Apply configuration changes

zammad · Sep 4, 2024 · f2369eb · f2369eb
1 parent 9074008
commit f2369eb
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 2 deletions.
diff --git a/.github/linters/.checkov.yaml b/.github/linters/.checkov.yaml
@@ -0,0 +1,27 @@
+---
+# Don't report passed checks in output
+quiet: true
+
+skip-path:
+  - zammad/templates/tests
+  - zammad/ci
+  - zammad/charts
+
+skip-check:
+  # These checks don't seem to make sense with a / our Helm chart
+  - CKV_K8S_21  # "The default namespace should not be used"
+  - CKV_K8S_10  # "CPU requests should be set"
+  - CKV_K8S_11  # "CPU limits should be set"
+  - CKV_K8S_15  # "Image Pull Policy should be Always"
+  - CKV_K8S_12  # "Memory requests should be set"
+  - CKV_K8S_13  # "Memory limits should be set"
+  - CKV_K8S_43  # "Image should use digest"
+  - CKV_K8S_38  # "Ensure that Service Account Tokens are only mounted where necessary"
+  - CKV_K8S_20  # "Containers should not run with allowPrivilegeEscalation"
+  - CKV_K8S_16  # "Container should not be privileged"
+  - CKV_K8S_40  # "Containers should run as a high UID to avoid host conflict"
+  - CKV_K8S_23  # "Minimize the admission of root containers"
+  - CKV_K8S_22  # "Use read-only filesystem for containers where possible"
+
+  # Maybe consider for improvement
+  - CKV_K8S_35  # "Prefer using secrets as files over secrets as environment variables"
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -32,6 +32,7 @@ jobs:
           VALIDATE_JSCPD: false
           VALIDATE_KUBERNETES_KUBECONFORM: false
           VALIDATE_YAML: false
+          VALIDATE_YAML_PRETTIER: false
 
   lint-chart:
     runs-on: ubuntu-22.04

diff --git a/zammad/Chart.yaml b/zammad/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: zammad
-version: 12.3.5
-appVersion: 6.3.1-130
+version: 12.3.6
+appVersion: 6.3.1-144
 description: Zammad is a web based open source helpdesk/customer support system with many features to manage customer communication via several channels like telephone, facebook, twitter, chat and e-mails.
 home: https://zammad.org
 icon: https://raw.githubusercontent.com/zammad/zammad-documentation/main/images/zammad_logo_600x520.png

diff --git a/zammad/templates/deployment-scheduler.yaml b/zammad/templates/deployment-scheduler.yaml
@@ -7,6 +7,8 @@ metadata:
     app.kubernetes.io/component: zammad-scheduler
   annotations:
     {{- include "zammad.annotations" . | nindent 4 }}
+    checkov.io/skip1: CKV_K8S_8=Liveness Probe Should be Configured - not possible with scheduler
+    checkov.io/skip2: CKV_K8S_9=Readiness Probe Should be Configured - not possible with scheduler
 spec:
   replicas: 1 # Not scalable, may only run once per cluster.
   selector: