diff --git a/.github/workflows/validate-chart-appVersion.yaml b/.github/workflows/validate-chart-appVersion.yaml
index 03856d433..369dcacba 100644
--- a/.github/workflows/validate-chart-appVersion.yaml
+++ b/.github/workflows/validate-chart-appVersion.yaml
@@ -1,10 +1,7 @@
name: Chart-Content
-
on:
- pull_request:
- types:
- - opened
- - synchronize
+ pull_request_target:
+ types: [opened, reopened, ready_for_review, synchronize]
paths:
- deploy/helm/Chart.yaml
@@ -14,6 +11,7 @@ jobs:
permissions:
contents: write
pull-requests: write
+
steps:
- name: Check out code
uses: actions/checkout@v2
@@ -38,6 +36,7 @@ jobs:
with:
labels: app-version-changed
+
- name: remove app-version-changed label
if: ${{ steps.latest_tag.outputs.tag == steps.chart_version.outputs.app_version }}
uses: actions-ecosystem/action-remove-labels@v1
diff --git a/RELEASING.md b/RELEASING.md
index 39e64df70..9a35e9199 100644
--- a/RELEASING.md
+++ b/RELEASING.md
@@ -46,17 +46,17 @@
5. Create an annotated git tag and push it to the `upstream`. This will trigger the [`.github/workflows/release.yaml`] workflow
```
- git tag -v0.15.1 -m 'Release v0.15.1'
- git push upstream v0.15.1
+ git tag -v0.16.0-rc -m 'Release v0.16.0-rc'
+ git push upstream v0.16.0-rc
```
6. Verify that the `release` workflow has built and published the following artifacts
1. Trivy-operator container images published to DockerHub
- `docker.io/aquasec/trivy-operator:0.15.1`
+ `docker.io/aquasec/trivy-operator:0.16.0-rc`
2. Trivy-operator container images published to Amazon ECR Public Gallery
- `public.ecr.aws/aquasecurity/trivy-operator:0.15.1`
+ `public.ecr.aws/aquasecurity/trivy-operator:0.16.0-rc`
2. Trivy-operator container images published to GitHub Container Registry
- `ghcr.io/aquasecurity/trivy-operator:0.15.1`
+ `ghcr.io/aquasecurity/trivy-operator:0.16.0-rc`
7. Publish docs on by manually triggering the [`.github/workflows/publish-docs.yaml`] workflow
8. Submit trivy-operator Operator to OperatorHub and ArtifactHUB by opening the PR to the repository.
@@ -65,5 +65,4 @@
[`deploy/helm/templates/specs/nsa-1.0.yaml`]: ./deploy/helm/templates/specs/nsa-1.0.yaml
[`mkdocs.yml`]: ./mkdocs.yml
[`.github/workflows/release.yaml`]: ./.github/workflows/release.yaml
-[`.github/workflows/publish-helm-chart.yaml`]: ./.github/workflows/publish-helm-chart.yaml
[`.github/workflows/publish-docs.yaml`]: ./.github/workflows/publish-docs.yaml
diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml
index 20076705a..211c0cf67 100644
--- a/deploy/helm/Chart.yaml
+++ b/deploy/helm/Chart.yaml
@@ -6,12 +6,12 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.17.0
+version: 0.18.0-rc
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 0.15.1
+appVersion: 0.16.0-rc
# kubeVersion: A SemVer range of compatible Kubernetes versions (optional)
diff --git a/deploy/helm/README.md b/deploy/helm/README.md
index 4e6fd2604..09ed28cfc 100644
--- a/deploy/helm/README.md
+++ b/deploy/helm/README.md
@@ -1,6 +1,6 @@
# trivy-operator
-  
+  
Keeps security report resources updated
diff --git a/deploy/helm/templates/specs/cis-1.23.yaml b/deploy/helm/templates/specs/cis-1.23.yaml
index 993b3129f..8fbf914e2 100644
--- a/deploy/helm/templates/specs/cis-1.23.yaml
+++ b/deploy/helm/templates/specs/cis-1.23.yaml
@@ -5,7 +5,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: 0.15.1
+ app.kubernetes.io/version: 0.16.0-rc
app.kubernetes.io/managed-by: kubectl
spec:
cron: {{ .Values.compliance.cron | quote}}
diff --git a/deploy/helm/templates/specs/nsa-1.0.yaml b/deploy/helm/templates/specs/nsa-1.0.yaml
index aaaf47b01..5908854cf 100644
--- a/deploy/helm/templates/specs/nsa-1.0.yaml
+++ b/deploy/helm/templates/specs/nsa-1.0.yaml
@@ -5,7 +5,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
app.kubernetes.io/managed-by: kubectl
spec:
cron: {{ .Values.compliance.cron | quote }}
diff --git a/deploy/helm/templates/specs/pss-baseline.yaml b/deploy/helm/templates/specs/pss-baseline.yaml
index 68e48c539..a896e668a 100644
--- a/deploy/helm/templates/specs/pss-baseline.yaml
+++ b/deploy/helm/templates/specs/pss-baseline.yaml
@@ -5,7 +5,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: 0.15.1
+ app.kubernetes.io/version: 0.16.0-rc
app.kubernetes.io/managed-by: kubectl
spec:
cron: {{ .Values.compliance.cron | quote }}
diff --git a/deploy/helm/templates/specs/pss-restricted.yaml b/deploy/helm/templates/specs/pss-restricted.yaml
index 98975877d..725abfabd 100644
--- a/deploy/helm/templates/specs/pss-restricted.yaml
+++ b/deploy/helm/templates/specs/pss-restricted.yaml
@@ -5,7 +5,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: 0.15.1
+ app.kubernetes.io/version: 0.16.0-rc
app.kubernetes.io/managed-by: kubectl
spec:
cron: {{ .Values.compliance.cron | quote }}
diff --git a/deploy/static/namespace.yaml b/deploy/static/namespace.yaml
index 7a3b5ee18..ec0cd9a85 100644
--- a/deploy/static/namespace.yaml
+++ b/deploy/static/namespace.yaml
@@ -6,5 +6,5 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
app.kubernetes.io/managed-by: kubectl
diff --git a/deploy/static/trivy-operator.yaml b/deploy/static/trivy-operator.yaml
index 52eb7ec5b..4042566f7 100644
--- a/deploy/static/trivy-operator.yaml
+++ b/deploy/static/trivy-operator.yaml
@@ -2104,7 +2104,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
app.kubernetes.io/managed-by: kubectl
---
# Source: trivy-operator/templates/config.yaml
@@ -2116,7 +2116,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
app.kubernetes.io/managed-by: kubectl
---
# Source: trivy-operator/templates/config.yaml
@@ -2128,7 +2128,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
app.kubernetes.io/managed-by: kubectl
data:
---
@@ -2141,7 +2141,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
app.kubernetes.io/managed-by: kubectl
data:
nodeCollector.volumes: "[{\"hostPath\":{\"path\":\"/var/lib/etcd\"},\"name\":\"var-lib-etcd\"},{\"hostPath\":{\"path\":\"/var/lib/kubelet\"},\"name\":\"var-lib-kubelet\"},{\"hostPath\":{\"path\":\"/var/lib/kube-scheduler\"},\"name\":\"var-lib-kube-scheduler\"},{\"hostPath\":{\"path\":\"/var/lib/kube-controller-manager\"},\"name\":\"var-lib-kube-controller-manager\"},{\"hostPath\":{\"path\":\"/etc/systemd\"},\"name\":\"etc-systemd\"},{\"hostPath\":{\"path\":\"/lib/systemd\"},\"name\":\"lib-systemd\"},{\"hostPath\":{\"path\":\"/etc/kubernetes\"},\"name\":\"etc-kubernetes\"},{\"hostPath\":{\"path\":\"/etc/cni/net.d/\"},\"name\":\"etc-cni-netd\"}]"
@@ -2163,7 +2163,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
app.kubernetes.io/managed-by: kubectl
data:
trivy.repository: "ghcr.io/aquasecurity/trivy"
@@ -2194,7 +2194,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
app.kubernetes.io/managed-by: kubectl
spec:
replicas: 1
@@ -2214,7 +2214,7 @@ spec:
automountServiceAccountToken: true
containers:
- name: "trivy-operator"
- image: "ghcr.io/aquasecurity/trivy-operator:0.15.1"
+ image: "ghcr.io/aquasecurity/trivy-operator:0.16.0-rc"
imagePullPolicy: IfNotPresent
env:
- name: OPERATOR_NAMESPACE
@@ -2336,7 +2336,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
app.kubernetes.io/managed-by: kubectl
rules:
- apiGroups:
@@ -2363,7 +2363,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
app.kubernetes.io/managed-by: kubectl
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -2383,7 +2383,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
app.kubernetes.io/managed-by: kubectl
data:
# example
@@ -2433,7 +2433,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
app.kubernetes.io/managed-by: kubectl
---
# Source: trivy-operator/templates/rbac.yaml
@@ -2784,7 +2784,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
app.kubernetes.io/managed-by: kubectl
rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -2809,7 +2809,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
app.kubernetes.io/managed-by: kubectl
rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -2834,7 +2834,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
app.kubernetes.io/managed-by: kubectl
rbac.authorization.k8s.io/aggregate-to-view: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -2858,7 +2858,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
app.kubernetes.io/managed-by: kubectl
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -2878,7 +2878,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
app.kubernetes.io/managed-by: kubectl
rules:
- apiGroups:
