Merge pull request #136 from vidispine/release-1.31

reintegrate 1.31 into main

Author: gre9ory

azure-pipelines.yml

@@ -57,7 +57,25 @@ jobs:
       dockerRegistryConnection: '${{ parameters.DockerRegistryEndpoint }}'
       action: 'Push an image'
       imageName: 'hull/hull-integration:$(HULL_VSADDON_VERSION)'
-  
+
+  - task: Docker@0
+    displayName: 'Docker Build noroot'
+    inputs:
+      containerregistrytype: 'Container Registry'
+      dockerRegistryConnection: '${{ parameters.DockerRegistryEndpoint }}'
+      dockerFile: './images/hull-integration/Dockerfile-noroot'
+      defaultContext: false
+      context: './images/hull-integration'
+      imageName: 'hull/hull-integration:$(HULL_VSADDON_VERSION)-noroot'
+ 
+  - task: Docker@0
+    displayName: 'Docker Push'
+    inputs:
+      containerregistrytype: 'Container Registry'
+      dockerRegistryConnection: '${{ parameters.DockerRegistryEndpoint }}'
+      action: 'Push an image'
+      imageName: 'hull/hull-integration:$(HULL_VSADDON_VERSION)-noroot'
+
   - script: |
         CHART_RELEASER_VERSION=1.5.0
         set -euo pipefail

hull-vidispine-addon/files/test/HULL/specs/job.spec

@@ -73,6 +73,9 @@ Test creation of objects and features.
 * Test Object has key "spec§template§spec§containers§0§volumeMounts§3§mountPath" with value "/custom-installation-files"
 * Test Object has key "spec§template§spec§containers§0§volumeMounts§4§name" with value "etcssl"
 * Test Object has key "spec§template§spec§containers§0§volumeMounts§4§mountPath" with value "/etc/ssl/certs"
+* Test Object has key "spec§template§spec§containers§0§volumeMounts§5§name" with value "installation"
+* Test Object has key "spec§template§spec§containers§0§volumeMounts§5§mountPath" with value "/script/installation.yaml"
+* Test Object has key "spec§template§spec§containers§0§volumeMounts§5§subPath" with value "installation.yaml"
 
 * Test Object has key "spec§template§spec§volumes" with array value that has "6" items
 * Test Object has key "spec§template§spec§volumes§0§name" with value "certs-opensearch"
@@ -105,6 +108,9 @@ Test creation of objects and features.
 * Test Object has key "spec§template§spec§containers§0§volumeMounts§5§mountPath" with value "/custom-installation-files"
 * Test Object has key "spec§template§spec§containers§0§volumeMounts§6§name" with value "etcssl"
 * Test Object has key "spec§template§spec§containers§0§volumeMounts§6§mountPath" with value "/etc/ssl/certs"
+* Test Object has key "spec§template§spec§containers§0§volumeMounts§7§name" with value "installation"
+* Test Object has key "spec§template§spec§containers§0§volumeMounts§7§mountPath" with value "/script/installation.yaml"
+* Test Object has key "spec§template§spec§containers§0§volumeMounts§7§subPath" with value "installation.yaml"
 
 * Test Object has key "spec§template§spec§volumes" with array value that has "7" items
 * Test Object has key "spec§template§spec§volumes§0§name" with value "certs"
@@ -119,5 +125,4 @@ Test creation of objects and features.
 
 ___
 
-
 * Clean the test execution folder

hull-vidispine-addon/files/test/HULL/specs/secret.spec

@@ -38,6 +38,10 @@ Test creation of objects and features.
 * Set test object to "release-name-hull-test-transformation_resolved"
 * Test Object has key "data§concrete_file_4_resolved.txt" with Base64 encoded value of "This is a text file with a pointer to a transformation."
 
