uds-packages · codyshoffner · Oct 16, 2025 · Oct 16, 2025 · Oct 16, 2025 · Oct 16, 2025
@@ -18,7 +18,7 @@ jobs:
       matrix:
         type: [install, upgrade]
         flavor: [upstream, unicorn]
-    uses: defenseunicorns/uds-common/.github/workflows/callable-ci-docs-shim.yaml@106abc12b02b2e4ba9e803cd092fd3d02b5099e4 # v1.18.0
+    uses: defenseunicorns/uds-common/.github/workflows/callable-ci-docs-shim.yaml@4f46bb2110abc2c994ad242b099822de71de1ecc # v1.20.5
     with:
       flavor: ${{ matrix.flavor }}
       type: ${{ matrix.type }}

@@ -15,4 +15,4 @@ permissions:
 
 jobs:
   validate:
-    uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@106abc12b02b2e4ba9e803cd092fd3d02b5099e4 # v1.18.0
+    uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@4f46bb2110abc2c994ad242b099822de71de1ecc # v1.20.5
@@ -15,5 +15,5 @@ permissions:
 
 jobs:
   validate:
-    uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@106abc12b02b2e4ba9e803cd092fd3d02b5099e4 # v1.18.0
+    uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@4f46bb2110abc2c994ad242b099822de71de1ecc # v1.20.5
     secrets: inherit
@@ -27,7 +27,7 @@ jobs:
         exclude:
           - flavor: registry1
             architecture: arm64
-    uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@106abc12b02b2e4ba9e803cd092fd3d02b5099e4 # v1.18.0
+    uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@4f46bb2110abc2c994ad242b099822de71de1ecc # v1.20.5
     with:
       flavor: ${{ matrix.flavor }}
       runsOn: ${{ matrix.architecture == 'arm64' && 'uds-swf-ubuntu-arm64-8-core' || 'uds-swf-ubuntu-big-boy-8-core' }}

@@ -18,5 +18,5 @@ jobs:
       packages: read # Allows reading the content of the repository's packages.
       id-token: write # Allows authentication to Chainguard via OIDC.
       pull-requests: write # Allows writing the scan results comment to the pull request.
-    uses: defenseunicorns/uds-common/.github/workflows/callable-scan.yaml@106abc12b02b2e4ba9e803cd092fd3d02b5099e4 # v1.18.0
+    uses: defenseunicorns/uds-common/.github/workflows/callable-scan.yaml@4f46bb2110abc2c994ad242b099822de71de1ecc # v1.20.5
     secrets: inherit # Inherits all secrets from the parent workflow.
@@ -32,5 +32,5 @@ jobs:
       security-events: write
       # Used to receive a badge.
       id-token: write
-    uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@106abc12b02b2e4ba9e803cd092fd3d02b5099e4 # v1.18.0
+    uses: defenseunicorns/uds-common/.github/workflows/callable-scorecard.yaml@4f46bb2110abc2c994ad242b099822de71de1ecc # v1.20.5
     secrets: inherit
@@ -29,7 +29,7 @@ jobs:
         uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
       - name: test-flavor
-        uses: defenseunicorns/uds-common/.github/actions/test-flavor@106abc12b02b2e4ba9e803cd092fd3d02b5099e4 # v1.18.0
+        uses: defenseunicorns/uds-common/.github/actions/test-flavor@4f46bb2110abc2c994ad242b099822de71de1ecc # v1.20.5
         id: test-flavor
     outputs:
       upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }}
@@ -41,7 +41,7 @@ jobs:
       matrix:
         type: [install, upgrade]
         flavor: [upstream, unicorn]
-    uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@106abc12b02b2e4ba9e803cd092fd3d02b5099e4 # v1.18.0
+    uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@4f46bb2110abc2c994ad242b099822de71de1ecc # v1.20.5
     with:
       upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }}
       flavor: ${{ matrix.flavor }}

@@ -3,16 +3,16 @@
 
 includes:
   - test: ./tasks/test.yaml
-  - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.18.0/tasks/create.yaml
-  - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.18.0/tasks/publish.yaml
-  - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.18.0/tasks/lint.yaml
-  - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.18.0/tasks/pull.yaml
-  - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.18.0/tasks/deploy.yaml
-  - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.18.0/tasks/setup.yaml
-  - actions: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.18.0/tasks/actions.yaml
-  - badge: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.18.0/tasks/badge.yaml
-  - upgrade: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.18.0/tasks/upgrade.yaml
-  - compliance: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.18.0/tasks/compliance.yaml
+  - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.20.5/tasks/create.yaml
+  - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.20.5/tasks/publish.yaml
+  - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.20.5/tasks/lint.yaml
+  - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.20.5/tasks/pull.yaml
+  - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.20.5/tasks/deploy.yaml
+  - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.20.5/tasks/setup.yaml
+  - actions: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.20.5/tasks/actions.yaml
+  - badge: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.20.5/tasks/badge.yaml
+  - upgrade: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.20.5/tasks/upgrade.yaml
+  - compliance: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.20.5/tasks/compliance.yaml
 
 tasks:
   - name: default

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: valkey-test
-          image: bitnami/valkey:8.1.3-debian-12-r3
+          image: valkey/valkey:8.1.3
           envFrom:  # Note: in production, do not store sensitive data (like passwords) in env vars. Mount in as a file instead.
             - secretRef:
                 name: valkey-standalone
@@ -68,7 +68,7 @@ spec:
     spec:
       containers:
         - name: valkey-test
-          image: bitnami/valkey:8.1.3-debian-12-r3
+          image: valkey/valkey:8.1.3
           envFrom:  # Note: in production, do not store sensitive data (like passwords) in env vars. Mount in as a file instead.
             - secretRef:
                 name: valkey-replicated-w-sentinel