@@ -2908,7 +2908,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
app.kubernetes.io/managed-by: kubectl
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -2928,7 +2928,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
app.kubernetes.io/managed-by: kubectl
spec:
clusterIP: None
diff --git a/docs/docs/crds/clustercompliance-report.md b/docs/docs/crds/clustercompliance-report.md
index 6a635fecf..79d98041b 100644
--- a/docs/docs/crds/clustercompliance-report.md
+++ b/docs/docs/crds/clustercompliance-report.md
@@ -1346,7 +1346,7 @@ status:
"app.kubernetes.io/instance": "trivy-operator",
"app.kubernetes.io/managed-by": "kubectl",
"app.kubernetes.io/name": "trivy-operator",
- "app.kubernetes.io/version": "0.15.1"
+ "app.kubernetes.io/version": "0.16.0-rc"
},
"name": "cis",
"resourceVersion": "8985",
diff --git a/docs/docs/crds/configaudit-report.md b/docs/docs/crds/configaudit-report.md
index 57a83100b..86f29b51f 100644
--- a/docs/docs/crds/configaudit-report.md
+++ b/docs/docs/crds/configaudit-report.md
@@ -36,7 +36,7 @@ report:
scanner:
name: Trivy
vendor: Aqua Security
- version: '0.15.1'
+ version: '0.16.0-rc'
summary:
criticalCount: 2
highCount: 0
diff --git a/docs/docs/crds/exposedsecret-report.md b/docs/docs/crds/exposedsecret-report.md
index 6d4a316b8..46d96ca5a 100644
--- a/docs/docs/crds/exposedsecret-report.md
+++ b/docs/docs/crds/exposedsecret-report.md
@@ -34,7 +34,7 @@ metadata:
report:
artifact:
repository: myimagewithsecret
- tag: v0.15.1
+ tag: v0.16.0-rc
registry:
server: index.docker.io
scanner:
diff --git a/docs/docs/crds/rbacassessment-report.md b/docs/docs/crds/rbacassessment-report.md
index b6ed8cbaf..97dd58900 100644
--- a/docs/docs/crds/rbacassessment-report.md
+++ b/docs/docs/crds/rbacassessment-report.md
@@ -177,7 +177,7 @@ report:
scanner:
name: Trivy
vendor: Aqua Security
- version: '0.15.1'
+ version: '0.16.0-rc'
summary:
criticalCount: 1
highCount: 0
diff --git a/docs/docs/design/caching_scan_results_by_repo_digest.md b/docs/docs/design/caching_scan_results_by_repo_digest.md
index b5f441548..81dc673a6 100644
--- a/docs/docs/design/caching_scan_results_by_repo_digest.md
+++ b/docs/docs/design/caching_scan_results_by_repo_digest.md
@@ -129,5 +129,5 @@ We can't use something like ownerReference since it would delete all vulnerabili
a gate.
* Both Trivy-Operator CLI and Trivy-Operator Operator can read and leverage ClusterVulnerabilityReports.
-[Standalone]: https://aquasecurity.github.io/trivy-operator/v0.15.1/integrations/vulnerability-scanners/trivy/#standalone
-[ClientServer]: https://aquasecurity.github.io/trivy-operator/v0.15.1/integrations/vulnerability-scanners/trivy/#clientserver
+[Standalone]: https://aquasecurity.github.io/trivy-operator/v0.16.0-rc/integrations/vulnerability-scanners/trivy/#standalone
+[ClientServer]: https://aquasecurity.github.io/trivy-operator/v0.16.0-rc/integrations/vulnerability-scanners/trivy/#clientserver
diff --git a/docs/docs/design/design_compliance_report.md b/docs/docs/design/design_compliance_report.md
index c0e2832aa..7f57179b9 100644
--- a/docs/docs/design/design_compliance_report.md
+++ b/docs/docs/design/design_compliance_report.md
@@ -542,7 +542,7 @@ metadata:
name: clustercompliancereports.aquasecurity.github.io
labels:
app.kubernetes.io/managed-by: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
spec:
group: aquasecurity.github.io
scope: Cluster
@@ -678,7 +678,7 @@ metadata:
name: clustercompliancedetailreports.aquasecurity.github.io
labels:
app.kubernetes.io/managed-by: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
spec:
group: aquasecurity.github.io
versions:
diff --git a/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md b/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md
index cceca80ba..2915c0351 100644
--- a/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md
+++ b/docs/docs/design/design_vuln_scan_job_in_same_namespace_of_workload.md
@@ -219,6 +219,6 @@ With this approach trivy operator will not have to worry about managing(create/d
- As we will run scan job with service account of workload and if there are some very strict PSP defined in the cluster
then scan job will be blocked due to the PSP.
