Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,28 @@ base_images:
name: brew
namespace: microshift
tag: latest
nested-podman:
name: nested-podman
namespace: ci
tag: latest
build_root:
image_stream_tag:
name: release
namespace: openshift
tag: rhel-9-release-golang-1.26-openshift-5.0
images:
items:
- dockerfile_literal: |
FROM nested-podman
COPY src/ /go/src/github.com/openshift/microshift
WORKDIR /go/src/github.com/openshift/microshift
from: nested-podman
inputs:
src:
paths:
- destination_dir: src
source_path: /go/src/github.com/openshift/microshift
to: cryptoscan-src
releases:
latest:
candidate:
Expand All @@ -34,16 +51,21 @@ resources:
memory: 200Mi
tests:
- as: rebase-on-nightlies
capabilities:
- intranet
- nested-podman
cron: 0 4 * * 1-5
nested_podman: true
reporter_config:
channel: '#microshift-alerts'
job_states_to_report:
- failure
- error
report_template: ':red_jenkins_circle: Job *{{.Spec.Job}}* ended with *{{.Status.State}}*.
<{{.Status.URL}}|View logs>'
restrict_network_access: false
steps:
workflow: openshift-microshift-rebase
workflow: openshift-microshift-rebase-with-cryptoscan
- as: publish-release-notes
cron: 0 5 * * 1-5
reporter_config:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1918,6 +1918,8 @@ periodics:
org: openshift
repo: microshift
labels:
capability/intranet: intranet
capability/nested-podman: nested-podman
ci-operator.openshift.io/variant: periodics
ci.openshift.io/generator: prowgen
job-release: "5.0"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2411,6 +2411,64 @@ presubmits:
secret:
secretName: result-aggregator
trigger: (?m)^/test( | .* )ocp-full-conformance-serial-rhel-eus,?($|\s.*)
- agent: kubernetes
always_run: true
branches:
- ^release-5\.0$
- ^release-5\.0-
cluster: build01
context: ci/prow/periodics-images
decorate: true
decoration_config:
skip_cloning: true
labels:
ci-operator.openshift.io/variant: periodics
ci.openshift.io/generator: prowgen
job-release: "5.0"
pj-rehearse.openshift.io/can-be-rehearsed: "true"
name: pull-ci-openshift-microshift-release-5.0-periodics-images
rerun_command: /test periodics-images
spec:
containers:
- args:
- --gcs-upload-secret=/secrets/gcs/service-account.json
- --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
- --report-credentials-file=/etc/report/credentials
- --target=[images]
- --variant=periodics
command:
- ci-operator
image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
imagePullPolicy: Always
name: ""
resources:
requests:
cpu: 10m
volumeMounts:
- mountPath: /secrets/gcs
name: gcs-credentials
readOnly: true
- mountPath: /secrets/manifest-tool
name: manifest-tool-local-pusher
readOnly: true
- mountPath: /etc/pull-secret
name: pull-secret
readOnly: true
- mountPath: /etc/report
name: result-aggregator
readOnly: true
serviceAccountName: ci-operator
volumes:
- name: manifest-tool-local-pusher
secret:
secretName: manifest-tool-local-pusher
- name: pull-secret
secret:
secretName: registry-pull-credentials
- name: result-aggregator
secret:
secretName: result-aggregator
trigger: (?m)^/test( | .* )periodics-images,?($|\s.*)
- agent: kubernetes
always_run: true
branches:
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
approvers:
- openshift-edge-approvers
options: {}
reviewers:
- openshift-edge-reviewers
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#!/bin/bash
set -euo pipefail

export CRYPTO_SCAN=true
cd /go/src/github.com/openshift/microshift/
./scripts/auto-rebase/rebase_job_entrypoint.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{
"path": "openshift/microshift/cryptoscan/openshift-microshift-cryptoscan-ref.yaml",
"owners": {
"approvers": [
"openshift-edge-approvers"
],
"reviewers": [
"openshift-edge-reviewers"
]
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
ref:
as: openshift-microshift-cryptoscan
from: cryptoscan-src
commands: openshift-microshift-cryptoscan-commands.sh
resources:
requests:
cpu: 800m
memory: 1800Mi
credentials:
- name: ci-pull-credentials
namespace: test-credentials
mount_path: /secrets/import-secret
documentation: |-
Runs the Red Hat crypto scanner against MicroShift source code using podman.
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
approvers:
- openshift-edge-approvers
options: {}
reviewers:
- openshift-edge-reviewers
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{
"path": "openshift/microshift/rebase/with-cryptoscan/openshift-microshift-rebase-with-cryptoscan-workflow.yaml",
"owners": {
"approvers": [
"openshift-edge-approvers"
],
"reviewers": [
"openshift-edge-reviewers"
]
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
workflow:
as: openshift-microshift-rebase-with-cryptoscan
steps:
test:
- chain: openshift-microshift-rebase
- ref: openshift-microshift-cryptoscan
documentation: |-
This workflow rebases MicroShift and runs the Red Hat crypto scanner against the source code.