From df7d26b58af09b9d126a4cf17908ef536bf17f62 Mon Sep 17 00:00:00 2001
From: Corey Daley <cdaley@redhat.com>
Date: Wed, 12 Feb 2025 21:12:54 -0500
Subject: [PATCH] chore: Update curl container securityContext settings

---
 charts/backstage/Chart.yaml                                 | 2 +-
 charts/backstage/README.md                                  | 6 +++---
 .../backstage/ci/with-custom-image-for-test-pod-values.yaml | 4 ++--
 charts/backstage/templates/tests/test-connection.yaml       | 4 +++-
 charts/backstage/values.yaml                                | 2 +-
 5 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/charts/backstage/Chart.yaml b/charts/backstage/Chart.yaml
index 5694b722..ca85af2d 100644
--- a/charts/backstage/Chart.yaml
+++ b/charts/backstage/Chart.yaml
@@ -44,4 +44,4 @@ sources:
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.1.0
+version: 4.0.0
diff --git a/charts/backstage/README.md b/charts/backstage/README.md
index d94b0a9c..0a5c82c2 100644
--- a/charts/backstage/README.md
+++ b/charts/backstage/README.md
@@ -2,7 +2,7 @@
 # RHDH Backstage Helm Chart for OpenShift (Community Version)
 
 [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/rhdh-chart&style=flat-square)](https://artifacthub.io/packages/search?repo=rhdh-chart)
-![Version: 3.1.0](https://img.shields.io/badge/Version-3.1.0-informational?style=flat-square)
+![Version: 4.0.0](https://img.shields.io/badge/Version-4.0.0-informational?style=flat-square)
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 A Helm chart for deploying Red Hat Developer Hub.
@@ -205,10 +205,10 @@ Kubernetes: `>= 1.25.0-0`
 | route.tls.key | Key file contents | string | `""` |
 | route.tls.termination | Specify TLS termination. | string | `"edge"` |
 | route.wildcardPolicy | Wildcard policy if any for the route. Currently only 'Subdomain' or 'None' is allowed. | string | `"None"` |
-| test | Test pod parameters | object | `{"enabled":true,"image":{"registry":"quay.io","repository":"curl/curl","tag":"latest"}}` |
+| test | Test pod parameters | object | `{"enabled":true,"image":{"registry":"quay.io","repository":"rhdh-community/curl","tag":"latest"}}` |
 | test.enabled | Whether to enable the test-connection pod used for testing the Release using `helm test`. | bool | `true` |
 | test.image.registry | Test connection pod image registry | string | `"quay.io"` |
-| test.image.repository | Test connection pod image repository. Note that the image needs to have both the `sh` and `curl` binaries in it. | string | `"curl/curl"` |
+| test.image.repository | Test connection pod image repository. Note that the image needs to have both the `sh` and `curl` binaries in it. | string | `"rhdh-community/curl"` |
 | test.image.tag | Test connection pod image tag. Note that the image needs to have both the `sh` and `curl` binaries in it. | string | `"latest"` |
 | upstream | Upstream Backstage [chart configuration](https://github.com/backstage/charts/blob/main/charts/backstage/values.yaml) | object | Use Openshift compatible settings |
 | upstream.backstage.extraVolumes[0] | Ephemeral volume that will contain the dynamic plugins installed by the initContainer below at start. | object | `{"ephemeral":{"volumeClaimTemplate":{"spec":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"5Gi"}}}}},"name":"dynamic-plugins-root"}` |
diff --git a/charts/backstage/ci/with-custom-image-for-test-pod-values.yaml b/charts/backstage/ci/with-custom-image-for-test-pod-values.yaml
index 121bb215..196ae345 100644
--- a/charts/backstage/ci/with-custom-image-for-test-pod-values.yaml
+++ b/charts/backstage/ci/with-custom-image-for-test-pod-values.yaml
@@ -10,5 +10,5 @@ upstream:
 test:
   image:
     registry: quay.io
-    repository: curl/curl-base
-    tag: 8.11.1
+    repository: rhdh-community/curl
+    tag: latest
diff --git a/charts/backstage/templates/tests/test-connection.yaml b/charts/backstage/templates/tests/test-connection.yaml
index b8aee686..3c59a411 100644
--- a/charts/backstage/templates/tests/test-connection.yaml
+++ b/charts/backstage/templates/tests/test-connection.yaml
@@ -18,7 +18,9 @@ spec:
         readOnlyRootFilesystem: true
         capabilities:
           drop: ["ALL"]
-        runAsNonRoot: false
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
       resources:
         requests:
           cpu: 10m
diff --git a/charts/backstage/values.yaml b/charts/backstage/values.yaml
index a7c2ca3d..44ea20d6 100644
--- a/charts/backstage/values.yaml
+++ b/charts/backstage/values.yaml
@@ -333,7 +333,7 @@ test:
     registry: quay.io
 
     # -- Test connection pod image repository. Note that the image needs to have both the `sh` and `curl` binaries in it.
-    repository: curl/curl
+    repository: rhdh-community/curl
 
     # -- Test connection pod image tag. Note that the image needs to have both the `sh` and `curl` binaries in it.
     tag: latest