codefresh-io
diff --git a/‎workflows/codefresh-csdp/CHANGELOG.md
Lines changed: 7 additions & 0 deletions b/‎workflows/codefresh-csdp/CHANGELOG.md
Lines changed: 7 additions & 0 deletions
diff --git a/‎workflows/codefresh-csdp/versions/1.1.13/README.md
Lines changed: 17 additions & 0 deletions b/‎workflows/codefresh-csdp/versions/1.1.13/README.md
Lines changed: 17 additions & 0 deletions
diff --git a/‎workflows/codefresh-csdp/versions/1.1.13/docs/image-enricher-git-info.md
Lines changed: 76 additions & 0 deletions b/‎workflows/codefresh-csdp/versions/1.1.13/docs/image-enricher-git-info.md
Lines changed: 76 additions & 0 deletions
diff --git a/‎workflows/codefresh-csdp/versions/1.1.13/docs/image-enricher-jira-info.md
Lines changed: 63 additions & 0 deletions b/‎workflows/codefresh-csdp/versions/1.1.13/docs/image-enricher-jira-info.md
Lines changed: 63 additions & 0 deletions
diff --git a/‎workflows/codefresh-csdp/versions/1.1.13/docs/report-image-info.md
Lines changed: 88 additions & 0 deletions b/‎workflows/codefresh-csdp/versions/1.1.13/docs/report-image-info.md
Lines changed: 88 additions & 0 deletions
diff --git a/‎workflows/codefresh-csdp/versions/1.1.13/images/image-enricher-git-info/.nvmrc
Lines changed: 1 addition & 0 deletions b/‎workflows/codefresh-csdp/versions/1.1.13/images/image-enricher-git-info/.nvmrc
Lines changed: 1 addition & 0 deletions
diff --git a/‎workflows/codefresh-csdp/versions/1.1.13/images/image-enricher-git-info/.yarnrc
Lines changed: 1 addition & 0 deletions b/‎workflows/codefresh-csdp/versions/1.1.13/images/image-enricher-git-info/.yarnrc
Lines changed: 1 addition & 0 deletions
diff --git a/‎workflows/codefresh-csdp/versions/1.1.13/images/image-enricher-git-info/Dockerfile
Lines changed: 21 additions & 0 deletions b/‎workflows/codefresh-csdp/versions/1.1.13/images/image-enricher-git-info/Dockerfile
Lines changed: 21 additions & 0 deletions
diff --git a/‎workflows/codefresh-csdp/versions/1.1.13/images/image-enricher-git-info/README.md
Lines changed: 1 addition & 0 deletions b/‎workflows/codefresh-csdp/versions/1.1.13/images/image-enricher-git-info/README.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎workflows/codefresh-csdp/versions/1.1.13/images/image-enricher-git-info/package.json
Lines changed: 21 additions & 0 deletions b/‎workflows/codefresh-csdp/versions/1.1.13/images/image-enricher-git-info/package.json
Lines changed: 21 additions & 0 deletions
@@ -1,4 +1,11 @@
 # Changelog 
+## v1.1.13 (30.04.2025)
+### report-image-info
+* Security fixes.
+
+## v1.1.12 (21.01.2025)
+### report-image-info
+* Security fixes.
 
 ## v1.1.11 (17.10.2024)
 ### report-image-info
 
@@ -0,0 +1,17 @@
+# CSDP-metadata
+
+## Summary
+
+A set of templates to operate against Codefresh Software Delivery Platform such as reporting image information to the Argo platform, and enriching images with metadata and annotation for GitHub (PRs, commits, etc) and Jira (title, assignee, etc).
+
+## Templates
+
+1. [image-enricher-git-info](https://github.com/codefresh-io/argo-hub/blob/main/workflows/codefresh-csdp/versions/1.1.13/docs/image-enricher-git-info.md)
+2. [image-enricher-jira-info](https://github.com/codefresh-io/argo-hub/blob/main/workflows/codefresh-csdp/versions/1.1.13/docs/image-enricher-jira-info.md)
+3. [report-image-info](https://github.com/codefresh-io/argo-hub/blob/main/workflows/codefresh-csdp/versions/1.1.13/docs/report-image-info.md)
+
+## Security
+
+Minimal required permissions
+
+[Full rbac permissions list](https://github.com/codefresh-io/argo-hub/blob/main/workflows/codefresh-csp/versions/1.1.13/rbac.yaml)
@@ -0,0 +1,76 @@
+# image-enricher-git-info
+
+## Summary
+Enrich images with metadata and annotation such as PR, commits, committers.
