diff --git a/.github/ISSUE_TEMPLATE/badge_status.md b/.github/ISSUE_TEMPLATE/badge_status.md index e293f0f..ac1a980 100644 --- a/.github/ISSUE_TEMPLATE/badge_status.md +++ b/.github/ISSUE_TEMPLATE/badge_status.md @@ -5,27 +5,19 @@ title: '' labels: '' assignees: '' --- +# UDS Registry Package Requirements -## Gold: [Gold](https://github.com/defenseunicorns/uds-core) +For more information on UDS Registry requirements, see the [UDS Package Requirements](https://github.com/defenseunicorns/uds-common/blob/main/docs/uds-packages/requirements/uds-package-requirements.md) document. -_a Gold UDS Package implements best-effort 0-cve images, configuration hardening, and meets the unicorn guarantee out of the box with zero additional effort._ +## Must Haves -- [ ] **Must** satisfy all the requirements of [Silver](https://github.com/defenseunicorns/uds-common/blob/main/docs/uds-packages/requirements/uds-package-requirements.md#silver) packages -- [ ] **Must** include OSCAL-component control mapping and responses for the application. see [OSCAL Guidelines](https://github.com/defenseunicorns/uds-common/blob/main/docs/uds-packages/guidelines/oscal-guidelines.md) -- [ ] **Must** minimize the scope and number of the exemptions to only what is absolutely required by the application -UDS Packages may make use of the [UDS Exemption custom resource](https://github.com/defenseunicorns/uds-core/blob/main/src/pepr/operator/README.md#example-uds-exemption-cr) for exempting any Pepr policies, but in doing so they Must document rationale for the exemptions -- [ ] **Must** declaratively implement any available application hardening guidelines by default (Example: [GitLab Hardening guidelines](https://docs.gitlab.com/ee/security/hardening.html)) -- [ ] **Must** release a unicorn flavor package, providing a minimal CVE baseline - -## Silver: [Silver](https://github.com/defenseunicorns/uds-core) - -_a Silver UDS Package integrates with the main features of the UDS Operator, is documented, maintained, and can be confidently operated in production._ +UDS Package integrates with the main features of the UDS Operator, is documented, maintained, and can be confidently operated in production: -Silver packages: - -- [ ] **Must** satisfy all the requirements of [Bronze](https://github.com/defenseunicorns/uds-common/blob/main/docs/uds-packages/requirements/uds-package-requirements.md#bronze) Packages -- [ ] **Must** define network policies under the `allow` key as required in the [UDS Package Custom Resource](https://github.com/defenseunicorns/uds-core/blob/main/docs/reference/configuration/uds-operator.md) -- [ ] **Must** (except if the application provides no end user login) use and create a Keycloak client through the `sso` key. [UDS Package Custom Resource](https://github.com/defenseunicorns/uds-core/blob/main/docs/reference/configuration/uds-operator.md) +- [ ] **Must** minimize the scope and number exemptions to only what is absolutely required by the application. +UDS Packages may make use of the [UDS Exemption custom resource](https://github.com/defenseunicorns/uds-core/blob/main/src/pepr/operator/README.md#example-uds-exemption-cr) for exempting any Pepr policies, but in doing so they **Must** document rationale for the exemptions +- [ ] **Must** declaratively implement any available application hardening guidelines by default (Example: [GitLab Hardening guidelines](https://docs.gitlab.com/ee/security/hardening.html)) +- [ ] **Must** define network policies under the `allow` key as required in the [UDS Package Custom Resource](https://uds.defenseunicorns.com/reference/configuration/uds-operator/package/#example-uds-package-cr) +- [ ] **Must** (except if the application provides no end user login) use and create a Keycloak client through the `sso` key. [UDS Package Custom Resource](https://uds.defenseunicorns.com/reference/configuration/uds-operator/package/#example-uds-package-cr) - [ ] **Must** (except if the application provides no application metrics) implement monitors for each application metrics endpoint using it's built-in chart monitors, `monitor` key, or manual monitors in the config chart. - [ ] **Must** integrate declaratively (i.e. no clickops) with the UDS Operator - [ ] **Should** expose all configuration (`uds.dev` CRs, additional `Secrets`/`ConfigMap`s, etc) through a Helm chart (ideally in a `chart` or `charts` directory). @@ -42,29 +34,23 @@ Silver packages: - [ ] **May** template network policy keys to provide flexibility for delivery customers to configure. - [ ] **May** end any generated Keycloak client secrets with `-sso` to easily locate them when querying the cluster. - [ ] **May** template Keycloak fields to provide flexibility for delivery customers to configure. - -## Bronze: [Bronze](https://github.com/defenseunicorns/uds-core) - -_a Bronze UDS Package meets the minimum requirements and becomes compatible, but not optimal or fully integrated, with UDS. It is not ready to run in production without significant caveats._ - -Bronze packages: - - [ ] **Should** be created from the [UDS Package Template](https://github.com/uds-packages/template) - [ ] **Must** be declaratively bundled in a [Zarf package](https://docs.zarf.dev/ref/create/) -- [ ] **Must** define any external interfaces under the `expose` key in the [UDS Package Custom Resource](https://github.com/defenseunicorns/uds-core/blob/main/docs/reference/configuration/uds-operator.md) +- [ ] **Must** define any external interfaces under the `expose` key in the [UDS Package Custom Resource](https://uds.defenseunicorns.com/reference/configuration/uds-operator/package/#example-uds-package-cr) - [ ] **Must** deploy and operate successfully with Istio injection enabled in the namespace. - [ ] **Must** implement Journey testing, covering the basic user flows and features of the application (see [Testing Guidelines](https://github.com/defenseunicorns/uds-common/blob/main/docs/uds-packages/guidelines/testing-guidelines.md)) - [ ] **Must** implement Upgrade Testing to ensure that the current development package works when deployed over the previously released one. (see [Testing Guidelines](https://github.com/defenseunicorns/uds-common/blob/main/docs/uds-packages/guidelines/testing-guidelines.md)) -- [ ] **Must** be capable of operating within an airgap (internet-disconnected) environment +- [ ] **Must** be capable of operating within an airgap (internet-disconnected) environment - may need to configure dns on local dev machine - [ ] **Must** be actively maintained by the package maintainers identified in CODEOWNERS [see #CODEOWNERS section for more information](https://github.com/defenseunicorns/uds-common/blob/main/docs/uds-packages/requirements/uds-package-requirements.md#codeowners) - [ ] **Must** be versioned using the UDS Package [Versioning scheme](https://github.com/defenseunicorns/uds-common/blob/main/docs/uds-packages/requirements/uds-package-requirements.md#versioning) - [ ] **Must** contain documentation under a `docs` folder at the root that describes how to configure the package and outlines package dependencies. > This allows users of the package to learn more about exposed configuration - it is recommended to make the entrypoint for configuration configuration.md. - [ ] **Must** have a dependency management bot (such as renovate) configured to open PRs to update the core package and support dependencies. -- [ ] **Must** release its package to the `ghcr.io/defenseunicorns/packages/` namespace as the application's name (i.e. `ghcr.io/defenseunicorns/packages/uds/mattermost`). +- [ ] **Must** release its package to the `ghcr.io/uds-packages/` namespace as the application's name (i.e. `ghcr.io/uds-packages/nexus`). - [ ] **Must** not make the assumption that the `expose` interfaces are accessible to the bastion or pipeline deploying the package (i.e. `*.uds.dev`). - > If web requests need to be made they should be done through a `Job` or `./uds zarf tools kubectl exec` as appropriate. -- [ ] **Must** include application [metadata for Airgap App Store](https://github.com/defenseunicorns/uds-common/blob/main/docs/uds-packages/guidelines/metadata-guidelines.md) publishing + > If web requests need to be made they should be done through a `Job` or `./zarf tools kubectl exec` as appropriate. +- [ ] **Must** not use local commands outside of `coreutils` or `./zarf` self references within `actions`. +- [ ] **Must** include application [metadata for UDS Registry](https://github.com/defenseunicorns/uds-common/blob/main/docs/uds-packages/guidelines/metadata-guidelines.md) publishing - [ ] **Should** lint their configurations with appropriate tooling, such as [`yamllint`](https://github.com/adrienverge/yamllint) and [`zarf dev lint`](https://docs.zarf.dev/commands/zarf_dev_lint/). - [ ] **Should** release a unicorn flavor package, providing a minimal CVE baseline diff --git a/.github/workflows/auto-update.yaml b/.github/workflows/auto-update.yaml deleted file mode 100644 index 58ebe20..0000000 --- a/.github/workflows/auto-update.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2024 Defense Unicorns -# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial - -name: Auto Update - -on: - schedule: - - cron: 0 14 * * * # daily at 8 AM Central (CST = UTC−6) - -# Permissions for the GITHUB_TOKEN used by the workflow. -permissions: - contents: write # Allows writing content to the repository. - packages: read # Allows reading the content of the repository's packages. - -# Abort prior jobs in the same workflow / PR -concurrency: - group: auto-update-${{ github.ref }} - cancel-in-progress: true - -jobs: - auto-update: - uses: defenseunicorns/uds-common/.github/workflows/callable-auto-update.yaml@730d22c6e061153d525a6d6f932e108ae952bd46 # v1.23.0 - secrets: inherit # Inherits all secrets from the parent workflow. diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml index 9c359df..ed11844 100644 --- a/.github/workflows/commitlint.yaml +++ b/.github/workflows/commitlint.