From 2f25abb4c73d39ea50816a06c89bbb0a104150d9 Mon Sep 17 00:00:00 2001 From: Pierre Besson Date: Tue, 27 Aug 2024 15:32:54 +0200 Subject: [PATCH 1/4] add vault binary to mitogen image --- dockerfiles/mitogen/Dockerfile | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/dockerfiles/mitogen/Dockerfile b/dockerfiles/mitogen/Dockerfile index c438be7d..f2989ec3 100644 --- a/dockerfiles/mitogen/Dockerfile +++ b/dockerfiles/mitogen/Dockerfile @@ -4,6 +4,7 @@ FROM docker.io/library/python:3.9-slim-buster ARG VCS_REF=master ARG BUILD_DATE="" ARG REGISTRY_PATH=docker.io/paritytech +ARG VAULT_VERSION=1.17.3 LABEL io.parity.image.authors="devops-team@parity.io" \ io.parity.image.vendor="Parity Technologies" \ @@ -21,6 +22,12 @@ RUN apt-get update -y && \ sshpass ssh-client rsync tini curl git ruby \ && rm -rf /var/lib/apt/lists/* +RUN curl "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip" \ + -o vault.zip; \ + unzip vault.zip -d /usr/local/bin/vault; \ + rm vault.zip; \ + chmod +x /usr/local/bin/vault + RUN pip install --no-cache-dir pip --upgrade RUN pip install --no-cache-dir ansible==5.10 google-auth requests jmespath dnspython From e358bebebc8c5f0be0a8d50be6fd4d22985d4cdd Mon Sep 17 00:00:00 2001 From: Pierre Besson Date: Tue, 27 Aug 2024 15:33:23 +0200 Subject: [PATCH 2/4] update mitogen version --- dockerfiles/mitogen/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dockerfiles/mitogen/Dockerfile b/dockerfiles/mitogen/Dockerfile index f2989ec3..6cbc17fd 100644 --- a/dockerfiles/mitogen/Dockerfile +++ b/dockerfiles/mitogen/Dockerfile @@ -36,7 +36,7 @@ RUN curl -fSL -o /usr/local/bin/subkey 'https://releases.parity.io/substrate/x8 ENV ANSIBLE_STRATEGY=mitogen_linear ENV ANSIBLE_STRATEGY_PLUGINS=/opt/mitogen/ansible_mitogen/plugins/strategy -RUN cd /opt && git clone --depth 1 --branch v0.3.3 https://github.com/mitogen-hq/mitogen.git +RUN cd /opt && git clone --depth 1 --branch v0.3.9 https://github.com/mitogen-hq/mitogen.git ARG WORKDIR=/work RUN groupadd --gid 10001 nonroot && \ From 24b01a3c51623a2ffa9302d245c7a9af4875ed93 Mon Sep 17 00:00:00 2001 From: Pierre Besson Date: Tue, 27 Aug 2024 15:34:15 +0200 Subject: [PATCH 3/4] update vault, packer and sops versions --- .gitlab-ci.yml | 16 ++-------------- dockerfiles/kube-manifests-validation/Dockerfile | 2 +- dockerfiles/packer/Dockerfile | 4 ++-- dockerfiles/sops/Dockerfile | 4 ++-- dockerfiles/terraform/Dockerfile | 4 ++-- 5 files changed, 9 insertions(+), 21 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 34628291..47148074 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -754,7 +754,7 @@ kubetools-helm: # https://github.com/variantdev/vals/releases VALS_VERSION: "0.33.0" # https://releases.hashicorp.com/vault/ - VAULT_VERSION: "1.15.4" + VAULT_VERSION: "1.17.3" # https://github.com/kubernetes-sigs/kustomize/releases KUSTOMIZE_VERSION: "4.5.7" script: @@ -831,7 +831,7 @@ python: <<: *default-vars PYTHON_VERSION: "3.12" # https://releases.hashicorp.com/vault/ - VAULT_VERSION: "1.15.4" + VAULT_VERSION: "1.17.3" script: - | cat <<-EOT @@ -862,10 +862,6 @@ terraform: <<: *docker_build variables: <<: *default-vars - # https://releases.hashicorp.com/terraform/ - TERRAFORM_VERSION: "1.5.6" - # https://releases.hashicorp.com/vault/ - VAULT_VERSION: "1.15.4" script: - | cat <<-EOT @@ -898,10 +894,6 @@ sops: <<: *docker_build variables: <<: *default-vars - # https://github.com/mozilla/sops/releases/ - SOPS_VERSION: "3.7.3" - # https://releases.hashicorp.com/vault/ - VAULT_VERSION: "1.11.2" script: - | cat <<-EOT @@ -934,10 +926,6 @@ packer: <<: *docker_build variables: <<: *default-vars - # https://releases.hashicorp.com/packer/ - PACKER_VERSION: "1.8.7" - # https://releases.hashicorp.com/vault/ - VAULT_VERSION: "1.13.2" script: - export IMAGE_DATE_TAG="$CI_COMMIT_SHORT_SHA-$(date +%Y%m%d)" - | diff --git a/dockerfiles/kube-manifests-validation/Dockerfile b/dockerfiles/kube-manifests-validation/Dockerfile index 78046ecc..12f71153 100644 --- a/dockerfiles/kube-manifests-validation/Dockerfile +++ b/dockerfiles/kube-manifests-validation/Dockerfile @@ -7,7 +7,7 @@ ARG HELM_VERSION=3.12.2 ARG GATOR_VERSION=3.12.0 ARG DATREE_VERSION=1.9.19 ARG YQ_VERSION=4.34.2 -ARG VAULT_VERSION=1.14.1 +ARG VAULT_VERSION=1.17.3 ARG K8S_SCHEMA_VERSION=1.25.9 ARG K8S_SCHEMA_REPO_COMMIT_SHA=a43aa7eceaf4c32c5f45c9fc477588e7a12f18b6 ARG CRDS_SCHEMA_REPO_COMMIT_SHA=8f0604e873746d6b2d49794e5b37768460e7b545 diff --git a/dockerfiles/packer/Dockerfile b/dockerfiles/packer/Dockerfile index 111bf7c4..5bbef6d7 100644 --- a/dockerfiles/packer/Dockerfile +++ b/dockerfiles/packer/Dockerfile @@ -4,8 +4,8 @@ FROM docker.io/paritytech/mitogen:latest ARG VCS_REF=master ARG BUILD_DATE="" ARG REGISTRY_PATH=docker.io/paritytech -ARG PACKER_VERSION -ARG VAULT_VERSION +ARG PACKER_VERSION=1.8.7 +ARG VAULT_VERSION=1.17.3 LABEL io.parity.image.authors="devops-team@parity.io" \ io.parity.image.vendor="Parity Technologies" \ diff --git a/dockerfiles/sops/Dockerfile b/dockerfiles/sops/Dockerfile index 2365f27e..d164c5e4 100644 --- a/dockerfiles/sops/Dockerfile +++ b/dockerfiles/sops/Dockerfile @@ -3,8 +3,8 @@ FROM docker.io/library/alpine:latest ARG VCS_REF=master ARG BUILD_DATE="" ARG REGISTRY_PATH=docker.io/paritytech -ARG SOPS_VERSION -ARG VAULT_VERSION +ARG SOPS_VERSION=3.9.0 +ARG VAULT_VERSION=1.17.3 # metadata LABEL io.parity.image.authors="devops-team@parity.io" \ diff --git a/dockerfiles/terraform/Dockerfile b/dockerfiles/terraform/Dockerfile index c1ed844d..8dacccd9 100644 --- a/dockerfiles/terraform/Dockerfile +++ b/dockerfiles/terraform/Dockerfile @@ -3,8 +3,8 @@ FROM docker.io/library/alpine:latest ARG VCS_REF=master ARG BUILD_DATE="" ARG REGISTRY_PATH=docker.io/paritytech -ARG TERRAFORM_VERSION -ARG VAULT_VERSION +ARG TERRAFORM_VERSION=1.5.6 +ARG VAULT_VERSION=1.17.3 # metadata LABEL io.parity.image.authors="devops-team@parity.io" \ From e54ba60581dc2e33e3429df37eaf65c2f3df6c1a Mon Sep 17 00:00:00 2001 From: Pierre Besson Date: Tue, 27 Aug 2024 16:24:31 +0200 Subject: [PATCH 4/4] add unzip to mitogen image --- dockerfiles/mitogen/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dockerfiles/mitogen/Dockerfile b/dockerfiles/mitogen/Dockerfile index 6cbc17fd..b8a9713a 100644 --- a/dockerfiles/mitogen/Dockerfile +++ b/dockerfiles/mitogen/Dockerfile @@ -19,7 +19,7 @@ dockerfiles/mitogen/README.md" \ RUN apt-get update -y && \ DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ - sshpass ssh-client rsync tini curl git ruby \ + sshpass ssh-client rsync tini curl git ruby unzip \ && rm -rf /var/lib/apt/lists/* RUN curl "https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip" \