Skip to content

Commit f9b8231

Browse files
alinashklyarvasil-cf
alinashklyar
and
vasil-cf
authored
chore: security update for pikolo, compose, docker-builder, docker-pusher, cf-debugger and docker-puller (#614)
Co-authored-by: Vasil Sudakou <[email protected]>
1 parent b3fddb9 commit f9b8231

File tree

3 files changed

+14
-14
lines changed

3 files changed

+14
-14
lines changed

charts/cf-runtime/Chart.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
apiVersion: v2
22
description: A Helm chart for Codefresh Runner
33
name: cf-runtime
4-
version: 8.3.5
4+
version: 8.3.6
55
keywords:
66
- codefresh
77
- runner
@@ -18,7 +18,7 @@ annotations:
1818
# Supported kinds: `added`, `changed`, `deprecated`, `removed`, `fixed`, `security`:
1919
artifacthub.io/changes: |
2020
- kind: security
21-
description: "Security fix in cf-app-proxy and cf-cosign-image-signer."
21+
description: "Security fix in cf-docker-builder, cf-docker-puller, cf-docker-pusher, compose, pikolo, cf-debugger."
2222
dependencies:
2323
- name: cf-common
2424
repository: oci://quay.io/codefresh/charts

charts/cf-runtime/README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
## Codefresh Runner
22

3-
![Version: 8.3.5](https://img.shields.io/badge/Version-8.3.5-informational?style=flat-square)
3+
![Version: 8.3.6](https://img.shields.io/badge/Version-8.3.6-informational?style=flat-square)
44

55
Helm chart for deploying [Codefresh Runner](https://codefresh.io/docs/docs/installation/codefresh-runner/) to Kubernetes.
66

