chore: [prodsec] Update product security manifests for 3.20.0

Signed-off-by: devspacesbuild <[email protected]>

Author: devspacesbuild

product/manifest/3.20.0/manifest-all.txt

@@ -0,0 +1,8 @@
+containers/devspaces-idea-rhel9-container:3.20.0/registry.redhat.io/ubi9:9.5-1742918310 as ubi-builder
+containers/devspaces-idea-rhel9-container:3.20.0/registry.redhat.io/ubi9-minimal:9.5-1742914212
+containers/devspaces-machineexec-rhel9-container:3.20.0/registry.redhat.io/ubi9/go-toolset:9.5-1742197705 as builder
+containers/devspaces-machineexec-rhel9-container:3.20.0/registry.redhat.io/ubi9-minimal:9.5-1741850109 as runtime
+containers/devspaces-operator-bundle-rhel9-container:3.20.0/scratch
+containers/devspaces-pluginregistry-rhel9-container:3.20.0/registry.redhat.io/rhel9-2-els/rhel:9.2-1535 as builder
+containers/devspaces-pluginregistry-rhel9-container:3.20.0/registry.redhat.io/rhel9-2-els/rhel:9.2-1535
+containers/devspaces-server-rhel9-container:3.20.0/registry.redhat.io/ubi9-minimal:9.5-1731593028

product/manifest/3.20.0/manifest-containers-base-images-only.txt

@@ -0,0 +1,60 @@
+containers/devspaces-idea-rhel9-container:3.20.0/registry.redhat.io/ubi9:9.5-1742918310 as ubi-builder
+containers/devspaces-idea-rhel9-container:3.20.0/registry.redhat.io/ubi9-minimal:9.5-1742914212
+FROM registry.redhat.io/ubi9:9.5-1742918310 as ubi-builder
+COPY --chown=0:0 asset-required-rpms.txt /tmp/asset-required-rpms.txt
+RUN yum install unzip -y --nodocs && \
+    yum install --installroot /mnt/rootfs \
+            --releasever 9 --setopt install_weak_deps=false --nodocs -y && \
+    yum --installroot /mnt/rootfs clean all
+RUN rm -rf /mnt/rootfs/var/cache/* /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/yum.*
+COPY --chown=0:0 asset-ide-packaging.tar.gz .
+COPY --chown=0:0 asset-projector-server-assembly.zip .
+COPY --chown=0:0 asset-static-assembly.tar.gz .
+COPY --chown=0:0 asset-che-plugin-assembly.zip .
+COPY --chown=0:0 asset-machine-exec ide/bin/machine-exec
+FROM registry.redhat.io/ubi9-minimal:9.5-1742914212
+COPY --from=ubi-builder /mnt/rootfs/ /
+
+containers/devspaces-machineexec-rhel9-container:3.20.0/registry.redhat.io/ubi9/go-toolset:9.5-1742197705 as builder
+containers/devspaces-machineexec-rhel9-container:3.20.0/registry.redhat.io/ubi9-minimal:9.5-1741850109 as runtime
+FROM registry.redhat.io/ubi9/go-toolset:9.5-1742197705 as builder
+COPY . .
+RUN adduser unprivilegeduser && \
+    GOOS=linux go build -mod=vendor -a -ldflags '-w -s' -a -installsuffix cgo -o che-machine-exec . && \
+FROM registry.redhat.io/ubi9-minimal:9.5-1741850109 as runtime
+COPY --from=builder /rootfs /
+RUN microdnf install -y openssl && \
+
+containers/devspaces-operator-bundle-rhel9-container:3.20.0/scratch
+FROM scratch
+COPY manifests /manifests/
+COPY metadata /metadata/
+
+containers/devspaces-pluginregistry-rhel9-container:3.20.0/registry.redhat.io/rhel9-2-els/rhel:9.2-1535 as builder
+containers/devspaces-pluginregistry-rhel9-container:3.20.0/registry.redhat.io/rhel9-2-els/rhel:9.2-1535
+FROM registry.redhat.io/rhel9-2-els/rhel:9.2-1535 as builder
+RUN dnf install -y make
+RUN dnf module install -y nodejs:18/development
+COPY $REMOTE_SOURCES $REMOTE_SOURCES_DIR
+ && npm install \
+FROM registry.redhat.io/rhel9-2-els/rhel:9.2-1535
+COPY root-local.tgz /tmp/root-local.tgz
+COPY ./build/dockerfiles/content_sets_rhel9.repo /etc/yum.repos.d/
+COPY ./build/dockerfiles/rhel.install.sh /tmp
+RUN /tmp/rhel.install.sh && rm -f /tmp/rhel.install.sh
+    dnf module install postgresql:15/server nodejs:18/development -y
+COPY --chown=0:0 /openvsx-server.tar.gz .
+COPY /build/dockerfiles/application.yaml /openvsx-server/config/
+COPY --from=builder --chown=0:0 /tmp/opt/ovsx /tmp/opt/ovsx
+COPY /build/scripts/import_vsix.sh /usr/local/bin
+COPY /build/scripts/start_services.sh /usr/local/bin/
+COPY /build/dockerfiles/openvsx.conf /etc/httpd/conf.d/
+COPY /build/scripts/*.sh /build/
+
+containers/devspaces-server-rhel9-container:3.20.0/registry.redhat.io/ubi9-minimal:9.5-1731593028
+FROM registry.redhat.io/ubi9-minimal:9.5-1731593028
+RUN microdnf -y install java-17-openjdk-headless tar gzip shadow-utils findutils && \
+    microdnf -y clean all && rm -rf /var/cache/yum && echo "Installed Packages" && rpm -qa | sort -V && echo "End Of Installed Packages" && \
+    adduser -G root user && mkdir -p /home/user/devspaces
+COPY artifacts/assembly-main.tar.gz /tmp/assembly-main.tar.gz
+

