From 1ddae1abee72682b3266d862e7207d77a0baa3a6 Mon Sep 17 00:00:00 2001 From: yashvardhannanavati <22090997+yashvardhannanavati@users.noreply.github.com> Date: Mon, 17 Feb 2025 15:34:29 -0800 Subject: [PATCH 1/2] feat(KONFLUX-4158): add fbc-fips-check task to FBC pipeline This commit adds the fbc-fips-check to the FBC pipeline. It also adds a template file named images-mirror-set.yaml which is required by the FIPS task itself and will be used by other tasks in the future. Signed-off-by: yashvardhannanavati <22090997+yashvardhannanavati@users.noreply.github.com> --- .tekton/images-mirror-set.yaml | 10 ++++++++++ .tekton/pipeline-fbc-ref.yaml | 24 ++++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 .tekton/images-mirror-set.yaml diff --git a/.tekton/images-mirror-set.yaml b/.tekton/images-mirror-set.yaml new file mode 100644 index 0000000000..73646bbdf5 --- /dev/null +++ b/.tekton/images-mirror-set.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: operator.openshift.io/v1alpha1 +kind: ImageDigestMirrorSet +metadata: + name: example-mirror-set +spec: + imageDigestMirrors: + - mirrors: + - quay.io/my-namespace/valid-repo + source: registry.redhat.io/unreleased-image/or-inaccessible-image diff --git a/.tekton/pipeline-fbc-ref.yaml b/.tekton/pipeline-fbc-ref.yaml index 5feeac88f9..37b09affe4 100644 --- a/.tekton/pipeline-fbc-ref.yaml +++ b/.tekton/pipeline-fbc-ref.yaml @@ -252,6 +252,30 @@ spec: operator: in values: - "true" + - name: fbc-fips-check-oci-ta + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: fbc-fips-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-fbc-fips-check-oci-ta:0.1@sha256:2e6900f5755fca70f8eebfcf004f39dd9adf6b488c8828f35a1b24862a9f81cf + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" - name: deprecated-base-image-check params: - name: IMAGE_URL From 235304c0cfd5fb08b991531694bcf81762b7998e Mon Sep 17 00:00:00 2001 From: Joel Takvorian Date: Tue, 18 Feb 2025 10:26:54 +0100 Subject: [PATCH 2/2] Update .tekton/images-mirror-set.yaml --- .tekton/images-mirror-set.yaml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/.tekton/images-mirror-set.yaml b/.tekton/images-mirror-set.yaml index 73646bbdf5..75d49311dc 100644 --- a/.tekton/images-mirror-set.yaml +++ b/.tekton/images-mirror-set.yaml @@ -6,5 +6,20 @@ metadata: spec: imageDigestMirrors: - mirrors: - - quay.io/my-namespace/valid-repo - source: registry.redhat.io/unreleased-image/or-inaccessible-image + - quay.io/redhat-user-workloads/ocp-network-observab-tenant/netobserv-operator/network-observability-operator + source: registry.redhat.io/network-observability/network-observability-rhel9-operator + - mirrors: + - quay.io/redhat-user-workloads/ocp-network-observab-tenant/netobserv-operator/flowlogs-pipeline + source: registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9 + - mirrors: + - quay.io/redhat-user-workloads/ocp-network-observab-tenant/netobserv-operator/netobserv-ebpf-agent + source: registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9 + - mirrors: + - quay.io/redhat-user-workloads/ocp-network-observab-tenant/netobserv-operator/network-observability-console-plugin + source: registry.redhat.io/network-observability/network-observability-console-plugin-rhel9 + - mirrors: + - quay.io/redhat-user-workloads/ocp-network-observab-tenant/netobserv-operator/network-observability-cli-container + source: registry.redhat.io/network-observability/network-observability-cli-rhel9 + - mirrors: + - quay.io/redhat-user-workloads/ocp-network-observab-tenant/netobserv-operator/network-observability-operator-bundle + source: registry.redhat.io/network-observability/network-observability-operator-bundle