+
+## Inputs/Outputs
+
+### Inputs
+* IMAGE_NAME (required) - The image name that was imported into Codefresh to enrich
+* GIT_PROVIDER (required) - One of the supported git providers: github, gitlab, bitbucket, bitbucket-server, gerrit
+* BRANCH (required with github, gitlab, bitbucket, bitbucket-server) - The git branch to use to enrich
+* REPO (required) - The repo to use to enrich
+* REVISION - The commit sha to use to enrich
+* GERRIT_CHANGE_ID (required with gerrit) - The change-id or a commit message that contain the change-id
+* CF_API_KEY (required) - The Kubernetes secret containing the Codefresh API key created by **runtime**
+* CF_API_KEY_SECRET_KEY (optional) - The key in the Kubernetes secret that has the Codefresh API key created by **runtime**. Default is 'token'
+* CF_HOST_URL (optional) - The URL to reach Codefresh (support on-premises Codefresh). Default is 'https://g.codefresh.io'
+* GITHUB_API_HOST_URL (optional) - The URL to reach the GitHub API (support on-premises GitHub api). Default is 'https://api.github.com'
+* GITHUB_API_PATH_PREFIX (optional) - The API prefix path for GitHub (support on-premises GitHub path prefix).
+* GITHUB_TOKEN_SECRET_NAME (optional) - The Kubernetes secret containing the GitHub token
+* GITHUB_TOKEN_SECRET_KEY (optional) - The key in the Kubernetes secret containing the GitHub token. Default is 'token'
+* GITHUB_CONTEXT (optional) - The name of the github context from classic codefresh platform
+* GITLAB_HOST_URL (optional) - The URL to reach the GitLab API (support on-premises GitLab api). Default is 'https://gitlab.com'
+* GITLAB_TOKEN_SECRET_NAME (optional) - The Kubernetes secret containing the GitLab token
+* GITLAB_TOKEN_SECRET_KEY (optional) - The key in the Kubernetes secret containing the GitLab token. Default is 'token'
+* BITBUCKET_HOST_URL (optional) - The URL to reach the BitBucket API (support on-premises BitBucket api). Default is 'https://api.bitbucket.org/2.0'
+* BITBUCKET_SECRET_NAME (optional) - The Kubernetes secret containing the BitBucket credentials
+* BITBUCKET_USERNAME_SECRET_KEY (optional) - The key in the Kubernetes secret containing the BitBucket username. Default is 'username'
+* BITBUCKET_PASSWORD_SECRET_KEY (optional) - The key in the Kubernetes secret containing the BitBucket password. Default is 'password'
+* GERRIT_HOST_URL (optional) - The URL to reach the Gerrit API
+* GERRIT_SECRET_NAME (optional) - The Kubernetes secret containing the Gerrit credentials
+* GERRIT_USERNAME_SECRET_KEY (optional) - The key in the Kubernetes secret containing the Gerrit username. Default is 'username'
+* GERRIT_PASSWORD_SECRET_KEY (optional) - The key in the Kubernetes secret containing the Gerrit password. Default is 'password'
+
+### Outputs
+* `exit-error` – message of the error that caused template failure
+
+## Examples
+
+### task Example
+```
+apiVersion: argoproj.io/v1alpha1
+kind: Workflow
+metadata:
+  generateName: image-enricher-git-info-
+spec:
+  entrypoint: main
+  templates:
+  - name: main
+    dag:
+      tasks:
+      - name: image-enricher-git-info
+        templateRef:
+          name: argo-hub.codefresh-csdp.1.1.13
+          template: image-enricher-git-info
+        arguments:
+          parameters:
+          - name: CF_API_KEY
+            value: 'codefresh-token'
+          - name: CF_API_KEY_SECRET_KEY
+            value: 'token'
+          - name: IMAGE_NAME
+            value: 'gcr.io/codefresh/cfstep-helm:lastest'
+          - name: GIT_PROVIDER
+            value: 'github'
+          - name: REPO
+            value: 'codefresh/cfstep-helm'
+          - name: BRANCH
+            value: 'main'
+          - name: REVISION
+            value: 'ec8cdced58869a9cbd315a1297a702bbd744a9ed'
+          - name: GITHUB_TOKEN_SECRET_NAME
+            value: 'github-creds'
+          - name: GITHUB_TOKEN_SECRET_KEY
+            value: 'token'
+```
@@ -0,0 +1,63 @@
+# image-enricher-jira-info
+
+## Summary
+Enrich images with metadata and annotation such as ticket number, title, assignee, status.