+## Default Secret
+* Render
+* Set test object to "release-name-hull-test-hull-install"
+* Test Object has key "data§installation.yaml" with non empty value
 ___
 
 * Clean the test execution folder

hull-vidispine-addon/hull-vidispine-addon.yaml

@@ -644,6 +644,60 @@ hull:
         - custom-installation-files-setup
         - _HULL_OBJECT_TYPE_DEFAULT_
         data:
+          installation.yaml:
+            inline: |-
+                {{- with  (index $.Values "hull").config.general.data.installation }}
+                  {{- $configScope := . -}}
+                  {{- $configScopeEndpoints := dict -}}
+                  {{- if hasKey . "endpoints" -}}
+                      {{- $configScopeEndpoints = .endpoints -}}
+                  {{- end -}}
+                  {{- range $path, $_ := $.Files.Glob "files/hull-vidispine-addon/installation/endpoints/*.yaml" -}}
+                      {{- $configScopeEndpoints = mergeOverwrite $configScopeEndpoints (dict (base $path | trimSuffix ".yaml") (fromYaml ($.Files.Get $path))) -}}
+                  {{- end -}}
+                  {{- range $endpoint, $endpointval := $configScopeEndpoints -}}
+                      {{- $endpointScope := $endpointval -}}
+                      {{- if $endpointval.endpoint -}}
+                          {{- $subresources := dict -}}
+                          {{- if hasKey $endpointval "subresources" -}}
+                              {{- $subresources = $endpointval.subresources -}}
+                          {{- end -}}
+                          {{- range $path, $_ :=  $.Files.Glob (printf "%s/%s/%s" "files/hull-vidispine-addon/installation/endpoints" $endpoint "*.yaml") -}}
+                              {{- $subresources = mergeOverwrite $subresources (dict (base $path | trimSuffix ".yaml") (fromYaml ($.Files.Get $path))) -}}
+                          {{- end -}}
+                          {{- range $subresource, $subresourceval := $subresources }}
+                              {{- $subresourceScope := $subresourceval -}}
+                              {{- $entities := dict  -}}
+                              {{- if hasKey $subresourceval "entities" -}}
+                                  {{- $entities = $subresourceval.entities -}}
+                              {{- else -}}
+                                {{- $u := set $subresourceval "entities" dict }}
+                              {{- end -}}
+                              {{- range $path, $_ :=  $.Files.Glob (printf "%s/%s/%s/%s" "files/hull-vidispine-addon/installation/endpoints" $endpoint $subresource "*.yaml") -}}
+                                  {{- $entities = mergeOverwrite $entities (dict (base $path | trimSuffix ".yaml") (fromYaml ($.Files.Get $path))) -}}
+                              {{- end -}}
+                              {{- range $entity, $entityval := $entities }}
+                                  {{- $mergedDict := dict -}}
+                                  {{- if hasKey $subresourceval "_DEFAULTS_" -}}
+                                      {{- $mergedDict = deepCopy $subresourceval._DEFAULTS_ -}}
+                                  {{- end -}}
+                                  {{- $t := mergeOverwrite $mergedDict $entityval -}}
+                                  {{- $z := set (index $.Values "hull").config.general.data.installation "endpoints" $configScopeEndpoints }}
+                                  {{- if typeIs "map[string]interface {}" $mergedDict -}}
+                                      {{- if hasKey $mergedDict "config" -}}
+                                          {{- $configDict := $mergedDict.config -}}
+                                      {{- end }}
+                                  {{- end }}
+                                  {{- $t1 := set $subresourceval.entities $entity $mergedDict -}}
+                              {{- end }}
+                          {{- end }}
+                      {{- else -}}
+                          {{- $configScopeEndpoints = unset $configScopeEndpoints $endpoint -}}
+                      {{- end }}
+                  {{- end }}
+                  {{- $_ := include "hull.util.transformation" (dict "PARENT_CONTEXT" $ "SOURCE" $configScope "CALLER" nil "CALLER_KEY" nil "SOURCE_PATH" list) -}}
+                  {{- toYaml $configScope -}}
+                {{ end }}
           Installer.ps1:
             enabled: _HT*hull.config.general.data.installation.config.debug.debugInstallerScript
             inline: |-

