Merge branch 'develop' into main

.github/dependabot.yml

@@ -0,0 +1,7 @@
+version: 2
+updates:
+  - package-ecosystem: docker
+    directory: src/docker
+    schedule:
+      interval: daily
+    target-branch: develop

AUTHORS.md

@@ -2,7 +2,7 @@
 
 - [Clémence Lesné](https://github.com/clemlesne)
 
-Authors of [the original project, emberstack/docker-azure-pipelines-agent](https://github.com/emberstack/docker-azure-pipelines-agent):
+Authors of [the original project, emberstack/docker-azure-pipelines-agent](https://github.com/emberstack/docker-azure-pipelines-agent), which this project is forked from (sorted alphabetically):
 
 - [Fabian Wiesel](https://github.com/fwiesel)
 - [Romeo Dumitrescu](https://github.com/winromulus)

README.md

@@ -46,21 +46,10 @@ helm upgrade --install agent clemlesne-azure-pipelines-agent/azure-pipelines-age
 | `docker pull ghcr.io/clemlesne/azure-pipelines-agent:bullseye-main` | Debian Bullseye (11) slim | `linux/amd64`, `linux/arm/v7`, `linux/arm64/v8` | [See Debian LTS wiki.](https://wiki.debian.org/LTS) |
 | `docker pull ghcr.io/clemlesne/azure-pipelines-agent:focal-main` | Ubuntu Focal (20.04) minimal | `linux/amd64`, `linux/arm/v7`, `linux/arm64/v8` | [See Ubuntu LTS wiki.](https://wiki.ubuntu.com/Releases) |
 | `docker pull ghcr.io/clemlesne/azure-pipelines-agent:jammy-main` | Ubuntu Jammy (22.04) minimal | `linux/amd64`, `linux/arm/v7`, `linux/arm64/v8` | [See Ubuntu LTS wiki.](https://wiki.ubuntu.com/Releases) |
-| `docker pull ghcr.io/clemlesne/azure-pipelines-agent:ubi8-main` | Red Hat UBI 8 | `linux/amd64`, `linux/arm64/v8` | [See Red Hat product life cycles.](https://access.redhat.com/product-life-cycles/?product=Red%20Hat%20Enterprise%20Linux) |
+| `docker pull ghcr.io/clemlesne/azure-pipelines-agent:ubi8-main` | Red Hat UBI 8 (8.7) minimal | `linux/amd64`, `linux/arm64/v8` | [See Red Hat product life cycles.](https://access.redhat.com/product-life-cycles/?product=Red%20Hat%20Enterprise%20Linux) |
 
 ## Advanced topics
 
-### Security & reliability notes
-
-Systems are built every days. Each image is accompanied by a SBOM (Software Bill of Materials) which allows to verify that the installed packages are those expected. This speed has the advantage of minimizing exposure to security flaws, which will then be corrected on the build environments in 24 hours. To do this, by default, Kubernetes downloads the image at each pod deployment.
-
-Nevertheless:
-
-- These downloads may incur network costs.
-- It can happen that a package provider (e.g. Debian, Canonical, Red Hat) deploys a system update that introduces a bug. This is difficult to predict.
-
-So it is possible to change the `image.pullPolicy` property to `IfNotPresent`, but these updates will not be downloaded automatically. Each image is pushed with a unique tag, which corresponds to the date of the last update (example: `bullseye-20230313` for a build on March 13, 2023). It is therefore possible to fix the download of a version by modifying the `image.version` property to `20230313`.
-
 ### Provided software
 
 - [Azure Pipelines agent system requirements](https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/docker?view=azure-devops#linux)
@@ -99,6 +88,6 @@ So it is possible to change the `image.pullPolicy` property to `IfNotPresent`, b
 | `serviceAccount.name` | ServiceAccount name | *Release name* |
 | `tolerations` | Toleration labels for pod assignment. | `[]` |
 
-## Support
+## [Security](./SECURITY.md)
 
-If you need help or found a bug, please feel free to open an issue on the [clemlesne/azure-pipelines-agent](https://github.com/clemlesne/azure-pipelines-agent) GitHub project.
+## [Authors](./AUTHORS.md)

SECURITY.md

@@ -0,0 +1,20 @@
+# Security Policy
+
+## Reliability notes
+
+Systems are built every days. Each image is accompanied by a SBOM (Software Bill of Materials) which allows to verify that the installed packages are those expected. This speed has the advantage of minimizing exposure to security flaws, which will then be corrected on the build environments in 24 hours. To do this, by default, Kubernetes downloads the image at each pod deployment.
+
+Nevertheless:
+
+- These downloads may incur network costs.
+- It can happen that a package provider (e.g. Debian, Canonical, Red Hat) deploys a system update that introduces a bug. This is difficult to predict.
+
+So it is possible to change the `image.pullPolicy` property to `IfNotPresent`, but these updates will not be downloaded automatically. Each image is pushed with a unique tag, which corresponds to the date of the last update (example: `bullseye-20230313` for a build on March 13, 2023). It is therefore possible to fix the download of a version by modifying the `image.version` property to `20230313`.
+
+## Reporting a Vulnerability
+
+If you think you have found a vulnerability, please do not open an issue on GitHub. Instead, please send an email to [Clémence Lesné](mailto:[email protected]).
+
+## Support
+
+If you need help or found a bug, please feel free to open an issue on the [clemlesne/azure-pipelines-agent](https://github.com/clemlesne/azure-pipelines-agent) GitHub project.

artifacthub-repo.yml

@@ -3,4 +3,4 @@
 repositoryID: 9cc083d3-128e-4cbb-934f-8c62b42ef538
 owners:
   - name: clemlesne
-    email: [email protected]
+    email: [email protected]

src/helm/azure-pipelines-agent/Chart.yaml

@@ -24,8 +24,8 @@ home: https://github.com/clemlesne/azure-pipelines-agent
 sources:
   - https://github.com/clemlesne/azure-pipelines-agent
 maintainers:
-  - name: clemlesne
-    email: [email protected]
+  - name: Clémence Lesné
+    email: [email protected]
 annotations:
   artifacthub.io/category: integration-delivery
   artifacthub.io/license: Apache-2.0