From 7725e46aa0f20eb25b09c475198fd43228778211 Mon Sep 17 00:00:00 2001 From: Akash Singhal Date: Mon, 11 Dec 2023 17:24:44 -0800 Subject: [PATCH] chore: prepare for 1.1 release (#1214) --- README.md | 22 ++++++++++++---------- charts/ratify/Chart.yaml | 4 ++-- charts/ratify/README.md | 10 +++++----- charts/ratify/values.yaml | 4 ++-- docs/README.md | 2 +- docs/design/Cache Unification.md | 2 +- errors/errors.go | 8 ++++---- errors/pluginerrors.go | 14 +++++++------- helmfile.yaml | 6 ++++-- high-availability.helmfile.yaml | 2 +- library/rego/README.md | 2 +- plugins/verifier/cosign/README.md | 2 +- 12 files changed, 41 insertions(+), 37 deletions(-) diff --git a/README.md b/README.md index cf522d50d..8370ee7d9 100644 --- a/README.md +++ b/README.md @@ -13,18 +13,20 @@ Is a verification engine as a binary executable and on Kubernetes which enables ## Table of Contents -- [Quick Start](#quick-start) -- [Community Meetings](#community-meetings) -- [Pull Request Review Series](#pull-request-review-series) -- [Documents](#documents) -- [Code of Conduct](#code-of-conduct) -- [Release Management](#release-management) -- [Licensing](#licensing) -- [Trademark](#trademark) +- [Ratify](#ratify) + - [Table of Contents](#table-of-contents) + - [Quick Start](#quick-start) + - [Community meetings](#community-meetings) + - [Pull Request Review Series](#pull-request-review-series) + - [Documents](#documents) + - [Code of Conduct](#code-of-conduct) + - [Release Management](#release-management) + - [Licensing](#licensing) + - [Trademark](#trademark) ## Quick Start -Please see [Ratify website](https://ratify.dev/docs/1.0/quick-start) for a quick start demo. +Please see [Ratify website](https://ratify.dev/docs/quick-start) for a quick start demo. ## Community meetings @@ -41,7 +43,7 @@ Get Ratify Community Meeting Calendar [here](https://calendar.google.com/calenda ## Documents -Please see the [Ratify website](https://ratify.dev/docs/1.0/what-is-ratify) for more in-depth information. +Please see the [Ratify website](https://ratify.dev/docs/what-is-ratify) for more in-depth information. Meeting notes for weekly project syncs can be found [here](https://hackmd.io/ABueHjizRz2iFQpWnQrnNA?both) diff --git a/charts/ratify/Chart.yaml b/charts/ratify/Chart.yaml index 9e9ada5aa..173ba0f0b 100644 --- a/charts/ratify/Chart.yaml +++ b/charts/ratify/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: ratify description: A Helm chart for Ratify -version: 1.11.0 -appVersion: v1.0.0 +version: 1.12.0 +appVersion: v1.1.0 home: https://github.com/deislabs/ratify icon: https://raw.githubusercontent.com/deislabs/ratify/main/logo.svg diff --git a/charts/ratify/README.md b/charts/ratify/README.md index 1795a6def..edc8a5106 100644 --- a/charts/ratify/README.md +++ b/charts/ratify/README.md @@ -52,13 +52,13 @@ $ helm upgrade -n gatekeeper-system [RELEASE_NAME] ratify/ratify | vulnerabilityreport.schemaURL | URL for JSON schema to validate report against | `` | | vulnerabilityreport.createdAnnotationName | Overrides the default created annotation (`org.opencontainers.image.created`) to search for | `` | | vulnerabilityreport.maximumAge | Maximum age report can be based on timestamp in stored at creation annotation. Formatted based on [time.Duration](https://pkg.go.dev/time#ParseDuration). A duration string is a possibly signed sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms" or "24h". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". | `` | -| vulnerabilityreport.notaryProjectSignatureRequired | Enables/disable notary project signature verification attached to vulnerability report. Refer to notation verifier [documentation](https://ratify.dev/docs/1.0/reference/crds/verifiers#notation) to install + configure keys. | `false` | +| vulnerabilityreport.notaryProjectSignatureRequired | Enables/disable notary project signature verification attached to vulnerability report. Refer to notation verifier [documentation](https://ratify.dev/docs/reference/crds/verifiers#notation) to install + configure keys. | `false` | | vulnerabilityreport.disallowedSeverities | List of severities to disallow (strings). Common severities: `low`, `medium`, `high`, `critical`, `unknown` | `[]` | | vulnerabilityreport.denylistCVEs | List of CVE IDs that cannot exist in the vulnerability report | `[]` | -| sbom.enabled | Enables/disables installation of sbom verification configuration | `false` | -| sbom.notaryProjectSignatureRequired | requires validation of sbom notation signature | `false` | -| sbom.disallowedLicenses | list of disallowed licenses | [] | -| sbom.disallowedPackages | list of disallowed packages defined by package name and version. For example: --set sbom.disallowedPackages[0].name="busybox" --set sbom.disallowedPackages[0].version="1.36.1-r0" | [] | +| sbom.enabled | Enables/disables installation of sbom verification configuration | `false` | +| sbom.notaryProjectSignatureRequired | requires validation of sbom notation signature | `false` | +| sbom.disallowedLicenses | list of disallowed licenses | [] | +| sbom.disallowedPackages | list of disallowed packages defined by package name and version. For example: --set sbom.disallowedPackages[0].name="busybox" --set sbom.disallowedPackages[0].version="1.36.1-r0" | [] | | resources.limits.cpu | CPU limits of Ratify Deployment | `1000m` | | resources.limits.memory | Memory limits of Ratify Deployment | `512Mi` | | resources.requests.cpu | CPU request of Ratify Deployment | `600m` | diff --git a/charts/ratify/values.yaml b/charts/ratify/values.yaml index 5091f80fe..9aff78369 100644 --- a/charts/ratify/values.yaml +++ b/charts/ratify/values.yaml @@ -1,7 +1,7 @@ image: repository: ghcr.io/deislabs/ratify crdRepository: ghcr.io/deislabs/ratify-crds - tag: v1.0.0 + tag: v1.1.0 pullPolicy: IfNotPresent nameOverride: "" @@ -140,7 +140,7 @@ logger: traceIDHeaderName: # List of headers that include the trace ID in the external data requests to Ratify. The same headers will be passed to upstream services like remote registries. - "" # e.g. Set it to `x-ms-correlation-request-id` to trace across Azure. -# See https://ratify.dev/docs/1.0/reference/usage#feature-flags for a list of available feature flags +# See https://ratify.dev/docs/reference/usage#feature-flags for a list of available feature flags featureFlags: # RATIFY_FEATURE_NAME: true diff --git a/docs/README.md b/docs/README.md index 295919a33..d6949b16d 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,4 +1,4 @@ -Please see the [Ratify website](https://ratify.dev/docs/1.0/what-is-ratify) for more in-depth information. +Please see the [Ratify website](https://ratify.dev/docs/what-is-ratify) for more in-depth information. ## Design Docs diff --git a/docs/design/Cache Unification.md b/docs/design/Cache Unification.md index c6b28e4ea..57be6012b 100644 --- a/docs/design/Cache Unification.md +++ b/docs/design/Cache Unification.md @@ -28,7 +28,7 @@ Ratify must: ## Overview -Please reference this [doc](https://ratify.dev/docs/1.0/reference/cache) for overview of current caching state in Ratify +Please reference this [doc](https://ratify.dev/docs/reference/cache) for overview of current caching state in Ratify Ratify has two primary cache categories: in memory caches & blob store cache. There are 4 separate in-memory caches backed by 3 different cache types. This makes it very difficult to standardize cache interactions and emit uniform metrics. Furthermore, supporting multiple cache