{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":126508247,"defaultBranch":"master","name":"origin","ownerLogin":"adambkaplan","currentUserCanPush":false,"isFork":true,"isEmpty":false,"createdAt":"2018-03-23T16:00:46.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/1538838?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1726520715.0","currentOid":""},"activityList":{"items":[{"before":"e2a905a24b6f1e9940a6f75fe08a54eb248fd130","after":"56e238bdbaa4256fa6f3e2c1e23eade8d398cbad","ref":"refs/heads/git-pwned-check","pushedAt":"2024-09-17T12:41:06.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"test: use BeEquvalentTo on pointers","shortMessageHtmlLink":"test: use BeEquvalentTo on pointers"}},{"before":null,"after":"e2a905a24b6f1e9940a6f75fe08a54eb248fd130","ref":"refs/heads/git-pwned-check","pushedAt":"2024-09-16T21:05:15.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"CVE-2024-45496: Minimize `git-clone` Privileges\n\nAs part of the mitigation for CVE-2024-45496, the `git-clone` container\nfor builds was updated to run unprivileged and a minimal set of Linux\ncapabilities enabled. This update ensures that we do not regress and\nelevate the permissions granted to the `git-clone` container in builds.\n\nSigned-off-by: Adam Kaplan <adam.kaplan@redhat.com>","shortMessageHtmlLink":"<a title=\"CVE-2024-45496\" data-hovercard-type=\"advisory\" data-hovercard-url=\"/advisories/GHSA-j8gh-87rx-c7w9/hovercard\" href=\"https://github.com/advisories/GHSA-j8gh-87rx-c7w9\">CVE-2024-45496</a>: Minimize <code>git-clone</code> Privileges"}},{"before":"4820d3ebf28b5260109b0820a2b7707090b40311","after":null,"ref":"refs/heads/unauth-webhook-on-upgrade","pushedAt":"2024-05-13T15:00:24.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"}},{"before":"43b42d4c623fec7f2e569f08d3e136ceea00715f","after":null,"ref":"refs/heads/unauthenticated-webhook-bc","pushedAt":"2024-05-10T13:40:55.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"}},{"before":"b4686c288665cad549ada619c35d28fd97c0af81","after":"4820d3ebf28b5260109b0820a2b7707090b40311","ref":"refs/heads/unauth-webhook-on-upgrade","pushedAt":"2024-05-08T20:45:32.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"OCPBUGS-33378: Verify Build Webhooks on Upgrade\n\nUpdating the build suite test to verify the unautenticated build\nwebhook behavior on upgrade. For clusters upgrading from v4.15 or\nearlier to v4.16, unauthenticated webhooks should continue to be\nallowed. For clusters that upgrade from v4.16 to a later version,\nunauthenticated webhooks should be denied by default.\n\nSigned-off-by: Adam Kaplan <adam.kaplan@redhat.com>","shortMessageHtmlLink":"OCPBUGS-33378: Verify Build Webhooks on Upgrade"}},{"before":"cdcc3ef80c84a9e9f70ea7b459fc830423f72f85","after":"b4686c288665cad549ada619c35d28fd97c0af81","ref":"refs/heads/unauth-webhook-on-upgrade","pushedAt":"2024-05-08T19:17:16.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"OCPBUGS-33378: Verify Build Webhooks on Upgrade\n\nUpdating the build suite test to verify the unautenticated build\nwebhook behavior on upgrade. For clusters upgrading from v4.15 or\nearlier to v4.16, unauthenticated webhooks should continue to be\nallowed. For clusters that upgrade from v4.16 to a later version,\nunauthenticated webhooks should be denied by default.\n\nSigned-off-by: Adam Kaplan <adam.kaplan@redhat.com>","shortMessageHtmlLink":"OCPBUGS-33378: Verify Build Webhooks on Upgrade"}},{"before":"76f3d0c1d3157fd9a13cf7b56ffa98d473a50f03","after":"cdcc3ef80c84a9e9f70ea7b459fc830423f72f85","ref":"refs/heads/unauth-webhook-on-upgrade","pushedAt":"2024-05-08T19:04:38.