From 8f6fac5b3201dd08e3528a94377a88a077c07948 Mon Sep 17 00:00:00 2001 From: ianhundere <138915+ianhundere@users.noreply.github.com> Date: Thu, 25 Jul 2024 18:26:34 -0500 Subject: [PATCH 01/22] adds cronJob. Signed-off-by: ianhundere <138915+ianhundere@users.noreply.github.com> --- charts/scaffold/README.md | 37 +++- charts/scaffold/templates/_helpers.tpl | 1 - charts/scaffold/templates/clusterrole.yaml | 2 +- .../templates/copy-secrets-cronjob.yaml | 100 +++++++++++ .../scaffold/templates/copy-secrets-job.yaml | 6 +- charts/scaffold/values.schema.json | 166 ++++++++++++------ charts/scaffold/values.yaml | 48 +++-- 7 files changed, 285 insertions(+), 75 deletions(-) create mode 100644 charts/scaffold/templates/copy-secrets-cronjob.yaml diff --git a/charts/scaffold/README.md b/charts/scaffold/README.md index d34e12d5..d387c62a 100644 --- a/charts/scaffold/README.md +++ b/charts/scaffold/README.md @@ -49,6 +49,11 @@ helm uninstall [RELEASE_NAME] |-----|------|---------|-------------| | copySecretJob.affinity | object | `{}` | | | copySecretJob.backoffLimit | int | `6` | | +| copySecretJob.copySecretCronJob.backoffLimit | int | `2` | | +| copySecretJob.copySecretCronJob.enabled | bool | `false` | | +| copySecretJob.copySecretCronJob.failedJobsHistoryLimit | int | `1` | | +| copySecretJob.copySecretCronJob.schedule | string | `"*/5 * * * 1-5"` | | +| copySecretJob.copySecretCronJob.successfulJobsHistoryLimit | int | `1` | | | copySecretJob.enabled | bool | `false` | | | copySecretJob.imagePullPolicy | string | `"IfNotPresent"` | | | copySecretJob.name | string | `"copy-secrets-job"` | | @@ -91,6 +96,30 @@ helm uninstall [RELEASE_NAME] | rekor.server.fullnameOverride | string | `"rekor-server"` | | | rekor.tolerations | list | `[]` | | | rekor.trillian.enabled | bool | `false` | | +| secrets.ctlog.create | bool | `false` | | +| secrets.ctlog.deploymentName | string | `"ctlog"` | | +| secrets.ctlog.key | string | `"public"` | | +| secrets.ctlog.name | string | `"ctlog-public-key"` | | +| secrets.ctlog.namespace | string | `"ctlog-system"` | | +| secrets.ctlog.path | string | `"ctfe.pub"` | | +| secrets.fulcio.create | bool | `false` | | +| secrets.fulcio.deploymentName | string | `"fulcio-server"` | | +| secrets.fulcio.key | string | `"cert"` | | +| secrets.fulcio.name | string | `"fulcio-server-secret"` | | +| secrets.fulcio.namespace | string | `"fulcio-system"` | | +| secrets.fulcio.path | string | `"fulcio_v1.crt.pem"` | | +| secrets.rekor.create | bool | `false` | | +| secrets.rekor.deploymentName | string | `"rekor-server"` | | +| secrets.rekor.key | string | `"key"` | | +| secrets.rekor.name | string | `"rekor-public-key"` | | +| secrets.rekor.namespace | string | `"rekor-system"` | | +| secrets.rekor.path | string | `"rekor.pub"` | | +| secrets.tsa.create | bool | `false` | | +| secrets.tsa.deploymentName | string | `"tsa-server"` | | +| secrets.tsa.key | string | `"cert-chain"` | | +| secrets.tsa.name | string | `"tsa-cert-chain"` | | +| secrets.tsa.namespace | string | `"tsa-system"` | | +| secrets.tsa.path | string | `"tsa.certchain.pem"` | | | trillian.affinity | object | `{}` | | | trillian.enabled | bool | `true` | | | trillian.forceNamespace | string | `"trillian-system"` | | @@ -121,14 +150,6 @@ helm uninstall [RELEASE_NAME] | tuf.namespace.create | bool | `true` | | | tuf.namespace.name | string | `"tuf-system"` | | | tuf.nodeSelector | object | `{}` | | -| tuf.secrets.ctlog.name | string | `"ctlog-public-key"` | | -| tuf.secrets.ctlog.path | string | `"ctfe.pub"` | | -| tuf.secrets.fulcio.name | string | `"fulcio-server-secret"` | | -| tuf.secrets.fulcio.path | string | `"fulcio_v1.crt.pem"` | | -| tuf.secrets.rekor.name | string | `"rekor-public-key"` | | -| tuf.secrets.rekor.path | string | `"rekor.pub"` | | -| tuf.secrets.tsa.name | string | `"tsa-cert-chain"` | | -| tuf.secrets.tsa.path | string | `"tsa.certchain.pem"` | | | tuf.tolerations | list | `[]` | | ---------------------------------------------- diff --git a/charts/scaffold/templates/_helpers.tpl b/charts/scaffold/templates/_helpers.tpl index 1c1c296d..608b4e81 100644 --- a/charts/scaffold/templates/_helpers.tpl +++ b/charts/scaffold/templates/_helpers.tpl @@ -8,4 +8,3 @@ Create the image path for the passed in image field {{- printf "%s/%s:%s" .registry .repository .version -}} {{- end -}} {{- end -}} - diff --git a/charts/scaffold/templates/clusterrole.yaml b/charts/scaffold/templates/clusterrole.yaml index 746d2deb..7679b131 100644 --- a/charts/scaffold/templates/clusterrole.yaml +++ b/charts/scaffold/templates/clusterrole.yaml @@ -6,7 +6,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["get", "create", "patch"] + verbs: ["get", "create", "patch"{{- if .Values.copySecretJob.copySecretCronJob.enabled }}, "delete"{{- end }}] - apiGroups: ["apps"] resources: ["deployments"] verbs: ["get", "list"] diff --git a/charts/scaffold/templates/copy-secrets-cronjob.yaml b/charts/scaffold/templates/copy-secrets-cronjob.yaml new file mode 100644 index 00000000..8238a2fd --- /dev/null +++ b/charts/scaffold/templates/copy-secrets-cronjob.yaml @@ -0,0 +1,100 @@ +{{- if and .Values.copySecretJob.enabled .Values.copySecretJob.copySecretCronJob.enabled }} +apiVersion: batch/v1 +kind: CronJob +metadata: +{{ include "tuf.namespace" .Subcharts.tuf | indent 2 }} + name: {{ .Values.copySecretJob.name }}-scheduled +spec: + schedule: "{{ .Values.copySecretJob.copySecretCronJob.schedule }}" + successfulJobsHistoryLimit: {{ default 2 .Values.copySecretJob.copySecretCronJob.successfulJobsHistoryLimit }} + failedJobsHistoryLimit: {{ default 2 .Values.copySecretJob.copySecretCronJob.failedJobsHistoryLimit }} + jobTemplate: + spec: + backoffLimit: {{ default 6 .Values.copySecretJob.copySecretCronJob.backoffLimit }} + template: + spec: + restartPolicy: OnFailure + serviceAccountName: {{ .Values.copySecretJob.serviceaccount }} + initContainers: + - name: wait-for-rekor-deployment-readiness + image: {{ template "scaffold.image" .Values.copySecretJob }} + imagePullPolicy: {{ .Values.copySecretJob.pullPolicy }} + command: ["/bin/sh"] + args: [ + "-c", + "kubectl rollout status deployment {{ .Values.tuf.secrets.rekor.deploymentName }} --timeout=120s -n {{ .Values.tuf.secrets.rekor.namespace }}" + ] + - name: wait-for-fulcio-deployment-readiness + image: {{ template "scaffold.image" .Values.copySecretJob }} + imagePullPolicy: {{ .Values.copySecretJob.pullPolicy }} + command: ["/bin/sh"] + args: [ + "-c", + "kubectl rollout status deployment {{ .Values.tuf.secrets.fulcio.deploymentName }} --timeout=120s -n {{ .Values.tuf.secrets.fulcio.namespace }}" + ] + - name: wait-for-ctlog-deployment-readiness + image: {{ template "scaffold.image" .Values.copySecretJob }} + imagePullPolicy: {{ .Values.copySecretJob.pullPolicy }} + command: ["/bin/sh"] + args: [ + "-c", + "kubectl rollout status deployment {{ .Values.tuf.secrets.ctlog.deploymentName }} --timeout=120s -n {{ .Values.tuf.secrets.ctlog.namespace }}" + ] + - name: wait-for-tsa-deployment-readiness + image: {{ template "scaffold.image" .Values.copySecretJob }} + imagePullPolicy: {{ .Values.copySecretJob.pullPolicy }} + command: ["/bin/sh"] + args: [ + "-c", + "kubectl rollout status deployment {{ .Values.tuf.secrets.tsa.deploymentName }} --timeout=120s -n {{ .Values.tuf.secrets.tsa.namespace }}" + ] + containers: + - name: copy-rekor-secret + image: {{ template "scaffold.image" .Values.copySecretJob }} + imagePullPolicy: {{ .Values.copySecretJob.pullPolicy }} + command: ["/bin/sh"] + args: [ + "-c", + "curl {{ .Values.tuf.secrets.rekor.deploymentName}}.{{ .Values.tuf.secrets.rekor.namespace }}.svc.cluster.local/api/v1/log/publicKey -o /tmp/key -v && \ + kubectl apply -f - < Date: Mon, 29 Jul 2024 15:21:58 -0400 Subject: [PATCH 02/22] adds tuf-rollout-restart container to ensure tuf root secret is updated. Signed-off-by: ianhundere <138915+ianhundere@users.noreply.github.com> --- charts/scaffold/Chart.yaml | 2 +- charts/scaffold/README.md | 2 +- charts/scaffold/templates/clusterrole.yaml | 4 ++-- .../templates/copy-secrets-cronjob.yaml | 20 +++++++++++++------ 4 files changed, 18 insertions(+), 10 deletions(-) diff --git a/charts/scaffold/Chart.yaml b/charts/scaffold/Chart.yaml index bbcda100..f72d63ee 100644 --- a/charts/scaffold/Chart.yaml +++ b/charts/scaffold/Chart.yaml @@ -4,7 +4,7 @@ description: Scaffolding the components of the sigstore architecture type: application -version: 0.6.61 +version: 0.6.62 keywords: - security - pki diff --git a/charts/scaffold/README.md b/charts/scaffold/README.md index d387c62a..18a2842a 100644 --- a/charts/scaffold/README.md +++ b/charts/scaffold/README.md @@ -2,7 +2,7 @@ -![Version: 0.6.61](https://img.shields.io/badge/Version-0.6.61-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.6.62](https://img.shields.io/badge/Version-0.6.62-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) Scaffolding the components of the sigstore architecture diff --git a/charts/scaffold/templates/clusterrole.yaml b/charts/scaffold/templates/clusterrole.yaml index 7679b131..c2101851 100644 --- a/charts/scaffold/templates/clusterrole.yaml +++ b/charts/scaffold/templates/clusterrole.yaml @@ -9,5 +9,5 @@ rules: verbs: ["get", "create", "patch"{{- if .Values.copySecretJob.copySecretCronJob.enabled }}, "delete"{{- end }}] - apiGroups: ["apps"] resources: ["deployments"] - verbs: ["get", "list"] -{{- end }} + verbs: ["get", "list"{{- if .Values.copySecretJob.copySecretCronJob.enabled }}, "update"{{- end }}] +{{- end }} \ No newline at end of file diff --git a/charts/scaffold/templates/copy-secrets-cronjob.yaml b/charts/scaffold/templates/copy-secrets-cronjob.yaml index 8238a2fd..b02f7452 100644 --- a/charts/scaffold/templates/copy-secrets-cronjob.yaml +++ b/charts/scaffold/templates/copy-secrets-cronjob.yaml @@ -56,7 +56,7 @@ spec: args: [ "-c", "curl {{ .Values.tuf.secrets.rekor.deploymentName}}.