From 3c976ce732ed38a6b27f695cad5a6efedf65c0b7 Mon Sep 17 00:00:00 2001 From: yashvardhannanavati <22090997+yashvardhannanavati@users.noreply.github.com> Date: Mon, 17 Feb 2025 15:34:29 -0800 Subject: [PATCH 1/4] feat(KONFLUX-4158): add fbc-fips-check task to FBC pipeline This commit adds the fbc-fips-check to the FBC pipeline. It also adds a template file named images-mirror-set.yaml which is required by the FIPS task itself and will be used by other tasks in the future. Signed-off-by: yashvardhannanavati <22090997+yashvardhannanavati@users.noreply.github.com> Update .tekton/images-mirror-set.yaml --- .tekton/images-mirror-set.yaml | 25 +++++++++++++++++++++++++ .tekton/pipeline-fbc-ref.yaml | 24 ++++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 .tekton/images-mirror-set.yaml diff --git a/.tekton/images-mirror-set.yaml b/.tekton/images-mirror-set.yaml new file mode 100644 index 0000000000..75d49311dc --- /dev/null +++ b/.tekton/images-mirror-set.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: operator.openshift.io/v1alpha1 +kind: ImageDigestMirrorSet +metadata: + name: example-mirror-set +spec: + imageDigestMirrors: + - mirrors: + - quay.io/redhat-user-workloads/ocp-network-observab-tenant/netobserv-operator/network-observability-operator + source: registry.redhat.io/network-observability/network-observability-rhel9-operator + - mirrors: + - quay.io/redhat-user-workloads/ocp-network-observab-tenant/netobserv-operator/flowlogs-pipeline + source: registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9 + - mirrors: + - quay.io/redhat-user-workloads/ocp-network-observab-tenant/netobserv-operator/netobserv-ebpf-agent + source: registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9 + - mirrors: + - quay.io/redhat-user-workloads/ocp-network-observab-tenant/netobserv-operator/network-observability-console-plugin + source: registry.redhat.io/network-observability/network-observability-console-plugin-rhel9 + - mirrors: + - quay.io/redhat-user-workloads/ocp-network-observab-tenant/netobserv-operator/network-observability-cli-container + source: registry.redhat.io/network-observability/network-observability-cli-rhel9 + - mirrors: + - quay.io/redhat-user-workloads/ocp-network-observab-tenant/netobserv-operator/network-observability-operator-bundle + source: registry.redhat.io/network-observability/network-observability-operator-bundle diff --git a/.tekton/pipeline-fbc-ref.yaml b/.tekton/pipeline-fbc-ref.yaml index 5feeac88f9..37b09affe4 100644 --- a/.tekton/pipeline-fbc-ref.yaml +++ b/.tekton/pipeline-fbc-ref.yaml @@ -252,6 +252,30 @@ spec: operator: in values: - "true" + - name: fbc-fips-check-oci-ta + params: + - name: image-digest + value: $(tasks.build-image-index.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-image-index.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + runAfter: + - build-image-index + taskRef: + params: + - name: name + value: fbc-fips-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-fbc-fips-check-oci-ta:0.1@sha256:2e6900f5755fca70f8eebfcf004f39dd9adf6b488c8828f35a1b24862a9f81cf + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: + - "false" - name: deprecated-base-image-check params: - name: IMAGE_URL From a2eefd0448946cebb116ffe8f8055b893bbcaae2 Mon Sep 17 00:00:00 2001 From: Joel Takvorian Date: Tue, 18 Feb 2025 11:11:52 +0100 Subject: [PATCH 2/4] add related images --- catalog/rc.yaml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/catalog/rc.yaml b/catalog/rc.yaml index fe37101cef..01d3288d60 100644 --- a/catalog/rc.yaml +++ b/catalog/rc.yaml @@ -994,13 +994,14 @@ properties: name: Red Hat