bashbang · bashbang · Apr 1, 2026 · Nov 18, 2021 · Nov 18, 2021 · Apr 1, 2026
diff --git a/.github/workflows/build_util.yml b/.github/workflows/build_util.yml
@@ -15,7 +15,7 @@ jobs:
       - uses: actions/checkout@v3
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.33.1
+        uses: aquasecurity/trivy-action@0.34.0
         with:
           format: "sarif"
           output: "trivy-results.sarif"

diff --git a/tekton/pipeline.yaml b/tekton/pipeline.yaml
@@ -0,0 +1,49 @@
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: p-git-collin-test
+spec:
+  description: |
+    prints the README.md from the selected repo & branch
+  params:
+    - name: repo-url
+      type: string
+      description: The git repository URL to clone from.
+    - name: branch-name
+      type: string
+      description: The git branch to clone.
+  workspaces:
+    - name: shared-data
+      description: |
+        This workspace will receive the cloned git repo and be passed
+        to the next Task for the repo's README.md file to be read.
+    - name: ssh-creds
+      description: |
+        This workspace will provide ssh credentials to the git-clone task.
+  tasks:
+    - name: fetch-repo
+      taskRef:
+        name: git-clone
+      workspaces:
+      - name: output
+        workspace: shared-data
+      - name: ssh-directory
+        workspace: ssh-creds
+      params:
+      - name: url
+        value: $(params.repo-url)
+      - name: revision
+        value: $(params.branch-name)
+#    - name: cat-readme
+#      runAfter: ["fetch-repo"] # Wait until the clone is done before reading the readme.
+#      workspaces:
+#      - name: source
+#        workspace: shared-data
+#      taskSpec:
+#        workspaces:
+#        - name: source
+#        steps:
+#        - image: zshusers/zsh:4.3.15
+#          script: |
+#            #!/usr/bin/env zsh
+#            cat $(workspaces.source.path)/README.md
diff --git a/tekton/run.yaml b/tekton/run.yaml
@@ -0,0 +1,35 @@
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  generateName: git-clone-checking-out-a-branch-
+spec:
+#  podTemplate:
+#    affinity:
+#      podAntiAffinity:
+#        requiredDuringSchedulingIgnoredDuringExecution:
+#          - labelSelector:
+#              matchExpressions:
+#              - key: "tekton.dev/pipelineRun"
+#                operator: In
+#                values:
+#                - git-clone-checking-out-a-branch
+#            topologyKey: kubernetes.io/hostname
+  pipelineRef:
+    name: p-git-collin-test
+  workspaces:
+    - name: shared-data
+      volumeClaimTemplate:
+        spec:
+          accessModes:
+          - ReadWriteOnce
+          resources:
+            requests:
+              storage: 1Gi
+    - name: ssh-creds
+      secret:
+        secretName: tkn-ssh-credentials
+  params:
+  - name: repo-url
+    value: git@github.com:gregnrobinson/envoytun.git
+  - name: branch-name
+    value: main
diff --git a/tekton/pipeline-build-deploy.yaml → tekton/task.yaml b/tekton/pipeline-build-deploy.yaml → tekton/task.yaml
@@ -1,90 +1,4 @@
 apiVersion: tekton.dev/v1beta1
-kind: Pipeline
-metadata:
-  name: cat-branch-readme
-spec:
-  description: |
-    prints the README.md from the selected repo & branch
-  params:
-    - name: repo-url
-      type: string
-      description: The git repository URL to clone from.
-    - name: branch-name
-      type: string
-      description: The git branch to clone.
-  workspaces:
-    - name: shared-data
-      description: |
-        This workspace will receive the cloned git repo and be passed
-        to the next Task for the repo's README.md file to be read.
-    - name: ssh-creds
-      description: |
-        This workspace will provide ssh credentials to the git-clone task.
-  tasks:
-    - name: fetch-repo
-      taskRef:
-        name: git-clone
-      workspaces:
-      - name: output
-        workspace: shared-data
-      - name: ssh-directory
-        workspace: ssh-creds
-      params:
-      - name: url
-        value: $(params.repo-url)
-      - name: revision
-        value: $(params.branch-name)
-    - name: cat-readme
-      runAfter: ["fetch-repo"] # Wait until the clone is done before reading the readme.
-      workspaces:
-      - name: source
-        workspace: shared-data
-      taskSpec:
-        workspaces:
-        - name: source
-        steps:
-        - image: zshusers/zsh:4.3.15
-          script: |
-            #!/usr/bin/env zsh
-            cat $(workspaces.source.path)/README.md
----
-apiVersion: tekton.dev/v1beta1
-kind: PipelineRun
-metadata:
-  name: git-clone-checking-out-a-branch
-spec:
-  podTemplate:
-    affinity:
-      podAntiAffinity:
-        requiredDuringSchedulingIgnoredDuringExecution:
-          - labelSelector:
-              matchExpressions:
-              - key: "tekton.dev/pipelineRun"
-                operator: In
-                values:
-                - git-clone-checking-out-a-branch
-            topologyKey: kubernetes.io/hostname
-  pipelineRef:
-    name: cat-branch-readme
-  workspaces:
-    - name: shared-data
-      volumeClaimTemplate:
-        spec:
-          accessModes:
-          - ReadWriteOnce
-          resources:
-            requests:
-              storage: 1Gi
-    - name: ssh-creds
-      secret:
-        secretName: github-cmf-microservices
-  params:
-  - name: repo-url
-    value: git@github.com:my-private/private-repository.git
-  - name: branch-name
-    value: oc-dev
----
-apiVersion: tekton.dev/v1beta1
 kind: Task
 metadata:
   name: git-clone
@@ -255,8 +169,8 @@ spec:
           chmod -R 400 "${PARAM_USER_HOME}"/.ssh/*
           # the stock git-clone V0.4 doesn't seem to leverage the ssh-privatekey unless it's added to a keychain.
           # This has worked for me.  It needs to be verified and once it has should be PRd upstream.
-          eval `ssh-agent -s`
-          ssh-add ${PARAM_USER_HOME}/.ssh/ssh-privatekey
+          #eval `ssh-agent -s`
+          #ssh-add ${PARAM_USER_HOME}/.ssh/ssh-privatekey
         fi
 
