feat: latest CI tools

charts/kubezero-ci/README.md

@@ -1,6 +1,6 @@
 # kubezero-ci
 
-![Version: 0.8.17](https://img.shields.io/badge/Version-0.8.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.8.18](https://img.shields.io/badge/Version-0.8.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 KubeZero umbrella chart for all things CI
 
@@ -20,9 +20,9 @@ Kubernetes: `>= 1.25.0`
 |------------|------|---------|
 | https://aquasecurity.github.io/helm-charts/ | trivy | 0.8.0 |
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
-| https://charts.jenkins.io | jenkins | 5.7.6 |
+| https://charts.jenkins.io | jenkins | 5.7.12 |
-| https://dl.gitea.io/charts/ | gitea | 10.4.1 |
+| https://dl.gitea.io/charts/ | gitea | 10.6.0 |
-| https://docs.renovatebot.com/helm-charts | renovate | 38.124.1 |
+| https://docs.renovatebot.com/helm-charts | renovate | 38.142.6 |
 
 # Jenkins
 - default build retention 10 builds, 32days
@@ -56,6 +56,7 @@ Kubernetes: `>= 1.25.0`
 | gitea.extraVolumes[0].configMap.name | string | `"gitea-kubezero-ci-themes"` |  |
 | gitea.extraVolumes[0].name | string | `"gitea-themes"` |  |
 | gitea.gitea.admin.existingSecret | string | `"gitea-admin-secret"` |  |
+| gitea.gitea.config."ssh.minimum_key_sizes".RSA | int | `2047` |  |
 | gitea.gitea.config.cache.ADAPTER | string | `"memory"` |  |
 | gitea.gitea.config.database.DB_TYPE | string | `"sqlite3"` |  |
 | gitea.gitea.config.log.LEVEL | string | `"warn"` |  |
@@ -81,7 +82,6 @@ Kubernetes: `>= 1.25.0`
 | gitea.resources.requests.cpu | string | `"150m"` |  |
 | gitea.resources.requests.memory | string | `"320Mi"` |  |
 | gitea.securityContext.allowPrivilegeEscalation | bool | `false` |  |
-| gitea.securityContext.capabilities.add[0] | string | `"SYS_CHROOT"` |  |
 | gitea.securityContext.capabilities.drop[0] | string | `"ALL"` |  |
 | gitea.strategy.type | string | `"Recreate"` |  |
 | gitea.test.enabled | bool | `false` |  |

charts/kubezero-ci/charts/jenkins/CHANGELOG.md

@@ -12,6 +12,30 @@ Use the following links to reference issues, PRs, and commits prior to v2.6.0.
 The changelog until v1.5.7 was auto-generated based on git commits.
 Those entries include a reference to the git commit to be able to get more details.
 
+## 5.7.12
+
+Update `configuration-as-code` to version `1887.v9e47623cb_043`
+
+## 5.7.11
+
+Update `git` to version `5.6.0`
+
+## 5.7.10
+
+Update `jenkins/jenkins` to version `2.479.1-jdk17`
+
+## 5.7.9
+
+Update `configuration-as-code` to version `1873.vea_5814ca_9c93`
+
+## 5.7.8
+
+Update `jenkins/inbound-agent` to version `3273.v4cfe589b_fd83-1`
+
+## 5.7.7
+
+Update `kubernetes` to version `4295.v7fa_01b_309c95`
+
 ## 5.7.5
 
 Fix helm release deployment with flux revision reconciliation

charts/kubezero-ci/charts/jenkins/Chart.yaml

@@ -1,12 +1,14 @@
 annotations:
   artifacthub.io/category: integration-delivery
+  artifacthub.io/changes: |
+    - Update `configuration-as-code` to version `1887.v9e47623cb_043`
   artifacthub.io/images: |
     - name: jenkins
-      image: docker.io/jenkins/jenkins:2.462.3-jdk17
+      image: docker.io/jenkins/jenkins:2.479.1-jdk17
     - name: k8s-sidecar
       image: docker.io/kiwigrid/k8s-sidecar:1.28.0
     - name: inbound-agent
-      image: jenkins/inbound-agent:3261.v9c670a_4748a_9-1
+      image: jenkins/inbound-agent:3273.v4cfe589b_fd83-1
   artifacthub.io/license: Apache-2.0
   artifacthub.io/links: |
     - name: Chart Source
@@ -16,7 +18,7 @@ annotations:
     - name: support
       url: https://github.com/jenkinsci/helm-charts/issues
 apiVersion: v2
-appVersion: 2.462.3
+appVersion: 2.479.1
 description: 'Jenkins - Build great things at any scale! As the leading open source
   automation server, Jenkins provides over 1800 plugins to support building, deploying
   and automating any project. '
@@ -44,4 +46,4 @@ sources:
 - https://github.com/maorfr/kube-tasks
 - https://github.com/jenkinsci/configuration-as-code-plugin
 type: application
-version: 5.7.6
+version: 5.7.12

