Sync ocp-1.0 branch with master #577
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adding s390x and ppc64le to the platform for building operator images.
Support Building multi-arch container imagers
Fix github action for building images, the matrix runner did not tag multiarch image correctly, let's approach it this way instead.
Fix action image
Wait for other image builds finishes before building catalog image.
Fix catalog image workflow
Let's skip the result server rotating unit test for now on s390x so that we get a successful build
Let's continue catalog container build and comment pr even when last step has failures. This will be a temporary workaround for SBOM issue metal-toolbox/container-push#77.
Skip failed unit tests for s390x
Fixing multi-arch support for release image github workflow. Adding openscap image job to the release workflow.
Fixing release image multi-arch support
Release v1.5.0
Let's remove the workaround since we have sbom issues fixed. ex:https://github.com/ComplianceAsCode/compliance-operator/actions/runs/9563061573/job/26377079635. This also adding the missing pr_number in the comment step.
Remove SBOM workaround
This is to fix the rule instruction so that we can display as multiline string instead of pre-wrap text, and user is able to copy and run oc command in the instruction without having to remove escape. The issue was casued by space before newline made it not able to output multiline yaml formate
OCPBUGS-17828: Fix rule instruction
'hostNetwork: true' grants access to the host's sysctl configurations. 'dnsPolicy: ClusterFirstWithHostnet' is required to access services.
OCPBUGS-19690: Enable host network to access host sysctls
Even though the must-gather plugin image isn't necessary for running the operator, is helps users collect information when reporting issues. By including the image reference in the `relatedImages` of the CSV, it's more discoverable and users can query it out of the CSV directly, instead of having to hunt through documentation and container registries.
CMP-1096: Add must-gather image to relatedImages
…t-broken image workflow
Update must gather image workflow
Even though we documented using an image directly for must-gather support, we can also include the relatedImages reference in the usage guide.
CMP-2688: Document using relatedImages for must-gather
The original approach for building a must-gather image specifically for Compliance Operator usage grabbed the latest stock must-gather image (the one for collecting everything in an ordinary deployment), and then pushing the original scripts out of the way and replacing them with Compliance Operator specific scripts to collect the information we wanted. While this worked, we can simplify the image dependency by just relying on the CLI image directly, since that's what the upstream must-gather image does, then just wire up the entry point to the collection scripts we already have, following the same pattern that the upstream must-gather image uses. This commit also updates the `Dockerfile` name to include `.ocp` suffix, since we're relying on a Red Hat registry to pull the CLI image.
…hyny-gojq-0.x Update module github.com/itchyny/gojq to v0.12.16
…anagement.io-api-0.x Update module open-cluster-management.io/api to v0.14.0
…nshift-api-digest Update github.com/openshift/api digest to 6b4a57e
…nshift-client-go-digest Update github.com/openshift/client-go digest to b054aa7
We have an example in our documentation that tells users how to fetch metrics using the command line. But, the command has a newline in the middle of the authorization header, and if you copy/paste it from the document, like most readers would, it returns an HTTP 404. Remove the newline so the command works when you copy/paste it from the documentation, which is the intention.
OCPBUGS-37697: Remove newline in metrics doc literal
Previously, we were only updating the must-gather image when updating specific must-gather files in utils and images. This commit adds it to the release GitHub action so that it pushes a new container image for each push to master, which should keep the image up-to-date.
…latest Add must-gather image builds to release on each push
The image we were using wasn't accessible through GitHub actions, because it's in a CI registry. Use an equivalent image from Quay so that we can build must-gather images with GitHub actions.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Vincent056 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
…-gather Fix must-gather base image
|
🤖 To deploy this PR, run the following command: |
1 similar comment
|
🤖 To deploy this PR, run the following command: |
We're struggling to find a multi-arch image we can use for building the must-gather image. This causes the GitHub action we have wired up to build the image automatically to fail. This commit removes power and z support for now so we can get some builds produces that incorporate the new must-gather tooling.
Update dependency go to v1.22.6
|
🤖 To deploy this PR, run the following command: |
…nshift-api-digest Update github.com/openshift/api digest to 7f2da4c
Remove multi-arch support from must-gather image
|
🤖 To deploy this PR, run the following command: |
1 similar comment
|
🤖 To deploy this PR, run the following command: |
with ComplianceAsCode/content#11997 the compliance-operator needs read access to kubedescheduler resources for the validation. We do this on clusterlevel, as the namespaces where the kubedescheduler can be deployed is configurable
Add kubedeschedulers to api_resource_collector_clusterrole
|
🤖 To deploy this PR, run the following command: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We need to sync up the ocp-1.0 branch to test els image dockerfile downstream.