         CHECKOUT_DIR="${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}"

diff --git a/utility-pod/Dockerfile b/utility-pod/Dockerfile
@@ -2,14 +2,14 @@ FROM public.ecr.aws/ubuntu/ubuntu:24.04_stable
 
 SHELL ["/bin/bash", "-c"]
 
-RUN apt-get -y update && \
-    apt-get -y upgrade
-
 ARG DEBIAN_FRONTEND=noninteractive
 ARG TARGETPLATFORM
-ARG GH_VERSION="2.82.1"
+ARG GH_VERSION="2.89.0"
+ARG MONGODB_VERSION="8.2"
 
-RUN apt-get -y install \
+RUN apt-get -y update && \
+    apt-get -y upgrade && \
+    apt-get -y install \
         build-essential \
         curl \
         dnsutils \
@@ -33,13 +33,14 @@ RUN apt-get -y install \
         unzip \
         vim \
         wget \
-        yq
+        yq && \
+    rm -rf /var/lib/apt/lists/*
 
 RUN pip3 install --no-cache-dir --break-system-packages patroni[etcd] psycopg[binary]
 
-RUN curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | gpg -o /usr/share/keyrings/mongodb-server-8.0.gpg --dearmor
-RUN echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg ] https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/8.0 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-8.0.list
-RUN apt-get -y update && \
+RUN curl -fsSL https://pgp.mongodb.com/server-8.0.asc | gpg -o /usr/share/keyrings/mongodb-server-${MONGODB_VERSION}.gpg --dearmor && \
+    echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-${MONGODB_VERSION}.gpg ] https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/${MONGODB_VERSION} multiverse" | tee /etc/apt/sources.list.d/mongodb-org-${MONGODB_VERSION}.list && \
+    apt-get -y update && \
     apt-get -y install \
         mongodb-mongosh && \
     rm -rf /var/lib/apt/lists/*