charts/kubezero-ci/charts/jenkins/VALUES.md

@@ -31,7 +31,7 @@ The following tables list the configurable parameters of the Jenkins chart and t
 | [agent.hostNetworking](./values.yaml#L973) | bool | Enables the agent to use the host network | `false` |
 | [agent.idleMinutes](./values.yaml#L1120) | int | Allows the Pod to remain active for reuse until the configured number of minutes has passed since the last step was executed on it | `0` |
 | [agent.image.repository](./values.yaml#L952) | string | Repository to pull the agent jnlp image from | `"jenkins/inbound-agent"` |
-| [agent.image.tag](./values.yaml#L954) | string | Tag of the image to pull | `"3261.v9c670a_4748a_9-1"` |
+| [agent.image.tag](./values.yaml#L954) | string | Tag of the image to pull | `"3273.v4cfe589b_fd83-1"` |
 | [agent.imagePullSecretName](./values.yaml#L961) | string | Name of the secret to be used to pull the image | `nil` |
 | [agent.inheritYamlMergeStrategy](./values.yaml#L1140) | bool | Controls whether the defined yaml merge strategy will be inherited if another defined pod template is configured to inherit from the current one | `false` |
 | [agent.jenkinsTunnel](./values.yaml#L929) | string | Overrides the Kubernetes Jenkins tunnel | `nil` |
@@ -165,7 +165,7 @@ The following tables list the configurable parameters of the Jenkins chart and t
 | [controller.initializeOnce](./values.yaml#L420) | bool | Initialize only on first installation. Ensures plugins do not get updated inadvertently. Requires `persistence.enabled` to be set to `true` | `false` |
 | [controller.installLatestPlugins](./values.yaml#L409) | bool | Download the minimum required version or latest version of all dependencies | `true` |
 | [controller.installLatestSpecifiedPlugins](./values.yaml#L412) | bool | Set to true to download the latest version of any plugin that is requested to have the latest version | `false` |
-| [controller.installPlugins](./values.yaml#L401) | list | List of Jenkins plugins to install. If you don't want to install plugins, set it to `false` | `["kubernetes:4292.v11898cf8fa_66","workflow-aggregator:600.vb_57cdd26fdd7","git:5.5.2","configuration-as-code:1850.va_a_8c31d3158b_"]` |
+| [controller.installPlugins](./values.yaml#L401) | list | List of Jenkins plugins to install. If you don't want to install plugins, set it to `false` | `["kubernetes:4295.v7fa_01b_309c95","workflow-aggregator:600.vb_57cdd26fdd7","git:5.6.0","configuration-as-code:1887.v9e47623cb_043"]` |
 | [controller.javaOpts](./values.yaml#L162) | string | Append to `JAVA_OPTS` env var | `nil` |
 | [controller.jenkinsAdminEmail](./values.yaml#L96) | string | Email address for the administrator of the Jenkins instance | `nil` |
 | [controller.jenkinsHome](./values.yaml#L101) | string | Custom Jenkins home path | `"/var/jenkins_home"` |

charts/kubezero-ci/charts/jenkins/values.yaml

@@ -399,10 +399,10 @@ controller:
   # Plugins will be installed during Jenkins controller start
   # -- List of Jenkins plugins to install. If you don't want to install plugins, set it to `false`
   installPlugins:
-    - kubernetes:4292.v11898cf8fa_66
+    - kubernetes:4295.v7fa_01b_309c95
     - workflow-aggregator:600.vb_57cdd26fdd7
-    - git:5.5.2
+    - git:5.6.0
-    - configuration-as-code:1850.va_a_8c31d3158b_
+    - configuration-as-code:1887.v9e47623cb_043
 
   # If set to false, Jenkins will download the minimum required version of all dependencies.
   # -- Download the minimum required version or latest version of all dependencies
@@ -951,7 +951,7 @@ agent:
     # -- Repository to pull the agent jnlp image from
     repository: "jenkins/inbound-agent"
     # -- Tag of the image to pull
-    tag: "3261.v9c670a_4748a_9-1"
+    tag: "3273.v4cfe589b_fd83-1"
   # -- Configure working directory for default agent
   workingDir: "/home/jenkins/agent"
   nodeUsageMode: "NORMAL"

charts/kubezero-ci/values.yaml

@@ -21,8 +21,6 @@ gitea:
     capabilities:
       drop:
         - ALL
-    # add:
-    #   - SYS_CHROOT
 
   resources:
     requests:
@@ -185,7 +183,7 @@ jenkins:
   agent:
     image:
       repository: public.ecr.aws/zero-downtime/jenkins-podman
-      tag: v0.6.2
+      tag: v0.7.0
     #alwaysPullImage: true
     podRetention: "Default"
     showRawYaml: false
@@ -279,7 +277,7 @@ jenkins:
 trivy:
   enabled: false
   image:
-   tag: 0.56.2
+   tag: 0.57.0
   persistence:
     enabled: true
     size: 1Gi

charts/kubezero/templates/network.yaml

@@ -3,18 +3,18 @@ multus:
   enabled: true
   clusterNetwork: "cilium"
 
-  {{- if eq .Values.global.platform "aws" }}
+# {{- if eq .Values.global.platform "aws" }}
-  image:
+# image:
-    pullPolicy: Never
+#   pullPolicy: Never
-  {{- end }}
+# {{- end }}
 
 cilium:
   enabled: true
 
-  {{- if eq .Values.global.platform "aws" }}
+# {{- if eq .Values.global.platform "aws" }}
-  image:
+# image:
-    pullPolicy: Never
+#   pullPolicy: Never
-  {{- end }}
+# {{- end }}
 
   cluster:
     name: {{ .Values.global.clusterName }}