From e13fa558a40faf14162058b3aa54431291b29a78 Mon Sep 17 00:00:00 2001 From: Jason Washburn Date: Sat, 25 Apr 2026 12:28:13 -0500 Subject: [PATCH 1/5] chore: align upstream scanner and updater image tags with chart defaults --- values/upstream-values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/values/upstream-values.yaml b/values/upstream-values.yaml index 8a521c8..1ee2694 100644 --- a/values/upstream-values.yaml +++ b/values/upstream-values.yaml @@ -19,10 +19,10 @@ cve: scanner: image: repository: neuvector/scanner - tag: latest + tag: "6" updater: enabled: true image: repository: neuvector/updater - tag: latest + tag: "0.0.10" From c387e4cb12f736bc720ef553f9ae020de163ee94 Mon Sep 17 00:00:00 2001 From: Jason Washburn Date: Sat, 25 Apr 2026 12:42:19 -0500 Subject: [PATCH 2/5] chore: update scanner and updater tags in upstream zarf component --- zarf.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/zarf.yaml b/zarf.yaml index a7642a2..e232d91 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -37,8 +37,8 @@ components: images: - docker.io/neuvector/controller:5.5.0 - docker.io/neuvector/manager:5.5.0 - - docker.io/neuvector/updater:latest - - docker.io/neuvector/scanner:latest + - docker.io/neuvector/updater:0.0.10 + - docker.io/neuvector/scanner:6 - docker.io/neuvector/enforcer:5.5.0 - name: neuvector From 751328c7bba910685a77dcb50fd41e1e8575b768 Mon Sep 17 00:00:00 2001 From: Jason Washburn Date: Sat, 25 Apr 2026 13:21:51 -0500 Subject: [PATCH 3/5] fix: add internal-cert-dir volume to upstream values to fix permissions --- values/upstream-values.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/values/upstream-values.yaml b/values/upstream-values.yaml index 1ee2694..4f7ec0d 100644 --- a/values/upstream-values.yaml +++ b/values/upstream-values.yaml @@ -20,6 +20,13 @@ cve: image: repository: neuvector/scanner tag: "6" + volumes: + - name: internal-cert-dir + emptyDir: + sizeLimit: 50Mi + volumeMounts: + - mountPath: /etc/neuvector/certs/internal/ + name: internal-cert-dir updater: enabled: true From 00b6f44911b6be4521041d99990da73da06fa39e Mon Sep 17 00:00:00 2001 From: Jason Washburn Date: Mon, 27 Apr 2026 08:07:11 -0500 Subject: [PATCH 4/5] chore: switch to 8 core runner to fix ci test flakiness --- .github/workflows/test.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index d9f7263..f3b6221 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -45,10 +45,11 @@ jobs: with: timeout: 30 options: --set BASE_REPO="ghcr.io/uds-packages" - runsOn: appstore-4-core-amd64 + runsOn: appstore-8-core-amd64 upgrade-flavors: ${{ needs.check-flavor.outputs.upgrade-flavors }} flavor: ${{ matrix.flavor }} type: ${{ matrix.type }} + secrets: inherit # Inherits all secrets from the parent workflow. verify-test: From 5bc6dc130a3e60a4baad78bc4c4d807781811a49 Mon Sep 17 00:00:00 2001 From: Jason Washburn Date: Mon, 27 Apr 2026 08:48:23 -0500 Subject: [PATCH 5/5] chore: switch to 8 core runners on release workflow --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 40f79c4..ec571a0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -28,6 +28,6 @@ jobs: with: flavor: ${{ matrix.flavor }} options: --set BASE_REPO="ghcr.io/uds-packages" - runsOn: ${{ matrix.architecture == 'arm64' && 'appstore-4-core-arm64' || 'appstore-4-core-amd64' }} + runsOn: ${{ matrix.architecture == 'arm64' && 'appstore-8-core-arm64' || 'appstore-8-core-amd64' }} uds-releaser: true secrets: inherit # Inherits all secrets from the parent workflow.