Merge pull request #428 from anchore/enterprise-3.3.1-bump

HN23 · web-flow · commit 874894cc55f8 · 2024-12-18T15:26:00.000-05:00
bumping enterprise chart version to 3.3.1 (Anchore Enterprise 5.13.1)
diff --git a/.github/workflows/openshift-test.yaml b/.github/workflows/openshift-test.yaml
@@ -29,7 +29,7 @@ jobs:
 
     - uses: actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e # v2.3.4
       with:
-        python-version: 3.7
+        python-version: '3.10'
 
     - name: Set up Helm
       uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
@@ -123,6 +123,15 @@ jobs:
         echo '  image: "docker.io/anchore/anchore-on-prem-ui-dev:rc"' >> stable/enterprise/ci/openshift-test.yaml
         echo "Appended to stable/enterprise/ci/openshift-test.yaml"
 
+    - name: Update to nightly image if needed
+      if: ${{ github.event.pull_request.base.ref == 'nightly' || github.ref_name == 'nightly' }}
+      run: |
+        echo "Branch: ${{ github.event.pull_request.head.ref }}"
+        echo 'image: "docker.io/anchore/enterprise-dev:nightly"' >> stable/enterprise/ci/openshift-test.yaml
+        echo 'ui:' >> stable/enterprise/ci/openshift-test.yaml
+        echo '  image: "docker.io/anchore/anchore-on-prem-ui-dev:nightly"' >> stable/enterprise/ci/openshift-test.yaml
+        echo "Appended to stable/enterprise/ci/openshift-test.yaml"
+
     - name: Run chart-testing
       if: steps.list-changed.outputs.CHANGED == 'true'
       run: |
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -27,7 +27,7 @@ jobs:
 
     - uses: actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e # v2.3.4
       with:
-        python-version: 3.7
+        python-version: '3.10'
 
     - name: Set up Helm
       uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
@@ -106,6 +106,15 @@ jobs:
         echo '  image: "docker.io/anchore/anchore-on-prem-ui-dev:rc"' >> stable/enterprise/ci/rc-values.yaml
         echo "Appended to stable/enterprise/ci/rc-values.yaml"
 
+    - name: Update to nightly image if needed
+      if: ${{ github.event.pull_request.base.ref == 'nightly' || github.ref_name == 'nightly' }}
+      run: |
+        echo "Branch: ${{ github.event.pull_request.head.ref }}"
+        echo 'image: "docker.io/anchore/enterprise-dev:nightly"' >> stable/enterprise/ci/nightly-values.yaml
+        echo 'ui:' >> stable/enterprise/ci/nightly-values.yaml
+        echo '  image: "docker.io/anchore/anchore-on-prem-ui-dev:nightly"' >> stable/enterprise/ci/nightly-values.yaml
+        echo "Appended to stable/enterprise/ci/nightly-values.yaml"
+
     - name: Run chart-testing
       if: steps.list-changed.outputs.CHANGED == 'true'
       run: ct install --config ct-config.yaml --helm-extra-args "--timeout 600s"
diff --git a/stable/enterprise/Chart.yaml b/stable/enterprise/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: enterprise
-version: "3.3.0"
-appVersion: "5.13.0"
+version: "3.3.1"
+appVersion: "5.13.1"
 kubeVersion: 1.23.x - 1.31.x || 1.23.x-x - 1.31.x-x
 description: |
   Anchore Enterprise is a complete container security workflow solution for professional teams. Easily integrating with CI/CD systems,
diff --git a/stable/enterprise/README.md b/stable/enterprise/README.md
@@ -89,7 +89,7 @@ This guide covers deploying Anchore Enterprise on a Kubernetes cluster with the
 
 ### Installing on Openshift
 
-You will need to either disable or properly set the parameters for `containerSecurityContext`, `runAsUser`, and `fsGroup` for the `ui-redis` and any PostgreSQL database that you deploy using the Enterprise chart (e.g., via `postgresql.chartEnabled`).
+You will need to either disable or properly set the parameters for `containerSecurityContext`, `runAsUser`, and `fsGroup` for the `ui-redis` and any PostgreSQL database that you deploy using the Enterprise chart (e.g., via `postgresql.chartEnabled`). Also, by default, Anchore Enterprise creates a user that normally runs the application with a uid/gid/group of 1000. If your deployment uses any other user as openshift usually does, you will need to update the HOME environment variable to a directory where the analyzer service can write to.
 