hull-vidispine-addon/templates/_library.tpl

@@ -500,12 +500,15 @@ rabbitmq-connectionString:
 {{ $endpointApplication := include "hull.vidispine.addon.library.get.endpoint.application" (dict "PARENT_CONTEXT" $parent "ENDPOINT" $databaseKey) }}
 serviceAccountName: {{ $serviceAccountName }}
 restartPolicy: {{ default "Never" (index . "RESTART_POLICY") }}
+securityContext:
+  runAsNonRoot: true
+  runAsUser: 1001
 initContainers:
 {{ if $createScriptConfigMap }}
   copy-custom-scripts:
     image:
       repository: {{ dig "images" "dbTools" "repository" "vpms/dbtools" $parent.Values.hull.config.specific }}
-      tag: {{ (dig "images" "dbTools" "tag" (dig "tags" "dbTools" "1.9-1" $parent.Values.hull.config.specific) $parent.Values.hull.config.specific) | toString | quote }}
+      tag: {{ (dig "images" "dbTools" "tag" (dig "tags" "dbTools" "2.0-noroot" $parent.Values.hull.config.specific) $parent.Values.hull.config.specific) | toString | quote }}
     args:
     - "/bin/sh"
     - "-c"
@@ -520,7 +523,7 @@ initContainers:
   set-custom-script-permissions:
     image:
       repository: {{ dig "images" "dbTools" "repository" "vpms/dbtools" $parent.Values.hull.config.specific }}
-      tag: {{ (dig "images" "dbTools" "tag" (dig "tags" "dbTools" "1.9-1" $parent.Values.hull.config.specific) $parent.Values.hull.config.specific) | toString | quote }}
+      tag: {{ (dig "images" "dbTools" "tag" (dig "tags" "dbTools" "2.0-noroot" $parent.Values.hull.config.specific) $parent.Values.hull.config.specific) | toString | quote }}
     args:
     - "/bin/sh"
     - "-c"
@@ -533,7 +536,7 @@ initContainers:
   check-database-ready:
     image:
       repository: {{ dig "images" "dbTools" "repository" "vpms/dbtools" $parent.Values.hull.config.specific }}
-      tag: {{ (dig "images" "dbTools" "tag" (dig "tags" "dbTools" "1.9-1" $parent.Values.hull.config.specific) $parent.Values.hull.config.specific) | toString | quote }}
+      tag: {{ (dig "images" "dbTools" "tag" (dig "tags" "dbTools" "2.0-noroot" $parent.Values.hull.config.specific) $parent.Values.hull.config.specific) | toString | quote }}
     env:
       DBHOST:
         value: {{ $databaseHost }}
@@ -603,7 +606,7 @@ containers:
 {{ end }}
     image:
       repository: {{ dig "images" "dbTools" "repository" "vpms/dbtools" $parent.Values.hull.config.specific }}
-      tag: {{ (dig "images" "dbTools" "tag" (dig "tags" "dbTools" "1.9-1" $parent.Values.hull.config.specific) $parent.Values.hull.config.specific) | toString | quote }}
+      tag: {{ (dig "images" "dbTools" "tag" (dig "tags" "dbTools" "2.0-noroot" $parent.Values.hull.config.specific) $parent.Values.hull.config.specific) | toString | quote }}
     env:
       DBHOST:
         value: {{ $databaseHost }}

images/hull-integration/Dockerfile

@@ -10,6 +10,5 @@ RUN tar -zxf oras_${VERSION}_*.tar.gz -C oras-install/
 RUN mv oras-install/oras /usr/local/bin/
 RUN rm -rf oras_${VERSION}_*.tar.gz oras-install/
 COPY ./Installer.ps1 /script/Installer.ps1
-COPY ./installation.yaml /script/installation.yaml
 COPY ./get-custom-scripts /get-custom-scripts
 RUN oras --help

images/hull-integration/Dockerfile-noroot

@@ -0,0 +1,20 @@
+FROM mcr.microsoft.com/powershell:7.3-ubuntu-22.04
+RUN pwsh -NonInteractive -Command Install-Module -Force -Scope AllUsers powershell-yaml
+RUN apt-get update
+RUN apt-get -y install curl
+ENV VERSION="1.1.0"
+RUN curl -LO "https://github.com/oras-project/oras/releases/download/v${VERSION}/oras_${VERSION}_linux_amd64.tar.gz" 
+RUN ls
+RUN mkdir -p oras-install/
+RUN tar -zxf oras_${VERSION}_*.tar.gz -C oras-install/
+RUN mv oras-install/oras /usr/local/bin/
+RUN rm -rf oras_${VERSION}_*.tar.gz oras-install/
+# Create a user group 'noroot'
+RUN groupadd noroot
+# Add a user noroot to group 'noroot'
+RUN useradd --create-home --shell /bin/bash -u 1001 -g noroot noroot
+COPY ./Installer.ps1 /script/Installer.ps1
+RUN chown -R noroot /script
+COPY ./get-custom-scripts /get-custom-scripts
+RUN chown -R noroot /get-custom-scripts
+RUN oras --help