types will make it difficult to easily switch between in-memory and distributed caching for high availability scenarios. diff --git a/errors/errors.go b/errors/errors.go index 2e6c7fc9f..8f98e6def 100644 --- a/errors/errors.go +++ b/errors/errors.go @@ -16,11 +16,11 @@ limitations under the License. package errors const ( - NotationTsgLink = "https://ratify.dev/docs/1.0/troubleshoot/verifier/notation" + NotationTsgLink = "https://ratify.dev/docs/troubleshoot/verifier/notation" OrasLink = "https://oras.land/" - AuthProviderLink = "https://ratify.dev/docs/1.0/reference/oras-auth-provider" - PolicyProviderLink = "https://ratify.dev/docs/1.0/reference/providers" - PolicyCRDLink = "https://ratify.dev/docs/1.0/reference/crds/policies" + AuthProviderLink = "https://ratify.dev/docs/reference/oras-auth-provider" + PolicyProviderLink = "https://ratify.dev/docs/reference/providers" + PolicyCRDLink = "https://ratify.dev/docs/reference/crds/policies" ) var ( diff --git a/errors/pluginerrors.go b/errors/pluginerrors.go index 643de7b86..81944f588 100644 --- a/errors/pluginerrors.go +++ b/errors/pluginerrors.go @@ -48,7 +48,7 @@ var ( ErrorCodeListReferrersFailure = Register("errcode", ErrorDescriptor{ Value: "LIST_REFERRERS_FAILURE", Message: "list referrers failure", - Description: `Referrer store fails to list the referrers. Refer to https://ratify.dev/docs/1.0/reference/store#listreferrers for more details.`, + Description: `Referrer store fails to list the referrers. Refer to https://ratify.dev/docs/reference/store#listreferrers for more details.`, }) // ErrorCodeGetSubjectDescriptorFailure is returned when GetSubjectDescriptor @@ -56,7 +56,7 @@ var ( ErrorCodeGetSubjectDescriptorFailure = Register("errcode", ErrorDescriptor{ Value: "GET_SUBJECT_DESCRIPTOR_FAILURE", Message: "get subject descriptor failure", - Description: `Referrer store fails to get the subject descriptor. Refer to https://ratify.dev/docs/1.0/reference/store#getsubjectdescriptor for more details.`, + Description: `Referrer store fails to get the subject descriptor. Refer to https://ratify.dev/docs/reference/store#getsubjectdescriptor for more details.`, }) // ErrorCodeGetReferenceManifestFailure is returned when GetReferenceManifest @@ -64,14 +64,14 @@ var ( ErrorCodeGetReferenceManifestFailure = Register("errcode", ErrorDescriptor{ Value: "GET_REFERRER_MANIFEST_FAILURE", Message: "get reference manifest failure", - Description: `Referrer store fails to get the reference manifest. Refer to https://ratify.dev/docs/1.0/reference/store#getreferencemanifest for more details.`, + Description: `Referrer store fails to get the reference manifest. Refer to https://ratify.dev/docs/reference/store#getreferencemanifest for more details.`, }) // ErrorCodeGetBlobContentFailure is returned when GetBlobContent API fails. ErrorCodeGetBlobContentFailure = Register("errcode", ErrorDescriptor{ Value: "GET_BLOB_CONTENT_FAILURE", Message: "get blob content failure", - Description: `Referrer store fails to get the blob content. Refer to https://ratify.dev/docs/1.0/reference/store#getblobcontent for more details.`, + Description: `Referrer store fails to get the blob content. Refer to https://ratify.dev/docs/reference/store#getblobcontent for more details.`, }) // ErrorCodeReferrerStoreFailure is returned when a generic error happen in @@ -109,7 +109,7 @@ var ( ErrorCodeReferrersNotFound = Register("errcode", ErrorDescriptor{ Value: "REFERRERS_NOT_FOUND", Message: "referrers not found", - Description: "No referrers are found. Please verify the subject has attached expected artifacts and refer to https://ratify.dev/docs/1.0/reference/store/ to investigate Referrer Store configuration.", + Description: "No referrers are found. Please verify the subject has attached expected artifacts and refer to https://ratify.dev/docs/reference/store/ to investigate Referrer Store configuration.", }) // Generic errors happen in plugins @@ -135,14 +135,14 @@ var ( ErrorCodeDownloadPluginFailure = Register("errcode", ErrorDescriptor{ Value: "DOWNLOAD_PLUGIN_FAILURE", Message: "download plugin failure", - Description: "Failed to download plugin. Please verify the provided plugin configuration is correct and check the error details for further investigation. Refer to https://ratify.dev/docs/1.0/reference/dynamic-plugins for more information.", + Description: "Failed to download plugin. Please verify the provided plugin configuration is correct and check the error details for further investigation. Refer to https://ratify.dev/docs/reference/dynamic-plugins for more information.", }) // ErrorCodeCertInvalid is returned when provided certificates are invalid. ErrorCodeCertInvalid = Register("errcode", ErrorDescriptor{ Value: "CERT_INVALID", Message: "cert invalid", - Description: "The certificate is invalid. Please verify the provided inline certificates or certificates fetched from key vault are in valid format. Refer to https://ratify.dev/docs/1.0/reference/crds/certificate-stores for more information.", + Description: "The certificate is invalid. Please verify the provided inline certificates or certificates fetched from key vault are in valid format. Refer to https://ratify.dev/docs/reference/crds/certificate-stores for more information.", }) // ErrorCodePolicyProviderNotFound is returned when a policy provider cannot diff --git a/helmfile.yaml b/helmfile.yaml index e254a385e..e5eb0b660 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -9,7 +9,7 @@ releases: namespace: gatekeeper-system createNamespace: true chart: gatekeeper/gatekeeper - version: 3.13.0 + version: 3.14.0 wait: true set: - name: enableExternalData @@ -18,10 +18,12 @@ releases: value: 5 - name: mutatingWebhookTimeoutSeconds value: 2 + - name: externaldataProviderResponseCacheTTL + value: 10s - name: ratify namespace: gatekeeper-system chart: ratify/ratify - version: 1.11.0 # Make sure this matches Chart.yaml + version: 1.12.0 # Make sure this matches Chart.yaml wait: true needs: - gatekeeper diff --git a/high-availability.helmfile.yaml b/high-availability.helmfile.yaml index e94755a73..8eb927afa 100644 --- a/high-availability.helmfile.yaml +++ b/high-availability.helmfile.yaml @@ -32,7 +32,7 @@ releases: - name: ratify namespace: gatekeeper-system chart: ratify/ratify - version: 1.11.0 # Make sure this matches Chart.yaml + version: 1.12.0 # Make sure this matches Chart.yaml wait: true needs: - dapr-system/dapr diff --git a/library/rego/README.md b/library/rego/README.md index 8f21f7892..01d83493d 100644 --- a/library/rego/README.md +++ b/library/rego/README.md @@ -1,3 +1,3 @@ # Ratify Rego Policies -This folder contains `.rego` files that contain rego policies to be used ONLY with Ratify's [Rego Policy Provider](https://ratify.dev/docs/1.0/reference/crds/policies#regopolicy) \ No newline at end of file +This folder contains `.rego` files that contain rego policies to be used ONLY with Ratify's [Rego Policy Provider](https://ratify.dev/docs/reference/crds/policies#regopolicy) \ No newline at end of file diff --git a/plugins/verifier/cosign/README.md b/plugins/verifier/cosign/README.md index 0a4bb8ce9..55f85f412 100644 --- a/plugins/verifier/cosign/README.md +++ b/plugins/verifier/cosign/README.md @@ -1 +1 @@ -This document has been moved to https://ratify.dev/docs/1.0/external%20plugins/Verifier/cosign \ No newline at end of file +This document has been moved to https://ratify.dev/docs/external%20plugins/Verifier/cosign \ No newline at end of file