Merge pull request #98 from GDATASoftwareAG/93_Fix_update_function_for_gdscan_pod

doxthree · web-flow · commit 46bff3b3e860 · 2025-02-05T10:53:40.000+01:00
Fix update function for gdscan pod #93
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -22,7 +22,7 @@ jobs:
         with:
           fetch-depth: 0
           path: vaas-helm
-      
+
       - name: Checkout Vaas Java SDK
         uses: actions/checkout@v4
         with:
@@ -72,7 +72,7 @@ jobs:
       - name: Set up kubectl
         uses: azure/setup-kubectl@v4
         with:
-          version: 'latest'
+          version: "latest"
 
       - name: Install Helm
         uses: azure/setup-helm@v4
@@ -125,11 +125,10 @@ jobs:
           export SCAN_PATH=$(pwd)/build.gradle
           export CLIENT_ID=vaas
           export CLIENT_SECRET=$(minikube kubectl -- get secret -n vaas vaas-client-secret -o jsonpath="{.data.secret}" | base64 -d)
-          export VAAS_URL=ws://vaas/ws
+          export VAAS_URL=http://vaas
           export TOKEN_URL=http://vaas/auth/protocol/openid-connect/token
           gradle fileScan
-          gradle fileScan
-          minikube kubectl -- logs -n vaas $(minikube kubectl -- get pods -n vaas -l app.kubernetes.io/name=gateway -o jsonpath="{.items[0].metadata.name}") | grep "Got verdict from store: Clean"
+          minikube kubectl -- logs -n vaas $(minikube kubectl -- get pods -n vaas -l app.kubernetes.io/name=gateway -o jsonpath="{.items[0].metadata.name}") | grep '"Verdict":"Clean","Url":null,"Source":"Cache"'
           cd -
 
       - name: Push chart
diff --git a/charts/vaas/Chart.yaml b/charts/vaas/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: vaas
-version: 2.5.2
+version: 2.6.0
 description: Deployment of a Verdict-as-a-Service on-premise instance
 maintainers:
   - name: G DATA CyberDefense AG
diff --git a/charts/vaas/values.yaml b/charts/vaas/values.yaml
@@ -160,6 +160,8 @@ gateway:
       drop: ["ALL"]
     seccompProfile:
       type: RuntimeDefault
+    runAsUser: 1001
+    runAsGroup: 1001
   image:
     repository: ghcr.io/gdatasoftwareag/vaas/gateway
     pullPolicy: Always
@@ -211,6 +213,8 @@ gdscan:
         drop: ["ALL"]
       seccompProfile:
         type: RuntimeDefault
+      runAsUser: 1001
+      runAsGroup: 1001
   terminationGracePeriodSeconds: 30
 
   nameOverride: ""
@@ -283,6 +287,8 @@ gdscan:
         drop: ["ALL"]
       seccompProfile:
         type: RuntimeDefault
+      runAsUser: 1000
+      runAsGroup: 1000
     podAnnotations: {}
     enabled: true
     # every hour
@@ -316,7 +322,8 @@ redis:
       enabled: false
     podSecurityContext:
       enabled: true
-      fsGroup: 1654
+      fsGroupChangePolicy: "OnRootMismatch"
+      fsGroup: 1001
     containerSecurityContext:
       enabled: true
       readOnlyRootFilesystem: true
@@ -326,5 +333,7 @@ redis:
         drop: ["ALL"]
       seccompProfile:
         type: RuntimeDefault
+      runAsUser: 1001
+      runAsGroup: 1001
   networkPolicy:
     enabled: true
