Merge pull request #11 from HighwayofLife/update-tools

Update all tools and prep 2.7 release

Author: HighwayofLife

.github/workflows/docker-publish.yml

@@ -1,11 +1,7 @@
-name: Docker
+name: Publish Container Image
 
 on:
  push:
- # Publish `master` as Docker `latest` image.
- branches:
- - master
-
  # Publish `v1.2.3` tags as releases.
  tags:
  - v*
@@ -14,19 +10,24 @@ on:
  pull_request:
 
 env:
- # TODO: Change variable to your image's name.
- IMAGE_NAME: image
+ HUB_NAMESPACE: deck15
+ REGISTRY: ghcr.io
+ IMAGE_NAME: kubeval-tools
 
 jobs:
- # Run tests.
+ # Run build test.
  # See also https://docs.docker.com/docker-hub/builds/automated-testing/
  test:
  runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
 
  steps:
- - uses: actions/checkout@v2
+ - name: Checkout Repository
+ uses: actions/checkout@v2
 
- - name: Run tests
+ - name: Run Build
  run: |
  if [ -f docker-compose.test.yml ]; then
  docker-compose --file docker-compose.test.yml build
@@ -38,7 +39,7 @@ jobs:
  # Push image to GitHub Packages.
  # See also https://docs.docker.com/docker-hub/builds/
  push:
- # Ensure test job passes before pushing image.
+ # Ensure build-image job passes before pushing image.
  needs: test
 
  runs-on: ubuntu-latest
@@ -49,32 +50,61 @@ jobs:
  packages: write
 
  steps:
- - uses: actions/checkout@v2
+ - name: Checkout the repo
+ uses: actions/checkout@v2
 
  - name: Build image
  run: docker build . --file Dockerfile --tag $IMAGE_NAME
 
- - name: Log into registry
- run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com -u ${{ github.actor }} --password-stdin
-
- - name: Push image
- run: |
- IMAGE_ID=docker.pkg.github.com/${{ github.repository }}/$IMAGE_NAME
-
- # Change all uppercase to lowercase
- IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
-
- # Strip git ref prefix from version
- VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
-
- # Strip "v" prefix from tag name
- [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
-
- # Use Docker `latest` tag convention
- [ "$VERSION" == "master" ] && VERSION=latest
-
- echo IMAGE_ID=$IMAGE_ID
- echo VERSION=$VERSION
-
- docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
- docker push $IMAGE_ID:$VERSION
+ - name: Log in to the Container Registry
+ uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+ with:
+ registry: ${{ env.REGISTRY }}
+ username: ${{ github.actor }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Log in to Docker Hub
+ uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+ with:
+ username: ${{ secrets.DOCKER_USERNAME }}
+ password: ${{ secrets.DOCKER_PASSWORD }}
+
+ - name: Extract metadata for Github Registry
+ id: meta
+ uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+ with:
+ images: |
+ ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+ ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+ ${{ env.HUB_NAMESPACE }}/${{ env.IMAGE_NAME }}
+ ${{ env.HUB_NAMESPACE }}/${{ env.IMAGE_NAME }}:latest
+
+ - name: Build and push Docker images
+ uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+ with:
+ context: .
+ push: true
+ tags: ${{ steps.meta.outputs.tags }}
+ labels: ${{ steps.meta.outputs.labels }}
+
+ # - name: Push image
+ # run: |
+ # IMAGE_ID=docker.pkg.github.com/${{ github.repository }}/$IMAGE_NAME
+
+ # # Change all uppercase to lowercase
+ # IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
+
+ # # Strip git ref prefix from version
+ # VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+
+ # # Strip "v" prefix from tag name
+ # [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
+
+ # # Use Docker `latest` tag convention
+ # [ "$VERSION" == "master" ] && VERSION=latest
+
+ # echo IMAGE_ID=$IMAGE_ID
+ # echo VERSION=$VERSION
+
+ # docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
+ # docker push $IMAGE_ID:$VERSION

CHANGELOG.md

@@ -1,11 +1,21 @@
-v2.7 (Unreleased)
------------------
+v2.7
+----
 ### Features 🚀
-* 🚀 **[NEW]** Added **[KubeScan](https://github.com/controlplaneio/kubesec)**, a security scanning tool for Kubernetes pods, deployments, daemonsets and statefulsets.
+* 🚀 **[NEW]** Added **[KubeSec](https://github.com/controlplaneio/kubesec)**, a Security risk analysis for Kubernetes Resources
 
 ### Additions
-* Install Kubescan [v2.11.2](https://github.com/controlplaneio/kubesec/releases/tag/v2.11.2)
+* Install Kubesec [v2.11.4](https://github.com/controlplaneio/kubesec/releases/tag/v2.11.4)
 
+### Updates 📝
+* Upgrade Python from 3.9 to 3.10
+* Upgrade Kustomize from 4.1.3 to 4.5.3
+* Upgrade Conftest from 0.25 to 0.30
+* Upgrade Kube Score from 1.11 to 1.14
+* Upgrade Polaris 4.0.2 to 5.1.0
+* Upgrade Kube Linter 0.2.2 to 0.2.6
+* Upgrade Kube Conform from 0.4.7 to 0.4.13
+* Upgrade Kube Audit from 0.14.1 to 0.16.0
+* Upgrade Datree from 0.1.431 to 1.0.15
 
 v2.6
 ----

Dockerfile

@@ -1,40 +1,40 @@
-FROM python:3.9.5-alpine3.13
+FROM python:3.10.4-alpine3.15
 # https://hub.docker.com/_/python
 
-ARG APP_VERSION=2.6
+ARG APP_VERSION=2.7
 
 # https://github.com/instrumenta/kubeval/releases
 ARG KUBEVAL_VERSION=0.16.1
 
 # https://github.com/kubernetes-sigs/kustomize/releases
-ARG KUSTOMIZE_VERSION=4.1.3
+ARG KUSTOMIZE_VERSION=4.5.3
 
 # https://github.com/open-policy-agent/conftest/releases
-ARG CONFTEST_VERSION=0.25.0
+ARG CONFTEST_VERSION=0.30.0
 
 # https://github.com/stelligent/config-lint/releases
 ARG CONFIG_LINT_VERSION=1.6.0
 
 # https://github.com/zegl/kube-score/releases
-ARG KUBE_SCORE_VERSION=1.11.0
+ARG KUBE_SCORE_VERSION=1.14.0
 
 # https://github.com/FairwindsOps/polaris/releases
-ARG POLARIS_VERSION=4.0.2
+ARG POLARIS_VERSION=5.1.0
 
 # https://github.com/stackrox/kube-linter/releases
-ARG KUBE_LINTER_VERSION=0.2.2
+ARG KUBE_LINTER_VERSION=0.2.6
 
 # https://github.com/yannh/kubeconform/releases
-ARG KUBECONFORM_VERSION=0.4.7
+ARG KUBECONFORM_VERSION=0.4.13
 
 # https://github.com/Shopify/kubeaudit/releases
-ARG KUBEAUDIT_VERSION=0.14.1
+ARG KUBEAUDIT_VERSION=0.16.0
 
 # https://github.com/datreeio/datree/releases
-ARG DATREE_VERSION=0.1.431
+ARG DATREE_VERSION=1.0.15
 
 # https://github.com/controlplaneio/kubesec/releases
-ARG KUBESEC_VERSION=2.11.2
+ARG KUBESEC_VERSION=2.11.4
 
 # split layers into distinct components
 # Install yamllint and kubectl via the alpine packages repositories
@@ -71,7 +71,7 @@ RUN mkdir /tmp/kubeconform \
 # Install Kubeaudit
 RUN mkdir /tmp/kubeaudit \
  && curl -L -o /tmp/kubeaudit/kubeaudit.tar.gz \
- https://github.com/Shopify/kubeaudit/releases/download/v${KUBEAUDIT_VERSION}/kubeaudit_${KUBEAUDIT_VERSION}_linux_amd64.tar.gz \
+ https://github.com/Shopify/kubeaudit/releases/download/${KUBEAUDIT_VERSION}/kubeaudit_${KUBEAUDIT_VERSION}_linux_amd64.tar.gz \
  && tar -xzf /tmp/kubeaudit/kubeaudit.tar.gz -C /tmp/kubeaudit \
  && mv /tmp/kubeaudit/kubeaudit /usr/local/bin \
  && chmod +x /usr/local/bin/kubeaudit \
@@ -107,7 +107,7 @@ RUN mkdir /tmp/kube-score \
 # Install Polaris (https://github.com/FairwindsOps/polaris)
 RUN mkdir /tmp/polaris \
  && curl -L -o /tmp/polaris/polaris.tar.gz \
- https://github.com/FairwindsOps/polaris/releases/download/${POLARIS_VERSION}/polaris_${POLARIS_VERSION}_linux_amd64.tar.gz \
+ https://github.com/FairwindsOps/polaris/releases/download/${POLARIS_VERSION}/polaris_linux_amd64.tar.gz \
  && tar -xzf /tmp/polaris/polaris.tar.gz -C /tmp/polaris \
  && mv /tmp/polaris/polaris /usr/local/bin \
  && chmod +x /usr/local/bin/polaris \

README.md

@@ -29,20 +29,20 @@ Tools List
 ----------
 | Tool | Version | Purpose | Description |
 |-------------|----------|------------|-----------------------------------------------------------------------------------|
-| Kubectl | 1.21.1 | CLI | Kubernetes CLI. Can be used with `--dry-run=client` to validate manifests |
-| Helm | 3.6.0 | CLI | Helm helps you manage Kubernetes applications — define, install, and upgrade Kubernetes applications as helm charts. Run as a validation tool, can be run as `helm lint`, or `helm template`. |
-| Yamllint | 1.26.0 | Linter | Basic linter for YAML files |
+| Kubectl | 1.23.5 | CLI | Kubernetes CLI. Can be used with `--dry-run=client` to validate manifests |
+| Helm | 3.8.1 | CLI | Helm helps you manage Kubernetes applications — define, install, and upgrade Kubernetes applications as helm charts. Run as a validation tool, can be run as `helm lint`, or `helm template`. |
+| Yamllint | 1.26.3 | Linter | Basic linter for YAML files |
 | Kubeval | 0.16.1 | Validation | Tool for validating a Kubernetes YAML manifests. Doesn't work with CRDs. |
-| Kustomize | 4.1.3 | Compile | Template-free way to customize app configs. Useful to validate kustomize configs. |
+| Kustomize | 4.5.3 | Compile | Template-free way to customize app configs. Useful to validate kustomize configs. |
 | Config Lint | 1.6.0 | Validation | Validate config files using custom rules specified in YAML. |
-| Conftest | 0.25.0 | Tests | Utility to help you write tests against structured configuration data. |
-| Kube Score | 1.11.0 | Security | Tool that performs **static code analysis** of Kubernetes object definitions. |
-| Polaris | 4.0.2 | Validation | Identifies Kubernetes deployment configuration errors |
-| Kube Linter | 0.2.2 | Security | Linter and Static analysis tool that checks Kubernetes manifests |
-| Kubeconform | 0.4.7  | Validation | Kubernetes manifests validation tool like Kubeval with CRD support |
-| Kubeaudit | 0.14.1 | Security | Audit clusters or manifest files for security concerns |
-| Datree | 0.1.431 | Policy | Ensure Kubernetes manifests and Helm charts are valid and follow your policies. |
-| Kubesec | 2.11.2 | Security | Security risk analysis for Kubernetes resources |
+| Conftest | 0.30.0 | Tests | Utility to help you write tests against structured configuration data. |
+| Kube Score | 1.14.0 | Security | Tool that performs **static code analysis** of Kubernetes object definitions. |
+| Polaris | 5.1.0 | Validation | Identifies Kubernetes deployment configuration errors |
+| Kube Linter | 0.2.6 | Security | Linter and Static analysis tool that checks Kubernetes manifests |
+| Kubeconform | 0.4.13 | Validation | Kubernetes manifests validation tool like Kubeval with CRD support |
+| Kubeaudit | 0.16.0 | Security | Audit clusters or manifest files for security concerns |
+| Datree | 1.0.15  | Policy | Ensure Kubernetes manifests and Helm charts are valid and follow your policies. |
+| Kubesec | 2.11.4 | Security | Security risk analysis for Kubernetes resources  |
 
 CI Examples
 -----------
@@ -378,7 +378,7 @@ helm datree test <CHART_DIRECTORY>
 KubeSec
 -------
 
-[KubeScan](https://github.com/controlplaneio/kubesec) is a security scanning tool for Kubernetes pods, deployments, daemonsets and statefulsets.
+[KubeSec](https://github.com/controlplaneio/kubesec) is a security scanning tool for Kubernetes pods, deployments, daemonsets and statefulsets.
 
 #### Example usage