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"OCPBUGS-33378: Verify Build Webhooks on Upgrade\n\nUpdating the build suite test to verify the unautenticated build\nwebhook behavior on upgrade. For clusters upgrading from v4.15 or\nearlier to v4.16, unauthenticated webhooks should continue to be\nallowed. For clusters that upgrade from v4.16 to a later version,\nunauthenticated webhooks should be denied by default.\n\nSigned-off-by: Adam Kaplan <adam.kaplan@redhat.com>","shortMessageHtmlLink":"OCPBUGS-33378: Verify Build Webhooks on Upgrade"}},{"before":null,"after":"76f3d0c1d3157fd9a13cf7b56ffa98d473a50f03","ref":"refs/heads/unauth-webhook-on-upgrade","pushedAt":"2024-05-08T17:10:44.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"OCPBUGS-33378: Verify Build Webhooks on Upgrade\n\nUpdating the build suite test to verify the unautenticated build\nwebhook behavior on upgrade. For clusters upgrading from v4.15 or\nearlier to v4.16, unauthenticated webhooks should continue to be\nallowed. For clusters that upgrade from v4.16 to a later version,\nunauthenticated webhooks should be denied by default.\n\nSigned-off-by: Adam Kaplan <adam.kaplan@redhat.com>","shortMessageHtmlLink":"OCPBUGS-33378: Verify Build Webhooks on Upgrade"}},{"before":"ef7e238daf2b7a2f90e8f0b9703c306a13366150","after":"43b42d4c623fec7f2e569f08d3e136ceea00715f","ref":"refs/heads/unauthenticated-webhook-bc","pushedAt":"2024-05-06T17:14:02.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"OCPBUGS-33041: Add RoleBinding for BuildConfig Webhooks\n\nStarting in OCP 4.16, the `system:webhook` ClusterRole will not be\ngranted to anonymous users by default. This will break most systems\nthat use BuildConfig webhooks to trigger builds, since many can't be\nadd an OpenShift auth token to their HTTP headers (ex: GitHub). Only\nnew installations will be impacted; upgrades to 4.16 will continue to\nsupport unauthenticated BuildConfig webhooks.\n\nThis test update verifies that BuildConfig webhooks can be triggered\nusing a namespace-scoped RoleBinding for the `system:unauthenticated`\ngroup. RoleBindings are preferable to ClusterRoleBindings as they limit\nunauthenticated API calls to specific namespaces, reducing the\npotential attack surface. The core webhook tests were also updated to\nverify that unauthenticated webhooks fail if this rolebinding is\nmissing.\n\nUse of BuildConfig webhooks should be discouraged in favor of Pipelines\nas Code, which has more robust mechanisms for securing webhook calls\nfrom external systems. It also does not rely on an aggregated apiserver\nand associated RBAC.\n\nSee also https://issues.redhat.com/browse/AUTH-509\n\nSigned-off-by: Adam Kaplan <adam.kaplan@redhat.com>","shortMessageHtmlLink":"OCPBUGS-33041: Add RoleBinding for BuildConfig Webhooks"}},{"before":"2775d33feaa7ba78583c3a7ce942082297cfdcf2","after":null,"ref":"refs/heads/jenkinspipeline-in-tree-template","pushedAt":"2024-05-06T13:28:05.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"}},{"before":"e8dd972c7b7398238a77b6154a825614148ba806","after":"ef7e238daf2b7a2f90e8f0b9703c306a13366150","ref":"refs/heads/unauthenticated-webhook-bc","pushedAt":"2024-05-01T20:32:54.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"OCPBUGS-33041: Add RoleBinding for BuildConfig Webhooks\n\nStarting in OCP 4.16, the `system:webhook` ClusterRole will not be\ngranted to anonymous users by default. This will break most systems\nthat use BuildConfig webhooks to trigger builds, since many can't be\nadd an OpenShift auth token to their HTTP headers (ex: GitHub). Only\nnew installations will be impacted; upgrades to 4.16 will continue to\nsupport unauthenticated BuildConfig webhooks.