v20250131-871459a2 \ + europe-docker.pkg.dev/kyma-project/prod/image-detector:v20250131-885542fa \ --terraform-dir=${{ env.TERRAFORM_CONFIGS_DIR }} \ --sec-scanner-config=${{ env.SEC_SCANNERS_CONFIG_PATH }} \ --autobump-config=${{ env.AUTOBUMP_CONFIG_PATH }} diff --git a/.github/workflows/image-syncer.yml b/.github/workflows/image-syncer.yml index 72b309596295..9c93622b9249 100644 --- a/.github/workflows/image-syncer.yml +++ b/.github/workflows/image-syncer.yml @@ -100,7 +100,7 @@ jobs: --workdir /github/workspace --rm --volume "$GITHUB_WORKSPACE:/github/workspace" - europe-docker.pkg.dev/kyma-project/prod/image-syncer:v20250131-871459a2 + europe-docker.pkg.dev/kyma-project/prod/image-syncer:v20250131-885542fa --images-file=/github/workspace/external-images.yaml --access-token=${{ steps.authenticate_in_gcp.outputs.access_token }} --dry-run=${{ steps.set_dry_run_flag.outputs.DRY_RUN }} diff --git a/.github/workflows/pull-validate-kaniko-build-config.yml b/.github/workflows/pull-validate-kaniko-build-config.yml index 5a19848acf14..2c98fe6ed974 100644 --- a/.github/workflows/pull-validate-kaniko-build-config.yml +++ b/.github/workflows/pull-validate-kaniko-build-config.yml @@ -50,7 +50,7 @@ jobs: secrets: |- ado-pat:${{ vars.GCP_KYMA_PROJECT_PROJECT_ID }}/${{ vars.IMAGE_BUILDER_ADO_PAT_GCP_SECRET_NAME }} - - uses: docker://europe-docker.pkg.dev/kyma-project/prod/image-builder:v20250131-871459a2 + - uses: docker://europe-docker.pkg.dev/kyma-project/prod/image-builder:v20250131-885542fa id: build with: args: --name=test-infra/ginkgo --context=. --dockerfile=images/ginkgo/Dockerfile --azure-access-token=${{ steps.secrets.outputs.ado-pat }} --oidc-token=${{ steps.get_oidc.outputs.jwt }} --env-file='envs' --build-in-ado=true --test-kaniko-build-config=true --config="./configs/image-builder-client-config.yaml" \ No newline at end of file diff --git a/configs/terraform/environments/dev/secrets-rotator/terraform.tfvars b/configs/terraform/environments/dev/secrets-rotator/terraform.tfvars index 536de11d1c29..d35b2f086bec 100644 --- a/configs/terraform/environments/dev/secrets-rotator/terraform.tfvars +++ b/configs/terraform/environments/dev/secrets-rotator/terraform.tfvars @@ -1,8 +1,8 @@ project_id = "sap-kyma-neighbors-dev" region = "europe-west3" service_account_keys_rotator_service_name = "service-account-keys-rotator" -service_account_keys_rotator_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20250131-871459a2" #gitleaks:allow +service_account_keys_rotator_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20250131-885542fa" #gitleaks:allow service_account_keys_cleaner_service_name = "service-account-keys-cleaner" -service_account_keys_cleaner_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20250131-871459a2" #gitleaks:allow +service_account_keys_cleaner_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20250131-885542fa" #gitleaks:allow service_account_key_latest_version_min_age = 24 service_account_keys_cleaner_scheduler_cron_schedule = "0 0 * * 1-5" diff --git a/configs/terraform/environments/prod/terraform.tfvars b/configs/terraform/environments/prod/terraform.tfvars index ef556df653d1..1478c252a2d6 100644 --- a/configs/terraform/environments/prod/terraform.tfvars +++ b/configs/terraform/environments/prod/terraform.tfvars @@ -8,9 +8,9 @@ kyma_project_artifact_registry_collection = { }, } service_account_keys_rotator_service_name = "service-account-keys-rotator" -service_account_keys_rotator_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20250131-871459a2" #gitleaks:allow +service_account_keys_rotator_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20250131-885542fa" #gitleaks:allow service_account_keys_cleaner_service_name = "service-account-keys-cleaner" -service_account_keys_cleaner_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20250131-871459a2" #gitleaks:allow +service_account_keys_cleaner_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20250131-885542fa" #gitleaks:allow