From 8ab6d89059b4097ae7a40590380db78464b169dd Mon Sep 17 00:00:00 2001 From: Isaac Date: Wed, 23 Apr 2025 17:14:12 +0200 Subject: [PATCH 1/4] Add fips task to FBC pipelines --- ...-validation-operator-fbc-pull-request.yaml | 25 +++++++++++++++++++ ...ployment-validation-operator-fbc-push.yaml | 25 +++++++++++++++++++ 2 files changed, 50 insertions(+) diff --git a/.tekton/deployment-validation-operator-fbc-pull-request.yaml b/.tekton/deployment-validation-operator-fbc-pull-request.yaml index 3697c2d0..2097695a 100644 --- a/.tekton/deployment-validation-operator-fbc-pull-request.yaml +++ b/.tekton/deployment-validation-operator-fbc-pull-request.yaml @@ -242,6 +242,31 @@ spec: operator: in values: - "true" + - name: fbc-fips-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: fbc-fips-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-fbc-fips-check:0.1@sha256:03e9fd8c7c7fdcb8c965333fa7b2ea83e75da766f5ecd92cbc02ae4a92b2e247 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace - name: deprecated-base-image-check params: - name: IMAGE_URL diff --git a/.tekton/deployment-validation-operator-fbc-push.yaml b/.tekton/deployment-validation-operator-fbc-push.yaml index 3739a370..1ac47535 100644 --- a/.tekton/deployment-validation-operator-fbc-push.yaml +++ b/.tekton/deployment-validation-operator-fbc-push.yaml @@ -238,6 +238,31 @@ spec: operator: in values: - "true" + - name: fbc-fips-check + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: fbc-fips-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-fbc-fips-check:0.1@sha256:03e9fd8c7c7fdcb8c965333fa7b2ea83e75da766f5ecd92cbc02ae4a92b2e247 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" + workspaces: + - name: workspace + workspace: workspace - name: deprecated-base-image-check params: - name: IMAGE_URL From c1158beab330d1de793a3aa3bded262ea802c96e Mon Sep 17 00:00:00 2001 From: Isaac Date: Fri, 25 Apr 2025 17:20:34 +0200 Subject: [PATCH 2/4] Add new snapshot from last master stable version --- .../{release-snapshot.yaml => staging-snapshot.yaml} | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) rename konflux-ci/{release-snapshot.yaml => staging-snapshot.yaml} (79%) diff --git a/konflux-ci/release-snapshot.yaml b/konflux-ci/staging-snapshot.yaml similarity index 79% rename from konflux-ci/release-snapshot.yaml rename to konflux-ci/staging-snapshot.yaml index 0f32217d..edb19c18 100644 --- a/konflux-ci/release-snapshot.yaml +++ b/konflux-ci/staging-snapshot.yaml @@ -12,7 +12,7 @@ apiVersion: appstudio.redhat.com/v1alpha1 kind: Snapshot metadata: - name: manual-release-snapshot + name: staging-snapshot-0425-01 namespace: dvo-obsint-tenant labels: test.appstudio.openshift.io/type: override @@ -20,14 +20,14 @@ spec: application: deployment-validation-operator components: - name: deployment-validation-operator - containerImage: quay.io/redhat-user-workloads/dvo-obsint-tenant/deployment-validation-operator/deployment-validation-operator@sha256:0e312d3edc28b931b721eb5ddc59feea4f9141707925224f6b936401b479b4b1 + containerImage: quay.io/redhat-user-workloads/dvo-obsint-tenant/deployment-validation-operator/deployment-validation-operator@sha256:63883be503162382f850c20dd3f034b69ea6ab6eb04c497e4254e17a09e99587 source: git: url: https://github.com/app-sre/deployment-validation-operator - revision: b861deee00c1afc3ba91ffac56932d24870358c9 + revision: ea6bc934725a0653d6460cee294e98d66ed146cb - name: deployment-validation-operator-bundle - containerImage: quay.io/redhat-user-workloads/dvo-obsint-tenant/deployment-validation-operator-bundle@sha256:a96eb0ba48f11f163d243cead0519dd58de726e64963ed5e5ddcc19f253ba201 + containerImage: quay.io/redhat-user-workloads/dvo-obsint-tenant/deployment-validation-operator-bundle@sha256:05fcd25a14821f3259f7940874e5a78e62404603ea7910a5c379a726fbed91ea source: git: url: https://github.com/app-sre/deployment-validation-operator - revision: b861deee00c1afc3ba91ffac56932d24870358c9 + revision: ea6bc934725a0653d6460cee294e98d66ed146cb From b0aa7ad467873da39b7088bb1d7937ba03b25073 Mon Sep 17 00:00:00 2001 From: Isaac Date: Fri, 25 Apr 2025 17:29:50 +0200 Subject: [PATCH 3/4] Add new release from last snapshot --- konflux-ci/{release-staging.yaml => staging-release.yaml} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename konflux-ci/{release-staging.yaml => staging-release.yaml} (87%) diff --git a/konflux-ci/release-staging.yaml b/konflux-ci/staging-release.yaml similarity index 87% rename from konflux-ci/release-staging.yaml rename to konflux-ci/staging-release.yaml index 7902753c..2cbb2fbf 100644 --- a/konflux-ci/release-staging.yaml +++ b/konflux-ci/staging-release.yaml @@ -5,11 +5,11 @@ apiVersion: appstudio.redhat.com/v1alpha1 kind: Release metadata: - name: staging-release-test-pxmtl + name: staging-release-snapshot-0425-01 namespace: dvo-obsint-tenant spec: releasePlan: release-plan-staging - snapshot: deployment-validation-operator-pxmtl + snapshot: staging-snapshot-0425-01 data: releaseNotes: topic: Test Release From 2b5cba8239327f609b56a33d18e8d8888009fe8b Mon Sep 17 00:00:00 2001 From: Isaac Date: Fri, 25 Apr 2025 17:36:31 +0200 Subject: [PATCH 4/4] Add ImageDigestMirrorSet values for future images --- .tekton/images-mirror-set.yaml | 10 ++++++++++ ...ment-validation-operator.clusterserviceversion.yaml | 4 ++-- 2 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 .tekton/images-mirror-set.yaml diff --git a/.tekton/images-mirror-set.yaml b/.tekton/images-mirror-set.yaml new file mode 100644 index 00000000..1550ae8b --- /dev/null +++ b/.tekton/images-mirror-set.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: operator.openshift.io/v1alpha1 +kind: ImageDigestMirrorSet +metadata: + name: staging-mirror-set +spec: + imageDigestMirrors: + - mirrors: + - quay.io/redhat-user-workloads/dvo-obsint-tenant/deployment-validation-operator/deployment-validation-operator@sha256:cb4a68ebedba10bbd504fb271b3b7cc52d01ed13557dcb9604059f1ba98717d1 + source: registry.stage.redhat.io/dvo/deployment-validation-rhel8-operator diff --git a/konflux-ci/bundle/manifests/deployment-validation-operator.clusterserviceversion.yaml b/konflux-ci/bundle/manifests/deployment-validation-operator.clusterserviceversion.yaml index 9a75db8b..0145c05e 100644 --- a/konflux-ci/bundle/manifests/deployment-validation-operator.clusterserviceversion.yaml +++ b/konflux-ci/bundle/manifests/deployment-validation-operator.clusterserviceversion.yaml @@ -6,7 +6,7 @@ metadata: capabilities: Basic Install categories: Application Runtime, Monitoring, Security certified: "false" - containerImage: quay.io/redhat-user-workloads/dvo-obsint-tenant/deployment-validation-operator/deployment-validation-operator + containerImage: registry.stage.redhat.io/dvo/deployment-validation-rhel8-operator createdAt: 2024-11-27T00:00:00Z description: The deployment validation operator operators.openshift.io/valid-subscription: "[\"OpenShift Container Platform\", \"OpenShift Platform Plus\"]" @@ -104,7 +104,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/redhat-user-workloads/dvo-obsint-tenant/deployment-validation-operator/deployment-validation-operator@sha256:cb4a68ebedba10bbd504fb271b3b7cc52d01ed13557dcb9604059f1ba98717d1 + image: registry.stage.redhat.io/dvo/deployment-validation-rhel8-operator imagePullPolicy: Always name: deployment-validation-operator ports: