From 0f57cdd75c71dc2d3e76d9676ce13cb11ea53362 Mon Sep 17 00:00:00 2001
From: Pierre Smeyers <pierre.smeyers@gmail.com>
Date: Wed, 3 Apr 2024 08:23:07 +0200
Subject: [PATCH] fix(variants): use service containers "latest" image tag
 (vault, GCP & AWS)

---
 README.md                            | 6 +++---
 kicker.json                          | 6 +++---
 templates/gitlab-ci-docker-ecr.yml   | 2 +-
 templates/gitlab-ci-docker-gcp.yml   | 2 +-
 templates/gitlab-ci-docker-vault.yml | 2 +-
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index ef7cfc3..c6bfa8a 100644
--- a/README.md
+++ b/README.md
@@ -571,7 +571,7 @@ In order to be able to communicate with the Vault server, the variant requires t
 
 | Input / Variable  | Description                            | Default value     |
 | ----------------- | -------------------------------------- | ----------------- |
-| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master` |
+| `TBC_VAULT_IMAGE` | The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest` |
 | `vault-base-url` / `VAULT_BASE_URL` | The Vault server base API url          | _none_ |
 | `vault-oidc-aud` / `VAULT_OIDC_AUD` | The `aud` claim for the JWT | `$CI_SERVER_URL` |
 | :lock: `VAULT_ROLE_ID`   | The [AppRole](https://www.vaultproject.io/docs/auth/approle) RoleID | **must be defined** |
@@ -630,7 +630,7 @@ List of requirements before using this variant for publishing your container ima
 
 | Input / Variable         | Description                            | Default value     |
 | ------------------------ | -------------------------------------- | ----------------- |
-| `TBC_GCP_PROVIDER_IMAGE` | The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:main` |
+| `TBC_GCP_PROVIDER_IMAGE` | The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:latest` |
 | `gcp-oidc-aud` / `GCP_OIDC_AUD` | The `aud` claim for the JWT token      | `$CI_SERVER_URL` |
 | `gcp-oidc-provider` / `GCP_OIDC_PROVIDER` | Default Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) | _none_ |
 | `gcp-oidc-account` / `GCP_OIDC_ACCOUNT` | Default Service Account to which impersonate with OpenID Connect authentication | _none_ |
@@ -684,7 +684,7 @@ In order to use the AWS APIs, the variant supports two authentication methods:
 
 | Input / Variable         | Description                            | Default value     |
 | ------------------------ | -------------------------------------- | ----------------- |
-| `TBC_AWS_PROVIDER_IMAGE` | The [AWS Auth Provider](https://gitlab.com/to-be-continuous/tools/aws-auth-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:master` |
+| `TBC_AWS_PROVIDER_IMAGE` | The [AWS Auth Provider](https://gitlab.com/to-be-continuous/tools/aws-auth-provider) image to use (can be overridden) | `registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:latest` |
 | `aws-region` / `AWS_REGION` | Default region (where the ECR registry is located) | _none_ |
 | `aws-snapshot-region` / `AWS_SNAPSHOT_REGION` | Region of the ECR registry for the snapshot image _(only define to override default)_ | _none_ |
 | `aws-release-region` / `AWS_RELEASE_REGION` | Region of the ECR registry for the release image _(only define to override default)_ | _none_ |
diff --git a/kicker.json b/kicker.json
index 78f79b4..ffd0a49 100644
--- a/kicker.json
+++ b/kicker.json
@@ -237,7 +237,7 @@
         {
           "name": "TBC_VAULT_IMAGE",
           "description": "The [Vault Secrets Provider](https://gitlab.com/to-be-continuous/tools/vault-secrets-provider) image to use",
-          "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master",
+          "default": "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest",
           "advanced": true
         },
         {
@@ -273,7 +273,7 @@
         {
           "name": "TBC_GCP_PROVIDER_IMAGE",
           "description": "The [GCP Auth Provider](https://gitlab.com/to-be-continuous/tools/gcp-auth-provider) image to use",
-          "default": "registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:main",
+          "default": "registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:latest",
           "advanced": true
         },
         {
@@ -321,7 +321,7 @@
         {
           "name": "TBC_AWS_PROVIDER_IMAGE",
           "description": "The [AWS Auth Provider](https://gitlab.com/to-be-continuous/tools/aws-auth-provider) image to use",
-          "default": "registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:master",
+          "default": "registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:latest",
           "advanced": true
         },
         {
diff --git a/templates/gitlab-ci-docker-ecr.yml b/templates/gitlab-ci-docker-ecr.yml
index 87583d5..fb4be9a 100644
--- a/templates/gitlab-ci-docker-ecr.yml
+++ b/templates/gitlab-ci-docker-ecr.yml
@@ -33,7 +33,7 @@ spec:
       default: ''
 ---
 variables:
-  TBC_AWS_PROVIDER_IMAGE: registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:master
+  TBC_AWS_PROVIDER_IMAGE: registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:latest
   AWS_OIDC_AUD: $[[ inputs.aws-oidc-aud ]]
   AWS_REGION: $[[ inputs.aws-region ]]
   AWS_SNAPSHOT_REGION: $[[ inputs.aws-snapshot-region ]]
diff --git a/templates/gitlab-ci-docker-gcp.yml b/templates/gitlab-ci-docker-gcp.yml
index 7da4f37..a0cbd3d 100644
--- a/templates/gitlab-ci-docker-gcp.yml
+++ b/templates/gitlab-ci-docker-gcp.yml
@@ -32,7 +32,7 @@ spec:
       default: ''
 ---
 variables:
-  TBC_GCP_PROVIDER_IMAGE: registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:main
+  TBC_GCP_PROVIDER_IMAGE: registry.gitlab.com/to-be-continuous/tools/gcp-auth-provider:latest
   GCP_OIDC_AUD: $[[ inputs.gcp-oidc-aud ]]
   GCP_OIDC_ACCOUNT: $[[ inputs.gcp-oidc-account ]]
   GCP_OIDC_PROVIDER: $[[ inputs.gcp-oidc-provider ]]
diff --git a/templates/gitlab-ci-docker-vault.yml b/templates/gitlab-ci-docker-vault.yml
index 78c2c8f..4c5e1ac 100644
--- a/templates/gitlab-ci-docker-vault.yml
+++ b/templates/gitlab-ci-docker-vault.yml
@@ -12,7 +12,7 @@ spec:
 ---
 variables:
   # variabilized vault-secrets-provider image
-  TBC_VAULT_IMAGE: registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master
+  TBC_VAULT_IMAGE: registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:latest
   VAULT_BASE_URL: $[[ inputs.vault-base-url ]]
   # variables have to be explicitly declared in the YAML to be exported to the service
   VAULT_ROLE_ID: "$VAULT_ROLE_ID"
-- 
GitLab