CI build image updates
Your organization has a one-month window to run security scans or other tests on new CI build images before you deploy them. Every two weeks, Harness publishes new versions of images required to run CI builds. Each image is backwards-compatible with the previous two releases.
Harness CI image updates
harness/ci-* images such as
harness/ci-lite-engine as follows:
- Harness publishes updates of all CI images on the second and fourth Monday of each month.
- Version numbers use an
x= major release,
y= minor release,
z= hotfix or patch release.
- All images are supported for the latest three releases: latest, latest-1, and latest-2. Each image release is backward-compatible with the previous two releases.
- You can choose to deploy the latest containers immediately upon release, or download and scan them before deploying.
- If your builds use containers that are more than two releases old, the UI shows a warning that the image versions are no longer supported. The builds won't fail automatically.
- If a hotfix or security fix is required for a specific image, Harness will create hotfixes for the latest three images and notify customers when these hotfixes are available.
Drone plugin image updates
Drone images are updated as needed. All Drone image updates are backward-compatible. When you first deploy CI, Harness will scan all plugin images you plan to use and address any vulnerabilities. After your initial deployment, Harness will publish updates to address new vulnerabilities based on our Service Level Agreement with your organization.
Update the images used in your pipelines
Harness CI includes an
execution-config API that enables you to update the images used in your infrastructure. The following steps describe the high-level workflow.
- Send a
get-default-configrequest to get a list of the latest Harness CI build images and tags. You can use the
infraparameter to get
curl --location --request GET "https://app.harness.io/gateway/ci/execution-config/get-default-config?accountIdentifier=$ACCOUNT_ID&infra=K8" --header 'Authorization: Bearer $API_KEY'
The response payload shows the latest supported images and their tags, for example:
- Send a
get-customer-configrequest to get the build images that your CI pipelines currently use. When
true, which is the default value, this endpoint returns the non-default images that your pipeline uses.
curl --location --request GET "https://app.harness.io/gateway/ci/execution-config/get-customer-config?accountIdentifier=$ACCOUNT_ID&infra=K8&overridesOnly=true" --header 'Authorization: Bearer $API_KEY'
If the response contains
null, your pipeline is using all default images, for example:
- Send an
update-config(POST) request with a list of the images you want to update and the new tags to apply.
curl --location --request POST "https://app.harness.io/gateway/ci/execution-config/update-config?accountIdentifier=$ACCOUNT_ID&infra=K8" --header 'Authorization: Bearer $API_KEY' --header 'Content-Type: application/json'
- To reset one or more images to their defaults, send a
reset-config(POST) request with a list of the images to reset.
curl --location --request POST "https://app.harness.io/gateway/ci/execution-config/reset-config?accountIdentifier=$ACCOUNT_ID&infra=K8" --header 'Authorization: Bearer $API_KEY' --header 'Content-Type: application/json'