Skip to content

Commit

Permalink
Merge pull request #245 from cloud-gov/update-images
Browse files Browse the repository at this point in the history 
update to use hardened images
  • Loading branch information
@dandersonsw
dandersonsw authored Jul 1, 2024
2 parents b5af794 + 7cc1630 commit 160caa7
Show file tree
Hide file tree
Showing 10 changed files with 96 additions and 88 deletions.
9 changes: 0 additions & 9 deletions ci/aws-iam-check-keys.yml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,6 @@
---
platform: linux

image_resource:
type: registry-image
source:
aws_access_key_id: ((ecr_aws_key))
aws_secret_access_key: ((ecr_aws_secret))
repository: general-task
aws_region: us-gov-west-1
tag: latest

inputs:
- name: prometheus-config
- name: terraform-prod-com-yml
Expand Down
8 changes: 0 additions & 8 deletions ci/aws-mfa.yml
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,6 @@
---
platform: linux

image_resource:
type: registry-image
source:
aws_access_key_id: ((ecr_aws_key))
aws_secret_access_key: ((ecr_aws_secret))
repository: general-task
aws_region: us-gov-west-1
tag: latest
inputs:
- {name: prometheus-config}

Expand Down
8 changes: 0 additions & 8 deletions ci/aws-rds-storage.yml
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,5 @@
---
platform: linux
image_resource:
type: registry-image
source:
aws_access_key_id: ((ecr_aws_key))
aws_secret_access_key: ((ecr_aws_secret))
repository: general-task
aws_region: us-gov-west-1
tag: latest

inputs:
- name: prometheus-config
Expand Down
9 changes: 0 additions & 9 deletions ci/awslogs.yml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,6 @@
---
platform: linux

image_resource:
type: registry-image
source:
aws_access_key_id: ((ecr_aws_key))
aws_secret_access_key: ((ecr_aws_secret))
repository: general-task
aws_region: us-gov-west-1
tag: latest

inputs:
- {name: prometheus-config}

Expand Down
9 changes: 0 additions & 9 deletions ci/cdn-broker-certs.yml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,6 @@
---
platform: linux

image_resource:
type: registry-image
source:
aws_access_key_id: ((ecr_aws_key))
aws_secret_access_key: ((ecr_aws_secret))
repository: general-task
aws_region: us-gov-west-1
tag: latest

inputs:
- {name: prometheus-config}

Expand Down
9 changes: 0 additions & 9 deletions ci/concourse-has-auth.yml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,6 @@
---
platform: linux

image_resource:
type: registry-image
source:
aws_access_key_id: ((ecr_aws_key))
aws_secret_access_key: ((ecr_aws_secret))
repository: general-task
aws_region: us-gov-west-1
tag: latest

inputs:
- {name: prometheus-config}

Expand Down
9 changes: 0 additions & 9 deletions ci/domain-broker-certs.yml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,6 @@
---
platform: linux

image_resource:
type: registry-image
source:
aws_access_key_id: ((ecr_aws_key))
aws_secret_access_key: ((ecr_aws_secret))
repository: general-task
aws_region: us-gov-west-1
tag: latest

inputs:
- {name: prometheus-config}

Expand Down
9 changes: 0 additions & 9 deletions ci/notify.yml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,6 @@
---
platform: linux

image_resource:
type: registry-image
source:
aws_access_key_id: ((ecr_aws_key))
aws_secret_access_key: ((ecr_aws_secret))
repository: general-task
aws_region: us-gov-west-1
tag: latest

inputs:
- name: prometheus-config

Expand Down
105 changes: 96 additions & 9 deletions ci/pipeline.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,9 @@ jobs:
trigger: true
- get: prometheus-config
passed: [set-self]
- get: general-task
- task: awslogs
image: general-task
file: prometheus-config/ci/awslogs.yml
tags: [iaas]
params:
Expand Down Expand Up @@ -70,7 +72,9 @@ jobs:
trigger: true
- get: prometheus-config
passed: [set-self]
- get: general-task
- task: aws-rds-storage-check
image: general-task
file: prometheus-config/ci/aws-rds-storage.yml
params:
AWS_DEFAULT_REGION: ((aws-region))
Expand Down Expand Up @@ -113,7 +117,9 @@ jobs:
- get: other-iam-users-yml
resource: other-iam-users-yml
trigger: false
- get: general-task
- task: aws-iam-check-keys
image: general-task
file: prometheus-config/ci/aws-iam-check-keys.yml
tags: [iaas]
params:
Expand Down Expand Up @@ -151,7 +157,9 @@ jobs:
trigger: true
- get: prometheus-config
passed: [set-self]
- get: general-task
- task: aws-mfa
image: general-task
file: prometheus-config/ci/aws-mfa.yml
tags: [iaas]
params:
Expand Down Expand Up @@ -181,8 +189,10 @@ jobs:
trigger: true
- get: prometheus-config
passed: [set-self]
- get: general-task
- in_parallel:
- task: cdn-broker-certs-production
image: general-task
file: prometheus-config/ci/cdn-broker-certs.yml
params:
AWS_DEFAULT_REGION: ((aws-external-region))
Expand Down Expand Up @@ -213,8 +223,10 @@ jobs:
trigger: true
- get: prometheus-config
passed: [set-self]
- get: general-task
- in_parallel:
- task: domain-broker-certs-development
image: general-task
file: prometheus-config/ci/domain-broker-certs.yml
tags: [iaas]
params:
Expand All @@ -223,6 +235,7 @@ jobs:
GATEWAY_HOST: prometheus-production.service.cf.internal
AWS_DEFAULT_REGION: ((aws-region))
- task: domain-broker-certs-staging
image: general-task
file: prometheus-config/ci/domain-broker-certs.yml
tags: [iaas]
params:
Expand All @@ -231,6 +244,7 @@ jobs:
GATEWAY_HOST: prometheus-production.service.cf.internal
AWS_DEFAULT_REGION: ((aws-region))
- task: domain-broker-certs-production
image: general-task
file: prometheus-config/ci/domain-broker-certs.yml
tags: [iaas]
params:
Expand Down Expand Up @@ -261,7 +275,9 @@ jobs:
trigger: true
- get: prometheus-config
passed: [set-self]
- get: general-task
- task: concourse-has-auth
image: general-task
file: prometheus-config/ci/concourse-has-auth.yml
params:
CONCOURSE_URIS: "https://ci.fr-stage.cloud.gov https://ci.fr.cloud.gov"
Expand Down Expand Up @@ -289,14 +305,17 @@ jobs:
trigger: true
- get: prometheus-config
passed: [set-self]
- get: general-task
- task: prometheus-down
image: general-task
file: prometheus-config/ci/prometheus-down.yml
params:
PROMETHEUSHOST: prometheus-production.service.cf.internal
ALERTMANAGERHOST: alertmanager-production.service.cf.internal
on_failure:
do:
- task: notify
image: general-task
file: prometheus-config/ci/notify.yml
params:
ALERT_MESSAGE: Prometheus seems to be down or hung!
Expand Down Expand Up @@ -330,14 +349,17 @@ jobs:
trigger: true
- get: prometheus-config
passed: [set-self]
- get: general-task
- task: prometheus-down
image: general-task
file: prometheus-config/ci/prometheus-down.yml
params:
PROMETHEUSHOST: prometheus-staging.service.cf.internal
ALERTMANAGERHOST: alertmanager-staging.service.cf.internal
on_failure:
do:
- task: notify
image: general-task
file: prometheus-config/ci/notify.yml
params:
ALERT_MESSAGE: Staging Prometheus seems to be down or hung!
Expand Down Expand Up @@ -641,28 +663,93 @@ resources:
bucket: cloud-gov-varz
versioned_file: other_iam_users.yml

- name: general-task
type: registry-image
source:
aws_access_key_id: ((ecr_aws_key))
aws_secret_access_key: ((ecr_aws_secret))
repository: general-task
aws_region: us-gov-west-1
tag: latest

resource_types:
- name: registry-image
type: registry-image
source:
aws_access_key_id: ((ecr_aws_key))
aws_secret_access_key: ((ecr_aws_secret))
repository: registry-image-resource
aws_region: us-gov-west-1
tag: latest

- name: slack-notification
type: docker-image
type: registry-image
source:
repository: cfcommunity/slack-notification-resource
aws_access_key_id: ((ecr_aws_key))
aws_secret_access_key: ((ecr_aws_secret))
repository: slack-notification-resource
aws_region: us-gov-west-1
tag: latest

- name: bosh-deployment
type: docker-image
type: registry-image
source:
repository: cloudfoundry/bosh-deployment-resource
aws_access_key_id: ((ecr_aws_key))
aws_secret_access_key: ((ecr_aws_secret))
repository: bosh-deployment-resource
aws_region: us-gov-west-1
tag: latest

- name: s3-iam
type: docker-image
type: registry-image
source:
repository: 18fgsa/s3-resource
aws_access_key_id: ((ecr_aws_key))
aws_secret_access_key: ((ecr_aws_secret))
repository: s3-resource
aws_region: us-gov-west-1
tag: latest

- name: email
type: docker-image
type: registry-image
source:
repository: pcfseceng/email-resource
aws_access_key_id: ((ecr_aws_key))
aws_secret_access_key: ((ecr_aws_secret))
repository: email-resource
aws_region: us-gov-west-1
tag: latest

- name: github-release-alt
type: registry-image
source:
repository: concourse/github-release-resource
aws_access_key_id: ((ecr_aws_key))
aws_secret_access_key: ((ecr_aws_secret))
repository: github-release-resource
aws_region: us-gov-west-1
tag: latest

- name: time
type: registry-image
source:
aws_access_key_id: ((ecr_aws_key))
aws_secret_access_key: ((ecr_aws_secret))
repository: time-resource
aws_region: us-gov-west-1
tag: latest

- name: git
type: registry-image
source:
aws_access_key_id: ((ecr_aws_key))
aws_secret_access_key: ((ecr_aws_secret))
repository: git-resource
aws_region: us-gov-west-1
tag: latest

- name: bosh-io-stemcell
type: registry-image
source:
aws_access_key_id: ((ecr_aws_key))
aws_secret_access_key: ((ecr_aws_secret))
repository: bosh-io-stemcell-resource
aws_region: us-gov-west-1
tag: latest
9 changes: 0 additions & 9 deletions ci/prometheus-down.yml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,6 @@
---
platform: linux

image_resource:
type: registry-image
source:
aws_access_key_id: ((ecr_aws_key))
aws_secret_access_key: ((ecr_aws_secret))
repository: general-task
aws_region: us-gov-west-1
tag: latest

inputs:
- name: prometheus-config

Expand Down

0 comments on commit 160caa7

Please sign in to comment.