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial name: PR Title Check diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index a505931..b16f5d2 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial name: Lint diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 19305e1..ff54e3c 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial name: Release diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index c481ed5..579e2ad 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial name: Scan diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index c60ce78..1918197 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial name: Test diff --git a/bundle/uds-bundle.yaml b/bundle/uds-bundle.yaml index ec1a3a0..7443c20 100644 --- a/bundle/uds-bundle.yaml +++ b/bundle/uds-bundle.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial kind: UDSBundle diff --git a/bundle/uds-config.yaml b/bundle/uds-config.yaml index e4cf9cf..b246332 100644 --- a/bundle/uds-config.yaml +++ b/bundle/uds-config.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial # variables: diff --git a/chart/Chart.yaml b/chart/Chart.yaml index b6f0342..a79e2fb 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial apiVersion: v2 diff --git a/chart/templates/template-sso-secret.yaml b/chart/templates/template-sso-secret.yaml index bbe493a..e20f0ee 100644 --- a/chart/templates/template-sso-secret.yaml +++ b/chart/templates/template-sso-secret.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial # This secret will be used if sso is disabled, instead of the templated one in uds-package.yaml. diff --git a/chart/templates/uds-package.yaml b/chart/templates/uds-package.yaml index d5aebf4..b7f2d37 100644 --- a/chart/templates/uds-package.yaml +++ b/chart/templates/uds-package.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial apiVersion: uds.dev/v1alpha1 diff --git a/chart/values.yaml b/chart/values.yaml index 3bea752..91ddf91 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial # Example values from UDS package repo template diff --git a/common/zarf.yaml b/common/zarf.yaml index 83443a7..662c4a8 100644 --- a/common/zarf.yaml +++ b/common/zarf.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial # yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json diff --git a/releaser.yaml b/releaser.yaml index fe4b5e7..3ebb62b 100644 --- a/releaser.yaml +++ b/releaser.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial # flavors: diff --git a/tasks.yaml b/tasks.yaml index 14a897a..d3dca80 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial # yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/refs/heads/main/tasks.schema.json includes: diff --git a/tasks/test.yaml b/tasks/test.yaml index d81f4c4..f348b8e 100644 --- a/tasks/test.yaml +++ b/tasks/test.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial # yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/refs/heads/main/tasks.schema.json tasks: diff --git a/tests/optional-example-zarf-tests/example-custom-resource.yaml b/tests/optional-example-zarf-tests/example-custom-resource.yaml index 6ca6f92..7500a2c 100644 --- a/tests/optional-example-zarf-tests/example-custom-resource.yaml +++ b/tests/optional-example-zarf-tests/example-custom-resource.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial apiVersion: example-custom-resource.io/v1alpha1 diff --git a/tests/optional-example-zarf-tests/example-secret.yaml b/tests/optional-example-zarf-tests/example-secret.yaml index fe1ec22..330996b 100644 --- a/tests/optional-example-zarf-tests/example-secret.yaml +++ b/tests/optional-example-zarf-tests/example-secret.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial apiVersion: v1 diff --git a/tests/optional-example-zarf-tests/zarf.yaml b/tests/optional-example-zarf-tests/zarf.yaml index 574e94f..18d6464 100644 --- a/tests/optional-example-zarf-tests/zarf.yaml +++ b/tests/optional-example-zarf-tests/zarf.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial # yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json diff --git a/values/common-values.yaml b/values/common-values.yaml index fd2d601..6045301 100644 --- a/values/common-values.yaml +++ b/values/common-values.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial # Values common to all flavors diff --git a/values/registry1-values.yaml b/values/registry1-values.yaml index 52d8fe4..3044859 100644 --- a/values/registry1-values.yaml +++ b/values/registry1-values.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial # Values for registry1 flavor diff --git a/values/unicorn-values.yaml b/values/unicorn-values.yaml index 59cb46f..bebd10f 100644 --- a/values/unicorn-values.yaml +++ b/values/unicorn-values.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial # Values for unicorn flavor diff --git a/values/upstream-values.yaml b/values/upstream-values.yaml index 03a1e91..568a820 100644 --- a/values/upstream-values.yaml +++ b/values/upstream-values.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial # Values for upstream flavor diff --git a/zarf.yaml b/zarf.yaml index b20fa0a..b003ba1 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -1,4 +1,4 @@ -# Copyright 2024 Defense Unicorns +# Copyright 2026 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial # yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json