 For example:
 
@@ -103,7 +103,9 @@ For example:
       --set postgresql.primary.containerSecurityContext.enabled=false \
       --set postgresql.primary.podSecurityContext.enabled=false \
       --set ui-redis.master.podSecurityContext.enabled=false \
-      --set ui-redis.master.containerSecurityContext.enabled=false
+      --set ui-redis.master.containerSecurityContext.enabled=false \
+      --set analyzer.extraEnv[0].name=HOME \
+      --set analyzer.extraEnv[0].value=/tmp
     ```
 
     > **Note:** disabling the containerSecurityContext and podSecurityContext may not be suitable for production. See [Redhat's documentation](https://docs.openshift.com/container-platform/4.13/authentication/managing-security-context-constraints.html#managing-pod-security-policies) on what may be suitable for production. For more information on the openshift.io/sa.scc.uid-range annotation, see the [openshift docs](https://docs.openshift.com/dedicated/authentication/managing-security-context-constraints.html#security-context-constraints-pre-allocated-values_configuring-internal-oauth)
@@ -129,6 +131,10 @@ ui-redis:
       enabled: false
     containerSecurityContext:
       enabled: false
+analyzer:
+  extraEnv:
+    - name: HOME
+      value: /tmp
 ```
 
 ## Upgrading the Chart
diff --git a/stable/enterprise/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap b/stable/enterprise/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap
@@ -26,7 +26,7 @@ migration job should match snapshot:
               name: test-release-enterprise-config-env-vars
           - secretRef:
               name: test-release-enterprise
-        image: docker.io/anchore/enterprise:v5.13.0
+        image: docker.io/anchore/enterprise:v5.13.1
         imagePullPolicy: IfNotPresent
         name: migrate-analysis-archive
         volumeMounts:
@@ -89,7 +89,7 @@ migration job should match snapshot:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.name
-        image: docker.io/anchore/enterprise:v5.13.0
+        image: docker.io/anchore/enterprise:v5.13.1
         imagePullPolicy: IfNotPresent
         name: wait-for-db
     restartPolicy: Never
@@ -148,7 +148,7 @@ migration job should match snapshot analysisArchiveMigration and objectStoreMigr
               name: test-release-enterprise-config-env-vars
           - secretRef:
               name: test-release-enterprise
-        image: docker.io/anchore/enterprise:v5.13.0
+        image: docker.io/anchore/enterprise:v5.13.1
         imagePullPolicy: IfNotPresent
         name: migrate-analysis-archive
         volumeMounts:
@@ -211,7 +211,7 @@ migration job should match snapshot analysisArchiveMigration and objectStoreMigr
             valueFrom:
               fieldRef:
                 fieldPath: metadata.name
-        image: docker.io/anchore/enterprise:v5.13.0
+        image: docker.io/anchore/enterprise:v5.13.1
         imagePullPolicy: IfNotPresent
         name: wait-for-db
     restartPolicy: Never
@@ -268,7 +268,7 @@ migration job should match snapshot analysisArchiveMigration to true:
               name: test-release-enterprise-config-env-vars
           - secretRef:
               name: test-release-enterprise
-        image: docker.io/anchore/enterprise:v5.13.0
+        image: docker.io/anchore/enterprise:v5.13.1
         imagePullPolicy: IfNotPresent
         name: migrate-analysis-archive
         volumeMounts:
@@ -331,7 +331,7 @@ migration job should match snapshot analysisArchiveMigration to true:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.name
-        image: docker.io/anchore/enterprise:v5.13.0
+        image: docker.io/anchore/enterprise:v5.13.1
         imagePullPolicy: IfNotPresent
         name: wait-for-db
     restartPolicy: Never
@@ -387,7 +387,7 @@ migration job should match snapshot objectStoreMigration to true:
               name: test-release-enterprise-config-env-vars
           - secretRef:
               name: test-release-enterprise
-        image: docker.io/anchore/enterprise:v5.13.0
+        image: docker.io/anchore/enterprise:v5.13.1
         imagePullPolicy: IfNotPresent
         name: migrate-analysis-archive
         volumeMounts:
@@ -450,7 +450,7 @@ migration job should match snapshot objectStoreMigration to true:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.name
-        image: docker.io/anchore/enterprise:v5.13.0
+        image: docker.io/anchore/enterprise:v5.13.1
         imagePullPolicy: IfNotPresent
         name: wait-for-db
     restartPolicy: Never
@@ -621,6 +621,6 @@ should render proper initContainers:
           valueFrom:
             fieldRef:
               fieldPath: metadata.name
-      image: docker.io/anchore/enterprise:v5.13.0
+      image: docker.io/anchore/enterprise:v5.13.1
       imagePullPolicy: IfNotPresent
       name: wait-for-db
diff --git a/stable/enterprise/values.yaml b/stable/enterprise/values.yaml
@@ -19,7 +19,7 @@ global:
 
 ## @param image Image used for all Anchore Enterprise deployments, excluding Anchore UI
 ##
-image: docker.io/anchore/enterprise:v5.13.0
+image: docker.io/anchore/enterprise:v5.13.1
 
 ## @param imagePullPolicy Image pull policy used by all deployments
 ## ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
@@ -1435,7 +1435,7 @@ simpleQueue:
 ui:
   ## @param ui.image Image used for the Anchore UI container
   ##
-  image: docker.io/anchore/enterprise-ui:v5.13.0
+  image: docker.io/anchore/enterprise-ui:v5.13.1
 
   ## @param ui.imagePullPolicy Image pull policy for Anchore UI image
   ##