+
+## Inputs/Outputs
+
+### Inputs
+* IMAGE_NAME (required) - The image URI that was imported into Codefresh to enrich
+* JIRA_HOST_URL (required) - jira host url
+* JIRA_API_TOKEN_SECRET (required) - Name of Kubernetes secret that contains a jira email and token that you generate in jira
+* JIRA_API_TOKEN_SECRET_KEY (required) - The key in the Kubernetes secret with the Jira API token. Default is 'token'
+* JIRA_EMAIL_SECRET_KEY (required) - The key in the Kubernetes secret with the Jira Email associated with the API token. Default is 'email'
+* JIRA_MESSAGE (required) - message from which you want retrieve issue name, can be a branch, commit message, whatever
+* JIRA_PROJECT_PREFIX (required) - jira project prefix like: /[A-Z]{2,}-\d+/g, SAAS, CF, etc. 
+* CF_API_KEY (required) - The Kubernetes secret containing the Codefresh API key created by **runtime**
+* CF_API_KEY_SECRET_KEY (optional) - The key in the Kubernetes secret that has the Codefresh API key created by **runtime**. Default is 'token'
+* CF_HOST_URL (optional) - The URL to reach Codefresh (support on-premises Codefresh). Default is 'https://g.codefresh.io'
+* JIRA_CONTEXT (optional) - The Jira context to use
+* FAIL_ON_NOT_FOUND (optional) - fail in case of ticket not found. Default is 'false'
+
+### Outputs
+* `exit-error` – message of the error that caused template failure
+
+## Examples
+
+### task Example
+```
+apiVersion: argoproj.io/v1alpha1
+kind: Workflow
+metadata:
+  generateName: image-enricher-jira-info-
+spec:
+  entrypoint: main
+  templates:
+  - name: main
+    dag:
+      tasks:
+      - name: image-enricher-jira-info
+        templateRef:
+          name: argo-hub.codefresh-csdp.1.1.13
+          template: image-enricher-jira-info
+        arguments:
+          parameters:
+          - name: CF_API_KEY
+            value: 'codefresh-token'
+          - name: CF_API_KEY_SECRET_KEY
+            value: 'token'
+          - name: IMAGE_NAME
+            value: 'gcr.io/codefresh/cfstep-helm:lastest'
+          - name: JIRA_PROJECT_PREFIX
+            value: 'CR'
+          - name: JIRA_MESSAGE
+            value: 'working on CR-11027'
+          - name: JIRA_HOST_URL
+            value: 'https://jira.atlassian.net'
+          - name: JIRA_API_TOKEN_SECRET
+            value: 'jira-creds'
+          - name: JIRA_API_TOKEN_SECRET_KEY
+            value: 'token'
+          - name: JIRA_EMAIL_SECRET_KEY
+            value: 'email'
+```
@@ -0,0 +1,88 @@
+# report-image-info
+
+## Summary
+Report image info to argo platform.
+
+## Inputs/Outputs
+
+### Inputs
+* IMAGE_NAME (required) - your image to which you want to report
+* CF_API_KEY (required) - Codefresh API key created by **runtime**
+* CF_HOST_URL (optional) - support on-premises Codefresh URL
+* WORKFLOW_NAME (optional) - name of the workflow
+* WORKFLOW_URL (optional) - external url of the workflow
+* LOGS_URL (optional) - external url of the workflow logs
+* REGISTRY_INSECURE (optional) - security flag for standard registry protocol, when set to true it enables http protocol.
+* RETRIEVE_CREDENTIALS_BY_DOMAIN (optional) - decide about the authentication method based on the image domain
+* DOCKERFILE_CONTENT (optional) - base64 encoded content of the Dockerfile used for building image
+* DOCKERFILE_PATH (optional) - path to the Dockerfile used for building image (used if DOCKERFILE_CONTENT is empty)
+#### Specify one from following required registry parameters:
+* GCR_KEY_FILE_PATH (required) - JSON key for authenticating to a Google GCR
+* GCR_KEY_SECRET (required) - The Kubernetes secret containing the GCR key information. Default is 'gcr-key-file'
+* GCR_KEY_SECRET_KEY (optional) - The key in the Kubernetes secret containing the GCR key information. Default is '.keyjson'
+* GOOGLE_REGISTRY_HOST (optional)  - The host to Google GCR or Google ACR. Default is 'gcr.io'
+* GOOGLE_JSON_KEY (required) - The Kubernetes secret with the JSON key for authenticating to a Google GCR or Google ACR
+* GOOGLE_KEY_SECRET_KEY (optional) The key in the Kubernetes secret with Google JSON key. Default is 'keyjson'
+* AWS_ACCESS_KEY (required) - The Kubernetes secret with the Amazon access key
+* AWS_ACCESS_KEY_SECRET_KEY (optional) - The key in the Kubernetes secret with the Amazon access key. Default is 'aws-access-key'
+* AWS_SECRET_KEY (required) - The Kubernetes secret with the Amazon secret key
+* AWS_SECRET_KEY_SECRET_KEY (optional) - The key in the Kubernetes secret with the Amazon secret key. Default is 'aws-secret-key'
+* AWS_REGION (required) - The Kubernetes secret with the Amazon region
+* AWS_REGION_SECRET_KEY (optional) - The key in the Kubernetes secret with the Amazon region. Default is 'aws-region'
+* DOCKER_CONFIG_FILE_PATH (required) - docker config json for authenticating to a registry (GCR, ECR, ACR not supported)
+* DOCKER_CONFIG_SECRET (required) - The Kubernetes secret containing the docker config json information. Default is 'docker-registry'
+* DOCKER_CONFIG_SECRET_KEY  (optional) - The key in the Kubernetes secret containing the docker config json information. Default is '.dockerconfigjson'
+* DOCKERHUB_USERNAME (required) - The Kubernetes secret with the docker username
+* DOCKERHUB_USERNAME_SECRET_KEY (optional) The key in the Kubernetes secret with the docker username. Default is 'username'
+* DOCKERHUB_PASSWORD (required) - The Kubernetes secret with the docker password
+* DOCKERHUB_PASSWORD_SECRET_KEY (optional) The key in the Kubernetes secret with the docker password. Default is 'password'
+* REGISTRY_USERNAME (required) - The Kubernetes secret with the standard registry username
+* USERNAME_SECRET_KEY (optional) The key in the Kubernetes secret with the standard registry username. Default is 'username'
+* REGISTRY_PASSWORD (required) - The Kubernetes secret with the standard registry password
+* PASSWORD_SECRET_KEY (optional) The key in the Kubernetes secret with the standard registry password. Default is 'password'
+* REGISTRY_DOMAIN (required) - The Kubernetes secret with the standard registry domain
+* REGISTRY_DOMAIN_SECRET_KEY (optional) - The key in the Kubernetes secret with the standard registry domain. Default is 'domain'
+* AWS_ROLE_SECRET (required) - The Kubernetes secret with the Amazon role
+* AWS_ROLE_SECRET_KEY (optional) -The key in the Kubernetes secret with the standard Amazon role. Default is 'role'
+
+### Outputs
+* `image-name` – name of the reported image
+* `image-sha` – SHA of the reported image
+* `image-link` – link to the image in codefresh
+* `exit-error` – message of the error that caused template failure
+
+## Examples
+
+### task Example
+```
+apiVersion: argoproj.io/v1alpha1
+kind: Workflow
+metadata:
+  generateName: report-image-info-
+spec:
+  entrypoint: main
+  templates:
+  - name: main
+    dag:
+      tasks:
+      - name: report-image-info
+        templateRef:
+          name: argo-hub.codefresh-csdp.1.1.13
+          template: report-image-info
+        arguments:
+          parameters:
+          - name: CF_API_KEY
+            value: 'codefresh-token'
+          - name: CF_API_KEY_SECRET_KEY
+            value: 'token'
+          - name: IMAGE_NAME
+            value: 'deniscodefresh/ppid-inspector:latest'
+          - name: DOCKERHUB_USERNAME
+            value: 'dockerhub-creds'
+          - name: USERNAME_SECRET_KEY
+            value: 'username'
+          - name: DOCKERHUB_PASSWORD
+            value: 'dockerhub-creds'
+          - name: PASSWORD_SECRET_KEY
+            value: 'password'
+```
@@ -0,0 +1 @@
+22.14.0
@@ -0,0 +1 @@
+network-timeout 3000000
@@ -0,0 +1,21 @@
+FROM node:22.14.0-bookworm-slim
+
+RUN adduser --gecos "" --disabled-password --home /home/cfu --shell /bin/bash cfu
+
+WORKDIR /app/
+
+COPY package.json .
+COPY yarn.lock .
+
+RUN apt-get update && \
+  apt-get install -y python3 make g++
+RUN yarn --prod --network-timeout 3000000 && \
+    yarn cache clean
+
+COPY --chown=cfu --chmod=775 . .
+
+RUN mkdir /cf-outputs && chmod 775 /cf-outputs && chown cfu /cf-outputs
+
+USER cfu
+
+CMD [ "node", "/app/src/index.js" ]
@@ -0,0 +1 @@
+# image-enricher-git-info
@@ -0,0 +1,21 @@
+{
+  "name": "image-enricher-git-info",
+  "version": "0.0.3",
+  "private": true,
+  "scripts": {
+    "start": "node src/index.js"
+  },
+  "engines": {
+    "node": "22.14.0"
+  },
+  "resolutions": {
+    "re2": "1.21.4",
+    "tough-cookie": "4.1.3",
+    "semver": "7.5.2"
+  },
+  "dependencies": {
+    "@codefresh-io/cf-report-image-toolbox": "1.0.22",
+    "joi": "^17.6.0",
+    "lodash": "^4.17.21"
+  }
+}