diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml index 9bdc427..b67bbd1 100644 --- a/.github/workflows/commitlint.yaml +++ b/.github/workflows/commitlint.yaml @@ -12,4 +12,4 @@ on: jobs: validate: name: Validate - uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 + uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@11e591f2ec7d158923d973c85097ce28a5f55db4 # v0.4.5 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index f92ec8b..ef97665 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -20,7 +20,7 @@ jobs: fetch-depth: 0 - name: Environment setup - uses: defenseunicorns/uds-common/.github/actions/setup@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 + uses: defenseunicorns/uds-common/.github/actions/setup@11e591f2ec7d158923d973c85097ce28a5f55db4 # v0.4.5 with: registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} diff --git a/.github/workflows/tag-and-release.yaml b/.github/workflows/tag-and-release.yaml index 28117c5..0857c4a 100644 --- a/.github/workflows/tag-and-release.yaml +++ b/.github/workflows/tag-and-release.yaml @@ -9,7 +9,7 @@ jobs: tag-new-version: name: Tag New Version permissions: write-all - runs-on: ubuntu-latest + runs-on: uds-ubuntu-big-boy-8-core outputs: release_created: ${{ steps.release-flag.outputs.release_created }} steps: @@ -36,7 +36,7 @@ jobs: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Environment setup - uses: defenseunicorns/uds-common/.github/actions/setup@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 + uses: defenseunicorns/uds-common/.github/actions/setup@11e591f2ec7d158923d973c85097ce28a5f55db4 # v0.4.5 with: registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} @@ -47,6 +47,6 @@ jobs: - name: Save logs if: always() - uses: defenseunicorns/uds-common/.github/actions/save-logs@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 + uses: defenseunicorns/uds-common/.github/actions/save-logs@11e591f2ec7d158923d973c85097ce28a5f55db4 # v0.4.5 with: suffix: '${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}' diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 0026239..b217cbd 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -34,7 +34,7 @@ permissions: jobs: run-test: name: ${{ matrix.type }} ${{ matrix.flavor }} - runs-on: ubuntu-latest + runs-on: uds-ubuntu-big-boy-8-core timeout-minutes: 25 strategy: matrix: @@ -48,20 +48,44 @@ jobs: uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Environment setup - uses: defenseunicorns/uds-common/.github/actions/setup@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 + uses: defenseunicorns/uds-common/.github/actions/setup@11e591f2ec7d158923d973c85097ce28a5f55db4 # v0.4.5 with: registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} ghToken: ${{ secrets.GITHUB_TOKEN }} - name: Test - uses: defenseunicorns/uds-common/.github/actions/test@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 + uses: defenseunicorns/uds-common/.github/actions/test@11e591f2ec7d158923d973c85097ce28a5f55db4 # v0.4.5 with: flavor: ${{ matrix.flavor }} type: ${{ matrix.type }} - name: Save logs if: always() - uses: defenseunicorns/uds-common/.github/actions/save-logs@b2e8b25930c953ef893e7c787fe350f0d8679ee2 # v0.4.2 + uses: defenseunicorns/uds-common/.github/actions/save-logs@11e591f2ec7d158923d973c85097ce28a5f55db4 # v0.4.5 with: suffix: ${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }} + + - name: Print cluster info + if: always() + shell: bash -e -o pipefail {0} + run: | + kubectl get nodes -o wide + + - name: Print pod info + if: always() + shell: bash -e -o pipefail {0} + run: | + kubectl get pods -A -o wide + + - name: Print service info + if: always() + shell: bash -e -o pipefail {0} + run: | + kubectl get svc -A -o wide + + - name: Print events + if: always() + shell: bash -e -o pipefail {0} + run: | + kubectl get events -A -o wide diff --git a/README.md b/README.md index 6327b85..27dfecc 100644 --- a/README.md +++ b/README.md @@ -1,69 +1,51 @@ -# uds-package-artifactory +# 🚚 UDS Artifactory Zarf Package -Bigbang [Artifactory](https://repo1.dso.mil/big-bang/apps/third-party/jfrog-platform) deployed via flux by zarf +[![Latest Release](https://img.shields.io/github/v/release/defenseunicorns/uds-package-artifactory)](https://github.com/defenseunicorns/uds-package-artifactory/releases) +[![Build