@@ -1331,7 +1331,7 @@ Install the Helm chart
13311331
| runtime.dind.userVolumeMounts | object | `{}` | Add extra volume mounts |
13321332
| runtime.dind.userVolumes | object | `{}` | Add extra volumes |
13331333
| runtime.dindDaemon | object | See below | DinD pod daemon config |
1334-
| runtime.engine | object | `{"affinity":{},"command":["npm","run","start"],"env":{"CF_TELEMETRY_LOGS_LEVEL":"debug","CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION":"false","CF_TELEMETRY_OTEL_ENABLE":"true","CF_TELEMETRY_PROMETHEUS_ENABLE":"false","CF_TELEMETRY_PROMETHEUS_ENABLE_PROCESS_METRICS":"false","CF_TELEMETRY_PROMETHEUS_HOST":"0.0.0.0","CF_TELEMETRY_PROMETHEUS_PORT":"9100","CF_TELEMETRY_PYROSCOPE_ENABLE":"false","CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS":1000,"DOCKER_REQUEST_TIMEOUT_MS":30000,"FORCE_COMPOSE_SERIAL_PULL":false,"LOGGER_LEVEL":"debug","LOG_OUTGOING_HTTP_REQUESTS":false,"METRICS_PROMETHEUS_COLLECT_PROCESS_METRICS":false,"METRICS_PROMETHEUS_ENABLED":false,"METRICS_PROMETHEUS_ENABLE_LEGACY_METRICS":false,"METRICS_PROMETHEUS_HOST":"0.0.0.0","METRICS_PROMETHEUS_PORT":9100,"METRICS_PROMETHEUS_SCRAPE_TIMEOUT":"15000","METRICS_SCRAPE_TIMEOUT_MS":"0","OTEL_EXPORTER_OTLP_COMPRESSION":"gzip","OTEL_EXPORTER_OTLP_ENDPOINT":"http://localhost:4317","OTEL_EXPORTER_OTLP_PROTOCOL":"grpc","OTEL_EXPORTER_PROMETHEUS_HOST":"0.0.0.0","OTEL_EXPORTER_PROMETHEUS_PORT":"9464","OTEL_LOGS_EXPORTER":"none","OTEL_METRICS_EXPORTER":"otlp","OTEL_METRIC_EXPORT_INTERVAL":"10000","OTEL_METRIC_EXPORT_TIMEOUT":"5000","OTEL_SEMCONV_STABILITY_OPT_IN":"http","OTEL_TRACES_EXPORTER":"none","OTEL_TRACES_SAMPLER":"parentbased_always_on","PYROSCOPE_SERVER_ADDRESS":"","TRUSTED_QEMU_IMAGES":"tonistiigi/binfmt"},"image":{"digest":"sha256:3a7126b17a4ca9d24b4b193f4a4578a3e65df21b72d08d5db3f82ff050d9c77e","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/engine","tag":"1.179.5"},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"resources":{"limits":{"cpu":"1000m","memory":"2048Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"runtimeImages":{"alpine":{"digest":"sha256:115729ec5cb049ba6359c3ab005ac742012d92bbaa5b8bc1a878f1e8f62c0cb8","registry":"docker.io","repository":"alpine","tag":"edge"},"compose":{"digest":"sha256:e74494370100678ccb1c1058e6ef3ddcf67b21fcd37da8b3482376c8282549ad","registry":"quay.io","repository":"codefresh/compose","tag":"v2.37.0-1.5.4"},"container-logger":{"digest":"sha256:6e376bb00e824827cb038e15160ccf0fead4f868197b75bbc80dbd6bc34af8d6","registry":"quay.io","repository":"codefresh/cf-container-logger","tag":"1.12.8"},"cosign-image-signer":{"digest":"sha256:308dbb83992e6a13c46f3c76a8e082e6c5e212045bfaff699ccfe7f56366c543","registry":"quay.io","repository":"codefresh/cf-cosign-image-signer","tag":"2.5.2-cf.2"},"default-qemu":{"digest":"sha256:1b804311fe87047a4c96d38b4b3ef6f62fca8cd125265917a9e3dc3c996c39e6","registry":"docker.io","repository":"tonistiigi/binfmt","tag":"qemu-v9.2.2"},"docker-builder":{"digest":"sha256:1d02df4dcf703a97c7a64b147cd2c3f6ec2c708aad16be5abbd337f3c13a48ad","registry":"quay.io","repository":"codefresh/cf-docker-builder","tag":"1.4.7"},"docker-puller":{"digest":"sha256:914f071bcb1893bcb42c3f8907f8f3874f1f30db1a2ccaa4b825dab9bb157e60","registry":"quay.io","repository":"codefresh/cf-docker-puller","tag":"8.0.22"},"docker-pusher":{"digest":"sha256:bad3773029a68f33953f1dc245cb92c386b5311a996340eea41fe6b9cc52a96c","registry":"quay.io","repository":"codefresh/cf-docker-pusher","tag":"6.0.20"},"docker-tag-pusher":{"digest":"sha256:ec4416525bbf4912786035fbb2e1f26ae04f94559c535f02232b48eb0a1c5fa7","registry":"quay.io","repository":"codefresh/cf-docker-tag-pusher","tag":"1.3.19"},"fs-ops":{"digest":"sha256:70d53821b9314d88e3571dfb096e8f577caf3e4c2199253621b8d0c85d20b8ad","registry":"quay.io","repository":"codefresh/fs-ops","tag":"1.2.10"},"gc-builder":{"digest":"sha256:33ac914e6b844909f188a208cf90e569358cafa5aaa60f49848f49d99bcaf875","registry":"quay.io","repository":"codefresh/cf-gc-builder","tag":"0.5.3"},"git-cloner":{"digest":"sha256:2e09eef18d5caddae708058ec63247825ac4e4ee5e5763