From eab0654defd6935f47df9dfa166a641267daf551 Mon Sep 17 00:00:00 2001 From: Vadim Kharin Date: Mon, 8 Sep 2025 17:32:14 +0300 Subject: [PATCH 1/3] chore(cfapi): migrate to @node-saml/passport-saml to fix critical security vulnerability --- charts/codefresh/Chart.yaml | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/charts/codefresh/Chart.yaml b/charts/codefresh/Chart.yaml index 9fbe35f1a..abb339d33 100644 --- a/charts/codefresh/Chart.yaml +++ b/charts/codefresh/Chart.yaml @@ -111,92 +111,92 @@ dependencies: condition: gitops-dashboard-manager.enabled - name: cfapi alias: cfapi - version: 21.279.8 + version: 21.279.9-onprem-71444dd repository: oci://quay.io/codefresh/charts condition: cfapi.enabled - name: cfapi alias: cfapi-auth - version: 21.279.8 + version: 21.279.9-onprem-71444dd repository: oci://quay.io/codefresh/charts condition: cfapi-auth.enabled - name: cfapi alias: cfapi-internal - version: 21.279.8 + version: 21.279.9-onprem-71444dd repository: oci://quay.io/codefresh/charts condition: cfapi-internal.enabled - name: cfapi alias: cfapi-ws - version: 21.279.8 + version: 21.279.9-onprem-71444dd repository: oci://quay.io/codefresh/charts condition: cfapi-ws.enabled - name: cfapi alias: cfapi-admin - version: 21.279.8 + version: 21.279.9-onprem-71444dd repository: oci://quay.io/codefresh/charts condition: cfapi-admin.enabled - name: cfapi alias: cfapi-endpoints - version: 21.279.8 + version: 21.279.9-onprem-71444dd repository: oci://quay.io/codefresh/charts condition: cfapi-endpoints.enabled - name: cfapi alias: cfapi-terminators - version: 21.279.8 + version: 21.279.9-onprem-71444dd repository: oci://quay.io/codefresh/charts condition: cfapi-terminators.enabled - name: cfapi alias: cfapi-sso-group-synchronizer - version: 21.279.8 + version: 21.279.9-onprem-71444dd repository: oci://quay.io/codefresh/charts condition: cfapi-sso-group-synchronizer.enabled - name: cfapi alias: cfapi-buildmanager - version: 21.279.8 + version: 21.279.9-onprem-71444dd repository: oci://quay.io/codefresh/charts condition: cfapi-buildmanager.enabled - name: cfapi alias: cfapi-cacheevictmanager - version: 21.279.8 + version: 21.279.9-onprem-71444dd repository: oci://quay.io/codefresh/charts condition: cfapi-cacheevictmanager.enabled - name: cfapi alias: cfapi-eventsmanagersubscriptions - version: 21.279.8 + version: 21.279.9-onprem-71444dd repository: oci://quay.io/codefresh/charts condition: cfapi-eventsmanagersubscriptions.enabled - name: cfapi alias: cfapi-kubernetesresourcemonitor - version: 21.279.8 + version: 21.279.9-onprem-71444dd repository: oci://quay.io/codefresh/charts condition: cfapi-kubernetesresourcemonitor.enabled - name: cfapi alias: cfapi-environments - version: 21.279.8 + version: 21.279.9-onprem-71444dd repository: oci://quay.io/codefresh/charts condition: cfapi-environments.enabled - name: cfapi alias: cfapi-gitops-resource-receiver - version: 21.279.8 + version: 21.279.9-onprem-71444dd repository: oci://quay.io/codefresh/charts condition: cfapi-gitops-resource-receiver.enabled - name: cfapi alias: cfapi-downloadlogmanager - version: 21.279.8 + version: 21.279.9-onprem-71444dd repository: oci://quay.io/codefresh/charts condition: cfapi-downloadlogmanager.enabled - name: cfapi alias: cfapi-teams - version: 21.279.8 + version: 21.279.9-onprem-71444dd repository: oci://quay.io/codefresh/charts condition: cfapi-teams.enabled - name: cfapi alias: cfapi-kubernetes-endpoints - version: 21.279.8 + version: 21.279.9-onprem-71444dd repository: oci://quay.io/codefresh/charts condition: cfapi-kubernetes-endpoints.enabled - name: cfapi alias: cfapi-test-reporting - version: 21.279.8 + version: 21.279.9-onprem-71444dd repository: oci://quay.io/codefresh/charts condition: cfapi-test-reporting.enabled - name: cfui From f5534e21f5e02147388416705fd5d9b819aea0f2 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 8 Sep 2025 18:03:11 +0300 Subject: [PATCH 2/3] pin seed jobs to amd64 arch --- charts/codefresh/.ci/values/defaults.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/charts/codefresh/.ci/values/defaults.yaml b/charts/codefresh/.ci/values/defaults.yaml index 2f80ae4cd..db3231ff0 100644 --- a/charts/codefresh/.ci/values/defaults.yaml +++ b/charts/codefresh/.ci/values/defaults.yaml @@ -100,3 +100,10 @@ hooks: mongodb: nodeSelector: kubernetes.io/arch: amd64 + rabbitmq: + nodeSelector: + kubernetes.io/arch: amd64 + +seed: + nodeSelector: + kubernetes.io/arch: amd64 From 8388346b6dd24d7ee19a7c5ee4d443b34a4b9ed6 Mon Sep 17 00:00:00 2001 From: Mikhail Klimko Date: Mon, 8 Sep 2025 18:25:40 +0300 Subject: [PATCH 3/3] pin hooks to amd64 arch --- charts/codefresh/.ci/values/defaults.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/codefresh/.ci/values/defaults.yaml b/charts/codefresh/.ci/values/defaults.yaml index db3231ff0..431dcfe8f 100644 --- a/charts/codefresh/.ci/values/defaults.yaml +++ b/charts/codefresh/.ci/values/defaults.yaml @@ -103,6 +103,9 @@ hooks: rabbitmq: nodeSelector: kubernetes.io/arch: amd64 + consul: + nodeSelector: + kubernetes.io/arch: amd64 seed: nodeSelector: