From 84296c62154692573c5f10e8f8948758945dac52 Mon Sep 17 00:00:00 2001
From: David Anderson <david.n.anderson@gsa.gov>
Date: Mon, 1 Jul 2024 14:58:53 -0400
Subject: [PATCH] update to use hardened containers

---
 ci/pipeline.yml          | 43 ++++++++++++++++++++++++++++++++++------
 ci/smoke-test.yml        |  4 ++--
 jumpbox-pages.yml        |  4 ++--
 jumpbox.yml              |  4 ++--
 shell-pipeline-pages.yml | 26 ++++++++++++++++++++++--
 shell-pipeline.yml       | 26 ++++++++++++++++++++++--
 6 files changed, 91 insertions(+), 16 deletions(-)

diff --git a/ci/pipeline.yml b/ci/pipeline.yml
index 1e95691..6862da4 100644
--- a/ci/pipeline.yml
+++ b/ci/pipeline.yml
@@ -336,6 +336,15 @@ resources:
 
 
 resource_types:
+- name: registry-image
+  type: registry-image
+  source:
+    aws_access_key_id: ((ecr_aws_key))
+    aws_secret_access_key: ((ecr_aws_secret))
+    repository: registry-image-resource
+    aws_region: us-gov-west-1
+    tag: latest
+
 - name: slack-notification
   type: registry-image
   source:
@@ -348,16 +357,38 @@ resource_types:
 - name: bosh-deployment
   type: registry-image
   source:
-    repository: cloudfoundry/bosh-deployment-resource
-    registry_mirror:
-      host: docker-registry-mirror.app.cloud.gov:443
+    aws_access_key_id: ((ecr_aws_key))
+    aws_secret_access_key: ((ecr_aws_secret))
+    repository: bosh-deployment-resource
+    aws_region: us-gov-west-1
+    tag: latest
 
 - name: s3-iam
   type: registry-image
   source:
-    repository: 18fgsa/s3-resource
-    registry_mirror:
-      host: docker-registry-mirror.app.cloud.gov:443
+    aws_access_key_id: ((ecr_aws_key))
+    aws_secret_access_key: ((ecr_aws_secret))
+    repository: s3-resource
+    aws_region: us-gov-west-1
+    tag: latest
+
+- name: git
+  type: registry-image
+  source:
+    aws_access_key_id: ((ecr_aws_key))
+    aws_secret_access_key: ((ecr_aws_secret))
+    repository: git-resource
+    aws_region: us-gov-west-1
+    tag: latest
+
+- name: bosh-io-stemcell
+  type: registry-image
+  source:
+    aws_access_key_id: ((ecr_aws_key))
+    aws_secret_access_key: ((ecr_aws_secret))
+    repository: bosh-io-stemcell-resource
+    aws_region: us-gov-west-1
+    tag: latest
 
 - name: terraform
   type: docker-image
diff --git a/ci/smoke-test.yml b/ci/smoke-test.yml
index 2348d7c..dd10c73 100644
--- a/ci/smoke-test.yml
+++ b/ci/smoke-test.yml
@@ -6,9 +6,9 @@ image_resource:
   source:
     aws_access_key_id: ((ecr_aws_key))
     aws_secret_access_key: ((ecr_aws_secret))
-    repository: harden-concourse-task
+    repository: general-task
     aws_region: us-gov-west-1
-    tag: ((harden-concourse-task-tag))
+    tag: latest
 
 inputs:
 - name: concourse-config
diff --git a/jumpbox-pages.yml b/jumpbox-pages.yml
index 2741219..d5dba4c 100644
--- a/jumpbox-pages.yml
+++ b/jumpbox-pages.yml
@@ -6,9 +6,9 @@ image_resource:
   source:
     aws_access_key_id: ((ecr_aws_key))
     aws_secret_access_key: ((ecr_aws_secret))
-    repository: harden-concourse-task
+    repository: general-task
     aws_region: us-gov-west-1
-    tag: ((harden-concourse-task-tag))
+    tag: latest
 
 inputs:
 - name: concourse-config
diff --git a/jumpbox.yml b/jumpbox.yml
index 34e478d..ad5af6f 100644
--- a/jumpbox.yml
+++ b/jumpbox.yml
@@ -6,9 +6,9 @@ image_resource:
   source:
     aws_access_key_id: ((ecr_aws_key))
     aws_secret_access_key: ((ecr_aws_secret))
-    repository: harden-concourse-task
+    repository: general-task
     aws_region: us-gov-west-1
-    tag: ((harden-concourse-task-tag))
+    tag: latest
 
 inputs:
 - name: concourse-config
diff --git a/shell-pipeline-pages.yml b/shell-pipeline-pages.yml
index 4fe8434..e547aee 100644
--- a/shell-pipeline-pages.yml
+++ b/shell-pipeline-pages.yml
@@ -54,7 +54,29 @@ resources:
     branch: main
 
 resource_types:
+- name: registry-image
+  type: registry-image
+  source:
+    aws_access_key_id: ((ecr_aws_key))
+    aws_secret_access_key: ((ecr_aws_secret))
+    repository: registry-image-resource
+    aws_region: us-gov-west-1
+    tag: latest
+
 - name: s3-iam
-  type: docker-image
+  type: registry-image
+  source:
+    aws_access_key_id: ((ecr_aws_key))
+    aws_secret_access_key: ((ecr_aws_secret))
+    repository: s3-resource
+    aws_region: us-gov-west-1
+    tag: latest
+
+- name: git
+  type: registry-image
   source:
-    repository: 18fgsa/s3-resource
+    aws_access_key_id: ((ecr_aws_key))
+    aws_secret_access_key: ((ecr_aws_secret))
+    repository: git-resource
+    aws_region: us-gov-west-1
+    tag: latest
diff --git a/shell-pipeline.yml b/shell-pipeline.yml
index ae92cfe..be69766 100644
--- a/shell-pipeline.yml
+++ b/shell-pipeline.yml
@@ -165,7 +165,29 @@ resources:
     commit_verification_keys: ((cloud-gov-pgp-keys))
 
 resource_types:
+- name: registry-image
+  type: registry-image
+  source:
+    aws_access_key_id: ((ecr_aws_key))
+    aws_secret_access_key: ((ecr_aws_secret))
+    repository: registry-image-resource
+    aws_region: us-gov-west-1
+    tag: latest
+
 - name: s3-iam
-  type: docker-image
+  type: registry-image
+  source:
+    aws_access_key_id: ((ecr_aws_key))
+    aws_secret_access_key: ((ecr_aws_secret))
+    repository: s3-resource
+    aws_region: us-gov-west-1
+    tag: latest
+
+- name: git
+  type: registry-image
   source:
-    repository: 18fgsa/s3-resource
+    aws_access_key_id: ((ecr_aws_key))
+    aws_secret_access_key: ((ecr_aws_secret))
+    repository: git-resource
+    aws_region: us-gov-west-1
+    tag: latest