diff --git a/.harness/harness.yaml b/.harness/harness.yaml index eeb74fe..140a588 100644 --- a/.harness/harness.yaml +++ b/.harness/harness.yaml @@ -1,6 +1,6 @@ pipeline: - name: drone-kaniko-harness identifier: dronekanikoharness + name: drone-kaniko-harness projectIdentifier: Drone_Plugins orgIdentifier: default tags: {} @@ -583,8 +583,618 @@ pipeline: nodeName: _<+matrix.repo> when: pipelineStatus: Success + - stage: + name: rf-linux-amd64 + identifier: rf_linuxamd64 + description: RapidFort hardened kaniko images - amd64 + type: CI + spec: + cloneCodebase: true + caching: + enabled: false + paths: [] + platform: + os: Linux + arch: Amd64 + runtime: + type: Cloud + spec: {} + execution: + steps: + - step: + type: GitClone + name: Clone RF Dockerfiles + identifier: clone_rf + spec: + connectorRef: RapidFortPlugins + build: + type: branch + spec: + branch: main + cloneDirectory: rf-plugins + - step: + type: Run + name: Build Binary + identifier: build_binary + spec: + connectorRef: Plugins_Docker_Hub_Connector + image: golang:1.25.7 + shell: Sh + command: |- + go test ./... + sh scripts/build.sh + - parallel: + - step: + type: Plugin + name: RF Build and Push on Tag + identifier: rf_docker_build_push_tag + spec: + connectorRef: Plugins_Docker_Hub_Connector + image: plugins/docker + settings: + username: <+secrets.getValue("harnesssecureusername")> + password: <+secrets.getValue("dockerHarnessSecurePwd")> + repo: harnesssecure/kaniko<+matrix.image> + dockerfile: rf-plugins/drone-kaniko/docker/<+matrix.repo>/Dockerfile.linux.amd64.rf + auto_tag: "true" + auto_tag_suffix: linux-amd64 + base_image_username: <+secrets.getValue("harness0HARUsername")> + base_image_password: <+secrets.getValue("harness0HARPAT")> + base_image_registry: harness0.harness.io/oci/docker_artifacts + when: + stageStatus: Success + condition: <+codebase.build.type> == "tag" + strategy: + matrix: + image: + - "" + - "-gcr" + - "-gar" + - "-ecr" + - "-acr" + repo: + - docker + - gcr + - gar + - ecr + - acr + exclude: + - image: "" + repo: gcr + - image: "" + repo: gar + - image: "" + repo: ecr + - image: "" + repo: acr + - image: "-gcr" + repo: docker + - image: "-gcr" + repo: gar + - image: "-gcr" + repo: ecr + - image: "-gcr" + repo: acr + - image: "-gar" + repo: docker + - image: "-gar" + repo: gcr + - image: "-gar" + repo: ecr + - image: "-gar" + repo: acr + - image: "-ecr" + repo: docker + - image: "-ecr" + repo: gcr + - image: "-ecr" + repo: gar + - image: "-ecr" + repo: acr + - image: "-acr" + repo: docker + - image: "-acr" + repo: gcr + - image: "-acr" + repo: gar + - image: "-acr" + repo: ecr + nodeName: rf_<+matrix.repo> + - step: + type: Plugin + name: RF Build and Push on Tag Kaniko191 + identifier: rf_docker_build_push_tag_191 + spec: + connectorRef: Plugins_Docker_Hub_Connector + image: plugins/docker + settings: + username: <+secrets.getValue("harnesssecureusername")> + password: <+secrets.getValue("dockerHarnessSecurePwd")> + repo: harnesssecure/kaniko<+matrix.image> + dockerfile: rf-plugins/drone-kaniko/docker/<+matrix.repo>/Dockerfile.linux.amd64.kaniko1.9.1 + auto_tag: "true" + auto_tag_suffix: linux-amd64-kaniko1.9.1 + when: + stageStatus: Success + condition: <+codebase.build.type> == "tag" + strategy: + matrix: + image: + - "" + - "-gcr" + - "-gar" + - "-ecr" + repo: + - docker + - gcr + - gar + - ecr + exclude: + - image: "" + repo: gcr + - image: "" + repo: gar + - image: "" + repo: ecr + - image: "-gcr" + repo: docker + - image: "-gcr" + repo: gar + - image: "-gcr" + repo: ecr + - image: "-gar" + repo: docker + - image: "-gar" + repo: gcr + - image: "-gar" + repo: ecr + - image: "-ecr" + repo: docker + - image: "-ecr" + repo: gcr + - image: "-ecr" + repo: gar + nodeName: rf_191_<+matrix.repo> + - parallel: + - step: + type: BuildAndPushDockerRegistry + name: RF Build and Push on Branch + identifier: rf_build_push_branch + spec: + connectorRef: harnesssecure + repo: harnesssecure/kaniko<+matrix.image> + tags: + - linux-amd64 + caching: false + dockerfile: rf-plugins/drone-kaniko/docker/<+matrix.repo>/Dockerfile.linux.amd64.rf + envVariables: + PLUGIN_BASE_IMAGE_USERNAME: <+secrets.getValue("harness0HARUsername")> + PLUGIN_BASE_IMAGE_PASSWORD: <+secrets.getValue("harness0HARPAT")> + PLUGIN_BASE_IMAGE_REGISTRY: harness0.harness.io/oci/docker_artifacts + when: + stageStatus: Success + condition: <+codebase.build.type> == "branch" + strategy: + matrix: + image: + - "" + - "-gcr" + - "-gar" + - "-ecr" + - "-acr" + repo: + - docker + - gcr + - gar + - ecr + - acr + exclude: + - image: "" + repo: gcr + - image: "" + repo: gar + - image: "" + repo: ecr + - image: "" + repo: acr + - image: "-gcr" + repo: docker + - image: "-gcr" + repo: gar + - image: "-gcr" + repo: ecr + - image: "-gcr" + repo: acr + - image: "-gar" + repo: docker + - image: "-gar" + repo: gcr + - image: "-gar" + repo: ecr + - image: "-gar" + repo: acr + - image: "-ecr" + repo: docker + - image: "-ecr" + repo: gcr + - image: "-ecr" + repo: gar + - image: "-ecr" + repo: acr + - image: "-acr" + repo: docker + - image: "-acr" + repo: gcr + - image: "-acr" + repo: gar + - image: "-acr" + repo: ecr + nodeName: rf_<+matrix.repo> + - step: + type: BuildAndPushDockerRegistry + name: RF Build and Push on Branch Kaniko191 + identifier: rf_build_push_branch_191 + spec: + connectorRef: harnesssecure + repo: harnesssecure/kaniko<+matrix.image> + tags: + - linux-amd64-kaniko1.9.1 + caching: false + dockerfile: rf-plugins/drone-kaniko/docker/<+matrix.repo>/Dockerfile.linux.amd64.kaniko1.9.1 + when: + stageStatus: Success + condition: <+codebase.build.type> == "branch" + strategy: + matrix: + image: + - "" + - "-gcr" + - "-gar" + - "-ecr" + repo: + - docker + - gcr + - gar + - ecr + exclude: + - image: "" + repo: gcr + - image: "" + repo: gar + - image: "" + repo: ecr + - image: "-gcr" + repo: docker + - image: "-gcr" + repo: gar + - image: "-gcr" + repo: ecr + - image: "-gar" + repo: docker + - image: "-gar" + repo: gcr + - image: "-gar" + repo: ecr + - image: "-ecr" + repo: docker + - image: "-ecr" + repo: gcr + - image: "-ecr" + repo: gar + nodeName: rf_191_<+matrix.repo> + variables: + - name: CI_ENABLE_BARE_METAL + type: String + description: "" + required: false + value: "false" + - stage: + name: rf-linux-arm64 + identifier: rf_linuxarm64 + description: RapidFort hardened kaniko images - arm64 + type: CI + spec: + cloneCodebase: true + caching: + enabled: false + paths: [] + platform: + os: Linux + arch: Arm64 + runtime: + type: Cloud + spec: {} + execution: + steps: + - step: + type: GitClone + name: Clone RF Dockerfiles + identifier: clone_rf + spec: + connectorRef: RapidFortPlugins + build: + type: branch + spec: + branch: main + cloneDirectory: rf-plugins + - step: + type: Run + name: Build Binary + identifier: build_binary + spec: + connectorRef: Plugins_Docker_Hub_Connector + image: golang:1.25.7 + shell: Sh + command: |- + go test ./... + sh scripts/build.sh + - parallel: + - step: + type: Plugin + name: RF Build and Push on Tag + identifier: rf_docker_build_push_tag + spec: + connectorRef: Plugins_Docker_Hub_Connector + image: plugins/docker + settings: + username: <+secrets.getValue("harnesssecureusername")> + password: <+secrets.getValue("dockerHarnessSecurePwd")> + repo: harnesssecure/kaniko<+matrix.image> + dockerfile: rf-plugins/drone-kaniko/docker/<+matrix.repo>/Dockerfile.linux.arm64.rf + auto_tag: "true" + auto_tag_suffix: linux-arm64 + base_image_username: <+secrets.getValue("harness0HARUsername")> + base_image_password: <+secrets.getValue("harness0HARPAT")> + base_image_registry: harness0.harness.io/oci/docker_artifacts + when: + stageStatus: Success + condition: <+codebase.build.type> == "tag" + strategy: + matrix: + image: + - "" + - "-gcr" + - "-gar" + - "-ecr" + - "-acr" + repo: + - docker + - gcr + - gar + - ecr + - acr + exclude: + - image: "" + repo: gcr + - image: "" + repo: gar + - image: "" + repo: ecr + - image: "" + repo: acr + - image: "-gcr" + repo: docker + - image: "-gcr" + repo: gar + - image: "-gcr" + repo: ecr + - image: "-gcr" + repo: acr + - image: "-gar" + repo: docker + - image: "-gar" + repo: gcr + - image: "-gar" + repo: ecr + - image: "-gar" + repo: acr + - image: "-ecr" + repo: docker + - image: "-ecr" + repo: gcr + - image: "-ecr" + repo: gar + - image: "-ecr" + repo: acr + - image: "-acr" + repo: docker + - image: "-acr" + repo: gcr + - image: "-acr" + repo: gar + - image: "-acr" + repo: ecr + nodeName: rf_<+matrix.repo> + - step: + type: Plugin + name: RF Build and Push on Tag Kaniko191 + identifier: rf_docker_build_push_tag_191 + spec: + connectorRef: Plugins_Docker_Hub_Connector + image: plugins/docker + settings: + username: <+secrets.getValue("harnesssecureusername")> + password: <+secrets.getValue("dockerHarnessSecurePwd")> + repo: harnesssecure/kaniko<+matrix.image> + dockerfile: rf-plugins/drone-kaniko/docker/<+matrix.repo>/Dockerfile.linux.arm64.kaniko1.9.1 + auto_tag: "true" + auto_tag_suffix: linux-arm64-kaniko1.9.1 + when: + stageStatus: Success + condition: <+codebase.build.type> == "tag" + strategy: + matrix: + image: + - "" + - "-gcr" + - "-gar" + - "-ecr" + repo: + - docker + - gcr + - gar + - ecr + exclude: + - image: "" + repo: gcr + - image: "" + repo: gar + - image: "" + repo: ecr + - image: "-gcr" + repo: docker + - image: "-gcr" + repo: gar + - image: "-gcr" + repo: ecr + - image: "-gar" + repo: docker + - image: "-gar" + repo: gcr + - image: "-gar" + repo: ecr + - image: "-ecr" + repo: docker + - image: "-ecr" + repo: gcr + - image: "-ecr" + repo: gar + nodeName: rf_191_<+matrix.repo> + - parallel: + - step: + type: BuildAndPushDockerRegistry + name: RF Build and Push on Branch + identifier: rf_build_push_branch + spec: + connectorRef: harnesssecure + repo: harnesssecure/kaniko<+matrix.image> + tags: + - linux-arm64 + caching: false + dockerfile: rf-plugins/drone-kaniko/docker/<+matrix.repo>/Dockerfile.linux.arm64.rf + envVariables: + PLUGIN_BASE_IMAGE_USERNAME: <+secrets.getValue("harness0HARUsername")> + PLUGIN_BASE_IMAGE_PASSWORD: <+secrets.getValue("harness0HARPAT")> + PLUGIN_BASE_IMAGE_REGISTRY: harness0.harness.io/oci/docker_artifacts + when: + stageStatus: Success + condition: <+codebase.build.type> == "branch" + strategy: + matrix: + image: + - "" + - "-gcr" + - "-gar" + - "-ecr" + - "-acr" + repo: + - docker + - gcr + - gar + - ecr + - acr + exclude: + - image: "" + repo: gcr + - image: "" + repo: gar + - image: "" + repo: ecr + - image: "" + repo: acr + - image: "-gcr" + repo: docker + - image: "-gcr" + repo: gar + - image: "-gcr" + repo: ecr + - image: "-gcr" + repo: acr + - image: "-gar" + repo: docker + - image: "-gar" + repo: gcr + - image: "-gar" + repo: ecr + - image: "-gar" + repo: acr + - image: "-ecr" + repo: docker + - image: "-ecr" + repo: gcr + - image: "-ecr" + repo: gar + - image: "-ecr" + repo: acr + - image: "-acr" + repo: docker + - image: "-acr" + repo: gcr + - image: "-acr" + repo: gar + - image: "-acr" + repo: ecr + nodeName: rf_<+matrix.repo> + - step: + type: BuildAndPushDockerRegistry + name: RF Build and Push on Branch Kaniko191 + identifier: rf_build_push_branch_191 + spec: + connectorRef: harnesssecure + repo: harnesssecure/kaniko<+matrix.image> + tags: + - linux-arm64-kaniko1.9.1 + caching: false + dockerfile: rf-plugins/drone-kaniko/docker/<+matrix.repo>/Dockerfile.linux.arm64.kaniko1.9.1 + when: + stageStatus: Success + condition: <+codebase.build.type> == "branch" + strategy: + matrix: + image: + - "" + - "-gcr" + - "-gar" + - "-ecr" + repo: + - docker + - gcr + - gar + - ecr + exclude: + - image: "" + repo: gcr + - image: "" + repo: gar + - image: "" + repo: ecr + - image: "-gcr" + repo: docker + - image: "-gcr" + repo: gar + - image: "-gcr" + repo: ecr + - image: "-gar" + repo: docker + - image: "-gar" + repo: gcr + - image: "-gar" + repo: ecr + - image: "-ecr" + repo: docker + - image: "-ecr" + repo: gcr + - image: "-ecr" + repo: gar + nodeName: rf_191_<+matrix.repo> + variables: + - name: CI_ENABLE_BARE_METAL + type: String + description: "" + required: false + value: "false" - stage: - name: Manifest + name: Manifest and Release identifier: Manifest description: "" type: CI @@ -601,6 +1211,18 @@ pipeline: spec: {} execution: steps: + - step: + type: GitClone + name: Clone RF Manifest Templates + identifier: clone_rf_manifest + spec: + connectorRef: RapidFortPlugins + build: + type: branch + spec: + branch: main + cloneDirectory: rf-plugins + contextType: Pipeline - parallel: - step: type: Plugin @@ -651,6 +1273,55 @@ pipeline: - gar - ecr nodeName: manifest_<+matrix.repo> + - step: + type: Plugin + name: RF Manifest + identifier: rf_manifest + spec: + connectorRef: Plugins_Docker_Hub_Connector + image: plugins/manifest + settings: + username: <+secrets.getValue("harnesssecureusername")> + password: <+secrets.getValue("dockerHarnessSecurePwd")> + auto_tag: "true" + ignore_missing: "true" + spec: rf-plugins/drone-kaniko/docker/<+matrix.repo>/manifest.tmpl + when: + stageStatus: Success + condition: <+codebase.build.type> == "tag" + strategy: + matrix: + repo: + - docker + - gcr + - gar + - ecr + - acr + nodeName: rf_manifest_<+matrix.repo> + - step: + type: Plugin + name: RF Manifest Kaniko191 + identifier: rf_manifest_191 + spec: + connectorRef: Plugins_Docker_Hub_Connector + image: plugins/manifest + settings: + username: <+secrets.getValue("harnesssecureusername")> + password: <+secrets.getValue("dockerHarnessSecurePwd")> + auto_tag: "false" + ignore_missing: "true" + spec: rf-plugins/drone-kaniko/docker/<+matrix.repo>/manifest-kaniko1.9.1.tmpl + when: + stageStatus: Success + condition: <+codebase.build.type> == "tag" + strategy: + matrix: + repo: + - docker + - gcr + - gar + - ecr + nodeName: rf_manifest_191_<+matrix.repo> when: pipelineStatus: Success allowStageExecutions: true