From 542c92fce993110fa8274194a807a1cdba654dd8 Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Mon, 7 Jul 2025 17:06:09 +0300 Subject: [PATCH 1/3] chore: update app-proxy image tags to 1.3627.0 - send process env into simple-git calls --- charts/gitops-runtime/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gitops-runtime/values.yaml b/charts/gitops-runtime/values.yaml index c778c9e8..87dabda3 100644 --- a/charts/gitops-runtime/values.yaml +++ b/charts/gitops-runtime/values.yaml @@ -545,7 +545,7 @@ app-proxy: tag: 1.1.14-main image: repository: quay.io/codefresh/cap-app-proxy - tag: 1.3628.0 + tag: 1.3630.0 pullPolicy: IfNotPresent # -- Extra volume mounts for main container extraVolumeMounts: [] @@ -553,7 +553,7 @@ app-proxy: initContainer: image: repository: quay.io/codefresh/cap-app-proxy-init - tag: 1.3628.0 + tag: 1.3630.0 pullPolicy: IfNotPresent command: - ./init.sh From 2a3b509d8d6e9731764612824bc5ffb6dd77e6a3 Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Mon, 7 Jul 2025 17:51:36 +0300 Subject: [PATCH 2/3] feat: add GIT_SSL_CAINFO environment variable for secure Git operations This change introduces the GIT_SSL_CAINFO variable to specify the location of the CA certificate for SSL connections, enhancing the security of Git operations within the app-proxy environment. Additionally, it removes the WORKFLOW_PIPELINES_WEBHOOKS_TLS_SECRET variable to streamline the configuration. --- .../cap-app-proxy/environment-variables/_main-container.yaml | 1 + charts/gitops-runtime/templates/app-proxy/_app-proxy-env.yaml | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml index a10448e4..074be1e8 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml @@ -211,6 +211,7 @@ IRW_JIRA_ENRICHMENT_TASK_IMAGE: key: enrichmentJiraEnrichmentImage optional: true NODE_EXTRA_CA_CERTS: /app/config/all/all.cer +GIT_SSL_CAINFO: /app/config/all/all.cer {{- end -}} {{/* diff --git a/charts/gitops-runtime/templates/app-proxy/_app-proxy-env.yaml b/charts/gitops-runtime/templates/app-proxy/_app-proxy-env.yaml index 0937dfd6..458d017b 100644 --- a/charts/gitops-runtime/templates/app-proxy/_app-proxy-env.yaml +++ b/charts/gitops-runtime/templates/app-proxy/_app-proxy-env.yaml @@ -12,7 +12,6 @@ GIT_USERNAME: {{ .Values.global.runtime.gitCredentials.username }} GIT_PASSWORD: {{- include "codefresh-gitops-runtime.runtime-gitcreds.password.env-var-value" . | nindent 2 }} {{- end }} -WORKFLOW_PIPELINES_WEBHOOKS_TLS_SECRET: codefresh-workflow-pipelines-tls {{- /* Target account id, used for hosted runtimes registration. Not used in hybrid */}} {{- if .Values.global.runtime.codefreshHosted }} INSTALLATION_TYPE: HELM_HOSTED From 22fc1404b909be2dae120c31fba387fb9681a74e Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Tue, 8 Jul 2025 14:53:17 +0300 Subject: [PATCH 3/3] chore: remove GIT_SSL_CAINFO environment variable from container config This change removes the GIT_SSL_CAINFO variable from the environment variables defined for the cap-app-proxy container. This adjustment ensures that the configuration aligns with the current security standards and practices. --- .../cap-app-proxy/environment-variables/_main-container.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml b/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml index 074be1e8..a10448e4 100644 --- a/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml +++ b/charts/gitops-runtime/templates/_components/cap-app-proxy/environment-variables/_main-container.yaml @@ -211,7 +211,6 @@ IRW_JIRA_ENRICHMENT_TASK_IMAGE: key: enrichmentJiraEnrichmentImage optional: true NODE_EXTRA_CA_CERTS: /app/config/all/all.cer -GIT_SSL_CAINFO: /app/config/all/all.cer {{- end -}} {{/*