From 10ced54f438c426b94d2fd6d2a292e3fa5a08e43 Mon Sep 17 00:00:00 2001 From: David Anderson Date: Wed, 3 Jul 2024 16:41:05 -0400 Subject: [PATCH 1/3] update to use hardened images --- pipeline.yml | 83 +++++------------------------ python-flask/check-dependencies.yml | 4 +- python-flask/manifest.yml | 4 +- 3 files changed, 18 insertions(+), 73 deletions(-) diff --git a/pipeline.yml b/pipeline.yml index 0c74463..553a0a3 100644 --- a/pipeline.yml +++ b/pipeline.yml @@ -24,12 +24,12 @@ jobs: platform: linux image_resource: type: registry-image - source: + source: &general-task aws_access_key_id: ((ecr_aws_key)) aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task + repository: general-task aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) + tag: latest path: cf-hello-worlds/python-flask manifest: cf-hello-worlds/python-flask/manifest.yml - put: deploy-python-flask-production @@ -38,12 +38,7 @@ jobs: platform: linux image_resource: type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) + source: *general-task path: cf-hello-worlds/python-flask manifest: cf-hello-worlds/python-flask/manifest.yml on_failure: @@ -74,12 +69,7 @@ jobs: platform: linux image_resource: type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) + source: *general-task path: cf-hello-worlds/ruby-sinatra manifest: cf-hello-worlds/ruby-sinatra/manifest.yml - put: deploy-ruby-sinatra-production @@ -88,12 +78,7 @@ jobs: platform: linux image_resource: type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) + source: *general-task path: cf-hello-worlds/ruby-sinatra manifest: cf-hello-worlds/ruby-sinatra/manifest.yml on_failure: @@ -121,12 +106,7 @@ jobs: platform: linux image_resource: type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) + source: *general-task path: cf-hello-worlds/nodejs manifest: cf-hello-worlds/nodejs/manifest.yml - put: deploy-nodejs-production @@ -135,12 +115,7 @@ jobs: platform: linux image_resource: type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) + source: *general-task path: cf-hello-worlds/nodejs manifest: cf-hello-worlds/nodejs/manifest.yml on_failure: @@ -168,12 +143,7 @@ jobs: platform: linux image_resource: type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) + source: *general-task path: cf-hello-worlds/php manifest: cf-hello-worlds/php/manifest.yml - put: deploy-php-production @@ -182,12 +152,7 @@ jobs: platform: linux image_resource: type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) + source: *general-task path: cf-hello-worlds/php manifest: cf-hello-worlds/php/manifest.yml on_failure: @@ -217,12 +182,7 @@ jobs: platform: linux image_resource: type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) + source: *general-task path: cf-hello-worlds-build/java-see/target/hello-world-0.0.1-SNAPSHOT.jar manifest: cf-hello-worlds-build/java-see/manifest.yml - put: deploy-java-production @@ -231,12 +191,7 @@ jobs: platform: linux image_resource: type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) + source: *general-task path: cf-hello-worlds-build/java-see/target/hello-world-0.0.1-SNAPSHOT.jar manifest: cf-hello-worlds-build/java-see/manifest.yml on_failure: @@ -264,12 +219,7 @@ jobs: platform: linux image_resource: type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) + source: *general-task path: cf-hello-worlds/dotnet-core manifest: cf-hello-worlds/dotnet-core/manifest.yml - put: deploy-dotnet-core-production @@ -278,12 +228,7 @@ jobs: platform: linux image_resource: type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) + source: *general-task path: cf-hello-worlds/dotnet-core manifest: cf-hello-worlds/dotnet-core/manifest.yml on_failure: diff --git a/python-flask/check-dependencies.yml b/python-flask/check-dependencies.yml index e29f326..d8a1c42 100644 --- a/python-flask/check-dependencies.yml +++ b/python-flask/check-dependencies.yml @@ -6,9 +6,9 @@ image_resource: source: aws_access_key_id: ((ecr_aws_key)) aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task + repository: general-task aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) + tag: latest inputs: - {name: cf-hello-worlds} diff --git a/python-flask/manifest.yml b/python-flask/manifest.yml index 512fd79..87405a4 100644 --- a/python-flask/manifest.yml +++ b/python-flask/manifest.yml @@ -4,6 +4,6 @@ applications: random-route: true buildpacks: - python_buildpack - memory: 256M + memory: 1G stack: cflinuxfs4 - \ No newline at end of file + From d74bdbd1c5e70151e032d167708b20d4504be19e Mon Sep 17 00:00:00 2001 From: David Anderson Date: Wed, 3 Jul 2024 16:44:14 -0400 Subject: [PATCH 2/3] remove memory change --- python-flask/manifest.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/python-flask/manifest.yml b/python-flask/manifest.yml index 87405a4..fd3727d 100644 --- a/python-flask/manifest.yml +++ b/python-flask/manifest.yml @@ -4,6 +4,6 @@ applications: random-route: true buildpacks: - python_buildpack - memory: 1G + memory: 256 stack: cflinuxfs4 - + From e3ebbd239918568051fed097b39806eb9bfdca70 Mon Sep 17 00:00:00 2001 From: David Anderson Date: Wed, 3 Jul 2024 16:44:58 -0400 Subject: [PATCH 3/3] add M --- python-flask/manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python-flask/manifest.yml b/python-flask/manifest.yml index fd3727d..5cd7b3e 100644 --- a/python-flask/manifest.yml +++ b/python-flask/manifest.yml @@ -4,6 +4,6 @@ applications: random-route: true buildpacks: - python_buildpack - memory: 256 + memory: 256M stack: cflinuxfs4