Status](https://img.shields.io/github/actions/workflow/status/defenseunicorns/uds-package-artifactory/tag-and-release.yaml)](https://github.com/defenseunicorns/uds-package-artifactory/actions/workflows/tag-and-release.yaml) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/uds-package-artifactory/badge)](https://api.securityscorecards.dev/projects/github.com/defenseunicorns/uds-package-artifactory) -## Deployment Prerequisites +This package is designed to be deployed on [UDS Core](https://github.com/defenseunicorns/uds-core), and is based on the upstream [Artifactory](https://github.com/jfrog/charts/tree/master/stable/artifactory) chart. -### Resources +## Pre-requisites -- Minimum compute requirements for single node deployment are at LEAST 64 GB RAM and 32 virtual CPU threads (aws `m6i.8xlarge` instance type should do) -- k3d installed on machine +The Artifactory Package expects to be deployed on top of [UDS Core](https://github.com/defenseunicorns/uds-core) with the dependencies listed below being configured prior to deployment. -#### General +> [!IMPORTANT] +> **NOTE**: Many features are locked behind a license. Some notable features include: +> - In place upgrades +> - Single sign-on capabilities -- Create `artifactory` namespace -- Label `artifactory` namespace with `istio-injection: enabled` +Artifactory is configured by default to assume the internal dependencies that are used for testing (see postgres in the [bundle](bundle/uds-bundle.yaml)). #### Database -- A Postgres database is running on port `5432` and accessible to the cluster -- This database can be logged into via the user configured with the zarf var `ARTIFACTORY_DB_USERNAME`. Default is `artifactory` -- This database instance has a psql database configured with the zarf var `ARTIFACTORY_DB_NAME`. Default is `artifactorydb` +- A Postgres database is running on port `5432` and accessible to the cluster via the `ARTIFACTORY_DB_ENDPOINT` Zarf var. +- This database can be logged into via the username configured with the Zarf var `ARTIFACTORY_DB_USERNAME`. Default is `artifactory.artifactory` +- This database instance has a psql database created matching what is defined in the Zarf var `ARTIFACTORY_DB_NAME`. Default is `artifactorydb` - The user has read/write access to the above mentioned database - Create `artifactory-postgres` service in `artifactory` namespace that points to the psql database - Create `artifactory-postgres` secret in `artifactory` namespace with the key `password` that contains the password to the user for the psql database -## Deploy +## Flavors -### Use zarf to login to the needed registries i.e. registry1.dso.mil +| Flavor | Description | Example Creation | +| ------ | ----------- | ---------------- | +| registry1 | Uses images from registry1.dso.mil within the package. | `zarf package create . -f registry1` | -```bash -# Download Zarf -make build/zarf +> [!IMPORTANT] +> **NOTE:** To create the registry1 flavor you will need to be logged into Iron Bank - you can find instructions on how to do this in the [Big Bang Zarf Tutorial](https://docs.zarf.dev/tutorials/6-big-bang/#setup). -# Login to the registry -set +o history +## Releases -# registry1.dso.mil (To access registry1 images needed during build time) -export REGISTRY1_USERNAME="YOUR-USERNAME-HERE" -export REGISTRY1_TOKEN="YOUR-TOKEN-HERE" -echo $REGISTRY1_TOKEN | build/zarf tools registry login registry1.dso.mil --username $REGISTRY1_USERNAME --password-stdin +The released packages can be found in [ghcr](https://github.com/defenseunicorns/uds-package-artifactory/pkgs/container/packages%2Fuds%2Fartifactory). -set -o history -``` +## UDS Tasks (for local dev and CI) -### Build and Deploy Everything via Makefile and local package +*For local dev, this requires you install [uds-cli](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install) -```bash -# This will run make build/all, make cluster/reset, and make deploy/all. Follow the breadcrumbs in the Makefile to see what and how its doing it. -make all -``` +> [!TIP] +> To get a list of tasks to run you can use `uds run --list`! -## Declare This Package In Your UDS Bundle +## Contributing -Below is an example of how to use this projects zarf package in your UDS Bundle - -```yaml -kind: UDSBundle -metadata: - name: example-bundle - description: An Example UDS Bundle - version: 0.0.1 - architecture: amd64 - -packages: - # Artifactory - - name: artifactory - repository: ghcr.io/defenseunicorns/uds/artifactory - ref: x.x.x -``` +Please see the [CONTRIBUTING.md](./CONTRIBUTING.md) \ No newline at end of file diff --git a/common/zarf.yaml b/common/zarf.yaml new file mode 100644 index 0000000..e97ac0d --- /dev/null +++ b/common/zarf.yaml @@ -0,0 +1,23 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json +kind: ZarfPackageConfig +metadata: + name: artifactory-common + description: "UDS Artifactory Common Package" + +components: + - name: artifactory + required: true + charts: + - name: uds-artifactory-config + namespace: artifactory + version: 0.1.0 + localPath: ../chart + # renovate: datasource=helm + - name: artifactory + namespace: artifactory + url: https://charts.jfrog.io + version: 107.84.12 + repoName: artifactory + releaseName: artifactory + valuesFiles: + - ../values/common.yaml diff --git a/tasks.yaml b/tasks.yaml index 52550ab..c05b7cb 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -2,11 +2,11 @@ includes: - cleanup: ./tasks/cleanup.yaml - dependencies: ./tasks/dependencies.yaml - test: ./tasks/test.yaml - - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/create.yaml - - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/lint.yaml - - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/pull.yaml - - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/deploy.yaml - - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/setup.yaml + - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/create.yaml + - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/lint.yaml + - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/pull.yaml + - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/deploy.yaml + - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/setup.yaml tasks: - name: default diff --git a/tasks/publish.yaml b/tasks/publish.yaml index 704c87a..e5796ab 100644 --- a/tasks/publish.yaml +++ b/tasks/publish.yaml @@ -1,7 +1,7 @@ includes: - dependencies: ./dependencies.yaml - - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/create.yaml - - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/publish.yaml + - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/create.yaml + - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.5/tasks/publish.yaml tasks: - name: package diff --git a/values/registry1-values.yaml b/values/common.yaml similarity index 55% rename from values/registry1-values.yaml rename to values/common.yaml index 1a71f58..75851c8 100644 --- a/values/registry1-values.yaml +++ b/values/common.yaml @@ -1,22 +1,7 @@ -global: - imagePullSecrets: - - name: private-registry -initContainerImage: registry1.dso.mil/ironbank/redhat/ubi/ubi9-minimal:9.4 artifactory: - name: artifactory - image: - registry: registry1.dso.mil - repository: ironbank/jfrog/artifactory/artifactory - tag: 7.77.5 license: secret: ###ZARF_VAR_LICENSE_SECRET_NAME### dataKey: ###ZARF_VAR_LICENSE_SECRET_KEY### -router: - name: router - image: - registry: registry1.dso.mil - repository: ironbank/jfrog/jfrog-xray/router - tag: 7.87.0 database: type: postgresql driver: org.postgresql.Driver @@ -30,7 +15,6 @@ database: url: name: artifactory-postgres key: url -installerInfo: '{"productId":"ironbank_helm_artifactory-pro/10.14.4","features":[{"featureId":"Partner/ACC-013116"}]}' nginx: enabled: false postgresql: diff --git a/values/registry1.yaml b/values/registry1.yaml new file mode 100644 index 0000000..2edfb3d --- /dev/null +++ b/values/registry1.yaml @@ -0,0 +1,21 @@ +global: + imagePullSecrets: + - name: private-registry +initContainers: + image: + registry: registry1.dso.mil + repository: ironbank/redhat/ubi/ubi9-minimal + tag: 9.4 +artifactory: + name: artifactory + image: + registry: registry1.dso.mil + repository: ironbank/jfrog/artifactory/artifactory + tag: 7.77.5 +router: + name: router + image: + registry: registry1.dso.mil + repository: ironbank/jfrog/jfrog-xray/router + tag: 7.87.0 +installerInfo: '{"productId":"ironbank_helm_artifactory-pro/10.14.4","features":[{"featureId":"Partner/ACC-013116"}]}' diff --git a/zarf.yaml b/zarf.yaml index b78ecae..91a59d7 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -19,22 +19,16 @@ components: - name: artifactory required: true description: "Deploy artifactory" + import: + path: common only: flavor: registry1 + cluster: + architecture: amd64 charts: - - name: uds-artifactory-config - namespace: artifactory - version: 0.1.0 - localPath: chart - # renovate: datasource=helm - name: artifactory - url: https://charts.jfrog.io - version: 107.77.12 - namespace: artifactory - repoName: artifactory - releaseName: artifactory valuesFiles: - - values/registry1-values.yaml + - values/registry1.yaml images: - registry1.dso.mil/ironbank/jfrog/artifactory/artifactory:7.77.5 - registry1.dso.mil/ironbank/jfrog/jfrog-xray/router:7.87.0