{{ .Values.tuf.secrets.rekor.namespace }}.svc.cluster.local/api/v1/log/publicKey -o /tmp/key -v && \ - kubectl apply -f - < Date: Sun, 15 Sep 2024 19:27:54 +0900 Subject: [PATCH 03/22] policy-controller: fix empty values Signed-off-by: walnuts1018 --- .../templates/webhook/deployment_webhook.yaml | 2 ++ .../templates/webhook/poddisruptionbudget.yaml | 10 ++++++---- .../templates/webhook/secret_certs_webhook.yaml | 4 +++- .../templates/webhook/service_webhook.yaml | 12 ++++++------ 4 files changed, 17 insertions(+), 11 deletions(-) diff --git a/charts/policy-controller/templates/webhook/deployment_webhook.yaml b/charts/policy-controller/templates/webhook/deployment_webhook.yaml index 0474b7c1..174ffd6d 100644 --- a/charts/policy-controller/templates/webhook/deployment_webhook.yaml +++ b/charts/policy-controller/templates/webhook/deployment_webhook.yaml @@ -70,6 +70,7 @@ spec: value: "{{ $value }}" {{- end }} {{- end }} + {{- if or (semverCompare ">= 1.8-0" .Chart.AppVersion) .Values.webhook.extraArgs }} args: {{- if semverCompare ">= 1.8-0" .Chart.AppVersion }} - -webhook-name={{ required "A valid cosign.webhookName is required" .Values.cosign.webhookName }} @@ -79,6 +80,7 @@ spec: {{- range $key, $value := .Values.webhook.extraArgs }} - -{{ $key }}={{ $value }} {{- end }} + {{- end }} ports: - containerPort: 8443 name: https diff --git a/charts/policy-controller/templates/webhook/poddisruptionbudget.yaml b/charts/policy-controller/templates/webhook/poddisruptionbudget.yaml index 2a811156..561b01aa 100644 --- a/charts/policy-controller/templates/webhook/poddisruptionbudget.yaml +++ b/charts/policy-controller/templates/webhook/poddisruptionbudget.yaml @@ -11,15 +11,17 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} {{- end }} + {{- with .Values.annotations }} annotations: -{{- if .Values.annotations }} -{{- with .Values.annotations }} {{- toYaml . | nindent 4 }} -{{- end }} -{{- end }} + {{- end }} spec: + {{- if .Values.webhook.podDisruptionBudget.minAvailable }} minAvailable: {{ .Values.webhook.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.webhook.podDisruptionBudget.maxUnavailable }} maxUnavailable: {{ .Values.webhook.podDisruptionBudget.maxUnavailable }} + {{- end }} selector: matchLabels: {{- include "policy-controller.selectorLabels" . | nindent 6 }} diff --git a/charts/policy-controller/templates/webhook/secret_certs_webhook.yaml b/charts/policy-controller/templates/webhook/secret_certs_webhook.yaml index e0aa837e..277569e5 100644 --- a/charts/policy-controller/templates/webhook/secret_certs_webhook.yaml +++ b/charts/policy-controller/templates/webhook/secret_certs_webhook.yaml @@ -1,6 +1,7 @@ apiVersion: v1 kind: Secret metadata: + {{- if or .Values.webhook.service.annotations .Values.commonAnnotations }} annotations: {{- if .Values.webhook.service.annotations }} {{ toYaml .Values.webhook.service.annotations | nindent 4 }} @@ -8,9 +9,10 @@ metadata: {{- if .Values.commonAnnotations }} {{- toYaml .Values.commonAnnotations | nindent 4 }} {{- end }} + {{- end }} labels: {{- include "policy-controller.labels" . | nindent 4 }} control-plane: {{ template "policy-controller.fullname" . }}-webhook name: webhook-certs namespace: {{ .Release.Namespace }} -# The data is populated at install time. \ No newline at end of file +# The data is populated at install time. diff --git a/charts/policy-controller/templates/webhook/service_webhook.yaml b/charts/policy-controller/templates/webhook/service_webhook.yaml index 8a0e66cb..d079a210 100644 --- a/charts/policy-controller/templates/webhook/service_webhook.yaml +++ b/charts/policy-controller/templates/webhook/service_webhook.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: Service metadata: + {{- with .Values.webhook.service.annotations }} annotations: - {{- if .Values.webhook.service.annotations }} - {{ toYaml .Values.webhook.service.annotations | nindent 4 }} - {{- end }} + {{- toYaml . | nindent 4 }} + {{- end }} labels: {{- include "policy-controller.labels" . | nindent 4 }} control-plane: {{ template "policy-controller.fullname" . }}-webhook @@ -27,10 +27,10 @@ spec: apiVersion: v1 kind: Service metadata: + {{- with .Values.webhook.service.annotations }} annotations: - {{- if .Values.webhook.service.annotations }} - {{ toYaml .Values.webhook.service.annotations | nindent 4 }} - {{- end }} + {{- toYaml . | nindent 4 }} + {{- end }} labels: {{- include "policy-controller.labels" . | nindent 4 }} control-plane: {{ template "policy-controller.fullname" . }}-webhook From aec2e927cf13bf445cb35d0765e1e4296cf68762 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Sun, 15 Sep 2024 20:04:12 +0900 Subject: [PATCH 04/22] policy-controller: update version Signed-off-by: walnuts1018 --- charts/policy-controller/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/policy-controller/Chart.yaml b/charts/policy-controller/Chart.yaml index 905f212e..fbb5e60d 100644 --- a/charts/policy-controller/Chart.yaml +++ b/charts/policy-controller/Chart.yaml @@ -8,7 +8,7 @@ sources: type: application name: policy-controller -version: 0.7.0 +version: 0.7.1 appVersion: 0.8.2 maintainers: From 87f12e0f669805a70edc831f16e4092cfda83ee0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 09:10:17 +0200 Subject: [PATCH 05/22] build(deps): bump actions/checkout in the actions group (#847) Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 4.2.0 to 4.2.1 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/d632683dd7b4114ad314bca15554477dd762a938...eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/check-docs.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/test.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/check-docs.yml b/.github/workflows/check-docs.yml index 28949dfc..45b5347c 100644 --- a/.github/workflows/check-docs.yml +++ b/.github/workflows/check-docs.yml @@ -11,7 +11,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Run Helm Docs and check the outcome run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 990a64fb..293d2e63 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c0e97903..08e7dd10 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 From 95cbdec79fe82cdbd0f9df68893bca7048ea1c51 Mon Sep 17 00:00:00 2001 From: Carlos Vega Date: Mon, 14 Oct 2024 11:04:38 +0200 Subject: [PATCH 06/22] Tsa secret optional for tuf (#744) * Make optional the secret TSA secret reference for TUF chart Signed-off-by: Carlos Vega * Bump TUF chart version to 0.1.13 Signed-off-by: Carlos Vega * Renamed Values.secrets.tsa.existingSecret to Values.secrets.tsa.enabled Signed-off-by: Carlos Vega * Regenerated docs Signed-off-by: Carlos Vega * Added enabled value for secrets defined in tuf Signed-off-by: Carlos Vega * Avoid creating Tuf objects if there is no secrets Signed-off-by: Carlos Vega * Added validation to ensure at least one secret is provided to TUF Signed-off-by: Carlos Vega * Enabled secret as default for TUF Signed-off-by: Carlos Vega * Bump version to 0.1.19 Signed-off-by: Carlos Vega * Helm Docs for TUF Signed-off-by: Carlos Vega * Added new lines Signed-off-by: Carlos Vega * Helm Docs for TUF Signed-off-by: Carlos Vega * Restored NodeSelector, Tolerations and Affinity Signed-off-by: Carlos Vega --------- Signed-off-by: Carlos Vega Signed-off-by: Carlos Vega --- charts/tuf/Chart.yaml | 2 +- charts/tuf/README.md | 6 ++- charts/tuf/templates/_helpers.tpl | 50 +++++++++++++++++++- charts/tuf/templates/deployment.yaml | 23 +--------- charts/tuf/values.schema.json | 68 ++++++++++++++++++++++++++-- charts/tuf/values.yaml | 4 ++ 6 files changed, 125 insertions(+), 28 deletions(-) diff --git a/charts/tuf/Chart.yaml b/charts/tuf/Chart.yaml index a5a96cce..2f5894a5 100644 --- a/charts/tuf/Chart.yaml +++ b/charts/tuf/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tuf description: A framework for securing software update systems - the scaffolding implementation type: application -version: 0.1.18 +version: 0.1.19 appVersion: 0.7.11 home: https://sigstore.dev/ diff --git a/charts/tuf/README.md b/charts/tuf/README.md index 4baa237c..fefcd09f 100644 --- a/charts/tuf/README.md +++ b/charts/tuf/README.md @@ -1,6 +1,6 @@ # tuf -![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.11](https://img.shields.io/badge/AppVersion-0.7.11-informational?style=flat-square) +![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.11](https://img.shields.io/badge/AppVersion-0.7.11-informational?style=flat-square) A framework for securing software update systems - the scaffolding implementation @@ -45,18 +45,22 @@ A framework for securing software update systems - the scaffolding implementatio | roleBindingName | string | `"tuf"` | | | roleName | string | `"tuf"` | | | secrets.ctlog.create | bool | `false` | | +| secrets.ctlog.enabled | bool | `true` | | | secrets.ctlog.key | string | `"public"` | | | secrets.ctlog.name | string | `"ctlog-public-key"` | | | secrets.ctlog.path | string | `"ctfe.pub"` | | | secrets.fulcio.create | bool | `false` | | +| secrets.fulcio.enabled | bool | `true` | | | secrets.fulcio.key | string | `"cert"` | | | secrets.fulcio.name | string | `"fulcio-server-secret"` | | | secrets.fulcio.path | string | `"fulcio_v1.crt.pem"` | | | secrets.rekor.create | bool | `false` | | +| secrets.rekor.enabled | bool | `true` | | | secrets.rekor.key | string | `"key"` | | | secrets.rekor.name | string | `"rekor-public-key"` | | | secrets.rekor.path | string | `"rekor.pub"` | | | secrets.tsa.create | bool | `false` | | +| secrets.tsa.enabled | bool | `true` | | | secrets.tsa.key | string | `"cert-chain"` | | | secrets.tsa.name | string | `"tsa-cert-chain"` | | | secrets.tsa.path | string | `"tsa.certchain.pem"` | | diff --git a/charts/tuf/templates/_helpers.tpl b/charts/tuf/templates/_helpers.tpl index 923a62ef..bccca93e 100644 --- a/charts/tuf/templates/_helpers.tpl +++ b/charts/tuf/templates/_helpers.tpl @@ -84,4 +84,52 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- define "tuf.metaLabels" -}} helm.sh/chart: {{ include "tuf.chart" . }} app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} \ No newline at end of file +{{- end -}} + +{{/* +Check number of TUF secrets and render them as structured YAML. +*/}} +{{- define "tuf.validateSecrets" }} +{{- if not (or .Values.secrets.rekor.enabled .Values.secrets.rekor.create + .Values.secrets.fulcio.enabled .Values.secrets.fulcio.create + .Values.secrets.ctlog.enabled .Values.secrets.ctlog.create + .Values.secrets.tsa.enabled .Values.secrets.tsa.create) -}} + {{- fail "At least one secret must be provided (enabled or created)." -}} +{{- else }} + {{- include "tuf.secretsList" . | nindent 8 }} +{{- end }} +{{- end }} + +{{/* +Render TUF Secrets as structured YAML for the volume sources. +*/}} +{{- define "tuf.secretsList" -}} + {{- if or (.Values.secrets.ctlog.enabled) (.Values.secrets.ctlog.create) }} + - secret: + name: {{ .Values.secrets.ctlog.name }} + items: + - key: {{ .Values.secrets.ctlog.key }} + path: {{ .Values.secrets.ctlog.path }} + {{- end }} + {{- if or (.Values.secrets.fulcio.enabled) (.Values.secrets.fulcio.create) }} + - secret: + name: {{ .Values.secrets.fulcio.name }} + items: + - key: {{ .Values.secrets.fulcio.key }} + path: {{ .Values.secrets.fulcio.path }} + {{- end }} + {{- if or (.Values.secrets.rekor.enabled) (.Values.secrets.rekor.create) }} + - secret: + name: {{ .Values.secrets.rekor.name }} + items: + - key: {{ .Values.secrets.rekor.key }} + path: {{ .Values.secrets.rekor.path }} + {{- end }} + {{- if or (.Values.secrets.tsa.enabled) (.Values.secrets.tsa.create) }} + - secret: + name: {{ .Values.secrets.tsa.name }} + items: + - key: {{ .Values.secrets.tsa.key }} + path: {{ .Values.secrets.tsa.path }} + {{- end }} +{{- end }} diff --git a/charts/tuf/templates/deployment.yaml b/charts/tuf/templates/deployment.yaml index 5898e61d..aa7fc176 100644 --- a/charts/tuf/templates/deployment.yaml +++ b/charts/tuf/templates/deployment.yaml @@ -47,27 +47,8 @@ spec: volumes: - name: tuf-secrets projected: - sources: - - secret: - name: {{ .Values.secrets.ctlog.name }} - items: - - key: {{ .Values.secrets.ctlog.key }} - path: {{ .Values.secrets.ctlog.path }} - - secret: - name: {{ .Values.secrets.fulcio.name }} - items: - - key: {{ .Values.secrets.fulcio.key }} - path: {{ .Values.secrets.fulcio.path }} - - secret: - name: {{ .Values.secrets.rekor.name }} - items: - - key: {{ .Values.secrets.rekor.key }} - path: {{ .Values.secrets.rekor.path }} - - secret: - name: {{ .Values.secrets.tsa.name }} - items: - - key: {{ .Values.secrets.tsa.key }} - path: {{ .Values.secrets.tsa.path }} + sources: + {{- include "tuf.validateSecrets" . }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} diff --git a/charts/tuf/values.schema.json b/charts/tuf/values.schema.json index 5128f098..02fba6de 100644 --- a/charts/tuf/values.schema.json +++ b/charts/tuf/values.schema.json @@ -109,7 +109,22 @@ "ctlog": { "properties": { "create": { - "type": "boolean" + "type": "boolean", + "examples": [ + false + ] + }, + "enabled": { + "type": "boolean", + "examples": [ + false + ] + }, + "name": { + "type": "string", + "examples": [ + "rekor-public-key" + ] }, "key": { "type": "string" @@ -126,7 +141,22 @@ "fulcio": { "properties": { "create": { - "type": "boolean" + "type": "boolean", + "examples": [ + false + ] + }, + "enabled": { + "type": "boolean", + "examples": [ + false + ] + }, + "name": { + "type": "string", + "examples": [ + "fulcio-server-secret" + ] }, "key": { "type": "string" @@ -143,7 +173,22 @@ "rekor": { "properties": { "create": { - "type": "boolean" + "type": "boolean", + "examples": [ + false + ] + }, + "enabled": { + "type": "boolean", + "examples": [ + false + ] + }, + "name": { + "type": "string", + "examples": [ + "ctlog-public-key" + ] }, "key": { "type": "string" @@ -160,7 +205,22 @@ "tsa": { "properties": { "create": { - "type": "boolean" + "type": "boolean", + "examples": [ + false + ] + }, + "enabled": { + "type": "boolean", + "examples": [ + false + ] + }, + "name": { + "type": "string", + "examples": [ + "tsa-cert-chain" + ] }, "key": { "type": "string" diff --git a/charts/tuf/values.yaml b/charts/tuf/values.yaml index 34bbbfec..5e190908 100644 --- a/charts/tuf/values.yaml +++ b/charts/tuf/values.yaml @@ -22,21 +22,25 @@ deployment: secrets: rekor: create: false + enabled: true name: rekor-public-key key: key path: rekor.pub fulcio: create: false + enabled: true name: fulcio-server-secret key: cert path: fulcio_v1.crt.pem ctlog: create: false + enabled: true name: ctlog-public-key key: public path: ctfe.pub tsa: create: false + enabled: true name: tsa-cert-chain key: cert-chain path: tsa.certchain.pem From 370f61b1eddbeaa2173802b0fc7549045a4cb54a Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Fri, 25 Oct 2024 13:54:17 -0400 Subject: [PATCH 07/22] bump scaffold chart to incorporate copy-secret changes Signed-off-by: Bob Callaway --- charts/scaffold/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/scaffold/Chart.yaml b/charts/scaffold/Chart.yaml index a3a5cdd9..4981bd13 100644 --- a/charts/scaffold/Chart.yaml +++ b/charts/scaffold/Chart.yaml @@ -4,7 +4,7 @@ description: Scaffolding the components of the sigstore architecture type: application -version: 0.6.62 +version: 0.6.63 keywords: - security - pki From 57450d02677b641c311e25134867036256722722 Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Fri, 25 Oct 2024 13:55:57 -0400 Subject: [PATCH 08/22] update docs Signed-off-by: Bob Callaway --- charts/policy-controller/README.md | 2 +- charts/scaffold/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/policy-controller/README.md b/charts/policy-controller/README.md index a603ed62..e10289c3 100644 --- a/charts/policy-controller/README.md +++ b/charts/policy-controller/README.md @@ -2,7 +2,7 @@ -![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.2](https://img.shields.io/badge/AppVersion-0.8.2-informational?style=flat-square) +![Version: 0.7.1](https://img.shields.io/badge/Version-0.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.2](https://img.shields.io/badge/AppVersion-0.8.2-informational?style=flat-square) The Helm chart for Policy Controller diff --git a/charts/scaffold/README.md b/charts/scaffold/README.md index 1e8ea162..1fa21b0f 100644 --- a/charts/scaffold/README.md +++ b/charts/scaffold/README.md @@ -2,7 +2,7 @@ -![Version: 0.6.62](https://img.shields.io/badge/Version-0.6.62-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.6.63](https://img.shields.io/badge/Version-0.6.63-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) Scaffolding the components of the sigstore architecture From 162b895270049459e0abfc739fcab25965a8c2b0 Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Fri, 25 Oct 2024 13:57:41 -0400 Subject: [PATCH 09/22] bump version and docs Signed-off-by: Bob Callaway --- charts/policy-controller/Chart.yaml | 2 +- charts/policy-controller/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/policy-controller/Chart.yaml b/charts/policy-controller/Chart.yaml index fbb5e60d..c0168c04 100644 --- a/charts/policy-controller/Chart.yaml +++ b/charts/policy-controller/Chart.yaml @@ -8,7 +8,7 @@ sources: type: application name: policy-controller -version: 0.7.1 +version: 0.7.2 appVersion: 0.8.2 maintainers: diff --git a/charts/policy-controller/README.md b/charts/policy-controller/README.md index e10289c3..ff4b691a 100644 --- a/charts/policy-controller/README.md +++ b/charts/policy-controller/README.md @@ -2,7 +2,7 @@ -![Version: 0.7.1](https://img.shields.io/badge/Version-0.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.2](https://img.shields.io/badge/AppVersion-0.8.2-informational?style=flat-square) +![Version: 0.7.2](https://img.shields.io/badge/Version-0.7.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.2](https://img.shields.io/badge/AppVersion-0.8.2-informational?style=flat-square) The Helm chart for Policy Controller From 8c53288d0a46445bf0d597d40f6b8706011fa2d4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 06:24:54 +0000 Subject: [PATCH 10/22] build(deps): bump the actions group with 2 updates Bumps the actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [actions/setup-python](https://github.com/actions/setup-python). Updates `actions/checkout` from 4.2.1 to 4.2.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871...11bd71901bbe5b1630ceea73d27597364c9af683) Updates `actions/setup-python` from 5.2.0 to 5.3.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/f677139bbe7f9c59b41e40162b753c062f5d49a3...0b93645e9fea7318ecaed2b359559ac225c90a2b) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/check-docs.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/test.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/check-docs.yml b/.github/workflows/check-docs.yml index 45b5347c..a2f009d5 100644 --- a/.github/workflows/check-docs.yml +++ b/.github/workflows/check-docs.yml @@ -11,7 +11,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run Helm Docs and check the outcome run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 293d2e63..81238a95 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 08e7dd10..5f652ccd 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,14 +10,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Set up Helm uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.x' check-latest: true From e4050e8e29e11f0c304e701450abd229adf5f532 Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Wed, 30 Oct 2024 15:16:21 -0400 Subject: [PATCH 11/22] bump deps for ctlog chart Signed-off-by: Bob Callaway --- charts/ctlog/Chart.yaml | 10 +++++----- charts/ctlog/README.md | 8 ++++---- charts/ctlog/values.yaml | 12 ++++++------ 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/charts/ctlog/Chart.yaml b/charts/ctlog/Chart.yaml index 02cc64ed..3d232ab6 100644 --- a/charts/ctlog/Chart.yaml +++ b/charts/ctlog/Chart.yaml @@ -4,8 +4,8 @@ description: Certificate Log type: application -version: 0.2.57 -appVersion: 0.7.11 +version: 0.2.58 +appVersion: 0.7.15 keywords: - security @@ -20,10 +20,10 @@ annotations: artifacthub.io/license: Apache-2.0 artifacthub.io/images: | - name: ct_server - image: ghcr.io/sigstore/scaffolding/ct_server:v0.7.11@sha256:d6238aba1c35d3a2aae832469b20618e19a638da5f70d37791d945ce010f2027 + image: ghcr.io/sigstore/scaffolding/ct_server:v0.7.15@sha256:49bccd7bccd31f7232265410dcc075b0e2618045bff3075afcf84e630c8b77c3 - name: createctconfig - image: ghcr.io/sigstore/scaffolding/createctconfig:v0.7.11@sha256:bcab917a07bb27f847531b145679b4b9a57bcaa85bb91e0b441ae9473c24fb79 + image: ghcr.io/sigstore/scaffolding/createctconfig:v0.7.15@sha256:f0a4c3518a2b761260a47fee126db364087b9fe2d68e773d392f9cbabdccf198 - name: createtree - image: ghcr.io/sigstore/scaffolding/createtree:v0.7.11@sha256:4e3614df07561b096f1bfe1e1f79582b1545d6253bfad0f79235a1a1af74ef03 + image: ghcr.io/sigstore/scaffolding/createtree:v0.7.15@sha256:ee42272373b46a898b21a0aea21cf703e90048e03f45a4640381b4a04735ffd8 - name: curlimages/curl image: docker.io/curlimages/curl:8.10.1@sha256:d9b4541e214bcd85196d6e92e2753ac6d0ea699f0af5741f8c6cccbfcf00ef4b diff --git a/charts/ctlog/README.md b/charts/ctlog/README.md index 1789126c..88b7e87c 100644 --- a/charts/ctlog/README.md +++ b/charts/ctlog/README.md @@ -1,6 +1,6 @@ # ctlog -![Version: 0.2.57](https://img.shields.io/badge/Version-0.2.57-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.11](https://img.shields.io/badge/AppVersion-0.7.11-informational?style=flat-square) +![Version: 0.2.58](https://img.shields.io/badge/Version-0.2.58-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.15](https://img.shields.io/badge/AppVersion-0.7.15-informational?style=flat-square) Certificate Log @@ -24,7 +24,7 @@ Certificate Log | createctconfig.image.pullPolicy | string | `"IfNotPresent"` | | | createctconfig.image.registry | string | `"ghcr.io"` | | | createctconfig.image.repository | string | `"sigstore/scaffolding/createctconfig"` | | -| createctconfig.image.version | string | `"sha256:bcab917a07bb27f847531b145679b4b9a57bcaa85bb91e0b441ae9473c24fb79"` | v0.7.11 | +| createctconfig.image.version | string | `"sha256:f0a4c3518a2b761260a47fee126db364087b9fe2d68e773d392f9cbabdccf198"` | v0.7.15 | | createctconfig.initContainerImage.curl.imagePullPolicy | string | `"IfNotPresent"` | | | createctconfig.initContainerImage.curl.registry | string | `"docker.io"` | | | createctconfig.initContainerImage.curl.repository | string | `"curlimages/curl"` | | @@ -51,7 +51,7 @@ Certificate Log | createtree.image.pullPolicy | string | `"IfNotPresent"` | | | createtree.image.registry | string | `"ghcr.io"` | | | createtree.image.repository | string | `"sigstore/scaffolding/createtree"` | | -| createtree.image.version | string | `"sha256:4e3614df07561b096f1bfe1e1f79582b1545d6253bfad0f79235a1a1af74ef03"` | | +| createtree.image.version | string | `"sha256:ee42272373b46a898b21a0aea21cf703e90048e03f45a4640381b4a04735ffd8"` | | | createtree.name | string | `"createtree"` | | | createtree.nodeSelector | object | `{}` | | | createtree.securityContext.runAsNonRoot | bool | `true` | | @@ -73,7 +73,7 @@ Certificate Log | server.image.pullPolicy | string | `"IfNotPresent"` | | | server.image.registry | string | `"ghcr.io"` | | | server.image.repository | string | `"sigstore/scaffolding/ct_server"` | | -| server.image.version | string | `"sha256:d6238aba1c35d3a2aae832469b20618e19a638da5f70d37791d945ce010f2027"` | | +| server.image.version | string | `"sha256:49bccd7bccd31f7232265410dcc075b0e2618045bff3075afcf84e630c8b77c3"` | | | server.ingress.annotations | object | `{}` | | | server.ingress.className | string | `"nginx"` | | | server.ingress.enabled | bool | `false` | | diff --git a/charts/ctlog/values.yaml b/charts/ctlog/values.yaml index 0fc20688..fb794266 100644 --- a/charts/ctlog/values.yaml +++ b/charts/ctlog/values.yaml @@ -13,8 +13,8 @@ server: registry: ghcr.io repository: sigstore/scaffolding/ct_server pullPolicy: IfNotPresent - # v0.7.11 - version: sha256:d6238aba1c35d3a2aae832469b20618e19a638da5f70d37791d945ce010f2027 + # v0.7.15 + version: sha256:49bccd7bccd31f7232265410dcc075b0e2618045bff3075afcf84e630c8b77c3 livenessProbe: httpGet: path: /healthz @@ -100,8 +100,8 @@ createtree: registry: ghcr.io repository: sigstore/scaffolding/createtree pullPolicy: IfNotPresent - # v0.7.11 - version: sha256:4e3614df07561b096f1bfe1e1f79582b1545d6253bfad0f79235a1a1af74ef03 + # v0.7.15 + version: sha256:ee42272373b46a898b21a0aea21cf703e90048e03f45a4640381b4a04735ffd8 ttlSecondsAfterFinished: 3600 serviceAccount: create: true @@ -132,8 +132,8 @@ createctconfig: registry: ghcr.io repository: sigstore/scaffolding/createctconfig pullPolicy: IfNotPresent - # -- v0.7.11 - version: sha256:bcab917a07bb27f847531b145679b4b9a57bcaa85bb91e0b441ae9473c24fb79 + # -- v0.7.15 + version: sha256:f0a4c3518a2b761260a47fee126db364087b9fe2d68e773d392f9cbabdccf198 fulcioURL: "http://fulcio-server.fulcio-system.svc" logPrefix: sigstorescaffolding privateKeyPasswordSecretName: "" From 3e5ab51d626c466b68ac6ddc74c54fcbbc13053f Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Wed, 30 Oct 2024 15:20:35 -0400 Subject: [PATCH 12/22] bump fulcio chart for scaf 0.7.15 release Signed-off-by: Bob Callaway --- charts/fulcio/Chart.lock | 6 +++--- charts/fulcio/Chart.yaml | 6 +++--- charts/fulcio/README.md | 6 +++--- charts/fulcio/values.yaml | 4 ++-- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/charts/fulcio/Chart.lock b/charts/fulcio/Chart.lock index ea02f1d6..7e432148 100644 --- a/charts/fulcio/Chart.lock +++ b/charts/fulcio/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: ctlog repository: https://sigstore.github.io/helm-charts - version: 0.2.57 -digest: sha256:9d3b2e53af0b40157727a7928095d92c355b08a0fa625dcf46a0cc695f78f905 -generated: "2024-09-29T17:20:25.569061877-04:00" + version: 0.2.58 +digest: sha256:ffe8976eb04dbae5cc8b86b25c343d54ae14694f8bef8963c6179a6678cacf33 +generated: "2024-10-30T15:20:04.341710006-04:00" diff --git a/charts/fulcio/Chart.yaml b/charts/fulcio/Chart.yaml index 4a3d43ab..de3e6e02 100644 --- a/charts/fulcio/Chart.yaml +++ b/charts/fulcio/Chart.yaml @@ -5,7 +5,7 @@ description: | type: application -version: 2.6.1 +version: 2.6.2 appVersion: 1.6.4 keywords: @@ -19,7 +19,7 @@ maintainers: dependencies: - name: ctlog - version: 0.2.57 + version: 0.2.58 repository: https://sigstore.github.io/helm-charts condition: ctlog.enabled @@ -29,4 +29,4 @@ annotations: - name: fulcio image: gcr.io/projectsigstore/fulcio:v1.6.4@sha256:4b2a0f0877095aa36898af70edd00568158f89e015f6bb7f02475660d0924f3b - name: createcerts - image: ghcr.io/sigstore/scaffolding/createcerts:v0.7.11@sha256:00fdcc2018c1a377eeabf840371711162fe50c31b57646bfda5ed9c0affdea9e + image: ghcr.io/sigstore/scaffolding/createcerts:v0.7.15@sha256:03a5725b8812a45570a1c6ed8e5df7dc2295904cd8603c7ed537d97af174d235 diff --git a/charts/fulcio/README.md b/charts/fulcio/README.md index 202b7a34..c3f2f2f2 100644 --- a/charts/fulcio/README.md +++ b/charts/fulcio/README.md @@ -2,7 +2,7 @@ -![Version: 2.6.1](https://img.shields.io/badge/Version-2.6.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.4](https://img.shields.io/badge/AppVersion-1.6.4-informational?style=flat-square) +![Version: 2.6.2](https://img.shields.io/badge/Version-2.6.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.4](https://img.shields.io/badge/AppVersion-1.6.4-informational?style=flat-square) Fulcio is a free code signing Certificate Authority, built to make short-lived certificates available to anyone. @@ -71,7 +71,7 @@ helm uninstall [RELEASE_NAME] | Repository | Name | Version | |------------|------|---------| -| https://sigstore.github.io/helm-charts | ctlog | 0.2.57 | +| https://sigstore.github.io/helm-charts | ctlog | 0.2.58 | ## Values @@ -85,7 +85,7 @@ helm uninstall [RELEASE_NAME] | createcerts.image.pullPolicy | string | `"IfNotPresent"` | | | createcerts.image.registry | string | `"ghcr.io"` | | | createcerts.image.repository | string | `"sigstore/scaffolding/createcerts"` | | -| createcerts.image.version | string | `"sha256:00fdcc2018c1a377eeabf840371711162fe50c31b57646bfda5ed9c0affdea9e"` | | +| createcerts.image.version | string | `"sha256:03a5725b8812a45570a1c6ed8e5df7dc2295904cd8603c7ed537d97af174d235"` | | | createcerts.name | string | `"createcerts"` | | | createcerts.nodeSelector | object | `{}` | | | createcerts.replicaCount | int | `1` | | diff --git a/charts/fulcio/values.yaml b/charts/fulcio/values.yaml index bdaf8285..fca42de8 100644 --- a/charts/fulcio/values.yaml +++ b/charts/fulcio/values.yaml @@ -123,8 +123,8 @@ createcerts: registry: ghcr.io repository: sigstore/scaffolding/createcerts pullPolicy: IfNotPresent - # v0.7.11 - version: sha256:00fdcc2018c1a377eeabf840371711162fe50c31b57646bfda5ed9c0affdea9e + # v0.7.15 + version: sha256:03a5725b8812a45570a1c6ed8e5df7dc2295904cd8603c7ed537d97af174d235 ttlSecondsAfterFinished: 3600 serviceAccount: create: true From dd2233aea6c3ca41a1bfe4ea76afaeff0032456c Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Wed, 30 Oct 2024 15:25:06 -0400 Subject: [PATCH 13/22] bump updatetree for scaf 0.7.15 release Signed-off-by: Bob Callaway --- charts/updatetree/Chart.yaml | 6 +++--- charts/updatetree/README.md | 4 ++-- charts/updatetree/values.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/updatetree/Chart.yaml b/charts/updatetree/Chart.yaml index cfa22dd2..555cc600 100644 --- a/charts/updatetree/Chart.yaml +++ b/charts/updatetree/Chart.yaml @@ -4,8 +4,8 @@ description: Update the status of an existing Trillian tree type: application -version: 0.0.14 -appVersion: 0.7.11 +version: 0.0.15 +appVersion: 0.7.15 keywords: @@ -22,4 +22,4 @@ annotations: artifacthub.io/license: Apache-2.0 artifacthub.io/images: | - name: updatetree - image: ghcr.io/sigstore/scaffolding/updatetree:v0.7.11@sha256:37ac271cbdb3c74e3146b35823e48391f24cc2c76b415a821c2f95a41dd64342 + image: ghcr.io/sigstore/scaffolding/updatetree:v0.7.15@sha256:710945f110f08b01802ce0b050cac9ae55b93546c69840e54cd0fda7c8831434 diff --git a/charts/updatetree/README.md b/charts/updatetree/README.md index c0fcfcfb..a5d5c1a7 100644 --- a/charts/updatetree/README.md +++ b/charts/updatetree/README.md @@ -1,6 +1,6 @@ # updatetree -![Version: 0.0.14](https://img.shields.io/badge/Version-0.0.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.11](https://img.shields.io/badge/AppVersion-0.7.11-informational?style=flat-square) +![Version: 0.0.15](https://img.shields.io/badge/Version-0.0.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.15](https://img.shields.io/badge/AppVersion-0.7.15-informational?style=flat-square) Update the status of an existing Trillian tree @@ -29,7 +29,7 @@ Update the status of an existing Trillian tree | serviceAccount.annotations | object | `{}` | | | serviceAccount.create | bool | `false` | | | serviceAccount.name | string | `"trillian-logserver"` | | -| spec.image | string | `"ghcr.io/sigstore/scaffolding/updatetree:v0.7.11@sha256:37ac271cbdb3c74e3146b35823e48391f24cc2c76b415a821c2f95a41dd64342"` | | +| spec.image | string | `"ghcr.io/sigstore/scaffolding/updatetree:v0.7.15@sha256:710945f110f08b01802ce0b050cac9ae55b93546c69840e54cd0fda7c8831434"` | | | spec.replicaCount | int | `1` | | | tolerations | list | `[]` | | | trillian.adminServer | string | `""` | | diff --git a/charts/updatetree/values.yaml b/charts/updatetree/values.yaml index f5c39e5c..0d3ca91b 100644 --- a/charts/updatetree/values.yaml +++ b/charts/updatetree/values.yaml @@ -8,7 +8,7 @@ serviceAccount: create: false spec: replicaCount: 1 - image: ghcr.io/sigstore/scaffolding/updatetree:v0.7.11@sha256:37ac271cbdb3c74e3146b35823e48391f24cc2c76b415a821c2f95a41dd64342 + image: ghcr.io/sigstore/scaffolding/updatetree:v0.7.15@sha256:710945f110f08b01802ce0b050cac9ae55b93546c69840e54cd0fda7c8831434 ttlSecondsAfterFinished: 3600 securityContext: runAsNonRoot: true From f6bdc968fb28b484ec508cb826b799885acebf1d Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Wed, 30 Oct 2024 15:29:50 -0400 Subject: [PATCH 14/22] bump tuf chart for scaf 0.7.15 release Signed-off-by: Bob Callaway --- charts/tuf/Chart.yaml | 6 +++--- charts/tuf/README.md | 4 ++-- charts/tuf/values.yaml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/tuf/Chart.yaml b/charts/tuf/Chart.yaml index 2f5894a5..3b52b7ea 100644 --- a/charts/tuf/Chart.yaml +++ b/charts/tuf/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: tuf description: A framework for securing software update systems - the scaffolding implementation type: application -version: 0.1.19 -appVersion: 0.7.11 +version: 0.1.20 +appVersion: 0.7.15 home: https://sigstore.dev/ sources: @@ -17,4 +17,4 @@ annotations: artifacthub.io/license: Apache-2.0 artifacthub.io/images: | - name: scaffolding-tuf - image: ghcr.io/sigstore/scaffolding/server:v0.7.11@sha256:90992e92dee398c8b9bdeec0365f2b7211f1a14b4b111e9e926c701847e995e7 + image: ghcr.io/sigstore/scaffolding/server:v0.7.15@sha256:982c6173b6f2f976fd9f58eb543ca9ec5f0d1b7c1a6f7bb0c4b96cff1618c62e diff --git a/charts/tuf/README.md b/charts/tuf/README.md index fefcd09f..ba8a632c 100644 --- a/charts/tuf/README.md +++ b/charts/tuf/README.md @@ -1,6 +1,6 @@ # tuf -![Version: 0.1.19](https://img.shields.io/badge/Version-0.1.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.11](https://img.shields.io/badge/AppVersion-0.7.11-informational?style=flat-square) +![Version: 0.1.20](https://img.shields.io/badge/Version-0.1.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.15](https://img.shields.io/badge/AppVersion-0.7.15-informational?style=flat-square) A framework for securing software update systems - the scaffolding implementation @@ -29,7 +29,7 @@ A framework for securing software update systems - the scaffolding implementatio | deployment.replicas | int | `1` | | | deployment.repository | string | `"sigstore/scaffolding/server"` | | | deployment.tolerations | list | `[]` | | -| deployment.version | string | `"sha256:90992e92dee398c8b9bdeec0365f2b7211f1a14b4b111e9e926c701847e995e7"` | | +| deployment.version | string | `"sha256:982c6173b6f2f976fd9f58eb543ca9ec5f0d1b7c1a6f7bb0c4b96cff1618c62e"` | | | enabled | bool | `true` | | | forceNamespace | string | `""` | | | fullnameOverride | string | `"tuf"` | | diff --git a/charts/tuf/values.yaml b/charts/tuf/values.yaml index 5e190908..c9cdca2b 100644 --- a/charts/tuf/values.yaml +++ b/charts/tuf/values.yaml @@ -11,8 +11,8 @@ deployment: replicas: 1 registry: ghcr.io repository: sigstore/scaffolding/server - # v0.7.11 - version: sha256:90992e92dee398c8b9bdeec0365f2b7211f1a14b4b111e9e926c701847e995e7 + # v0.7.15 + version: sha256:982c6173b6f2f976fd9f58eb543ca9ec5f0d1b7c1a6f7bb0c4b96cff1618c62e imagePullPolicy: IfNotPresent port: 8080 tolerations: [] From 501e66c1e0e2d7e670f882467c944459842b9286 Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Wed, 30 Oct 2024 15:32:25 -0400 Subject: [PATCH 15/22] bump prober chart for scaf 0.7.15 release Signed-off-by: Bob Callaway --- charts/sigstore-prober/Chart.yaml | 6 +++--- charts/sigstore-prober/README.md | 4 ++-- charts/sigstore-prober/values.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/sigstore-prober/Chart.yaml b/charts/sigstore-prober/Chart.yaml index 12f23932..5256237c 100644 --- a/charts/sigstore-prober/Chart.yaml +++ b/charts/sigstore-prober/Chart.yaml @@ -4,8 +4,8 @@ description: Sigstore API Endpoint Prober type: application -version: 0.0.30 -appVersion: 0.7.11 +version: 0.0.31 +appVersion: 0.7.15 keywords: @@ -21,4 +21,4 @@ annotations: artifacthub.io/license: Apache-2.0 artifacthub.io/images: | - name: sigstore-prober - image: ghcr.io/sigstore/scaffolding/prober:v0.7.11@sha256:1bf5103d3e06b3708b010c0a9c1f2d5e93bc2208cbca368c4144b22d1ef39761 + image: ghcr.io/sigstore/scaffolding/prober:v0.7.15@sha256:fd334eb3e678e7eddf4008ce108165a33179f3437f08fbe80bdea7a918057dd0 diff --git a/charts/sigstore-prober/README.md b/charts/sigstore-prober/README.md index c4a298b6..189d11ea 100644 --- a/charts/sigstore-prober/README.md +++ b/charts/sigstore-prober/README.md @@ -1,6 +1,6 @@ # sigstore-prober -![Version: 0.0.30](https://img.shields.io/badge/Version-0.0.30-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.11](https://img.shields.io/badge/AppVersion-0.7.11-informational?style=flat-square) +![Version: 0.0.31](https://img.shields.io/badge/Version-0.0.31-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.15](https://img.shields.io/badge/AppVersion-0.7.15-informational?style=flat-square) Sigstore API Endpoint Prober @@ -31,7 +31,7 @@ Sigstore API Endpoint Prober | spec.args.rekorRequests | list | `[]` | | | spec.args.trustRekorAPIPublicKey | bool | `false` | | | spec.args.writeProber | bool | `false` | | -| spec.image | string | `"ghcr.io/sigstore/scaffolding/prober:v0.7.11@sha256:1bf5103d3e06b3708b010c0a9c1f2d5e93bc2208cbca368c4144b22d1ef39761"` | | +| spec.image | string | `"ghcr.io/sigstore/scaffolding/prober:v0.7.15@sha256:fd334eb3e678e7eddf4008ce108165a33179f3437f08fbe80bdea7a918057dd0"` | | | spec.imagePullPolicy | string | `"Always"` | | | spec.matchLabels.app | string | `"sigstore-prober"` | | | spec.replicaCount | int | `1` | | diff --git a/charts/sigstore-prober/values.yaml b/charts/sigstore-prober/values.yaml index 80cc3416..0257b474 100644 --- a/charts/sigstore-prober/values.yaml +++ b/charts/sigstore-prober/values.yaml @@ -6,7 +6,7 @@ serviceAccount: create: false spec: replicaCount: 1 - image: ghcr.io/sigstore/scaffolding/prober:v0.7.11@sha256:1bf5103d3e06b3708b010c0a9c1f2d5e93bc2208cbca368c4144b22d1ef39761 + image: ghcr.io/sigstore/scaffolding/prober:v0.7.15@sha256:fd334eb3e678e7eddf4008ce108165a33179f3437f08fbe80bdea7a918057dd0 imagePullPolicy: Always matchLabels: app: sigstore-prober From dee1353fb7bd3f87d1c97b3685c65da0c477d126 Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Wed, 30 Oct 2024 15:39:16 -0400 Subject: [PATCH 16/22] bump trillian chart for scaf v0.7.15 releasE Signed-off-by: Bob Callaway --- charts/trillian/Chart.yaml | 12 ++++++------ charts/trillian/README.md | 14 +++++++------- charts/trillian/values.yaml | 22 +++++++++++----------- 3 files changed, 24 insertions(+), 24 deletions(-) diff --git a/charts/trillian/Chart.yaml b/charts/trillian/Chart.yaml index ea966752..dd023ae6 100644 --- a/charts/trillian/Chart.yaml +++ b/charts/trillian/Chart.yaml @@ -5,7 +5,7 @@ description: | type: application -version: 0.2.28 +version: 0.2.29 appVersion: 1.6.1 keywords: @@ -31,12 +31,12 @@ annotations: - name: db_server image: gcr.io/trillian-opensource-ci/db_server:v1.5.3@sha256:2a685a38dd0129cceb646c232d285383f614c7e6fa51ff8f512aef78e4298461 - name: log_server - image: ghcr.io/sigstore/scaffolding/trillian_log_server:v1.6.1@sha256:b09ad6b9f876be07baf6006afdf13402302251a373eef000cdc7a6d0c0ca584f + image: ghcr.io/sigstore/scaffolding/trillian_log_server:v1.6.1@sha256:721b0e89ca3c5e6a167299836880953e2354071eae624a1123fdb5b444d16f76 - name: log_signer - image: ghcr.io/sigstore/scaffolding/trillian_log_signer:v1.6.1@sha256:9ddaf6c45cab0177db6e599d8bde12a46e1913181f4a6942096655e0435d0212 + image: ghcr.io/sigstore/scaffolding/trillian_log_signer:v1.6.1@sha256:6d3592457acf9823c6f1dbe03e0cac29dddcfe4eb502bb05a8acf8fdb02a6de5 - name: cloud_proxy - image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.13.0-alpine@sha256:74680d0e49d44af5b6f994a6a29712866cb95d8851b1416676313d0cf567946b + image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.14.0-alpine@sha256:6dc1d9ea84ff43eaeaebe51bb52de9e24dce8d8affd2fda0dc0d218897456c12 - name: scaffold_cloud_proxy - image: ghcr.io/sigstore/scaffolding/cloudsqlproxy:v0.7.11@sha256:16364cc06de704959576b23da26798850141ecae0f70510654764467cd9f47be + image: ghcr.io/sigstore/scaffolding/cloudsqlproxy:v0.7.15@sha256:862598dc2457fd246dc5363e0bd21462343c89e714dbd4159e49f119e8ff5ca5 - name: createdb - image: ghcr.io/sigstore/scaffolding/createdb:v0.7.11@sha256:c835472a9d0e4d8629e9a1a609c8c706cb193144e4088d8f27eade73a4ad5812 + image: ghcr.io/sigstore/scaffolding/createdb:v0.7.15@sha256:b8f6e7c370228ce4412016d783a5b8f890cb1fb8e7e7acfd8d2c723537270954 diff --git a/charts/trillian/README.md b/charts/trillian/README.md index 31c08575..dc6c22ad 100644 --- a/charts/trillian/README.md +++ b/charts/trillian/README.md @@ -2,7 +2,7 @@ -![Version: 0.2.28](https://img.shields.io/badge/Version-0.2.28-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.1](https://img.shields.io/badge/AppVersion-1.6.1-informational?style=flat-square) +![Version: 0.2.29](https://img.shields.io/badge/Version-0.2.29-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.1](https://img.shields.io/badge/AppVersion-1.6.1-informational?style=flat-square) Trillian is a log that stores an accurate, immutable and verifiable history of activity. @@ -46,7 +46,7 @@ helm uninstall [RELEASE_NAME] | createdb.image.pullPolicy | string | `"IfNotPresent"` | | | createdb.image.registry | string | `"ghcr.io"` | | | createdb.image.repository | string | `"sigstore/scaffolding/createdb"` | | -| createdb.image.version | string | `"sha256:c835472a9d0e4d8629e9a1a609c8c706cb193144e4088d8f27eade73a4ad5812"` | v0.7.11 | +| createdb.image.version | string | `"sha256:b8f6e7c370228ce4412016d783a5b8f890cb1fb8e7e7acfd8d2c723537270954"` | v0.7.15 | | createdb.name | string | `"createdb"` | | | createdb.nodeSelector | object | `{}` | | | createdb.serviceAccount.annotations | object | `{}` | | @@ -70,7 +70,7 @@ helm uninstall [RELEASE_NAME] | logServer.image.pullPolicy | string | `"IfNotPresent"` | | | logServer.image.registry | string | `"ghcr.io"` | | | logServer.image.repository | string | `"sigstore/scaffolding/trillian_log_server"` | | -| logServer.image.version | string | `"sha256:b09ad6b9f876be07baf6006afdf13402302251a373eef000cdc7a6d0c0ca584f"` | trillian v1.6.1 (scaffolding v0.7.8) | +| logServer.image.version | string | `"sha256:721b0e89ca3c5e6a167299836880953e2354071eae624a1123fdb5b444d16f76"` | trillian v1.6.1 (scaffolding v0.7.15) | | logServer.livenessProbe | object | `{}` | | | logServer.name | string | `"log-server"` | | | logServer.nodeSelector | object | `{}` | | @@ -99,7 +99,7 @@ helm uninstall [RELEASE_NAME] | logSigner.image.pullPolicy | string | `"IfNotPresent"` | | | logSigner.image.registry | string | `"ghcr.io"` | | | logSigner.image.repository | string | `"sigstore/scaffolding/trillian_log_signer"` | | -| logSigner.image.version | string | `"sha256:9ddaf6c45cab0177db6e599d8bde12a46e1913181f4a6942096655e0435d0212"` | trillian v1.6.1 (scaffolding v0.7.8) | +| logSigner.image.version | string | `"sha256:6d3592457acf9823c6f1dbe03e0cac29dddcfe4eb502bb05a8acf8fdb02a6de5"` | trillian v1.6.1 (scaffolding v0.7.15) | | logSigner.livenessProbe | object | `{}` | | | logSigner.name | string | `"log-signer"` | | | logSigner.nodeSelector | object | `{}` | | @@ -124,7 +124,7 @@ helm uninstall [RELEASE_NAME] | mysql.auth.username | string | `"mysql"` | | | mysql.enabled | bool | `true` | | | mysql.gcp.cloudsql.registry | string | `"gcr.io"` | | -| mysql.gcp.cloudsql.repository | string | `"cloud-sql-connectors/cloud-sql-proxy:2.13.0-alpine"` | | +| mysql.gcp.cloudsql.repository | string | `"cloud-sql-connectors/cloud-sql-proxy:2.14.0-alpine"` | | | mysql.gcp.cloudsql.resources.requests.cpu | string | `"1"` | | | mysql.gcp.cloudsql.resources.requests.memory | string | `"2Gi"` | | | mysql.gcp.cloudsql.securityContext.allowPrivilegeEscalation | bool | `false` | | @@ -133,7 +133,7 @@ helm uninstall [RELEASE_NAME] | mysql.gcp.cloudsql.securityContext.runAsNonRoot | bool | `true` | | | mysql.gcp.cloudsql.unixDomainSocket.enabled | bool | `false` | | | mysql.gcp.cloudsql.unixDomainSocket.path | string | `"/cloudsql"` | | -| mysql.gcp.cloudsql.version | string | `"sha256:74680d0e49d44af5b6f994a6a29712866cb95d8851b1416676313d0cf567946b"` | crane digest gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.13.0-alpine | +| mysql.gcp.cloudsql.version | string | `"sha256:6dc1d9ea84ff43eaeaebe51bb52de9e24dce8d8affd2fda0dc0d218897456c12"` | crane digest gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.14.0-alpine | | mysql.gcp.enabled | bool | `false` | | | mysql.gcp.instance | string | `""` | | | mysql.gcp.scaffoldSQLProxy.registry | string | `"ghcr.io"` | | @@ -144,7 +144,7 @@ helm uninstall [RELEASE_NAME] | mysql.gcp.scaffoldSQLProxy.securityContext.capabilities.drop[0] | string | `"ALL"` | | | mysql.gcp.scaffoldSQLProxy.securityContext.readOnlyRootFilesystem | bool | `true` | | | mysql.gcp.scaffoldSQLProxy.securityContext.runAsNonRoot | bool | `true` | | -| mysql.gcp.scaffoldSQLProxy.version | string | `"sha256:16364cc06de704959576b23da26798850141ecae0f70510654764467cd9f47be"` | v0.7.11 which is based on cloud-sql-proxy:2.13.0-alpine | +| mysql.gcp.scaffoldSQLProxy.version | string | `"sha256:862598dc2457fd246dc5363e0bd21462343c89e714dbd4159e49f119e8ff5ca5"` | v0.7.15 which is based on cloud-sql-proxy:2.14.0-alpine | | mysql.hostname | string | `""` | | | mysql.image.pullPolicy | string | `"IfNotPresent"` | | | mysql.image.registry | string | `"gcr.io"` | | diff --git a/charts/trillian/values.yaml b/charts/trillian/values.yaml index 19155c10..60374de4 100644 --- a/charts/trillian/values.yaml +++ b/charts/trillian/values.yaml @@ -31,8 +31,8 @@ mysql: scaffoldSQLProxy: registry: ghcr.io repository: sigstore/scaffolding/cloudsqlproxy - # -- v0.7.11 which is based on cloud-sql-proxy:2.13.0-alpine - version: sha256:16364cc06de704959576b23da26798850141ecae0f70510654764467cd9f47be + # -- v0.7.15 which is based on cloud-sql-proxy:2.14.0-alpine + version: sha256:862598dc2457fd246dc5363e0bd21462343c89e714dbd4159e49f119e8ff5ca5 resources: requests: memory: "2Gi" @@ -46,9 +46,9 @@ mysql: - ALL cloudsql: registry: gcr.io - repository: cloud-sql-connectors/cloud-sql-proxy:2.13.0-alpine - # -- crane digest gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.13.0-alpine - version: sha256:74680d0e49d44af5b6f994a6a29712866cb95d8851b1416676313d0cf567946b + repository: cloud-sql-connectors/cloud-sql-proxy:2.14.0-alpine + # -- crane digest gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.14.0-alpine + version: sha256:6dc1d9ea84ff43eaeaebe51bb52de9e24dce8d8affd2fda0dc0d218897456c12 resources: requests: memory: "2Gi" @@ -138,8 +138,8 @@ logServer: registry: ghcr.io repository: sigstore/scaffolding/trillian_log_server pullPolicy: IfNotPresent - # -- trillian v1.6.1 (scaffolding v0.7.8) - version: sha256:b09ad6b9f876be07baf6006afdf13402302251a373eef000cdc7a6d0c0ca584f + # -- trillian v1.6.1 (scaffolding v0.7.15) + version: sha256:721b0e89ca3c5e6a167299836880953e2354071eae624a1123fdb5b444d16f76 nodeSelector: {} tolerations: [] affinity: {} @@ -174,8 +174,8 @@ logSigner: registry: ghcr.io repository: sigstore/scaffolding/trillian_log_signer pullPolicy: IfNotPresent - # -- trillian v1.6.1 (scaffolding v0.7.8) - version: sha256:9ddaf6c45cab0177db6e599d8bde12a46e1913181f4a6942096655e0435d0212 + # -- trillian v1.6.1 (scaffolding v0.7.15) + version: sha256:6d3592457acf9823c6f1dbe03e0cac29dddcfe4eb502bb05a8acf8fdb02a6de5 nodeSelector: {} tolerations: [] affinity: {} @@ -204,8 +204,8 @@ createdb: registry: ghcr.io repository: sigstore/scaffolding/createdb pullPolicy: IfNotPresent - # -- v0.7.11 - version: sha256:c835472a9d0e4d8629e9a1a609c8c706cb193144e4088d8f27eade73a4ad5812 + # -- v0.7.15 + version: sha256:b8f6e7c370228ce4412016d783a5b8f890cb1fb8e7e7acfd8d2c723537270954 serviceAccount: create: false name: "" From 8292834b3753517281326b4cf0c698ce7b459796 Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Wed, 30 Oct 2024 15:44:18 -0400 Subject: [PATCH 17/22] bump rekor chart for scaf 0.7.15 release Signed-off-by: Bob Callaway --- charts/rekor/Chart.yaml | 12 ++++++------ charts/rekor/README.md | 14 +++++++------- charts/rekor/values.yaml | 18 +++++++++--------- 3 files changed, 22 insertions(+), 22 deletions(-) diff --git a/charts/rekor/Chart.yaml b/charts/rekor/Chart.yaml index 54a8357b..47e1e72b 100644 --- a/charts/rekor/Chart.yaml +++ b/charts/rekor/Chart.yaml @@ -4,7 +4,7 @@ description: Part of the sigstore project, Rekor is a timestamping server and tr type: application -version: 1.5.1 +version: 1.5.2 appVersion: 1.3.6 keywords: @@ -19,7 +19,7 @@ maintainers: dependencies: - name: trillian - version: 0.2.28 + version: 0.2.29 repository: https://sigstore.github.io/helm-charts condition: trillian.enabled @@ -27,16 +27,16 @@ annotations: artifacthub.io/license: Apache-2.0 artifacthub.io/images: | - name: createtree - image: ghcr.io/sigstore/scaffolding/createtree:v0.7.11@sha256:4e3614df07561b096f1bfe1e1f79582b1545d6253bfad0f79235a1a1af74ef03 + image: ghcr.io/sigstore/scaffolding/createtree:v0.7.15@sha256:ee42272373b46a898b21a0aea21cf703e90048e03f45a4640381b4a04735ffd8 - name: curlimages/curl image: docker.io/curlimages/curl:8.10.1@sha256:d9b4541e214bcd85196d6e92e2753ac6d0ea699f0af5741f8c6cccbfcf00ef4b - name: rekor-server image: gcr.io/projectsigstore/rekor-server:v1.3.6@sha256:1237f29e2105d7f5451bbe15a3aca8677ddd1bb80620ca2fd06f74262437cf51 - name: redis - image: docker.io/redis:6.2.14-alpine3.20@sha256:e3b17ba9479deec4b7d1eeec1548a253acc5374d68d3b27937fcfe4df8d18c7e + image: docker.io/redis:6.2.16-alpine3.20@sha256:2ba50e1ac3a0ea17b736ce9db2b0a9f6f8b85d4c27d5f5accc6a416d8f42c6d5 - name: backfill-redis image: ghcr.io/sigstore/rekor/backfill-redis:v1.3.6@sha256:a13cd8b2a554d6116888fd1f383cf6e91fc1716df5eda392b82e6bfc66995ec3 - name: scaffold_cloud_proxy - image: ghcr.io/sigstore/scaffolding/cloudsqlproxy:v0.7.11@sha256:16364cc06de704959576b23da26798850141ecae0f70510654764467cd9f47be + image: ghcr.io/sigstore/scaffolding/cloudsqlproxy:v0.7.15@sha256:862598dc2457fd246dc5363e0bd21462343c89e714dbd4159e49f119e8ff5ca5 - name: cloud_proxy - image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.13.0-alpine@sha256:74680d0e49d44af5b6f994a6a29712866cb95d8851b1416676313d0cf567946b + image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.14.0-alpine@sha256:6dc1d9ea84ff43eaeaebe51bb52de9e24dce8d8affd2fda0dc0d218897456c12 diff --git a/charts/rekor/README.md b/charts/rekor/README.md index 88210745..4ce5a6f6 100644 --- a/charts/rekor/README.md +++ b/charts/rekor/README.md @@ -1,6 +1,6 @@ # rekor -![Version: 1.5.1](https://img.shields.io/badge/Version-1.5.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.6](https://img.shields.io/badge/AppVersion-1.3.6-informational?style=flat-square) +![Version: 1.5.2](https://img.shields.io/badge/Version-1.5.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.6](https://img.shields.io/badge/AppVersion-1.3.6-informational?style=flat-square) Part of the sigstore project, Rekor is a timestamping server and transparency log for storing signatures, as well as an API based server for validation @@ -20,7 +20,7 @@ Part of the sigstore project, Rekor is a timestamping server and transparency lo | Repository | Name | Version | |------------|------|---------| -| https://sigstore.github.io/helm-charts | trillian | 0.2.28 | +| https://sigstore.github.io/helm-charts | trillian | 0.2.29 | ## Values @@ -48,7 +48,7 @@ Part of the sigstore project, Rekor is a timestamping server and transparency lo | createtree.image.pullPolicy | string | `"IfNotPresent"` | | | createtree.image.registry | string | `"ghcr.io"` | | | createtree.image.repository | string | `"sigstore/scaffolding/createtree"` | | -| createtree.image.version | string | `"sha256:4e3614df07561b096f1bfe1e1f79582b1545d6253bfad0f79235a1a1af74ef03"` | | +| createtree.image.version | string | `"sha256:ee42272373b46a898b21a0aea21cf703e90048e03f45a4640381b4a04735ffd8"` | | | createtree.name | string | `"createtree"` | | | createtree.nodeSelector | object | `{}` | | | createtree.resources | object | `{}` | | @@ -68,7 +68,7 @@ Part of the sigstore project, Rekor is a timestamping server and transparency lo | initContainerResources | object | `{}` | | | mysql.enabled | bool | `false` | | | mysql.gcp.cloudsql.registry | string | `"gcr.io"` | | -| mysql.gcp.cloudsql.repository | string | `"cloud-sql-connectors/cloud-sql-proxy:2.13.0-alpine"` | | +| mysql.gcp.cloudsql.repository | string | `"cloud-sql-connectors/cloud-sql-proxy:2.14.0-alpine"` | | | mysql.gcp.cloudsql.resources.requests.cpu | string | `"1"` | | | mysql.gcp.cloudsql.resources.requests.memory | string | `"2Gi"` | | | mysql.gcp.cloudsql.securityContext.allowPrivilegeEscalation | bool | `false` | | @@ -77,7 +77,7 @@ Part of the sigstore project, Rekor is a timestamping server and transparency lo | mysql.gcp.cloudsql.securityContext.runAsNonRoot | bool | `true` | | | mysql.gcp.cloudsql.unixDomainSocket.enabled | bool | `false` | | | mysql.gcp.cloudsql.unixDomainSocket.path | string | `"/cloudsql"` | | -| mysql.gcp.cloudsql.version | string | `"sha256:74680d0e49d44af5b6f994a6a29712866cb95d8851b1416676313d0cf567946b"` | crane digest gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.13.0-alpine | +| mysql.gcp.cloudsql.version | string | `"sha256:6dc1d9ea84ff43eaeaebe51bb52de9e24dce8d8affd2fda0dc0d218897456c12"` | crane digest gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.14.0-alpine | | mysql.gcp.enabled | bool | `false` | | | mysql.gcp.instance | string | `""` | | | mysql.gcp.scaffoldSQLProxy.registry | string | `"ghcr.io"` | | @@ -88,7 +88,7 @@ Part of the sigstore project, Rekor is a timestamping server and transparency lo | mysql.gcp.scaffoldSQLProxy.securityContext.capabilities.drop[0] | string | `"ALL"` | | | mysql.gcp.scaffoldSQLProxy.securityContext.readOnlyRootFilesystem | bool | `true` | | | mysql.gcp.scaffoldSQLProxy.securityContext.runAsNonRoot | bool | `true` | | -| mysql.gcp.scaffoldSQLProxy.version | string | `"sha256:16364cc06de704959576b23da26798850141ecae0f70510654764467cd9f47be"` | v0.7.11 which is based on cloud-sql-proxy:2.13.0-alpine | +| mysql.gcp.scaffoldSQLProxy.version | string | `"sha256:862598dc2457fd246dc5363e0bd21462343c89e714dbd4159e49f119e8ff5ca5"` | v0.7.15 which is based on cloud-sql-proxy:2.14.0-alpine | | mysql.hostname | string | `""` | | | mysql.image.pullPolicy | string | `"IfNotPresent"` | | | mysql.image.registry | string | `"gcr.io"` | | @@ -109,7 +109,7 @@ Part of the sigstore project, Rekor is a timestamping server and transparency lo | redis.image.pullPolicy | string | `"IfNotPresent"` | | | redis.image.registry | string | `"docker.io"` | | | redis.image.repository | string | `"redis"` | | -| redis.image.version | string | `"sha256:e3b17ba9479deec4b7d1eeec1548a253acc5374d68d3b27937fcfe4df8d18c7e"` | 6.2.14-alpine3.20 | +| redis.image.version | string | `"sha256:2ba50e1ac3a0ea17b736ce9db2b0a9f6f8b85d4c27d5f5accc6a416d8f42c6d5"` | 6.2.16-alpine3.20 | | redis.name | string | `"redis"` | | | redis.nodeSelector | object | `{}` | | | redis.port | int | `6379` | | diff --git a/charts/rekor/values.yaml b/charts/rekor/values.yaml index 84ff26cc..5575dd93 100644 --- a/charts/rekor/values.yaml +++ b/charts/rekor/values.yaml @@ -27,8 +27,8 @@ redis: registry: docker.io repository: redis pullPolicy: IfNotPresent - # -- 6.2.14-alpine3.20 - version: "sha256:e3b17ba9479deec4b7d1eeec1548a253acc5374d68d3b27937fcfe4df8d18c7e" + # -- 6.2.16-alpine3.20 + version: "sha256:2ba50e1ac3a0ea17b736ce9db2b0a9f6f8b85d4c27d5f5accc6a416d8f42c6d5" resources: {} readinessProbe: initialDelaySeconds: 5 @@ -64,8 +64,8 @@ mysql: scaffoldSQLProxy: registry: ghcr.io repository: sigstore/scaffolding/cloudsqlproxy - # -- v0.7.11 which is based on cloud-sql-proxy:2.13.0-alpine - version: sha256:16364cc06de704959576b23da26798850141ecae0f70510654764467cd9f47be + # -- v0.7.15 which is based on cloud-sql-proxy:2.14.0-alpine + version: sha256:862598dc2457fd246dc5363e0bd21462343c89e714dbd4159e49f119e8ff5ca5 resources: requests: memory: "2Gi" @@ -79,9 +79,9 @@ mysql: - ALL cloudsql: registry: gcr.io - repository: cloud-sql-connectors/cloud-sql-proxy:2.13.0-alpine - # -- crane digest gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.13.0-alpine - version: sha256:74680d0e49d44af5b6f994a6a29712866cb95d8851b1416676313d0cf567946b + repository: cloud-sql-connectors/cloud-sql-proxy:2.14.0-alpine + # -- crane digest gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.14.0-alpine + version: sha256:6dc1d9ea84ff43eaeaebe51bb52de9e24dce8d8affd2fda0dc0d218897456c12 resources: requests: memory: "2Gi" @@ -233,8 +233,8 @@ createtree: registry: ghcr.io repository: sigstore/scaffolding/createtree pullPolicy: IfNotPresent - # v0.7.11 - version: sha256:4e3614df07561b096f1bfe1e1f79582b1545d6253bfad0f79235a1a1af74ef03 + # v0.7.15 + version: sha256:ee42272373b46a898b21a0aea21cf703e90048e03f45a4640381b4a04735ffd8 ttlSecondsAfterFinished: 3600 serviceAccount: create: true From 98fea583dd2566e5014cf21707eb15793d647c8f Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Wed, 30 Oct 2024 15:51:39 -0400 Subject: [PATCH 18/22] bump scaffold chart for scaf 0.7.15 release Signed-off-by: Bob Callaway --- charts/scaffold/Chart.lock | 14 +++++++------- charts/scaffold/Chart.yaml | 12 ++++++------ charts/scaffold/README.md | 12 ++++++------ 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/charts/scaffold/Chart.lock b/charts/scaffold/Chart.lock index a1c3ed9c..7ed1a774 100644 --- a/charts/scaffold/Chart.lock +++ b/charts/scaffold/Chart.lock @@ -1,21 +1,21 @@ dependencies: - name: fulcio repository: https://sigstore.github.io/helm-charts - version: 2.6.1 + version: 2.6.2 - name: rekor repository: https://sigstore.github.io/helm-charts - version: 1.5.1 + version: 1.5.2 - name: trillian repository: https://sigstore.github.io/helm-charts - version: 0.2.28 + version: 0.2.29 - name: ctlog repository: https://sigstore.github.io/helm-charts - version: 0.2.57 + version: 0.2.58 - name: tuf repository: https://sigstore.github.io/helm-charts - version: 0.1.18 + version: 0.1.19 - name: tsa repository: https://sigstore.github.io/helm-charts version: 1.0.6 -digest: sha256:e0aac105beb48cc1aa0c039e5fdb02cdf13d260e4fcaeea8573cd71693816e97 -generated: "2024-09-30T09:22:16.142095029-04:00" +digest: sha256:669a3162904feabcda955e862f630e1f0d89fc349dd7997f6caea89dafdfb953 +generated: "2024-10-30T15:50:49.044465046-04:00" diff --git a/charts/scaffold/Chart.yaml b/charts/scaffold/Chart.yaml index 4981bd13..b3bf9abf 100644 --- a/charts/scaffold/Chart.yaml +++ b/charts/scaffold/Chart.yaml @@ -4,7 +4,7 @@ description: Scaffolding the components of the sigstore architecture type: application -version: 0.6.63 +version: 0.6.64 keywords: - security - pki @@ -16,23 +16,23 @@ maintainers: dependencies: - name: fulcio - version: 2.6.1 + version: 2.6.2 repository: https://sigstore.github.io/helm-charts condition: fulcio.enabled - name: rekor - version: 1.5.1 + version: 1.5.2 repository: https://sigstore.github.io/helm-charts condition: rekor.enabled - name: trillian - version: 0.2.28 + version: 0.2.29 repository: https://sigstore.github.io/helm-charts condition: trillian.enabled - name: ctlog - version: 0.2.57 + version: 0.2.58 repository: https://sigstore.github.io/helm-charts condition: ctlog.enabled - name: tuf - version: 0.1.18 + version: 0.1.19 repository: https://sigstore.github.io/helm-charts condition: tuf.enabled - name: tsa diff --git a/charts/scaffold/README.md b/charts/scaffold/README.md index 1fa21b0f..d09f7688 100644 --- a/charts/scaffold/README.md +++ b/charts/scaffold/README.md @@ -2,7 +2,7 @@ -![Version: 0.6.63](https://img.shields.io/badge/Version-0.6.63-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.6.64](https://img.shields.io/badge/Version-0.6.64-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) Scaffolding the components of the sigstore architecture @@ -36,12 +36,12 @@ helm uninstall [RELEASE_NAME] | Repository | Name | Version | |------------|------|---------| -| https://sigstore.github.io/helm-charts | ctlog | 0.2.57 | -| https://sigstore.github.io/helm-charts | fulcio | 2.6.1 | -| https://sigstore.github.io/helm-charts | rekor | 1.5.1 | -| https://sigstore.github.io/helm-charts | trillian | 0.2.28 | +| https://sigstore.github.io/helm-charts | ctlog | 0.2.58 | +| https://sigstore.github.io/helm-charts | fulcio | 2.6.2 | +| https://sigstore.github.io/helm-charts | rekor | 1.5.2 | +| https://sigstore.github.io/helm-charts | trillian | 0.2.29 | | https://sigstore.github.io/helm-charts | tsa | 1.0.6 | -| https://sigstore.github.io/helm-charts | tuf | 0.1.18 | +| https://sigstore.github.io/helm-charts | tuf | 0.1.19 | ## Values From 1a357904d0d6d99fe59d0f83e7816a211b3d7c85 Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Thu, 31 Oct 2024 15:23:23 -0400 Subject: [PATCH 19/22] change extraArgs for ctlog chart to be handled consistently Signed-off-by: Bob Callaway --- charts/ctlog/Chart.yaml | 2 +- charts/ctlog/templates/_helpers.tpl | 12 +++--------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/charts/ctlog/Chart.yaml b/charts/ctlog/Chart.yaml index 3d232ab6..b662f389 100644 --- a/charts/ctlog/Chart.yaml +++ b/charts/ctlog/Chart.yaml @@ -4,7 +4,7 @@ description: Certificate Log type: application -version: 0.2.58 +version: 0.2.59 appVersion: 0.7.15 keywords: diff --git a/charts/ctlog/templates/_helpers.tpl b/charts/ctlog/templates/_helpers.tpl index 5ff3fab7..33f1cc7f 100644 --- a/charts/ctlog/templates/_helpers.tpl +++ b/charts/ctlog/templates/_helpers.tpl @@ -110,15 +110,9 @@ Server Arguments - {{ printf "--metrics_endpoint=0.0.0.0:%d" (.Values.server.portHTTPMetrics | int) | quote }} - "--log_config=/ctfe-keys/config" - "--alsologtostderr" -{{- if .Values.server.extraArgs -}} -{{- range $key, $value := .Values.server.extraArgs }} -{{- if $value }} -- {{ printf "%v=%v" $key $value | quote }} -{{- else }} -- {{ printf $key | quote }} -{{- end }} -{{- end }} -{{- end -}} +{{- range .Values.server.extraArgs }} +- {{ . | quote }} +{{ end }} {{- end -}} {{/* From b777afadac05133ceea20b5bae7957cfc0d777ae Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Thu, 31 Oct 2024 15:24:00 -0400 Subject: [PATCH 20/22] bump version Signed-off-by: Bob Callaway --- charts/ctlog/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/ctlog/README.md b/charts/ctlog/README.md index 88b7e87c..ce865078 100644 --- a/charts/ctlog/README.md +++ b/charts/ctlog/README.md @@ -1,6 +1,6 @@ # ctlog -![Version: 0.2.58](https://img.shields.io/badge/Version-0.2.58-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.15](https://img.shields.io/badge/AppVersion-0.7.15-informational?style=flat-square) +![Version: 0.2.59](https://img.shields.io/badge/Version-0.2.59-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.15](https://img.shields.io/badge/AppVersion-0.7.15-informational?style=flat-square) Certificate Log From 78033845be6d9c842c5b0cd7fcb6322ae7a538fb Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Thu, 31 Oct 2024 15:31:55 -0400 Subject: [PATCH 21/22] bump fulcio chart for ctlog dep Signed-off-by: Bob Callaway --- charts/fulcio/Chart.lock | 6 +++--- charts/fulcio/Chart.yaml | 4 ++-- charts/fulcio/README.md | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/fulcio/Chart.lock b/charts/fulcio/Chart.lock index 7e432148..fc5a9434 100644 --- a/charts/fulcio/Chart.lock +++ b/charts/fulcio/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: ctlog repository: https://sigstore.github.io/helm-charts - version: 0.2.58 -digest: sha256:ffe8976eb04dbae5cc8b86b25c343d54ae14694f8bef8963c6179a6678cacf33 -generated: "2024-10-30T15:20:04.341710006-04:00" + version: 0.2.59 +digest: sha256:bb907cdf05f1b8d94240217874b1497dd6456d212aa7df66d8424b3a5ca94d2b +generated: "2024-10-31T15:31:00.446133788-04:00" diff --git a/charts/fulcio/Chart.yaml b/charts/fulcio/Chart.yaml index de3e6e02..5f66aded 100644 --- a/charts/fulcio/Chart.yaml +++ b/charts/fulcio/Chart.yaml @@ -5,7 +5,7 @@ description: | type: application -version: 2.6.2 +version: 2.6.3 appVersion: 1.6.4 keywords: @@ -19,7 +19,7 @@ maintainers: dependencies: - name: ctlog - version: 0.2.58 + version: 0.2.59 repository: https://sigstore.github.io/helm-charts condition: ctlog.enabled diff --git a/charts/fulcio/README.md b/charts/fulcio/README.md index c3f2f2f2..54b4b413 100644 --- a/charts/fulcio/README.md +++ b/charts/fulcio/README.md @@ -2,7 +2,7 @@ -![Version: 2.6.2](https://img.shields.io/badge/Version-2.6.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.4](https://img.shields.io/badge/AppVersion-1.6.4-informational?style=flat-square) +![Version: 2.6.3](https://img.shields.io/badge/Version-2.6.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.4](https://img.shields.io/badge/AppVersion-1.6.4-informational?style=flat-square) Fulcio is a free code signing Certificate Authority, built to make short-lived certificates available to anyone. @@ -71,7 +71,7 @@ helm uninstall [RELEASE_NAME] | Repository | Name | Version | |------------|------|---------| -| https://sigstore.github.io/helm-charts | ctlog | 0.2.58 | +| https://sigstore.github.io/helm-charts | ctlog | 0.2.59 | ## Values From ce4d5a4e72645fd0521201960d2aa7dffcb1edb4 Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Thu, 31 Oct 2024 15:38:38 -0400 Subject: [PATCH 22/22] bump scaffold chart for ctlog update Signed-off-by: Bob Callaway --- charts/scaffold/Chart.lock | 8 ++++---- charts/scaffold/Chart.yaml | 6 +++--- charts/scaffold/README.md | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/charts/scaffold/Chart.lock b/charts/scaffold/Chart.lock index 7ed1a774..62d06b86 100644 --- a/charts/scaffold/Chart.lock +++ b/charts/scaffold/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: fulcio repository: https://sigstore.github.io/helm-charts - version: 2.6.2 + version: 2.6.3 - name: rekor repository: https://sigstore.github.io/helm-charts version: 1.5.2 @@ -10,12 +10,12 @@ dependencies: version: 0.2.29 - name: ctlog repository: https://sigstore.github.io/helm-charts - version: 0.2.58 + version: 0.2.59 - name: tuf repository: https://sigstore.github.io/helm-charts version: 0.1.19 - name: tsa repository: https://sigstore.github.io/helm-charts version: 1.0.6 -digest: sha256:669a3162904feabcda955e862f630e1f0d89fc349dd7997f6caea89dafdfb953 -generated: "2024-10-30T15:50:49.044465046-04:00" +digest: sha256:f6fa77f0f3fae3257b41508614235a8186f01e4994abb3950552008f9fce38f5 +generated: "2024-10-31T15:38:02.728896868-04:00" diff --git a/charts/scaffold/Chart.yaml b/charts/scaffold/Chart.yaml index b3bf9abf..b63b22a7 100644 --- a/charts/scaffold/Chart.yaml +++ b/charts/scaffold/Chart.yaml @@ -4,7 +4,7 @@ description: Scaffolding the components of the sigstore architecture type: application -version: 0.6.64 +version: 0.6.65 keywords: - security - pki @@ -16,7 +16,7 @@ maintainers: dependencies: - name: fulcio - version: 2.6.2 + version: 2.6.3 repository: https://sigstore.github.io/helm-charts condition: fulcio.enabled - name: rekor @@ -28,7 +28,7 @@ dependencies: repository: https://sigstore.github.io/helm-charts condition: trillian.enabled - name: ctlog - version: 0.2.58 + version: 0.2.59 repository: https://sigstore.github.io/helm-charts condition: ctlog.enabled - name: tuf diff --git a/charts/scaffold/README.md b/charts/scaffold/README.md index d09f7688..cd04d67c 100644 --- a/charts/scaffold/README.md +++ b/charts/scaffold/README.md @@ -2,7 +2,7 @@ -![Version: 0.6.64](https://img.shields.io/badge/Version-0.6.64-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.6.65](https://img.shields.io/badge/Version-0.6.65-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) Scaffolding the components of the sigstore architecture @@ -36,8 +36,8 @@ helm uninstall [RELEASE_NAME] | Repository | Name | Version | |------------|------|---------| -| https://sigstore.github.io/helm-charts | ctlog | 0.2.58 | -| https://sigstore.github.io/helm-charts | fulcio | 2.6.2 | +| https://sigstore.github.io/helm-charts | ctlog | 0.2.59 | +| https://sigstore.github.io/helm-charts | fulcio | 2.6.3 | | https://sigstore.github.io/helm-charts | rekor | 1.5.2 | | https://sigstore.github.io/helm-charts | trillian | 0.2.29 | | https://sigstore.github.io/helm-charts | tsa | 1.0.6 |