-[ECR registry configuration]: https://aquasecurity.github.io/trivy-operator/v0.15.1/integrations/managed-registries/#amazon-elastic-container-registry-ecr
+[ECR registry configuration]: https://aquasecurity.github.io/trivy-operator/v0.16.0-rc/integrations/managed-registries/#amazon-elastic-container-registry-ecr
[IAM role to service account]: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html
[Trivy fs command]: https://github.com/aquasecurity/trivy-operator/blob/main/docs/design/design_trivy_file_system_scanner.md
diff --git a/docs/docs/vulnerability-scanning/managed-registries.md b/docs/docs/vulnerability-scanning/managed-registries.md
index e5f9d457e..c7a0b5452 100644
--- a/docs/docs/vulnerability-scanning/managed-registries.md
+++ b/docs/docs/vulnerability-scanning/managed-registries.md
@@ -40,7 +40,7 @@ metadata:
labels:
app.kubernetes.io/name: trivy-operator
app.kubernetes.io/instance: trivy-operator
- app.kubernetes.io/version: "0.15.1"
+ app.kubernetes.io/version: "0.16.0-rc"
app.kubernetes.io/managed-by: kubectl
azure.workload.identity/use: "true"
annotations:
diff --git a/docs/tutorials/grafana-dashboard.md b/docs/tutorials/grafana-dashboard.md
index 2460b3ad0..99ebfc81a 100644
--- a/docs/tutorials/grafana-dashboard.md
+++ b/docs/tutorials/grafana-dashboard.md
@@ -92,7 +92,7 @@ Next, we can install the operator with the following command:
helm install trivy-operator aqua/trivy-operator \
--namespace trivy-system \
--create-namespace \
- --version 0.15.1 \
+ --version 0.16.0-rc \
--values trivy-values.yaml
```
diff --git a/docs/tutorials/private-registries.md b/docs/tutorials/private-registries.md
index 7ab522b0e..062d829fc 100644
--- a/docs/tutorials/private-registries.md
+++ b/docs/tutorials/private-registries.md
@@ -47,7 +47,7 @@ Lastly, we can deploy the operator inside our cluster with referencing our new `
helm upgrade --install trivy-operator aqua/trivy-operator \
--namespace trivy-system \
--create-namespace \
- --version 0.15.1
+ --version 0.16.0-rc
--values ./values.yaml
```
@@ -57,7 +57,7 @@ Alternatively, it is possible to set the values directly through Helm instead of
helm upgrade --install trivy-operator aqua/trivy-operator \
--namespace trivy-system \
--create-namespace \
- --version 0.15.1
+ --version 0.16.0-rc
--set="trivy.command=fs"
--set="trivyOperator.scanJobPodTemplateContainerSecurityContext.runAsUser=0"
```
@@ -230,7 +230,7 @@ Lastly, we can deploy the operator inside our cluster with referencing our new `
helm upgrade --install trivy-operator aqua/trivy-operator \
--namespace trivy-system \
--create-namespace \
- --version 0.15.1
+ --version 0.16.0-rc
--values ./values.yaml
```
@@ -240,7 +240,7 @@ Alternatively, it is possible to set the values directly through Helm instead of
helm upgrade --install trivy-operator aqua/trivy-operator \
--namespace trivy-system \
--create-namespace \
- --version 0.15.1
+ --version 0.16.0-rc
--set-json='operator.privateRegistryScanSecretsNames={"app":"dockerconfigjson-github-com"}'
```
@@ -262,4 +262,4 @@ trivy-operator 1/1 1 1 99s
The last way that you could give the Trivy operator access to your private container registry is through managed registries. In this case, the container registry and your Kubernetes cluster would have to be on the same cloud provider; then you can define access to your container namespace as part of the IAM account. Once defined, trivy will already have the permissions for the registry.
-For additional information, please refer to the [documentation on managed registries.](https://aquasecurity.github.io/trivy-operator/v0.15.1/docs/vulnerability-scanning/managed-registries/)
+For additional information, please refer to the [documentation on managed registries.](https://aquasecurity.github.io/trivy-operator/v0.16.0-rc/docs/vulnerability-scanning/managed-registries/)
diff --git a/mkdocs.yml b/mkdocs.yml
index 009b86641..1b7401e98 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -86,8 +86,8 @@ extra:
method: mike
provider: mike
var:
- prev_git_tag: "v0.15.0"
- chart_version: "0.15.1"
+ prev_git_tag: "v0.15.1"
+ chart_version: "0.18.0-rc"
plugins:
- search