\n\nThis test update verifies that BuildConfig webhooks can be triggered\nusing a namespace-scoped RoleBinding for the `system:unauthenticated`\ngroup. RoleBindings are preferable to ClusterRoleBindings as they limit\nunauthenticated API calls to specific namespaces, reducing the\npotential attack surface. The core webhook tests were also updated to\nverify that unauthenticated webhooks fail if this rolebinding is\nmissing.\n\nUse of BuildConfig webhooks should be discouraged in favor of Pipelines\nas Code, which has more robust mechanisms for securing webhook calls\nfrom external systems. It also does not rely on an aggregated apiserver\nand associated RBAC.\n\nSee also https://issues.redhat.com/browse/AUTH-509\n\nSigned-off-by: Adam Kaplan <adam.kaplan@redhat.com>","shortMessageHtmlLink":"OCPBUGS-33041: Add RoleBinding for BuildConfig Webhooks"}},{"before":"0ae4678d4c9c2656eac49ce7b1044599f6b36a66","after":"e8dd972c7b7398238a77b6154a825614148ba806","ref":"refs/heads/unauthenticated-webhook-bc","pushedAt":"2024-05-01T15:27:10.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"OCPBUGS-33041: Add RoleBinding for BuildConfig Webhooks\n\nStarting in OCP 4.16, the `system:webhook` ClusterRole will not be\ngranted to anonymous users by default. This will break most systems\nthat use BuildConfig webhooks to trigger builds, since many can't be\nadd an OpenShift auth token to their HTTP headers (ex: GitHub). Only\nnew installations will be impacted; upgrades to 4.16 will continue to\nsupport unauthenticated BuildConfig webhooks.\n\nThis test update verifies that BuildConfig webhooks can be triggered\nusing a namespace-scoped RoleBinding for the `system:unauthenticated`\ngroup. RoleBindings are preferable to ClusterRoleBindings as they limit\nunauthenticated API calls to specific namespaces, reducing the\npotential attack surface. The core webhook tests were also updated to\nverify that unauthenticated webhooks fail if this rolebinding is\nmissing.\n\nUse of BuildConfig webhooks should be discouraged in favor of Pipelines\nas Code, which has more robust mechanisms for securing webhook calls\nfrom external systems. It also does not rely on an aggregated apiserver\nand associated RBAC.\n\nSee also https://issues.redhat.com/browse/AUTH-509\n\nSigned-off-by: Adam Kaplan <adam.kaplan@redhat.com>","shortMessageHtmlLink":"OCPBUGS-33041: Add RoleBinding for BuildConfig Webhooks"}},{"before":"8507f77498f8a118c478c44542d347c053fe3bc5","after":"0ae4678d4c9c2656eac49ce7b1044599f6b36a66","ref":"refs/heads/unauthenticated-webhook-bc","pushedAt":"2024-04-30T18:36:11.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"OCPBUGS-33041: Add RoleBinding for BuildConfig Webhooks\n\nStarting in OCP 4.16, the `system:webhook` ClusterRole will not be\ngranted to anonymous users by default. This will break most systems\nthat use BuildConfig webhooks to trigger builds, since many can't be\nadd an OpenShift auth token to their HTTP headers (ex: GitHub). Only\nnew installations will be impacted; upgrades to 4.16 will continue to\nsupport unauthenticated BuildConfig webhooks.\n\nThis test update verifies that BuildConfig webhooks can be triggered\nusing a namespace-scoped RoleBinding for the `system:unauthenticated`\ngroup. RoleBindings are preferable to ClusterRoleBindings as they limit\nunauthenticated API calls to specific namespaces, reducing the\npotential attack surface. The core webhook tests were also updated to\nverify that unauthenticated webhooks fail if this rolebinding is\nmissing.\n\nUse of BuildConfig webhooks should be discouraged in favor of Pipelines\nas Code, which has more robust mechanisms for securing webhook calls\nfrom external systems. It also does not rely on an aggregated apiserver\nand associated RBAC.\n\nSee also https://issues.redhat.com/browse/AUTH-509\n\nSigned-off-by: Adam Kaplan <adam.kaplan@redhat.com>","shortMessageHtmlLink":"OCPBUGS-33041: Add RoleBinding for BuildConfig Webhooks"}},{"before":"506a24be377d7989d7b230f51de11f5ff4ef86ee","after":"35f85a778453ce5ba74333341393a1d2fc2d6041","ref":"refs/heads/webhook-test-refactor","pushedAt":"2024-04-29T11:20:52.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"check test precondition","shortMessageHtmlLink":"check test precondition"}},{"before":"cd31010e8cbaeaddfde14e83314c888d5bc4191c","after":"506a24be377d7989d7b230f51de11f5ff4ef86ee","ref":"refs/heads/webhook-test-refactor","pushedAt":"2024-04-29T01:03:33.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"OCPBUGS-33041: [Builds] Refactor TestWebhook\n\nUse Ginkgo v2's table-driven test functions to make the BuildConfig\nwebhook tests more readable and produce more context when errors occur.\n\nSigned-off-by: Adam Kaplan <adam.kaplan@redhat.com>","shortMessageHtmlLink":"OCPBUGS-33041: [Builds] Refactor TestWebhook"}},{"before":null,"after":"cd31010e8cbaeaddfde14e83314c888d5bc4191c","ref":"refs/heads/webhook-test-refactor","pushedAt":"2024-04-29T01:00:25.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"OCPBUGS-33041: [Builds] Refactor TestWebhook\n\nUse Ginkgo v2's table-driven test functions to make the BuildConfig\nwebhook tests more readable and produce more context when errors occur.\n\nSigned-off-by: Adam Kaplan <adam.kaplan@redhat.com>","shortMessageHtmlLink":"OCPBUGS-33041: [Builds] Refactor TestWebhook"}},{"before":"cc972cf7c19a7c9b5953241eb8ba72051aa2dabf","after":"8507f77498f8a118c478c44542d347c053fe3bc5","ref":"refs/heads/unauthenticated-webhook-bc","pushedAt":"2024-04-29T00:48:50.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"OCPBUGS-33041: Add RoleBinding for BuildConfig Webhooks\n\nStarting in OCP 4.16, the `system:webhook` ClusterRole will not be\ngranted to anonymous users by default. This will break most systems\nthat use BuildConfig webhooks to trigger builds, since many can't be\nadd an OpenShift auth token to their HTTP headers (ex: GitHub). Only\nnew installations will be impacted; upgrades to 4.16 will continue to\nsupport unauthenticated BuildConfig webhooks.\n\nThis test update verifies that BuildConfig webhooks can be triggered\nusing a namespace-scoped RoleBinding for the `system:unauthenticated`\ngroup. RoleBindings are preferable to ClusterRoleBindings as they limit\nunauthenticated API calls to specific namespaces, reducing the\npotential attack surface. The core webhook tests were also updated to\nverify that unauthenticated webhooks fail if this rolebinding is\nmissing.\n\nUse of BuildConfig webhooks should be discouraged in favor of Pipelines\nas Code, which has more robust mechanisms for securing webhook calls\nfrom external systems. It also does not rely on an aggregated apiserver\nand associated RBAC.\n\nSigned-off-by: Adam Kaplan <adam.kaplan@redhat.com>","shortMessageHtmlLink":"OCPBUGS-33041: Add RoleBinding for BuildConfig Webhooks"}},{"before":"4c03c56485719a0fb3de45782ecb1f8768796009","after":"cc972cf7c19a7c9b5953241eb8ba72051aa2dabf","ref":"refs/heads/unauthenticated-webhook-bc","pushedAt":"2024-04-28T12:48:48.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"tls: skip verification","shortMessageHtmlLink":"tls: skip verification"}},{"before":"69a56f7b79adb0d9bc112c4f90aef3c8bcf0826a","after":"4c03c56485719a0fb3de45782ecb1f8768796009","ref":"refs/heads/unauthenticated-webhook-bc","pushedAt":"2024-04-27T21:39:49.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"Verify unauthenticated\n\n- Fix start-build tests so it creates webhook rolebinding\n- Add unauthenticated webhook check for builds (should fail forbidden)","shortMessageHtmlLink":"Verify unauthenticated"}},{"before":null,"after":"69a56f7b79adb0d9bc112c4f90aef3c8bcf0826a","ref":"refs/heads/unauthenticated-webhook-bc","pushedAt":"2024-04-26T20:36:07.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"OCPBUGS-33041: Add RoleBinding for BuildConfig Webhooks\n\nStarting in OCP 4.16, the `system:webhook` ClusterRole will not be\ngranted to anonymous users by default. This will break most systems\nthat use BuildConfig webhooks to trigger builds, since many can't be\nadd an OpenShift auth token to their HTTP headers (ex: GitHub). Only\nnew installations will be impacted; upgrades to 4.16 will continue to\nsupport unauthenticated BuildConfig webhooks.\n\nThis test update verifies that BuildConfig webhooks can be triggered\nusing a namespace-scoped RoleBinding for the `system:unauthenticated`\ngroup. RoleBindings are preferable to ClusterRoleBindings as they limit\nunauthenticated API calls to specific namespaces, reducing the\npotential attack surface.\n\nUse of BuildConfig webhooks should be discouraged in favor of Pipelines\nas Code, which has more robust mechanisms for securing webhook calls\nfrom external systems. It also does not rely on an aggregated apiserver\nand associated RBAC.\n\nSigned-off-by: Adam Kaplan <adam.kaplan@redhat.com>","shortMessageHtmlLink":"OCPBUGS-33041: Add RoleBinding for BuildConfig Webhooks"}},{"before":"78c4509578d353534e55e1b433ffbf94608bed58","after":"2775d33feaa7ba78583c3a7ce942082297cfdcf2","ref":"refs/heads/jenkinspipeline-in-tree-template","pushedAt":"2024-04-22T21:12:57.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"OCPBUGS-32293: Use In-Tree Template for Jenkins\n\nUpdate the JenkinsPipeline build strategy test to use an in-tree\ntemplate and imagestream to deploy Jenkins during the test setup phase.\nThis decouples the test from the Samples Operator, which is officially\ndeprecated in 4.16 and will be phased out in the future. Previously,\nthis test implicitly relied on the Samples Operator to install the\nJenkins ephemeral template with the Jenkins imagestream image.\n\nSigned-off-by: Adam Kaplan <adam.kaplan@redhat.com>","shortMessageHtmlLink":"OCPBUGS-32293: Use In-Tree Template for Jenkins"}},{"before":null,"after":"78c4509578d353534e55e1b433ffbf94608bed58","ref":"refs/heads/jenkinspipeline-in-tree-template","pushedAt":"2024-04-22T18:47:54.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"OCPBUGS-32293: Use In-Tree Template for Jenkins\n\nUpdate the JenkinsPipeline build strategy test to use an in-tree\ntemplate to deploy Jenkins during the test setup phase. This decouples\nthe test from the Samples Operator, which is officially deprecated in\n4.16 and will be phased out in the future. Previously, this test\nimplicitly relied on the Samples Operator to install the Jenkins\nephemeral template.","shortMessageHtmlLink":"OCPBUGS-32293: Use In-Tree Template for Jenkins"}},{"before":"70f34f4ed2a6cf655e767b3fc0693e3b8e15dd17","after":"6aabb3653ba4b4169f3e5c8e26ce849611bdec0b","ref":"refs/heads/entitled-build-qe","pushedAt":"2024-01-29T19:04:05.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"OCPBUGS-23115: Test builds with subscription content\n\nAdd end to end tests to verify we can build images that install\nRHEL subscription content via `yum/dnf install`. These tests\nneed a fully subscribed cluster to function properly - for example,\na ROSA cluster. If the cluster is not subscribed/does not have its\nSCA certificates synced via the Insights Operator, the tests are\nskipped.\n\nThe test verifies the instructions in the official OpenShift\ndocumentation [1], which includes copying the entitlement keys to\nthe build's namespace.\n\n[1] https://docs.openshift.com/container-platform/4.14/cicd/builds/running-entitled-builds.html","shortMessageHtmlLink":"OCPBUGS-23115: Test builds with subscription content"}},{"before":"e288bf6074a923b7830dd26c9a7b19450e4d81b3","after":"70f34f4ed2a6cf655e767b3fc0693e3b8e15dd17","ref":"refs/heads/entitled-build-qe","pushedAt":"2024-01-27T14:31:12.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"OCPBUGS-23115: Test builds with subscription content\n\nAdd end to end tests to verify we can build images that install\nRHEL subscription content via `yum/dnf install`. These tests\nneed a fully subscribed cluster to function properly - for example,\na ROSA cluster. If the cluster is not subscribed/does not have its\nSCA certificates synced via the Insights Operator, the tests are\nskipped.\n\nThe test verifies the instructions in the official OpenShift\ndocumentation [1], which includes copying the entitlement keys to\nthe build's namespace.\n\n[1] https://docs.openshift.com/container-platform/4.14/cicd/builds/running-entitled-builds.html","shortMessageHtmlLink":"OCPBUGS-23115: Test builds with subscription content"}},{"before":"7bc0f7f4927cb91ed7af56758becf65ca430c9c3","after":"e288bf6074a923b7830dd26c9a7b19450e4d81b3","ref":"refs/heads/entitled-build-qe","pushedAt":"2024-01-27T13:35:25.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"restore context","shortMessageHtmlLink":"restore context"}},{"before":"95a16de37bf4bf4281473547eb06f20950a35526","after":"7bc0f7f4927cb91ed7af56758becf65ca430c9c3","ref":"refs/heads/entitled-build-qe","pushedAt":"2024-01-26T19:47:19.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"fix: use admin kube client\n\nAdmin user needed to get openshift-config-managed secrets","shortMessageHtmlLink":"fix: use admin kube client"}},{"before":null,"after":"95a16de37bf4bf4281473547eb06f20950a35526","ref":"refs/heads/entitled-build-qe","pushedAt":"2024-01-26T17:26:37.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"rename the test","shortMessageHtmlLink":"rename the test"}},{"before":"39bdde621316f7b10990cd036a04711cfbfbd84d","after":"924394b209eafb1a40bdf114dbb8fcbd0451c53c","ref":"refs/heads/master","pushedAt":"2024-01-26T16:27:59.000Z","pushType":"push","commitsCount":3033,"pusher":{"login":"adambkaplan","name":"Adam Kaplan","path":"/adambkaplan","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1538838?s=80&v=4"},"commit":{"message":"Merge pull request #28552 from simonpasquier/update-prometheus-owners\n\nMON-3693: Adding slashpai and machine424 to Prometheus owners","shortMessageHtmlLink":"Merge pull request <a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2100555583\" data-permission-text=\"Title is private\" data-url=\"https://github.com/openshift/origin/issues/28552\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/openshift/origin/pull/28552/hovercard\" href=\"https://github.com/openshift/origin/pull/28552\">openshift#28552</a> from simonpasquier/update-promethe…"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOS0xN1QxMjo0MTowNi4wMDAwMDBazwAAAAS4g9OR","startCursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOS0xN1QxMjo0MTowNi4wMDAwMDBazwAAAAS4g9OR","endCursor":"Y3Vyc29yOnYyOpK7MjAyNC0wMS0yNlQxNjoyNzo1OS4wMDAwMDBazwAAAAPqCyVY"}},"title":"Activity · adambkaplan/origin"}