Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added the Helm chart for the Secrets Manager operator #123

Merged
merged 44 commits into from
Jun 7, 2024
Merged

Added the Helm chart for the Secrets Manager operator #123

merged 44 commits into from
Jun 7, 2024

Conversation

jhbeskow
Copy link
Contributor

@jhbeskow jhbeskow commented Mar 5, 2024

Initial creation of the Helm chart for Secrets Manager operator.

@bitwarden-bot
Copy link

bitwarden-bot commented Mar 5, 2024
edited
Loading

Logo
Checkmarx One – Scan Summary & Details8f32dabb-ab87-4ab1-98ed-f775c50df4f2

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH Passwords And Secrets - Generic Password /tests.yml: [117](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/tests.yml# L117) Query to find passwords and secrets in infrastructure code.
MEDIUM Unpinned Actions Full Length Commit SHA /update-versions-self-host.yml: [27](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/update-versions-self-host.yml# L27) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump-self-host.yml: [23](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/version-bump-self-host.yml# L23) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /tests.yml: [38](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/tests.yml# L38) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump-sm-operator.yml: [47](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/version-bump-sm-operator.yml# L47) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /update-versions-self-host.yml: [131](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/update-versions-self-host.yml# L131) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /update-versions-self-host.yml: [52](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/update-versions-self-host.yml# L52) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump-self-host.yml: [96](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/version-bump-self-host.yml# L96) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump-self-host.yml: [39](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/version-bump-self-host.yml# L39) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump-sm-operator.yml: [30](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/version-bump-sm-operator.yml# L30) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump-self-host.yml: [103](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/version-bump-self-host.yml# L103) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump-self-host.yml: [111](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/version-bump-self-host.yml# L111) Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...

Fixed Issues

Severity Issue Source File / Package
HIGH Passwords And Secrets - Generic Password /tests.yml: [103](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/tests.yml# L103)
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [23](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/version-bump.yml# L23)
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [96](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/version-bump.yml# L96)
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [103](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/version-bump.yml# L103)
MEDIUM Unpinned Actions Full Length Commit SHA /update-versions.yml: [52](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/update-versions.yml# L52)
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [39](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/version-bump.yml# L39)
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: [111](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/version-bump.yml# L111)
MEDIUM Unpinned Actions Full Length Commit SHA /update-versions.yml: [131](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/update-versions.yml# L131)
MEDIUM Unpinned Actions Full Length Commit SHA /update-versions.yml: [27](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//.github/workflows/update-versions.yml# L27)
LOW Container Requests Not Equal To It's Limits /web.yaml: [56](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//charts/self-host/templates/web.yaml# L56)
LOW Container Requests Not Equal To It's Limits /events.yaml: [70](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//charts/self-host/templates/events.yaml# L70)
LOW Container Requests Not Equal To It's Limits /admin.yaml: [70](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//charts/self-host/templates/admin.yaml# L70)
LOW Container Requests Not Equal To It's Limits /identity.yaml: [72](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//charts/self-host/templates/identity.yaml# L72)
LOW Container Requests Not Equal To It's Limits /attachments.yaml: [56](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//charts/self-host/templates/attachments.yaml# L56)
LOW Container Requests Not Equal To It's Limits /api.yaml: [70](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//charts/self-host/templates/api.yaml# L70)
LOW Container Requests Not Equal To It's Limits /notifications.yaml: [70](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//charts/self-host/templates/notifications.yaml# L70)
LOW Container Requests Not Equal To It's Limits /sso.yaml: [72](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//charts/self-host/templates/sso.yaml# L72)
LOW Container Requests Not Equal To It's Limits /icons.yaml: [81](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//charts/self-host/templates/icons.yaml# L81)
LOW Container Requests Not Equal To It's Limits /events.yaml: [70](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//charts/self-host/templates/events.yaml# L70)
LOW Container Requests Not Equal To It's Limits /sso.yaml: [72](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//charts/self-host/templates/sso.yaml# L72)
LOW Container Requests Not Equal To It's Limits /identity.yaml: [72](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//charts/self-host/templates/identity.yaml# L72)
LOW Container Requests Not Equal To It's Limits /api.yaml: [70](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//charts/self-host/templates/api.yaml# L70)
LOW Container Requests Not Equal To It's Limits /notifications.yaml: [70](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//charts/self-host/templates/notifications.yaml# L70)
LOW Container Requests Not Equal To It's Limits /admin.yaml: [70](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//charts/self-host/templates/admin.yaml# L70)
LOW Container Requests Not Equal To It's Limits /web.yaml: [56](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//charts/self-host/templates/web.yaml# L56)
LOW Container Requests Not Equal To It's Limits /icons.yaml: [81](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//charts/self-host/templates/icons.yaml# L81)
LOW Container Requests Not Equal To It's Limits /mssql.yaml: [37](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//charts/self-host/templates/mssql.yaml# L37)
LOW Container Requests Not Equal To It's Limits /attachments.yaml: [56](https://github.com/bitwarden/helm-charts/blob/features/sm-operator-chart//charts/self-host/templates/attachments.yaml# L56)