@@ -18,7 +18,7 @@ components:
           - valkey/uds-package.yaml
           - valkey/test-job.yaml
     images:
-      - bitnami/valkey:8.1.3-debian-12-r3
+      - valkey/valkey:8.1.3
     actions:
       onDeploy:
         before:
@@ -27,4 +27,4 @@ components:
         after:
           - description: Watch test jobs and report their conditions
             cmd: ./tests/watch-jobs.sh
-            maxTotalSeconds: 120
+            maxTotalSeconds: 240
@@ -7,10 +7,10 @@ image:
   tag: 8.1.3-jammy-fips-rfcurated
 
 sentinel:
-  image:  # Unicorn flavor option DNE
+  image:
     registry: quay.io
-    repository: rfcurated/valkey-sentinel
-    tag: 8.1.3-jammy-bnt-fips-rfcurated
+    repository: rfcurated/valkey/valkey
+    tag: 8.1.3-jammy-fips-rfcurated
 
 metrics:
   image:

@@ -3,17 +3,17 @@
 
 image:
   registry: docker.io
-  repository: bitnami/valkey
-  tag: 8.1.3-debian-12-r3
+  repository: valkey/valkey
+  tag: 8.1.3
 
 sentinel:
   image:
     registry: docker.io
-    repository: bitnami/valkey-sentinel
-    tag: 8.1.3-debian-12-r3
+    repository: valkey/valkey
+    tag: 8.1.3
 
 metrics:
   image:
     registry: docker.io
-    repository: bitnami/redis-exporter
+    repository: bitnamilegacy/redis-exporter
     tag: 1.76.0-debian-12-r0
@@ -12,3 +12,46 @@ metrics:
 
 sentinel:
   primarySet: mymaster
+
+  # The valkey-sentinel container needs to be able to write to the sentinel.conf file.
+  # Copy the file to a writable directory and run valkey-server in the sentinel mode.
+  extraVolumes:
+    - name: sentinel-conf
+      emptyDir: {}
+    - name: valkey-secret
+      secret:
+        secretName: valkey-password
+        items:
+          - key: valkey-password
+            path: valkey-password
+
+  extraVolumeMounts:
+    - name: sentinel-conf
+      mountPath: /opt/bitnami/valkey-sentinel/sentinel-conf
+    - name: valkey-secret
+      mountPath: /secrets/valkey-sentinel
+
+  command: ["/bin/sh", "-c"]
+  args:
+    - |
+      PW_FILE="/secrets/valkey-sentinel/valkey-password"
+      PW="$(cat "$PW_FILE")"
+
+      cp /opt/bitnami/valkey-sentinel/mounted-etc/sentinel.conf /opt/bitnami/valkey-sentinel/sentinel-conf/sentinel.conf && \
+      chown 1001:1001 /opt/bitnami/valkey-sentinel/sentinel-conf/sentinel.conf && \
+
+      cat > /opt/bitnami/valkey-sentinel/sentinel-conf/sentinel.conf <<EOF
+      port 26379
+      sentinel monitor mymaster valkey.valkey-replicated-w-sentinel.svc.cluster.local 6379 2
+      sentinel announce-ip valkey.valkey-replicated-w-sentinel.svc.cluster.local
+      sentinel down-after-milliseconds mymaster 60000
+      sentinel failover-timeout mymaster 180000
+      sentinel parallel-syncs mymaster 1
+      sentinel resolve-hostnames yes
+      sentinel announce-hostnames yes
+      # Sentinel authenticates to the master:
+      sentinel auth-pass mymaster ${PW}
+      requirepass ${PW}
+      EOF
+
+      exec valkey-server /opt/bitnami/valkey-sentinel/sentinel-conf/sentinel.conf --sentinel
@@ -26,9 +26,8 @@ components:
         valuesFiles:
           - ./values/upstream-values.yaml
     images:
-      - bitnami/valkey:8.1.3-debian-12-r3
-      - bitnami/redis-exporter:1.76.0-debian-12-r0
-      - bitnami/valkey-sentinel:8.1.3-debian-12-r3
+      - docker.io/valkey/valkey:8.1.3
+      - bitnamilegacy/redis-exporter:1.76.0-debian-12-r0
 
   - name: valkey
     required: true
@@ -43,4 +42,3 @@ components:
     images:
       - quay.io/rfcurated/valkey/valkey:8.1.3-jammy-fips-rfcurated
       - quay.io/rfcurated/redis-exporter:1.76.0-jammy-scratch-bnt-fips-rfcurated
-      - quay.io/rfcurated/valkey-sentinel:8.1.3-jammy-bnt-fips-rfcurated