service_account_key_latest_version_min_age = 24 service_account_keys_cleaner_scheduler_cron_schedule = "0 0 * * 1-5" diff --git a/configs/terraform/modules/cors-proxy/cors-proxy.tf b/configs/terraform/modules/cors-proxy/cors-proxy.tf index 338a4cabf2cc..44bd2b009803 100644 --- a/configs/terraform/modules/cors-proxy/cors-proxy.tf +++ b/configs/terraform/modules/cors-proxy/cors-proxy.tf @@ -28,7 +28,7 @@ resource "google_cloud_run_service" "cors_proxy" { template { spec { containers { - image = "europe-docker.pkg.dev/kyma-project/prod/cors-proxy:v20250131-871459a2" + image = "europe-docker.pkg.dev/kyma-project/prod/cors-proxy:v20250131-885542fa" env { name = "COMPONENT_NAME" value = "cors-proxy" diff --git a/configs/terraform/modules/github-webhook-gateway/github-webhook-gateway.tf b/configs/terraform/modules/github-webhook-gateway/github-webhook-gateway.tf index 42b3cbea68be..c04cd9604971 100644 --- a/configs/terraform/modules/github-webhook-gateway/github-webhook-gateway.tf +++ b/configs/terraform/modules/github-webhook-gateway/github-webhook-gateway.tf @@ -67,7 +67,7 @@ resource "google_cloud_run_service" "github_webhook_gateway" { spec { service_account_name = google_service_account.github_webhook_gateway.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/github-webhook-gateway:v20250131-871459a2" + image = "europe-docker.pkg.dev/kyma-project/prod/github-webhook-gateway:v20250131-885542fa" env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/configs/terraform/modules/secrets-leaks-log-scanner/gcs-bucket-mover.tf b/configs/terraform/modules/secrets-leaks-log-scanner/gcs-bucket-mover.tf index 960620873c58..34c116eeeef2 100644 --- a/configs/terraform/modules/secrets-leaks-log-scanner/gcs-bucket-mover.tf +++ b/configs/terraform/modules/secrets-leaks-log-scanner/gcs-bucket-mover.tf @@ -47,7 +47,7 @@ resource "google_cloud_run_service" "gcs_bucket_mover" { spec { service_account_name = google_service_account.gcs_bucket_mover.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/move-gcs-bucket:v20250131-871459a2" + image = "europe-docker.pkg.dev/kyma-project/prod/move-gcs-bucket:v20250131-885542fa" env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-creator.tf b/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-creator.tf index bf2e7449a51a..23702e7eedac 100644 --- a/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-creator.tf +++ b/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-creator.tf @@ -24,7 +24,7 @@ resource "google_cloud_run_service" "github_issue_creator" { spec { service_account_name = google_service_account.github_issue_creator.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/create-github-issue:v20250131-871459a2" + image = "europe-docker.pkg.dev/kyma-project/prod/create-github-issue:v20250131-885542fa" env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-finder.tf b/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-finder.tf index ce2ba7d5d75e..4714e345976e 100644 --- a/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-finder.tf +++ b/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-finder.tf @@ -24,7 +24,7 @@ resource "google_cloud_run_service" "github_issue_finder" { spec { service_account_name = google_service_account.github_issue_finder.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/search-github-issue:v20250131-871459a2" + image = "europe-docker.pkg.dev/kyma-project/prod/search-github-issue:v20250131-885542fa" env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/configs/terraform/modules/secrets-leaks-log-scanner/secrets-leak-log-scanner.tf b/configs/terraform/modules/secrets-leaks-log-scanner/secrets-leak-log-scanner.tf index b62720af2a36..1453453f9931 100644 --- a/configs/terraform/modules/secrets-leaks-log-scanner/secrets-leak-log-scanner.tf +++ b/configs/terraform/modules/secrets-leaks-log-scanner/secrets-leak-log-scanner.tf @@ -23,7 +23,7 @@ resource "google_cloud_run_service" "secrets_leak_log_scanner" { spec { service_account_name = google_service_account.secrets_leak_log_scanner.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/scan-logs-for-secrets:v20250131-871459a2" #gitleaks:allow + image = "europe-docker.pkg.dev/kyma-project/prod/scan-logs-for-secrets:v20250131-885542fa" #gitleaks:allow env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/configs/terraform/modules/security-dashboard-token/security-dashboard-token.tf b/configs/terraform/modules/security-dashboard-token/security-dashboard-token.tf index 2afea971654e..ac15909cdb2d 100644 --- a/configs/terraform/modules/security-dashboard-token/security-dashboard-token.tf +++ b/configs/terraform/modules/security-dashboard-token/security-dashboard-token.tf @@ -31,7 +31,7 @@ resource "google_cloud_run_service" "security_dashboard_token" { template { spec { containers { - image = "europe-docker.pkg.dev/kyma-project/prod/dashboard-token-proxy:v20250131-871459a2" #gitleaks:allow ignore gitleaks detection + image = "europe-docker.pkg.dev/kyma-project/prod/dashboard-token-proxy:v20250131-885542fa" #gitleaks:allow ignore gitleaks detection env { name = "CLIENT_SECRET" value_from { diff --git a/prow/cluster/components/automated-approver_external-plugin.yaml b/prow/cluster/components/automated-approver_external-plugin.yaml index 1eeca56cc7cc..ae0369b50028 100644 --- a/prow/cluster/components/automated-approver_external-plugin.yaml +++ b/prow/cluster/components/automated-approver_external-plugin.yaml @@ -16,7 +16,7 @@ spec: spec: containers: - name: automated-approver - image: europe-docker.pkg.dev/kyma-project/prod/automated-approver:v20250131-871459a2 + image: europe-docker.pkg.dev/kyma-project/prod/automated-approver:v20250131-885542fa imagePullPolicy: Always args: - --dry-run=false diff --git a/prow/cluster/resources/external-secrets/external_secrets_checker_prow.yaml b/prow/cluster/resources/external-secrets/external_secrets_checker_prow.yaml index 473ea7070685..cc1e2558d766 100644 --- a/prow/cluster/resources/external-secrets/external_secrets_checker_prow.yaml +++ b/prow/cluster/resources/external-secrets/external_secrets_checker_prow.yaml @@ -13,7 +13,7 @@ spec: spec: containers: - name: secret-checker-untrusted - image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20250131-871459a2 #gitleaks:allow + image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20250131-885542fa #gitleaks:allow imagePullPolicy: IfNotPresent command: - /externalsecretschecker @@ -49,7 +49,7 @@ spec: spec: containers: - name: secret-checker-trusted - image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20250131-871459a2 #gitleaks:allow + image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20250131-885542fa #gitleaks:allow imagePullPolicy: IfNotPresent command: - /externalsecretschecker @@ -85,7 +85,7 @@ spec: spec: containers: - name: secret-checker-prow - image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20250131-871459a2 #gitleaks:allow + image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20250131-885542fa #gitleaks:allow imagePullPolicy: IfNotPresent command: - /externalsecretschecker From c618ea6063d95226373991889862b98e064855bd Mon Sep 17 00:00:00 2001 From: Kyma Bot Date: Fri, 31 Jan 2025 11:50:36 +0100 Subject: [PATCH 3/4] Bumping sec-scanners-config.yaml (#12621) --- sec-scanners-config.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/sec-scanners-config.yaml b/sec-scanners-config.yaml index 29c1ccc79bbb..d9c769759149 100644 --- a/sec-scanners-config.yaml +++ b/sec-scanners-config.yaml @@ -2,15 +2,15 @@ module-name: test-infra rc-tag: rc-tag kind: kyma protecode: - - europe-docker.pkg.dev/kyma-project/prod/cors-proxy:v20250131-871459a2 - - europe-docker.pkg.dev/kyma-project/prod/create-github-issue:v20250131-871459a2 - - europe-docker.pkg.dev/kyma-project/prod/dashboard-token-proxy:v20250131-871459a2 - - europe-docker.pkg.dev/kyma-project/prod/github-webhook-gateway:v20250131-871459a2 - - europe-docker.pkg.dev/kyma-project/prod/move-gcs-bucket:v20250131-871459a2 - - europe-docker.pkg.dev/kyma-project/prod/scan-logs-for-secrets:v20250131-871459a2 - - europe-docker.pkg.dev/kyma-project/prod/search-github-issue:v20250131-871459a2 - - europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20250131-871459a2 - - europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20250131-871459a2 + - europe-docker.pkg.dev/kyma-project/prod/cors-proxy:v20250131-885542fa + - europe-docker.pkg.dev/kyma-project/prod/create-github-issue:v20250131-885542fa + - europe-docker.pkg.dev/kyma-project/prod/dashboard-token-proxy:v20250131-885542fa + - europe-docker.pkg.dev/kyma-project/prod/github-webhook-gateway:v20250131-885542fa + - europe-docker.pkg.dev/kyma-project/prod/move-gcs-bucket:v20250131-885542fa + - europe-docker.pkg.dev/kyma-project/prod/scan-logs-for-secrets:v20250131-885542fa + - europe-docker.pkg.dev/kyma-project/prod/search-github-issue:v20250131-885542fa + - europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20250131-885542fa + - europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20250131-885542fa - europe-docker.pkg.dev/kyma-project/prod/test-infra/signify-secret-rotator:v20250108-fae88ec9 - europe-docker.pkg.dev/kyma-project/prod/test-infra/slackmessagesender:v20250108-fae88ec9 whitesource: From 6c2e50b7007287d9aa7874c9f5e95afc6312d857 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kacper=20Ma=C5=82achowski?= <38684517+KacperMalachowski@users.noreply.github.com> Date: Fri, 31 Jan 2025 12:36:33 +0100 Subject: [PATCH 4/4] Revert "Bumping test-infra and testimages (#12620)" (#12622) This reverts commit 0732d42ed6a103e7d36fa3db704f7c153f2ac3b3. --- .github/actions/image-builder/action.yml | 2 +- .github/workflows/autobump-docs-index-md.yml | 2 +- .github/workflows/autobump-security-config.yaml | 2 +- .github/workflows/image-syncer.yml | 2 +- .github/workflows/pull-validate-kaniko-build-config.yml | 2 +- .../environments/dev/secrets-rotator/terraform.tfvars | 4 ++-- configs/terraform/environments/prod/terraform.tfvars | 4 ++-- configs/terraform/modules/cors-proxy/cors-proxy.tf | 2 +- .../github-webhook-gateway/github-webhook-gateway.tf | 2 +- .../modules/secrets-leaks-log-scanner/gcs-bucket-mover.tf | 2 +- .../secrets-leaks-log-scanner/github-issue-creator.tf | 2 +- .../secrets-leaks-log-scanner/github-issue-finder.tf | 2 +- .../secrets-leaks-log-scanner/secrets-leak-log-scanner.tf | 2 +- .../security-dashboard-token/security-dashboard-token.tf | 2 +- .../components/automated-approver_external-plugin.yaml | 2 +- .../external-secrets/external_secrets_checker_prow.yaml | 6 +++--- 16 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/actions/image-builder/action.yml b/.github/actions/image-builder/action.yml index be5e9485e48a..90c7c01cfa65 100644 --- a/.github/actions/image-builder/action.yml +++ b/.github/actions/image-builder/action.yml @@ -82,7 +82,7 @@ runs: id: prepare-tags shell: bash - - uses: docker://europe-docker.pkg.dev/kyma-project/prod/image-builder:v20250131-885542fa + - uses: docker://europe-docker.pkg.dev/kyma-project/prod/image-builder:v20250131-871459a2 id: build with: args: --name=${{ inputs.image-name }} --context=${{ inputs.context }} --dockerfile=${{ inputs.dockerfile }} --azure-access-token=${{ inputs.ado-token }} --oidc-token=${{ inputs.oidc-token }} ${{ steps.prepare-build-args.outputs.build-args }} ${{ steps.prepare-tags.outputs.tags }} --export-tags=${{ inputs.export-tags }} --config=${{ inputs.config }} --env-file=${{ inputs.env-file }} --build-in-ado=true --use-go-internal-sap-modules=${{ inputs.use-go-internal-sap-modules }} \ No newline at end of file diff --git a/.github/workflows/autobump-docs-index-md.yml b/.github/workflows/autobump-docs-index-md.yml index 7dcd05e8d04d..02a450609724 100644 --- a/.github/workflows/autobump-docs-index-md.yml +++ b/.github/workflows/autobump-docs-index-md.yml @@ -59,6 +59,6 @@ jobs: --workdir /github/test-infra \ --privileged \ --cap-drop ALL \ - europe-docker.pkg.dev/kyma-project/prod/markdown-index:v20250131-885542fa \ + europe-docker.pkg.dev/kyma-project/prod/markdown-index:v20250131-871459a2 \ --config=${{ env.AUTOBUMP_CONFIG_PATH }} \ --labels-override=kind/chore,area/documentation diff --git a/.github/workflows/autobump-security-config.yaml b/.github/workflows/autobump-security-config.yaml index f72530454cbd..398a73cbb2c6 100644 --- a/.github/workflows/autobump-security-config.yaml +++ b/.github/workflows/autobump-security-config.yaml @@ -71,7 +71,7 @@ jobs: --rm \ --privileged \ --cap-drop ALL \ - europe-docker.pkg.dev/kyma-project/prod/image-detector:v20250131-885542fa \ + europe-docker.pkg.dev/kyma-project/prod/image-detector:v20250131-871459a2 \ --terraform-dir=${{ env.TERRAFORM_CONFIGS_DIR }} \ --sec-scanner-config=${{ env.SEC_SCANNERS_CONFIG_PATH }} \ --autobump-config=${{ env.AUTOBUMP_CONFIG_PATH }} diff --git a/.github/workflows/image-syncer.yml b/.github/workflows/image-syncer.yml index 9c93622b9249..72b309596295 100644 --- a/.github/workflows/image-syncer.yml +++ b/.github/workflows/image-syncer.yml @@ -100,7 +100,7 @@ jobs: --workdir /github/workspace --rm --volume "$GITHUB_WORKSPACE:/github/workspace" - europe-docker.pkg.dev/kyma-project/prod/image-syncer:v20250131-885542fa + europe-docker.pkg.dev/kyma-project/prod/image-syncer:v20250131-871459a2 --images-file=/github/workspace/external-images.yaml --access-token=${{ steps.authenticate_in_gcp.outputs.access_token }} --dry-run=${{ steps.set_dry_run_flag.outputs.DRY_RUN }} diff --git a/.github/workflows/pull-validate-kaniko-build-config.yml b/.github/workflows/pull-validate-kaniko-build-config.yml index 2c98fe6ed974..5a19848acf14 100644 --- a/.github/workflows/pull-validate-kaniko-build-config.yml +++ b/.github/workflows/pull-validate-kaniko-build-config.yml @@ -50,7 +50,7 @@ jobs: secrets: |- ado-pat:${{ vars.GCP_KYMA_PROJECT_PROJECT_ID }}/${{ vars.IMAGE_BUILDER_ADO_PAT_GCP_SECRET_NAME }} - - uses: docker://europe-docker.pkg.dev/kyma-project/prod/image-builder:v20250131-885542fa + - uses: docker://europe-docker.pkg.dev/kyma-project/prod/image-builder:v20250131-871459a2 id: build with: args: --name=test-infra/ginkgo --context=. --dockerfile=images/ginkgo/Dockerfile --azure-access-token=${{ steps.secrets.outputs.ado-pat }} --oidc-token=${{ steps.get_oidc.outputs.jwt }} --env-file='envs' --build-in-ado=true --test-kaniko-build-config=true --config="./configs/image-builder-client-config.yaml" \ No newline at end of file diff --git a/configs/terraform/environments/dev/secrets-rotator/terraform.tfvars b/configs/terraform/environments/dev/secrets-rotator/terraform.tfvars index d35b2f086bec..536de11d1c29 100644 --- a/configs/terraform/environments/dev/secrets-rotator/terraform.tfvars +++ b/configs/terraform/environments/dev/secrets-rotator/terraform.tfvars @@ -1,8 +1,8 @@ project_id = "sap-kyma-neighbors-dev" region = "europe-west3" service_account_keys_rotator_service_name = "service-account-keys-rotator" -service_account_keys_rotator_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20250131-885542fa" #gitleaks:allow +service_account_keys_rotator_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20250131-871459a2" #gitleaks:allow service_account_keys_cleaner_service_name = "service-account-keys-cleaner" -service_account_keys_cleaner_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20250131-885542fa" #gitleaks:allow +service_account_keys_cleaner_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20250131-871459a2" #gitleaks:allow service_account_key_latest_version_min_age = 24 service_account_keys_cleaner_scheduler_cron_schedule = "0 0 * * 1-5" diff --git a/configs/terraform/environments/prod/terraform.tfvars b/configs/terraform/environments/prod/terraform.tfvars index 1478c252a2d6..ef556df653d1 100644 --- a/configs/terraform/environments/prod/terraform.tfvars +++ b/configs/terraform/environments/prod/terraform.tfvars @@ -8,9 +8,9 @@ kyma_project_artifact_registry_collection = { }, } service_account_keys_rotator_service_name = "service-account-keys-rotator" -service_account_keys_rotator_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20250131-885542fa" #gitleaks:allow +service_account_keys_rotator_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/rotate-service-account:v20250131-871459a2" #gitleaks:allow service_account_keys_cleaner_service_name = "service-account-keys-cleaner" -service_account_keys_cleaner_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20250131-885542fa" #gitleaks:allow +service_account_keys_cleaner_image = "europe-docker.pkg.dev/kyma-project/prod/test-infra/service-account-keys-cleaner:v20250131-871459a2" #gitleaks:allow service_account_key_latest_version_min_age = 24 service_account_keys_cleaner_scheduler_cron_schedule = "0 0 * * 1-5" diff --git a/configs/terraform/modules/cors-proxy/cors-proxy.tf b/configs/terraform/modules/cors-proxy/cors-proxy.tf index 44bd2b009803..338a4cabf2cc 100644 --- a/configs/terraform/modules/cors-proxy/cors-proxy.tf +++ b/configs/terraform/modules/cors-proxy/cors-proxy.tf @@ -28,7 +28,7 @@ resource "google_cloud_run_service" "cors_proxy" { template { spec { containers { - image = "europe-docker.pkg.dev/kyma-project/prod/cors-proxy:v20250131-885542fa" + image = "europe-docker.pkg.dev/kyma-project/prod/cors-proxy:v20250131-871459a2" env { name = "COMPONENT_NAME" value = "cors-proxy" diff --git a/configs/terraform/modules/github-webhook-gateway/github-webhook-gateway.tf b/configs/terraform/modules/github-webhook-gateway/github-webhook-gateway.tf index c04cd9604971..42b3cbea68be 100644 --- a/configs/terraform/modules/github-webhook-gateway/github-webhook-gateway.tf +++ b/configs/terraform/modules/github-webhook-gateway/github-webhook-gateway.tf @@ -67,7 +67,7 @@ resource "google_cloud_run_service" "github_webhook_gateway" { spec { service_account_name = google_service_account.github_webhook_gateway.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/github-webhook-gateway:v20250131-885542fa" + image = "europe-docker.pkg.dev/kyma-project/prod/github-webhook-gateway:v20250131-871459a2" env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/configs/terraform/modules/secrets-leaks-log-scanner/gcs-bucket-mover.tf b/configs/terraform/modules/secrets-leaks-log-scanner/gcs-bucket-mover.tf index 34c116eeeef2..960620873c58 100644 --- a/configs/terraform/modules/secrets-leaks-log-scanner/gcs-bucket-mover.tf +++ b/configs/terraform/modules/secrets-leaks-log-scanner/gcs-bucket-mover.tf @@ -47,7 +47,7 @@ resource "google_cloud_run_service" "gcs_bucket_mover" { spec { service_account_name = google_service_account.gcs_bucket_mover.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/move-gcs-bucket:v20250131-885542fa" + image = "europe-docker.pkg.dev/kyma-project/prod/move-gcs-bucket:v20250131-871459a2" env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-creator.tf b/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-creator.tf index 23702e7eedac..bf2e7449a51a 100644 --- a/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-creator.tf +++ b/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-creator.tf @@ -24,7 +24,7 @@ resource "google_cloud_run_service" "github_issue_creator" { spec { service_account_name = google_service_account.github_issue_creator.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/create-github-issue:v20250131-885542fa" + image = "europe-docker.pkg.dev/kyma-project/prod/create-github-issue:v20250131-871459a2" env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-finder.tf b/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-finder.tf index 4714e345976e..ce2ba7d5d75e 100644 --- a/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-finder.tf +++ b/configs/terraform/modules/secrets-leaks-log-scanner/github-issue-finder.tf @@ -24,7 +24,7 @@ resource "google_cloud_run_service" "github_issue_finder" { spec { service_account_name = google_service_account.github_issue_finder.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/search-github-issue:v20250131-885542fa" + image = "europe-docker.pkg.dev/kyma-project/prod/search-github-issue:v20250131-871459a2" env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/configs/terraform/modules/secrets-leaks-log-scanner/secrets-leak-log-scanner.tf b/configs/terraform/modules/secrets-leaks-log-scanner/secrets-leak-log-scanner.tf index 1453453f9931..b62720af2a36 100644 --- a/configs/terraform/modules/secrets-leaks-log-scanner/secrets-leak-log-scanner.tf +++ b/configs/terraform/modules/secrets-leaks-log-scanner/secrets-leak-log-scanner.tf @@ -23,7 +23,7 @@ resource "google_cloud_run_service" "secrets_leak_log_scanner" { spec { service_account_name = google_service_account.secrets_leak_log_scanner.email containers { - image = "europe-docker.pkg.dev/kyma-project/prod/scan-logs-for-secrets:v20250131-885542fa" #gitleaks:allow + image = "europe-docker.pkg.dev/kyma-project/prod/scan-logs-for-secrets:v20250131-871459a2" #gitleaks:allow env { name = "PROJECT_ID" value = var.gcp_project_id diff --git a/configs/terraform/modules/security-dashboard-token/security-dashboard-token.tf b/configs/terraform/modules/security-dashboard-token/security-dashboard-token.tf index ac15909cdb2d..2afea971654e 100644 --- a/configs/terraform/modules/security-dashboard-token/security-dashboard-token.tf +++ b/configs/terraform/modules/security-dashboard-token/security-dashboard-token.tf @@ -31,7 +31,7 @@ resource "google_cloud_run_service" "security_dashboard_token" { template { spec { containers { - image = "europe-docker.pkg.dev/kyma-project/prod/dashboard-token-proxy:v20250131-885542fa" #gitleaks:allow ignore gitleaks detection + image = "europe-docker.pkg.dev/kyma-project/prod/dashboard-token-proxy:v20250131-871459a2" #gitleaks:allow ignore gitleaks detection env { name = "CLIENT_SECRET" value_from { diff --git a/prow/cluster/components/automated-approver_external-plugin.yaml b/prow/cluster/components/automated-approver_external-plugin.yaml index ae0369b50028..1eeca56cc7cc 100644 --- a/prow/cluster/components/automated-approver_external-plugin.yaml +++ b/prow/cluster/components/automated-approver_external-plugin.yaml @@ -16,7 +16,7 @@ spec: spec: containers: - name: automated-approver - image: europe-docker.pkg.dev/kyma-project/prod/automated-approver:v20250131-885542fa + image: europe-docker.pkg.dev/kyma-project/prod/automated-approver:v20250131-871459a2 imagePullPolicy: Always args: - --dry-run=false diff --git a/prow/cluster/resources/external-secrets/external_secrets_checker_prow.yaml b/prow/cluster/resources/external-secrets/external_secrets_checker_prow.yaml index cc1e2558d766..473ea7070685 100644 --- a/prow/cluster/resources/external-secrets/external_secrets_checker_prow.yaml +++ b/prow/cluster/resources/external-secrets/external_secrets_checker_prow.yaml @@ -13,7 +13,7 @@ spec: spec: containers: - name: secret-checker-untrusted - image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20250131-885542fa #gitleaks:allow + image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20250131-871459a2 #gitleaks:allow imagePullPolicy: IfNotPresent command: - /externalsecretschecker @@ -49,7 +49,7 @@ spec: spec: containers: - name: secret-checker-trusted - image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20250131-885542fa #gitleaks:allow + image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20250131-871459a2 #gitleaks:allow imagePullPolicy: IfNotPresent command: - /externalsecretschecker @@ -85,7 +85,7 @@ spec: spec: containers: - name: secret-checker-prow - image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20250131-885542fa #gitleaks:allow + image: europe-docker.pkg.dev/kyma-project/prod/externalsecretschecker:v20250131-871459a2 #gitleaks:allow imagePullPolicy: IfNotPresent command: - /externalsecretschecker