From ca5d5f82800ea6d7ecfa38eb2b5d8b85e709bb9f Mon Sep 17 00:00:00 2001 From: Dominik Kaminski Date: Wed, 27 Sep 2023 20:48:03 +0200 Subject: [PATCH] fix(keycloak-bootstrap): Use OCI registry and verify chart signatures --- helmfile/apps/keycloak-bootstrap/helmfile.yaml | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/helmfile/apps/keycloak-bootstrap/helmfile.yaml b/helmfile/apps/keycloak-bootstrap/helmfile.yaml index 6a86d6cc..5cd543fe 100644 --- a/helmfile/apps/keycloak-bootstrap/helmfile.yaml +++ b/helmfile/apps/keycloak-bootstrap/helmfile.yaml @@ -2,14 +2,21 @@ # SPDX-License-Identifier: Apache-2.0 --- repositories: - - name: "sovereign-workplace-keycloak-bootstrap-repo" + # openDesk Keycloak Bootstrap + # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-keycloak-bootstrap + - name: "opendesk-keycloak-bootstrap-repo" + oci: true + # yamllint disable rule:line-length url: >- - {{ env "PRIVATE_CHART_REPOSITORY_URL" | - default "https://gitlab.souvap-univention.de/api/v4/projects/138/packages/helm/stable" }} + {{ env "PRIVATE_IMAGE_REGISTRY_URL" | + default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-keycloak-bootstrap" }} + # yamllint enable rule:line-length + verify: true + keyring: "../../../pubkey.gpg" releases: - - name: "sovereign-workplace-keycloak-bootstrap" - chart: "sovereign-workplace-keycloak-bootstrap-repo/sovereign-workplace-keycloak-bootstrap" + - name: "opendesk-keycloak-bootstrap" + chart: "opendesk-keycloak-bootstrap-repo/sovereign-workplace-keycloak-bootstrap" version: "1.1.11" values: - "values-bootstrap.gotmpl"