@jhbeskow jhbeskow requested a review from joseph-flinn April 1, 2024 21:53
@jhbeskow
Locking down affinity to only the architectures we currently support.…
5c34fff 
… These are the only ones we have static binaries for.
@jhbeskow jhbeskow marked this pull request as ready for review June 5, 2024 18:45
@jhbeskow jhbeskow requested review from a team as code owners June 5, 2024 18:45
@jhbeskow jhbeskow enabled auto-merge (squash) June 5, 2024 18:59
vgrassia
vgrassia previously approved these changes Jun 6, 2024
View reviewed changes
coltonhurst
coltonhurst reviewed Jun 6, 2024
View reviewed changes
Copy link
Member

@coltonhurst coltonhurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks pretty good, though I am not super familiar with Helm charts, so just a couple questions / whitespace kind of things.

.github/workflows/tests.yml Show resolved Hide resolved
.github/workflows/tests.yml Show resolved Hide resolved
.github/workflows/update-versions-sm-operator.yml Outdated Show resolved Hide resolved
charts/sm-operator/.helmignore Show resolved Hide resolved
charts/sm-operator/values.schema.json Show resolved Hide resolved
charts/sm-operator/values.yaml Show resolved Hide resolved
@jhbeskow jhbeskow requested review from coltonhurst and vgrassia June 6, 2024 21:31
joseph-flinn
joseph-flinn approved these changes Jun 7, 2024
View reviewed changes
Copy link

@joseph-flinn joseph-flinn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll approve in @vgrassia's stead since he's OOO tomorrow

@jhbeskow jhbeskow merged commit 42435d8 into main Jun 7, 2024
6 checks passed
@jhbeskow jhbeskow deleted the features/sm-operator-chart branch June 7, 2024 12:03
@tangowithfoxtrot
Copy link

I didn't see that auto-merge was enabled for this.

@jhbeskow
Copy link
Contributor Author

jhbeskow commented Jun 7, 2024

I didn't see that auto-merge was enabled for this.

This was my fault. I was afraid this would get reviewed while I am out. @coltonhurst, if you see anything that still needs to be fixed, let me know today, and I will knock it out.

@coltonhurst
Copy link
Member

No worries at all @jhbeskow @tangowithfoxtrot

Looks good, thanks for the hard work :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joseph-flinn joseph-flinn joseph-flinn approved these changes

@tangowithfoxtrot tangowithfoxtrot tangowithfoxtrot approved these changes

@coltonhurst coltonhurst Awaiting requested review from coltonhurst

@vgrassia vgrassia Awaiting requested review from vgrassia

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@jhbeskow @bitwarden-bot @tangowithfoxtrot @coltonhurst @vgrassia @joseph-flinn