product/manifest/3.20.0/manifest-containers-binaries-extras.txt

@@ -0,0 +1,37 @@
+1a. Check out 3rd party language server dependencies builder repo (will collect variables later)
+
+1b. Define list of upstream containers & RPMs pulled into them from https://pkgs.devel.redhat.com/cgit/?q=devspaces 
+
+== devspaces-idea (devspaces-3.20-rhel-9) ==
+
+== devspaces-machineexec (devspaces-3.20-rhel-9) ==
+
+== devspaces-operator-bundle (devspaces-3.20-rhel-9) ==
+
+== devspaces-pluginregistry (devspaces-3.20-rhel-9) ==
+
+== devspaces-server (devspaces-3.20-rhel-9) ==
+
+Short container list (base images only):        /mnt/hudson_workspace/workspace/DS_CI/Releng/get-3rd-party-deps-manifests/3.20.0/manifest-containers-base-images-only.txt
+Long container list (with dockerfile snippets): /mnt/hudson_workspace/workspace/DS_CI/Releng/get-3rd-party-deps-manifests/3.20.0/manifest-containers-binaries-extras.txt
+
+1c. Other than the above, all artifacts used in Red Hat OpenShift Dev Spaces (formerly 
+    Red Hat CodeReady Workspaces) Workspaces are now built in RH Central CI Jenkins:
+https://main-jenkins-csb-crwqe.apps.ocp-c1.prod.psi.redhat.com/
+
+See also latest build architecture diagram & development documentation:
+https://docs.google.com/presentation/d/1R9tr67pDMk3UVUbvN7vBJbJCYGlUsO2ZPcXbdaoOvTs/edit#slide=id.g4ac34a3cdd_0_0
+https://github.com/redhat-developer/devtools-productization/tree/main/codeready-workspaces
+
+6. Collect RPM deps
+
+7. Collect MVN deps
+
+
+8. Collect NPM deps
+
+Short manifest is in file: /mnt/hudson_workspace/workspace/DS_CI/Releng/get-3rd-party-deps-manifests/3.20.0/manifest.txt
+Long log is in file: /mnt/hudson_workspace/workspace/DS_CI/Releng/get-3rd-party-deps-manifests/3.20.0/manifest_log.txt
+
+Overall manifest is in file: /mnt/hudson_workspace/workspace/DS_CI/Releng/get-3rd-party-deps-manifests/3.20.0/manifest-all.txt
+

product/manifest/3.20.0/manifest.txt

@@ -0,0 +1,40 @@
+[INFO] Scanning for projects...
+[INFO] ------------------------------------------------------------------------
+[INFO] Reactor Build Order:
+[INFO] 
+[INFO] Development Resources for Eclipse Che projects                     [pom]
+[INFO] Eclipse license codestyle                                          [jar]
+[INFO] Che codestyle resources                                            [jar]
+[INFO] 
+[INFO] ------------< org.eclipse.che.dev:che-dev-resources-parent >------------
+[INFO] Building Development Resources for Eclipse Che projects 20         [1/3]
+[INFO] --------------------------------[ pom ]---------------------------------
+[INFO] 
+[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ che-dev-resources-parent ---
+[INFO] org.eclipse.che.dev:che-dev-resources-parent:pom:20
+[INFO] 
+[INFO] ------< org.eclipse.che.dev:che-eclipse-license-resource-bundle >-------
+[INFO] Building Eclipse license codestyle 20                              [2/3]
+[INFO] --------------------------------[ jar ]---------------------------------
+[INFO] 
+[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ che-eclipse-license-resource-bundle ---
+[INFO] org.eclipse.che.dev:che-eclipse-license-resource-bundle:jar:20
+[INFO] 
+[INFO] -----------------< org.eclipse.che.dev:che-codestyle >------------------
+[INFO] Building Che codestyle resources 20                                [3/3]
+[INFO] --------------------------------[ jar ]---------------------------------
+[INFO] 
+[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ che-codestyle ---
+[INFO] org.eclipse.che.dev:che-codestyle:jar:20
+[INFO] ------------------------------------------------------------------------
+[INFO] Reactor Summary for Development Resources for Eclipse Che projects 20:
+[INFO] 
+[INFO] Development Resources for Eclipse Che projects ..... SUCCESS [  1.185 s]
+[INFO] Eclipse license codestyle .......................... SUCCESS [  0.033 s]
+[INFO] Che codestyle resources ............................ SUCCESS [  0.002 s]
+[INFO] ------------------------------------------------------------------------
+[INFO] BUILD SUCCESS
+[INFO] ------------------------------------------------------------------------
+[INFO] Total time:  1.490 s
+[INFO] Finished at: 2025-04-16T16:47:12-04:00
+[INFO] ------------------------------------------------------------------------