Merge pull request #144 from vidispine/release-1.33

Release 1.33

Author: gre9ory

azure-pipelines-gated.yml

@@ -14,7 +14,7 @@ pr:
     - release-*
 
 pool:
-    vmImage: 'ubuntu-20.04'
+    vmImage: 'ubuntu-24.04'
 jobs:
 - job: RunTests
   steps:
@@ -25,6 +25,11 @@ jobs:
       - version: "3.10.3"
       - version: "3.11.3"
       - version: "3.12.3"
-      - version: "3.13.2"
+      - version: "3.13.3"
+      - version: "3.14.4"
+      - version: "3.15.4"
+      - version: "3.16.4"
+      - version: "3.17.3"
+
 
 

azure-pipelines.yml

@@ -15,7 +15,7 @@ trigger: none
 pr: none
 
 pool:
-    vmImage: 'ubuntu-20.04'
+    vmImage: 'ubuntu-24.04'
 
 jobs:
 - job: RunTests
@@ -28,8 +28,11 @@ jobs:
       - version: "3.10.3"
       - version: "3.11.3"
       - version: "3.12.3"
-      - version: "3.13.2"
-
+      - version: "3.13.3"
+      - version: "3.14.4"
+      - version: "3.15.4"
+      - version: "3.16.4"
+      - version: "3.17.3"
 
 - job: CreateRelease
   dependsOn: RunTests

hull-vidispine-addon/Chart.yaml

@@ -1,6 +1,6 @@
 # Basic chart description and version
 apiVersion: v1
-appVersion: 1.32.0
+appVersion: 1.33.1
 description: hull-vidispine-addon
 name: hull-vidispine-addon
-version: 1.32.0
+version: 1.33.1

hull-vidispine-addon/hull-vidispine-addon.yaml

@@ -267,6 +267,15 @@ hull:
                     register: true
                     remove: false
 
+    templates:
+      pod: 
+        global: {}
+        no-root:
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: 1001
+      container:
+        global: {}
 ###################################################
 
   objects:
@@ -309,15 +318,15 @@ hull:
           helm.sh/hook-weight: "-15"
           helm.sh/hook-delete-policy: before-hook-creation
 
-    clusterrolebinding:
+    rolebinding:
       hull-install-events:
         annotations:
           helm.sh/hook: pre-install,pre-upgrade
           helm.sh/hook-weight: "-15"
           helm.sh/hook-delete-policy: before-hook-creation
         roleRef:
           apiGroup: rbac.authorization.k8s.io
-          kind: ClusterRole
+          kind: Role
           name: _HT^events
         subjects:
         - kind: ServiceAccount
@@ -330,13 +339,14 @@ hull:
           helm.sh/hook-delete-policy: before-hook-creation
         roleRef:
           apiGroup: rbac.authorization.k8s.io
-          kind: ClusterRole
+          kind: Role
           name: _HT^events
         subjects:
         - kind: ServiceAccount
           name: _HT^hull-configure
           namespace: _HT!{{ (index . "$").Release.Namespace }}
-    clusterrole:
+    
+    role:
       events:
         annotations:
           helm.sh/hook: pre-install,pre-upgrade
@@ -377,6 +387,8 @@ hull:
         annotations:
           "helm.sh/hook-delete-policy": before-hook-creation
         pod:
+          sources:
+          - no-root
           containers:
             installation:
               command: ["/bin/sh", "-c"]
@@ -420,7 +432,7 @@ hull:
             installation:
               image:
                 repository: hull/hull-integration
-                tag: <HULL-VIDISPINE-ADDON-VERSION>
+                tag: <HULL-VIDISPINE-ADDON-VERSION>-noroot
               args: _HT![
                 {{ if (or (index . "$").Values.hull.config.general.data.installation.config.customCaCertificates (index . "$").Values.hull.config.general.data.installation.config.certificateSecrets) }}
                 echo Updating Certificates;
@@ -448,7 +460,7 @@ hull:
             installation:
               image:
                 repository: hull/hull-integration
-                tag: <HULL-VIDISPINE-ADDON-VERSION>
+                tag: <HULL-VIDISPINE-ADDON-VERSION>-noroot
               args: _HT![
                 {{ if (or (index . "$").Values.hull.config.general.data.installation.config.customCaCertificates (index . "$").Values.hull.config.general.data.installation.config.certificateSecrets) }}
                 echo Updating Certificates;

hull-vidispine-addon/templates/_library.tpl

@@ -521,6 +521,7 @@ initContainers:
         name: custom-scripts
         mountPath: /custom-scripts
   set-custom-script-permissions:
+    enabled: false
     image:
       repository: {{ dig "images" "dbTools" "repository" "vpms/dbtools" $parent.Values.hull.config.specific }}
       tag: {{ (dig "images" "dbTools" "tag" (dig "tags" "dbTools" "2.0-noroot" $parent.Values.hull.config.specific) $parent.Values.hull.config.specific) | toString | quote }}
@@ -650,6 +651,7 @@ volumes:
   script-configmap:
     configMap:
       name: {{ $createScriptConfigMap }}
+      defaultMode: 0777
   custom-scripts:
     emptyDir: {}
 {{ end }}

images/hull-integration/Dockerfile

@@ -1,8 +1,9 @@
-FROM mcr.microsoft.com/powershell:7.3-ubuntu-22.04
+FROM mcr.microsoft.com/powershell:lts-7.4-ubuntu-22.04
 RUN pwsh -NonInteractive -Command Install-Module -Force -Scope AllUsers powershell-yaml
 RUN apt-get update
+RUN apt-get -y upgrade
 RUN apt-get -y install curl
-ENV VERSION="1.1.0"
+ENV VERSION="1.2.3"
 RUN curl -LO "https://github.com/oras-project/oras/releases/download/v${VERSION}/oras_${VERSION}_linux_amd64.tar.gz" 
 RUN ls
 RUN mkdir -p oras-install/

images/hull-integration/Dockerfile-noroot

@@ -1,8 +1,9 @@
-FROM mcr.microsoft.com/powershell:7.3-ubuntu-22.04
+FROM mcr.microsoft.com/powershell:lts-7.4-ubuntu-22.04
 RUN pwsh -NonInteractive -Command Install-Module -Force -Scope AllUsers powershell-yaml
 RUN apt-get update
+RUN apt-get -y upgrade
 RUN apt-get -y install curl
-ENV VERSION="1.1.0"
+ENV VERSION="1.2.3"
 RUN curl -LO "https://github.com/oras-project/oras/releases/download/v${VERSION}/oras_${VERSION}_linux_amd64.tar.gz" 
 RUN ls
 RUN mkdir -p oras-install/