Skip to content

Commit

Permalink
Merge branch 'dev' into clean-package
Browse files Browse the repository at this point in the history
  • Loading branch information
binbin-li authored Jun 1, 2024
2 parents 3f68a54 + b9446ef commit 3bafc56
Show file tree
Hide file tree
Showing 6 changed files with 54 additions and 15 deletions.
7 changes: 6 additions & 1 deletion .github/codecov.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,7 @@
ignore:
- "./api" # ignore folders and all its contents
- "./api" # ignore folders and all its contents
coverage:
status:
patch:
default:
target: 80%
8 changes: 4 additions & 4 deletions .github/workflows/scan-vulns.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,11 @@ jobs:
timeout-minutes: 15
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
egress-policy: audit

- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: "1.22"
check-latest: true
Expand All @@ -37,12 +37,12 @@ jobs:
timeout-minutes: 15
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
egress-policy: audit

- name: Check out code into the Go module directory
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29

- name: Download trivy
run: |
Expand Down
4 changes: 2 additions & 2 deletions charts/ratify/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v2
name: ratify
description: A Helm chart for Ratify
version: 1.12.0
appVersion: v1.1.0
version: 1.13.0
appVersion: v1.2.0
home: https://github.com/deislabs/ratify
icon: https://raw.githubusercontent.com/deislabs/ratify/main/logo.svg
2 changes: 1 addition & 1 deletion charts/ratify/values.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
image:
repository: ghcr.io/deislabs/ratify
crdRepository: ghcr.io/deislabs/ratify-crds
tag: v1.1.0
tag: v1.2.0
pullPolicy: IfNotPresent

nameOverride: ""
Expand Down
13 changes: 9 additions & 4 deletions helmfile.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@ repositories:
url: https://open-policy-agent.github.io/gatekeeper/charts
- name: ratify
url: https://deislabs.github.io/ratify

releases:
- name: gatekeeper
namespace: gatekeeper-system
createNamespace: true
chart: gatekeeper/gatekeeper
version: 3.14.0
version: 3.16.0
wait: true
set:
- name: enableExternalData
Expand All @@ -23,7 +23,7 @@ releases:
- name: ratify
namespace: gatekeeper-system
chart: ratify/ratify
version: 1.12.1 # Make sure this matches Chart.yaml
version: 1.13.0 # Make sure this matches Chart.yaml
wait: true
needs:
- gatekeeper
Expand Down Expand Up @@ -60,6 +60,11 @@ releases:
- "verifiers.config.ratify.deislabs.io"
- "certificatestores.config.ratify.deislabs.io"
- "policies.config.ratify.deislabs.io"
- "keymanagementproviders.config.ratify.deislabs.io"
- "namespacedkeymanagementproviders.config.ratify.deislabs.io"
- "namespacedpolicies.config.ratify.deislabs.io"
- "namespacedstores.config.ratify.deislabs.io"
- "namespacedverifiers.config.ratify.deislabs.io"
- events: ["postuninstall"]
showlogs: true
command: "kubectl"
Expand All @@ -70,7 +75,7 @@ releases:
- "-n"
- "gatekeeper-system"
set:
- name: notationCert
- name: notationCerts[0]
value: {{ exec "curl" (list "-sSL" "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/notation.crt") | quote }}
- name: featureFlags.RATIFY_CERT_ROTATION
value: true
35 changes: 32 additions & 3 deletions high-availability.helmfile.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
repositories:
- name: gatekeeper
url: https://open-policy-agent.github.io/gatekeeper/charts
- name: dapr
url: https://dapr.github.io/helm-charts/
- name: bitnami
Expand All @@ -11,10 +13,26 @@ releases:
namespace: dapr-system
createNamespace: true
chart: dapr/dapr
version: 1.11.1
version: 1.13.2
wait: true
- name: gatekeeper
namespace: gatekeeper-system
createNamespace: true
chart: gatekeeper/gatekeeper
version: 3.16.0
wait: true
set:
- name: enableExternalData
value: true
- name: validatingWebhookTimeoutSeconds
value: 5
- name: mutatingWebhookTimeoutSeconds
value: 2
- name: externaldataProviderResponseCacheTTL
value: 10s
- name: redis
namespace: gatekeeper-system
createNamespace: true
chart: bitnami/redis
version: 17.11.6
wait: true
Expand All @@ -32,11 +50,12 @@ releases:
- name: ratify
namespace: gatekeeper-system
chart: ratify/ratify
version: 1.12.1 # Make sure this matches Chart.yaml
version: 1.13.0 # Make sure this matches Chart.yaml
wait: true
needs:
- dapr-system/dapr
- gatekeeper-system/redis
- gatekeeper-system/gatekeeper
hooks:
- events: ["presync"]
showlogs: true
Expand All @@ -53,6 +72,12 @@ releases:
- "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis.yaml"
- "-n"
- "gatekeeper-system"
- events: ["presync"]
showlogs: true
command: "bash"
args:
- "-c"
- "kubectl apply -f https://deislabs.github.io/ratify/library/default/template.yaml && kubectl apply -f https://deislabs.github.io/ratify/library/default/samples/constraint.yaml"
- events: ["postuninstall"]
showlogs: true
command: "kubectl"
Expand Down Expand Up @@ -99,6 +124,10 @@ releases:
- "verifiers.config.ratify.deislabs.io"
- "certificatestores.config.ratify.deislabs.io"
- "policies.config.ratify.deislabs.io"
- "namespacedkeymanagementproviders.config.ratify.deislabs.io"
- "namespacedpolicies.config.ratify.deislabs.io"
- "namespacedstores.config.ratify.deislabs.io"
- "namespacedverifiers.config.ratify.deislabs.io"
- events: ["postuninstall"]
showlogs: true
command: "kubectl"
Expand All @@ -115,7 +144,7 @@ releases:
value: true
- name: logger.level
value: debug
- name: notationCert
- name: notationCerts[0]
value: {{ exec "curl" (list "-sSL" "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/notation.crt") | quote }}
- name: replicaCount
value: 2
Expand Down

0 comments on commit 3bafc56

Please sign in to comment.