986f65e1312fbcc449","registry":"quay.io","repository":"codefresh/cf-git-cloner","tag":"10.3.2"},"kube-deploy":{"digest":"sha256:35649b14eb43717d3752d08597ada77d3737b2508f1b8e1f52f67b7a0e5ff263","registry":"quay.io","repository":"codefresh/cf-deploy-kubernetes","tag":"16.2.9"},"pipeline-debugger":{"digest":"sha256:37975653b4ef5378bd1e38d453c7dac4721cba1c1977a5ca6118a67b98a47925","registry":"quay.io","repository":"codefresh/cf-debugger","tag":"1.3.9"},"template-engine":{"digest":"sha256:b3f499fcf93037e69fba599d2f292cfc9f28a158052dd57d5de9cdf9756f1f60","registry":"quay.io","repository":"codefresh/pikolo","tag":"0.14.6"}},"runtimeImagesRegistry":"","schedulerName":"","serviceAccount":"codefresh-engine","terminationGracePeriodSeconds":180,"tolerations":[],"userEnvVars":[],"workflowLimits":{"MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS":600,"MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION":86400,"MAXIMUM_ELECTED_STATE_AGE_ALLOWED":900,"MAXIMUM_POST_STEPS_GRACE_PERIOD_MINUTES":30,"MAXIMUM_RETRY_ATTEMPTS_ALLOWED":20,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED":900,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE":300,"TIME_ENGINE_INACTIVE_UNTIL_TERMINATION":300,"TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY":60,"TIME_INACTIVE_UNTIL_TERMINATION":2700}}` | Parameters for Engine pod (aka "pipeline" orchestrator). |
1334+
| runtime.engine | object | `{"affinity":{},"command":["npm","run","start"],"env":{"CF_TELEMETRY_LOGS_LEVEL":"debug","CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION":"false","CF_TELEMETRY_OTEL_ENABLE":"true","CF_TELEMETRY_PROMETHEUS_ENABLE":"false","CF_TELEMETRY_PROMETHEUS_ENABLE_PROCESS_METRICS":"false","CF_TELEMETRY_PROMETHEUS_HOST":"0.0.0.0","CF_TELEMETRY_PROMETHEUS_PORT":"9100","CF_TELEMETRY_PYROSCOPE_ENABLE":"false","CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS":1000,"DOCKER_REQUEST_TIMEOUT_MS":30000,"FORCE_COMPOSE_SERIAL_PULL":false,"LOGGER_LEVEL":"debug","LOG_OUTGOING_HTTP_REQUESTS":false,"METRICS_PROMETHEUS_COLLECT_PROCESS_METRICS":false,"METRICS_PROMETHEUS_ENABLED":false,"METRICS_PROMETHEUS_ENABLE_LEGACY_METRICS":false,"METRICS_PROMETHEUS_HOST":"0.0.0.0","METRICS_PROMETHEUS_PORT":9100,"METRICS_PROMETHEUS_SCRAPE_TIMEOUT":"15000","METRICS_SCRAPE_TIMEOUT_MS":"0","OTEL_EXPORTER_OTLP_COMPRESSION":"gzip","OTEL_EXPORTER_OTLP_ENDPOINT":"http://localhost:4317","OTEL_EXPORTER_OTLP_PROTOCOL":"grpc","OTEL_EXPORTER_PROMETHEUS_HOST":"0.0.0.0","OTEL_EXPORTER_PROMETHEUS_PORT":"9464","OTEL_LOGS_EXPORTER":"none","OTEL_METRICS_EXPORTER":"otlp","OTEL_METRIC_EXPORT_INTERVAL":"10000","OTEL_METRIC_EXPORT_TIMEOUT":"5000","OTEL_SEMCONV_STABILITY_OPT_IN":"http","OTEL_TRACES_EXPORTER":"none","OTEL_TRACES_SAMPLER":"parentbased_always_on","PYROSCOPE_SERVER_ADDRESS":"","TRUSTED_QEMU_IMAGES":"tonistiigi/binfmt"},"image":{"digest":"sha256:3a7126b17a4ca9d24b4b193f4a4578a3e65df21b72d08d5db3f82ff050d9c77e","pullPolicy":"IfNotPresent","registry":"quay.io","repository":"codefresh/engine","tag":"1.179.5"},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"resources":{"limits":{"cpu":"1000m","memory":"2048Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"runtimeImages":{"alpine":{"digest":"sha256:115729ec5cb049ba6359c3ab005ac742012d92bbaa5b8bc1a878f1e8f62c0cb8","registry":"docker.io","repository":"alpine","tag":"edge"},"compose":{"digest":"sha256:542a9711f17be40174c66263e7a289be9306ac031ddad8c6cb84773644865b5c","registry":"quay.io","repository":"codefresh/compose","tag":"v2.37.0-1.5.5"},"container-logger":{"digest":"sha256:6e376bb00e824827cb038e15160ccf0fead4f868197b75bbc80dbd6bc34af8d6","registry":"quay.io","repository":"codefresh/cf-container-logger","tag":"1.12.8"},"cosign-image-signer":{"digest":"sha256:308dbb83992e6a13c46f3c76a8e082e6c5e212045bfaff699ccfe7f56366c543","registry":"quay.io","repository":"codefresh/cf-cosign-image-signer","tag":"2.5.2-cf.2"},"default-qemu":{"digest":"sha256:1b804311fe87047a4c96d38b4b3ef6f62fca8cd125265917a9e3dc3c996c39e6","registry":"docker.io","repository":"tonistiigi/binfmt","tag":"qemu-v9.2.2"},"docker-builder":{"digest":"sha256:e3394318954fd39e6d3d05c83d93a0432ec2ecdbd5ccae43c711d228b7bc7b5c","registry":"quay.io","repository":"codefresh/cf-docker-builder","tag":"1.4.8"},"docker-puller":{"digest":"sha256:914f071bcb1893bcb42c3f8907f8f3874f1f30db1a2ccaa4b825dab9bb157e60","registry":"quay.io","repository":"codefresh/cf-docker-puller","tag":"8.0.22"},"docker-pusher":{"digest":"sha256:95697a8e7a1ee44ca6bb8b73a5e13fddb8709db2d25f63ceb65cc88492430290","registry":"quay.io","repository":"codefresh/cf-docker-pusher","tag":"6.0.21"},"docker-tag-pusher":{"digest":"sha256:ec4416525bbf4912786035fbb2e1f26ae04f94559c535f02232b48eb0a1c5fa7","registry":"quay.io","repository":"codefresh/cf-docker-tag-pusher","tag":"1.3.19"},"fs-ops":{"digest":"sha256:70d53821b9314d88e3571dfb096e8f577caf3e4c2199253621b8d0c85d20b8ad","registry":"quay.io","repository":"codefresh/fs-ops","tag":"1.2.10"},"gc-builder":{"digest":"sha256:33ac914e6b844909f188a208cf90e569358cafa5aaa60f49848f49d99bcaf875","registry":"quay.io","repository":"codefresh/cf-gc-builder","tag":"0.5.3"},"git-cloner":{"digest":"sha256:2e09eef18d5caddae708058ec63247825ac4e4ee5e5763986f65e1312fbcc449","registry":"quay.io","repository":"codefresh/cf-git-cloner","tag":"10.3.2"},"kube-deploy":{"digest":"sha256:35649b14eb43717d3752d08597ada77d3737b2508f1b8e1f52f67b7a0e5ff263","registry":"quay.io","repository":"codefresh/cf-deploy-kubernetes","tag":"16.2.9"},"pipeline-debugger":{"digest":"sha256:61eba0921344478f7e124e957b4eedcc8fea09ae562ee1f5e18773a93d66acd2","registry":"quay.io","repository":"codefresh/cf-debugger","tag":"1.3.10"},"template-engine":{"digest":"sha256:e465641ec172975c670120ec46128a5781db406b874edcf1257bd8d8f29aa35c","registry":"quay.io","repository":"codefresh/pikolo","tag":"0.14.7"}},"runtimeImagesRegistry":"","schedulerName":"","serviceAccount":"codefresh-engine","terminationGracePeriodSeconds":180,"tolerations":[],"userEnvVars":[],"workflowLimits":{"MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS":600,"MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION":86400,"MAXIMUM_ELECTED_STATE_AGE_ALLOWED":900,"MAXIMUM_POST_STEPS_GRACE_PERIOD_MINUTES":30,"MAXIMUM_RETRY_ATTEMPTS_ALLOWED":20,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED":900,"MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE":300,"TIME_ENGINE_INACTIVE_UNTIL_TERMINATION":300,"TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY":60,"TIME_INACTIVE_UNTIL_TERMINATION":2700}}` | Parameters for Engine pod (aka "pipeline" orchestrator). |
13351335
| runtime.engine.affinity | object | `{}` | Set affinity |
13361336
| runtime.engine.command | list | `["npm","run","start"]` | Set container command. |
13371337
| runtime.engine.env | object | `{"CF_TELEMETRY_LOGS_LEVEL":"debug","CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION":"false","CF_TELEMETRY_OTEL_ENABLE":"true","CF_TELEMETRY_PROMETHEUS_ENABLE":"false","CF_TELEMETRY_PROMETHEUS_ENABLE_PROCESS_METRICS":"false","CF_TELEMETRY_PROMETHEUS_HOST":"0.0.0.0","CF_TELEMETRY_PROMETHEUS_PORT":"9100","CF_TELEMETRY_PYROSCOPE_ENABLE":"false","CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS":1000,"DOCKER_REQUEST_TIMEOUT_MS":30000,"FORCE_COMPOSE_SERIAL_PULL":false,"LOGGER_LEVEL":"debug","LOG_OUTGOING_HTTP_REQUESTS":false,"METRICS_PROMETHEUS_COLLECT_PROCESS_METRICS":false,"METRICS_PROMETHEUS_ENABLED":false,"METRICS_PROMETHEUS_ENABLE_LEGACY_METRICS":false,"METRICS_PROMETHEUS_HOST":"0.0.0.0","METRICS_PROMETHEUS_PORT":9100,"METRICS_PROMETHEUS_SCRAPE_TIMEOUT":"15000","METRICS_SCRAPE_TIMEOUT_MS":"0","OTEL_EXPORTER_OTLP_COMPRESSION":"gzip","OTEL_EXPORTER_OTLP_ENDPOINT":"http://localhost:4317","OTEL_EXPORTER_OTLP_PROTOCOL":"grpc","OTEL_EXPORTER_PROMETHEUS_HOST":"0.0.0.0","OTEL_EXPORTER_PROMETHEUS_PORT":"9464","OTEL_LOGS_EXPORTER":"none","OTEL_METRICS_EXPORTER":"otlp","OTEL_METRIC_EXPORT_INTERVAL":"10000","OTEL_METRIC_EXPORT_TIMEOUT":"5000","OTEL_SEMCONV_STABILITY_OPT_IN":"http","OTEL_TRACES_EXPORTER":"none","OTEL_TRACES_SAMPLER":"parentbased_always_on","PYROSCOPE_SERVER_ADDRESS":"","TRUSTED_QEMU_IMAGES":"tonistiigi/binfmt"}` | Set additional env vars. |

charts/cf-runtime/values.yaml

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -543,8 +543,8 @@ runtime:
543543
compose:
544544
registry: quay.io
545545
repository: codefresh/compose
546-
tag: v2.37.0-1.5.4
547-
digest: sha256:e74494370100678ccb1c1058e6ef3ddcf67b21fcd37da8b3482376c8282549ad
546+
tag: v2.37.0-1.5.5
547+
digest: sha256:542a9711f17be40174c66263e7a289be9306ac031ddad8c6cb84773644865b5c
548548
container-logger:
549549
registry: quay.io
550550
repository: codefresh/cf-container-logger
@@ -553,8 +553,8 @@ runtime:
553553
docker-builder:
554554
registry: quay.io
555555
repository: codefresh/cf-docker-builder
556-
tag: 1.4.7
557-
digest: sha256:1d02df4dcf703a97c7a64b147cd2c3f6ec2c708aad16be5abbd337f3c13a48ad
556+
tag: 1.4.8
557+
digest: sha256:e3394318954fd39e6d3d05c83d93a0432ec2ecdbd5ccae43c711d228b7bc7b5c
558558
docker-puller:
559559
registry: quay.io
560560
repository: codefresh/cf-docker-puller
@@ -563,8 +563,8 @@ runtime:
563563
docker-pusher:
564564
registry: quay.io
565565
repository: codefresh/cf-docker-pusher
566-
tag: 6.0.20
567-
digest: sha256:bad3773029a68f33953f1dc245cb92c386b5311a996340eea41fe6b9cc52a96c
566+
tag: 6.0.21
567+
digest: sha256:95697a8e7a1ee44ca6bb8b73a5e13fddb8709db2d25f63ceb65cc88492430290
568568
docker-tag-pusher:
569569
registry: quay.io
570570
repository: codefresh/cf-docker-tag-pusher
@@ -588,13 +588,13 @@ runtime:
588588
pipeline-debugger:
589589
registry: quay.io
590590
repository: codefresh/cf-debugger
591-
tag: 1.3.9
592-
digest: sha256:37975653b4ef5378bd1e38d453c7dac4721cba1c1977a5ca6118a67b98a47925
591+
tag: 1.3.10
592+
digest: sha256:61eba0921344478f7e124e957b4eedcc8fea09ae562ee1f5e18773a93d66acd2
593593
template-engine:
594594
registry: quay.io
595595
repository: codefresh/pikolo
596-
tag: 0.14.6
597-
digest: sha256:b3f499fcf93037e69fba599d2f292cfc9f28a158052dd57d5de9cdf9756f1f60
596+
tag: 0.14.7
597+
digest: sha256:e465641ec172975c670120ec46128a5781db406b874edcf1257bd8d8f29aa35c
598598
cosign-image-signer:
599599
registry: quay.io
600600
repository: codefresh/cf-cosign-image-signer

0 commit comments

Comments
 (0)