url: https://www.redhat.com relatedImages: -- image: - registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:652c4315efe070dd4e3b91af036e9baa7bdeb9c6f1864b94b99f7795cfc5db88 - name: '' -- image: - registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:821f89fd102065ee8c1d14414b46ed332c2d22c6d0cf305386433245b4319c50 - name: '' -- image: - registry.redhat.io/openshift4/ose-kube-rbac-proxy-rhel9@sha256:3fa22124916523b958c67af8ad652e73a2c3d68bb5579da1cba1ade537f3b7ae - name: '' +- image: registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:625c61b35f6da4c363e97560562ea0483abbc9d656439a2a1a5e459f7c787d0c + name: console_plugin +- image: registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:4357c47a999973c65e16f8ac9ae418140de5a57826431f7c0dbd9cda597479ee + name: ebpf_agent +- image: registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:df416b77ce2e24110e23c0d0478e916fcf249a889f4be855e1834d0dd5d51af1 + name: flowlogs_pipeline +- image: registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:8c2066523686a9ccad39043686d67b6c63c3a835691ceec48180758e168ed181 + name: "" +- image: registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:17ed869827a412b801943cecc2b7be0e7f4dd8d0f84bcf4d4ebada0c9eec06a2 + name: manager schema: olm.bundle From c3e08690197c83ffe3ad44d98d06a75939703494 Mon Sep 17 00:00:00 2001 From: Joel Takvorian Date: Tue, 18 Feb 2025 11:23:00 +0100 Subject: [PATCH 3/4] update patch_catalog.py --- hack/patch_catalog.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/hack/patch_catalog.py b/hack/patch_catalog.py index 3b906fb8a9..47337fc5fb 100644 --- a/hack/patch_catalog.py +++ b/hack/patch_catalog.py @@ -1,12 +1,15 @@ import os from sys import exit as sys_exit -from datetime import datetime from ruamel.yaml import YAML yaml = YAML() yaml.explicit_start = True version = os.getenv('VERSION') bundle_image = os.getenv('BUNDLE_IMAGE_PULLSPEC') +operator_image = os.getenv('OPERATOR_IMAGE_PULLSPEC') +ebpf_image = os.getenv('EBPF_IMAGE_PULLSPEC') +flp_image = os.getenv('FLP_IMAGE_PULLSPEC') +console_image = os.getenv('CONSOLE_IMAGE_PULLSPEC') package_name = "network-observability-operator" package_full_name = '{}.v{}'.format(package_name, version) @@ -33,5 +36,13 @@ def dump_index(pathn, index): for relatedImage in index[0]["relatedImages"]: if relatedImage["image"][0:95] == "registry.redhat.io/network-observability/network-observability-operator-bundle": relatedImage["image"] = bundle_image + elif relatedImage["name"] == "manager": + relatedImage["image"] = operator_image + elif relatedImage["name"] == "ebpf_agent": + relatedImage["image"] = ebpf_image + elif relatedImage["name"] == "flowlogs_pipeline": + relatedImage["image"] = flp_image + elif relatedImage["name"] == "console_plugin": + relatedImage["image"] = console_image dump_index(os.getenv('TARGET_INDEX_FILE'), index) From 373505b3090e10f1704c0e499ae73bcc2d7e741c Mon Sep 17 00:00:00 2001 From: Joel Takvorian Date: Tue, 18 Feb 2025 12:25:36 +0100 Subject: [PATCH 4/4] Keep related images --- hack/patch_csv.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/patch_csv.py b/hack/patch_csv.py index 55342cfe58..8e31d10610 100644 --- a/hack/patch_csv.py +++ b/hack/patch_csv.py @@ -75,7 +75,7 @@ def dump_manifest(pathn, manifest): csv['spec']['maturity'] = 'stable' # remove relatedImages from spec as it is picked up from ENV instead (having them in both places generates a build error) -csv['spec'].pop('relatedImages', None) +# csv['spec'].pop('relatedImages', None) csv['spec']['version'] = version csv['spec']['replaces'] = 'network-observability-operator.v{}'.format(replaces)