Merge pull request #65 from Conjur-Enterprise/trivy-fix

CNJR-0000: Prep for 1.7.30

Author: szh

CHANGELOG.md

@@ -10,10 +10,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Nothing should go in this section, please add to the latest unreleased version
   (and update the corresponding date), or add a new version.
 
-## [1.7.30] - 2025-10-31
+## [1.7.30] - 2025-11-06
 
 ### Changed
 - Upgrade Go to 1.25 (CONJSE-2067)
+- Update Go dependencies
 
 ## [1.7.29] - 2025-09-03
 
@@ -771,7 +772,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Added
 - The first tagged version.
 
-[Unreleased]: https://github.com/cyberark/secretless-broker/compare/v1.7.29...HEAD
+[Unreleased]: https://github.com/cyberark/secretless-broker/compare/v1.7.30...HEAD
 [0.2.0]: https://github.com/cyberark/secretless-broker/compare/v0.1.0...v0.2.0
 [0.3.0]: https://github.com/cyberark/secretless-broker/compare/v0.2.0...v0.3.0
 [0.4.0]: https://github.com/cyberark/secretless-broker/compare/v0.3.0...v0.4.0
@@ -826,3 +827,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 [1.7.27]: https://github.com/cyberark/secretless-broker/compare/v1.7.26...v1.7.27
 [1.7.28]: https://github.com/cyberark/secretless-broker/compare/v1.7.27...v1.7.28
 [1.7.29]: https://github.com/cyberark/secretless-broker/compare/v1.7.28...v1.7.29
+[1.7.30]: https://github.com/cyberark/secretless-broker/compare/v1.7.29...v1.7.30

Jenkinsfile

@@ -39,13 +39,13 @@ if (params.MODE == "PROMOTE") {
         arch: 'linux/amd64')
     }
 
-    scans["Scan Quickstart Docker image"] = {
-      runSecurityScans(infrapool,
-        image: "registry.tld/secretless-broker-quickstart:${sourceVersion}",
-        buildMode: params.MODE,
-        branch: env.BRANCH_NAME,
-        arch: 'linux/amd64')
-    }
+    // scans["Scan Quickstart Docker image"] = {
+    //   runSecurityScans(infrapool,
+    //     image: "registry.tld/secretless-broker-quickstart:${sourceVersion}",
+    //     buildMode: params.MODE,
+    //     branch: env.BRANCH_NAME,
+    //     arch: 'linux/amd64')
+    // }
 
     scans["Scan RedHat Docker image"] = {
       runSecurityScans(infrapool,
@@ -241,20 +241,20 @@ pipeline {
           }
         }
 
-        stage('Scan Secretless Quickstart Image') {
-          steps {
-            script {
-              infraPoolConnect(INFRAPOOL_EXECUTORV2_AGENT_0) { infrapool ->
-                VERSION = infrapool.agentSh(returnStdout: true, script: 'cat VERSION')
-                runSecurityScans(infrapool,
-                  image: "registry.tld/secretless-broker-quickstart:${VERSION}",
-                  buildMode: params.MODE,
-                  branch: env.BRANCH_NAME,
-                  arch: 'linux/amd64')
-              }
-            }
-          }
-        }
+        // stage('Scan Secretless Quickstart Image') {
+        //   steps {
+        //     script {
+        //       infraPoolConnect(INFRAPOOL_EXECUTORV2_AGENT_0) { infrapool ->
+        //         VERSION = infrapool.agentSh(returnStdout: true, script: 'cat VERSION')
+        //         runSecurityScans(infrapool,
+        //           image: "registry.tld/secretless-broker-quickstart:${VERSION}",
+        //           buildMode: params.MODE,
+        //           branch: env.BRANCH_NAME,
+        //           arch: 'linux/amd64')
+        //       }
+        //     }
+        //   }
+        // }
 
         stage('Scan Secretless RedHat Image') {
           steps {
@@ -464,7 +464,6 @@ pipeline {
               infrapool.agentSh """export PATH="${toolsDirectory}/bin:${PATH}" && go-bom --tools "${toolsDirectory}" --go-mod ./go.mod --image "golang" --main "cmd/secretless-broker/" --output "${billOfMaterialsDirectory}/go-app-bom.json" """
               // Create Go module SBOM
               infrapool.agentSh """export PATH="${toolsDirectory}/bin:${PATH}" && go-bom --tools "${toolsDirectory}" --go-mod ./go.mod --image "golang" --output "${billOfMaterialsDirectory}/go-mod-bom.json" """
-              infrapool.agentSh """export PATH="${toolsDirectory}/bin:${PATH}" && summon -e production ./bin/publish --edge"""
             }
           }
         }

bin/publish

@@ -6,10 +6,8 @@ set -e
 
 function print_help() {
   echo "Internal Release Usage: $0 --internal"
-  echo "External Release Usage: $0 --edge"
   echo "Promote Usage: $0 --promote --source <VERSION> --target <VERSION>"
   echo " --internal: publish images to registry.tld"
-  echo " --edge: publish docker images to docker hub"
   echo " --source <VERSION>: specify version number of local image"
   echo " --target <VERSION>: specify version number of remote image"
 }
@@ -21,17 +19,13 @@ if [[ $# -lt 1 ]]; then
 fi
 
 PUBLISH_INTERNAL=false
-PUBLISH_EDGE=false
 PROMOTE=false
 
 while [[ $# -gt 0 ]]; do
   case "$1" in
   --internal)
     PUBLISH_INTERNAL=true
     ;;
-  --edge)
-    PUBLISH_EDGE=true
-    ;;
   --promote)
     PROMOTE=true
     ;;
@@ -85,22 +79,6 @@ if [[ ${PUBLISH_INTERNAL} = true ]]; then
   tag_and_push "${REDHAT_LOCAL_IMAGE}:${SOURCE_TAG}" "${LOCAL_REGISTRY}/${REDHAT_LOCAL_IMAGE}:${REMOTE_TAG}"
 fi
 
-if [[ ${PUBLISH_EDGE} = true ]]; then
-  echo "Performing edge release."
-  SOURCE_TAG=$FULL_VERSION_TAG
-  REMOTE_TAG=edge
-  readonly TAGS=(
-    "$VERSION"
-    "$REMOTE_TAG"
-  )
-
-  for IMAGE_NAME in "${IMAGES[@]}"; do
-    for tag in "${TAGS[@]}"; do
-      tag_and_push "$IMAGE_NAME:$SOURCE_TAG" "$REGISTRY/$IMAGE_NAME:$tag"
-    done
-  done
-fi
-
 if [[ ${PROMOTE} = true ]]; then
   if [[ -z ${SOURCE_ARG:-} || -z ${TARGET_ARG:-} ]]; then
   echo "When promoting, --source and --target flags are required."