diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index b5e33db8da0d7..f58735909b3fc 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -41,11 +41,6 @@ sensor/**/* @stackrox/sensor-ecosystem tests/performance/**/* @stackrox/sensor-ecosystem tests/roxctl/**/* @stackrox/sensor-ecosystem -# Listing all users as "Outside collaborators cannot be added to a team" -bats-tests/local/roxctl-netpol-* @zivnevo @adisos @shireenf-ibm -roxctl/netpol/**/* @zivnevo @adisos @shireenf-ibm -tests/roxctl/bats-tests/test-data/np-guard/ @zivnevo @adisos @shireenf-ibm - qa-tests-backend/**/* @janisz /ui/**/* @stackrox/ui @@ -81,12 +76,14 @@ operator/**/* @stackrox/install /sensor/kubernetes/listener/resources/secrets* @stackrox/scanner /SCANNER_VERSION @stackrox/scanner -# The RHTAP maintainers for ACS review all changes related to the Konflux (f.k.a. RHTAP) pipelines, such as new -# pipelines, parameter changes or automated task updates as well as Dockerfile updates. -**/konflux.*Dockerfile @stackrox/rhtap-maintainers -/.konflux/ @stackrox/rhtap-maintainers -/.tekton/ @stackrox/rhtap-maintainers -rpms.* @stackrox/rhtap-maintainers +# Konflux maintainers for ACS review all changes related to the Konflux pipelines, Dockerfiles, etc. +# Release engineers need to merge MintMaker PRs at the time of the release. +# rhacs-bot needs an ability to auto-approve MintMaker PRs for automated task and security updates. +**/konflux.*Dockerfile @stackrox/konflux-maintainers-no-email @stackrox/release-mgmt-no-email @rhacs-bot +/.tekton/ @stackrox/konflux-maintainers-no-email @stackrox/release-mgmt-no-email @rhacs-bot +rpms.* @stackrox/konflux-maintainers-no-email @stackrox/release-mgmt-no-email @rhacs-bot +/.konflux/ @stackrox/konflux-maintainers +.github/renovate.json5 @stackrox/konflux-maintainers # Dependencies diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index de213fcc9c6e9..66fa09c287688 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -92,6 +92,9 @@ jobs: runs-on: ubuntu-latest container: image: quay.io/stackrox-io/apollo-ci:stackrox-test-0.4.9 + volumes: + - /usr:/mnt/usr + - /opt:/mnt/opt steps: - name: Checkout uses: actions/checkout@v5 diff --git a/.github/workflows/tag-more-reviewers.yaml b/.github/workflows/tag-more-reviewers.yaml new file mode 100644 index 0000000000000..f6ce74aac7c50 --- /dev/null +++ b/.github/workflows/tag-more-reviewers.yaml @@ -0,0 +1,26 @@ +name: Tag more reviewers + +on: + pull_request: + types: + - review_requested + +jobs: + tag-konflux-maintainers: + # We have lots of PR traffic from MintMaker (acting as `red-hat-konflux[bot]`), and so it's unsustainable to go + # through these emails every day. Therefore, the notifications are disabled for `konflux-maintainers-no-email` + # team that's set as owner in CODEOWNERS for the Konflux stuff. + # At the same time, we want to be notified when humans, not the bot, request reviews (which happens automatically + # again through CODEOWNERS) for the Konflux-related files. This job invites `konflux-maintainers` team for review + # for such cases. + if: | + github.event.requested_team.name == 'konflux-maintainers-no-email' && + github.event.pull_request.user.login != 'red-hat-konflux[bot]' + env: + GH_TOKEN: ${{ secrets.RHACS_BOT_GITHUB_TOKEN }} + runs-on: ubuntu-latest + steps: + - name: Tag Konflux Maintainers for review + run: | + gh pr --repo "${{ github.repository }}" edit "${{ github.event.pull_request.number }}" \ + --add-reviewer stackrox/konflux-maintainers diff --git a/.tekton/basic-component-pipeline.yaml b/.tekton/basic-component-pipeline.yaml index 69e815eaa7896..fbca28777a8df 100644 --- a/.tekton/basic-component-pipeline.yaml +++ b/.tekton/basic-component-pipeline.yaml @@ -49,7 +49,7 @@ spec: - name: name value: post-bigquery-metrics - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 - name: kind value: task resolver: bundles @@ -134,6 +134,10 @@ spec: name: build-platforms type: array + - name: enable-cache-proxy + default: 'false' + description: Enable cache proxy configuration + type: string results: - description: "" name: IMAGE_URL @@ -167,12 +171,14 @@ spec: value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) + - name: enable-cache-proxy + value: $(params.enable-cache-proxy) taskRef: params: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:3ca52e1d8885fc229bd9067275f44d5b21a9a609981d0324b525ddeca909bf10 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:d6a10101f672a85da0a402177848a82fe7af439bc54451e54b0fbb1ddbeeb1f6 - name: kind value: task resolver: bundles @@ -196,7 +202,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3dc39eae48745a96097c07c577b944d6203a91c35d3f71d9ed5feab41d327a6a + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:0a89e1a6304076525e9766f63a4cd006763d21d5aca6863281fc427537a23c6f - name: kind value: task resolver: bundles @@ -219,7 +225,7 @@ spec: - name: name value: determine-image-expiration - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 - name: kind value: task resolver: bundles @@ -235,7 +241,7 @@ spec: - name: name value: determine-image-tag - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 - name: kind value: task resolver: bundles @@ -255,7 +261,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:569165278e3c85e3b897abad9f6d714d76be4b061f44f5f7614ed1c83ad117b4 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:3fa0204a481044b21f0e784ce39cbd25e8fb49c664a5458f3eef351fff1c906e - name: kind value: task resolver: bundles @@ -299,12 +305,16 @@ spec: value: "$(tasks.clone-repository.results.commit-timestamp)" - name: IMAGE_APPEND_PLATFORM value: "true" + - name: HTTP_PROXY + value: $(tasks.init.results.http-proxy) + - name: NO_PROXY + value: $(tasks.init.results.no-proxy) taskRef: params: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.6@sha256:c9eb4f18a14f4fab96add0028759af7aac21e42a93d3e098a5461de641a06f7f + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.7@sha256:ee5e01eb59a3f70bb1012950fbc4081bac96d3f3517e6d204314484cd2e0059b - name: kind value: task resolver: bundles @@ -331,7 +341,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:3411aeecdf045f8e61532abb88c28b7479cb8372420ac713f1f6756aa8fa843a + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.2@sha256:803ae1ecf35bc5d22be9882819e942e4b699cb17655055afc6bb6b02d34cfab8 - name: kind value: task resolver: bundles @@ -355,7 +365,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:4c2b0a2d2904108f8d19edfa878df6cd49ed19aab73ab6fc6a435fba0265f771 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:a61d8a6d0ba804869e8fe57a9289161817afad379ef2d7433d75ae40a148e2ec - name: kind value: task resolver: bundles @@ -379,7 +389,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:282cb5a9119a87e88559444feff67d76d6f356d03654b4845632c049b2314735 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:4abb2dbc9dcfad52d56b490a2f25f99989a2cb2bbd9881223025272db60fd75e - name: kind value: task resolver: bundles @@ -427,7 +437,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:8ec7d7b9438ace5ef3fb03a533d9440d0fd81e51c73b0dc1eb51602fb7cd044e + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:ee558db6af779ab162163ec88f288a5c1b2d5f70c3361f3690a474866e3bdc74 - name: kind value: task resolver: bundles @@ -450,7 +460,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:9568c51a5158d534248908b9b561cf67d2826ed4ea164ffd95628bb42380e6ec + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:04f75593558f79a27da2336400bc63d460bf0c5669e3c13f40ee2fb650b1ad1e - name: kind value: task resolver: bundles @@ -567,7 +577,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:1b6c20ab3dbfb0972803d3ebcb2fa72642e59400c77bd66dfd82028bdd09e120 + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:90c2b32ebf0a00f42c0c1d1675feb75ba71793ad1a4c22ddea7cdc71ed997a04 - name: kind value: task resolver: bundles @@ -593,7 +603,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:13633d5ba8445c0f732a0a5d1b33ffbb708398e45ef1647542b0ab22fee25a6a + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:08bba4a659ecd48f871bef00b80af58954e5a09fcbb28a1783ddd640c4f6535e - name: kind value: task resolver: bundles diff --git a/.tekton/create-custom-snapshot.yaml b/.tekton/create-custom-snapshot.yaml new file mode 100644 index 0000000000000..71486e78d1ce2 --- /dev/null +++ b/.tekton/create-custom-snapshot.yaml @@ -0,0 +1,265 @@ +apiVersion: tekton.dev/v1 +kind: PipelineRun + +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/stackrox/stackrox?rev={{revision}} + build.appstudio.redhat.com/commit_sha: '{{revision}}' + build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' + build.appstudio.redhat.com/target_branch: '{{target_branch}}' + pipelinesascode.tekton.dev/max-keep-runs: "500" + # TODO(ROX-21073): re-enable for all PR branches + pipelinesascode.tekton.dev/on-cel-expression: | + ( + event == "push" && target_branch.matches("^(master|release-.*|refs/tags/.*)$") + ) || ( + event == "pull_request" && ( + target_branch.startsWith("release-") || + source_branch.matches("(konflux|renovate|appstudio|rhtap)") || + (has(body.pull_request) && has(body.pull_request.labels) && body.pull_request.labels.exists(l, l.name == "konflux-build")) + ) && body.action != "ready_for_review" + ) + # The empty `on-label` annotation is a workaround to make sure the pipeline gets triggered when the label gets first + # added to the PR. See the Slack tread linked from ROX-30580. + pipelinesascode.tekton.dev/on-label: "[]" + labels: + appstudio.openshift.io/application: acs-4-9 + name: create-custom-snapshot + namespace: rh-acs-tenant + +spec: + + params: + + taskRunTemplate: + serviceAccountName: build-pipeline-operator-bundle-4-9 + + timeouts: + tasks: 3h30m + # Reserve time for final tasks to run. + finally: 10m + pipeline: 3h40m + + workspaces: + - name: git-auth + secret: + secretName: '{{ git_auth_secret }}' + + pipelineSpec: + + finally: + - name: slack-notification + params: + - name: message + value: ':x: `{{event_type}}` pipeline for (revision <$(params.git-url)/commit/$(params.revision)|$(params.revision)>) has failed.' + - name: key-name + value: 'acs-konflux-notifications' + when: + # Run when any task has Failed + - input: $(tasks.status) + operator: in + values: [ "Failed" ] + taskRef: + params: + - name: name + value: slack-webhook-notification + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-slack-webhook-notification:0.1@sha256:69945a30c11387a766e3d0ae33991b68e865a290c09da1fea44f193d358926ba + - name: kind + value: task + resolver: bundles + + - name: post-metric-end + params: + - name: AGGREGATE_TASKS_STATUS + value: $(tasks.status) + taskRef: &post-bigquery-metrics-ref + params: + - name: name + value: post-bigquery-metrics + - name: bundle + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 + - name: kind + value: task + resolver: bundles + + params: + - name: integration-test-scenario + default: "acs-conforma-prod-like" + description: Name of the IntegrationTestScenario to trigger for the created Snapshot. + type: string + - name: git-url + default: "{{source_url}}" + description: Source Repository URL. + type: string + - name: revision + default: "{{revision}}" + description: Revision of the Source Repository. + type: string + - name: bundle-image-repo + default: quay.io/rhacs-eng/release-operator-bundle + description: Repo of the operator bundle image, used to store OCI artifact with source code. + type: string + - name: oci-artifact-expires-after + default: "1d" + description: This sets the expiration time for intermediate OCI artifacts produced and used during builds after + which they can be garbage collected. + type: string + - name: output-tag-suffix + default: "-fast" + description: Suffix that's appended to the operator-bundle's image tag. + type: string + + results: + - description: Name of the custom Snapshot created. + name: SNAPSHOT_NAME + value: $(tasks.create-acs-style-snapshot.results.SNAPSHOT_NAME) + + workspaces: + - name: git-auth + + tasks: + + - name: post-metric-start + taskRef: *post-bigquery-metrics-ref + + - name: clone-repository + params: + - name: url + value: $(params.git-url) + - name: revision + value: $(params.revision) + - name: depth + value: "0" + - name: fetchTags + value: "true" + - name: ociStorage + value: $(params.bundle-image-repo):konflux-custom-snapshot-$(params.revision).git + - name: ociArtifactExpiresAfter + value: $(params.oci-artifact-expires-after) + taskRef: + params: + - name: name + value: git-clone-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:0a89e1a6304076525e9766f63a4cd006763d21d5aca6863281fc427537a23c6f + - name: kind + value: task + resolver: bundles + workspaces: + - name: basic-auth + workspace: git-auth + + - name: determine-image-tag + params: + - name: TAG_SUFFIX + value: $(params.output-tag-suffix) + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + taskRef: + params: + - name: name + value: determine-image-tag + - name: bundle + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 + - name: kind + value: task + resolver: bundles + + - name: wait-for-bundle-image + params: + - name: IMAGE + value: "$(params.bundle-image-repo):v$(tasks.determine-image-tag.results.IMAGE_TAG)" + taskRef: + params: + - name: name + value: wait-for-image + - name: bundle + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 + - name: kind + value: task + resolver: bundles + # The timemout should be kept in sync with the pipeline timeout in the operator-bundle-build.yaml + timeout: 3h25m + + - name: create-acs-style-snapshot + params: + - name: OPERATOR_BUNDLE_IMAGE + value: $(params.bundle-image-repo)@$(tasks.wait-for-bundle-image.results.IMAGE_DIGEST) + - name: PRODUCT_VERSION + value: $(tasks.determine-image-tag.results.IMAGE_TAG) + - name: INTEGRATION_TEST_SCENARIO + value: $(params.integration-test-scenario) + - name: COMPONENT_MAPPINGS + value: | + [ + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8", + "internalRepo": "quay.io/rhacs-eng/release-central-db", + "component": "central-db" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8", + "internalRepo": "quay.io/rhacs-eng/release-collector", + "component": "collector" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8", + "internalRepo": "quay.io/rhacs-eng/release-main", + "component": "main" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle", + "internalRepo": "quay.io/rhacs-eng/release-operator-bundle", + "component": "operator-bundle" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator", + "internalRepo": "quay.io/rhacs-eng/release-operator", + "component": "operator" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8", + "internalRepo": "quay.io/rhacs-eng/release-roxctl", + "component": "roxctl" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8", + "internalRepo": "quay.io/rhacs-eng/release-scanner-db", + "component": "scanner-db" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8", + "internalRepo": "quay.io/rhacs-eng/release-scanner-db-slim", + "component": "scanner-db-slim" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8", + "internalRepo": "quay.io/rhacs-eng/release-scanner", + "component": "scanner" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8", + "internalRepo": "quay.io/rhacs-eng/release-scanner-slim", + "component": "scanner-slim" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8", + "internalRepo": "quay.io/rhacs-eng/release-scanner-v4-db", + "component": "scanner-v4-db" + }, + { + "externalRepo": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8", + "internalRepo": "quay.io/rhacs-eng/release-scanner-v4", + "component": "scanner-v4" + } + ] + taskRef: + params: + - name: name + value: create-snapshot-from-bundle + - name: bundle + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 + - name: kind + value: task + resolver: bundles diff --git a/.tekton/main-pipeline.yaml b/.tekton/main-pipeline.yaml index 9533870bc6a78..614707da96477 100644 --- a/.tekton/main-pipeline.yaml +++ b/.tekton/main-pipeline.yaml @@ -49,7 +49,7 @@ spec: - name: name value: post-bigquery-metrics - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 - name: kind value: task resolver: bundles @@ -135,6 +135,10 @@ spec: name: build-platforms type: array + - name: enable-cache-proxy + default: 'false' + description: Enable cache proxy configuration + type: string results: - description: "" name: IMAGE_URL @@ -168,12 +172,14 @@ spec: value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) + - name: enable-cache-proxy + value: $(params.enable-cache-proxy) taskRef: params: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:3ca52e1d8885fc229bd9067275f44d5b21a9a609981d0324b525ddeca909bf10 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:d6a10101f672a85da0a402177848a82fe7af439bc54451e54b0fbb1ddbeeb1f6 - name: kind value: task resolver: bundles @@ -197,7 +203,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3dc39eae48745a96097c07c577b944d6203a91c35d3f71d9ed5feab41d327a6a + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:0a89e1a6304076525e9766f63a4cd006763d21d5aca6863281fc427537a23c6f - name: kind value: task resolver: bundles @@ -220,7 +226,7 @@ spec: - name: name value: determine-image-expiration - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 - name: kind value: task resolver: bundles @@ -236,7 +242,7 @@ spec: - name: name value: determine-image-tag - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 - name: kind value: task resolver: bundles @@ -256,7 +262,7 @@ spec: - name: name value: fetch-external-networks - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 - name: kind value: task resolver: bundles @@ -281,7 +287,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:569165278e3c85e3b897abad9f6d714d76be4b061f44f5f7614ed1c83ad117b4 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:3fa0204a481044b21f0e784ce39cbd25e8fb49c664a5458f3eef351fff1c906e - name: kind value: task resolver: bundles @@ -330,7 +336,7 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.6@sha256:c9eb4f18a14f4fab96add0028759af7aac21e42a93d3e098a5461de641a06f7f + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.7@sha256:ee5e01eb59a3f70bb1012950fbc4081bac96d3f3517e6d204314484cd2e0059b - name: kind value: task resolver: bundles @@ -358,7 +364,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:3411aeecdf045f8e61532abb88c28b7479cb8372420ac713f1f6756aa8fa843a + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.2@sha256:803ae1ecf35bc5d22be9882819e942e4b699cb17655055afc6bb6b02d34cfab8 - name: kind value: task resolver: bundles @@ -382,7 +388,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:4c2b0a2d2904108f8d19edfa878df6cd49ed19aab73ab6fc6a435fba0265f771 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:a61d8a6d0ba804869e8fe57a9289161817afad379ef2d7433d75ae40a148e2ec - name: kind value: task resolver: bundles @@ -406,7 +412,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:282cb5a9119a87e88559444feff67d76d6f356d03654b4845632c049b2314735 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:4abb2dbc9dcfad52d56b490a2f25f99989a2cb2bbd9881223025272db60fd75e - name: kind value: task resolver: bundles @@ -454,7 +460,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:8ec7d7b9438ace5ef3fb03a533d9440d0fd81e51c73b0dc1eb51602fb7cd044e + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:ee558db6af779ab162163ec88f288a5c1b2d5f70c3361f3690a474866e3bdc74 - name: kind value: task resolver: bundles @@ -477,7 +483,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:9568c51a5158d534248908b9b561cf67d2826ed4ea164ffd95628bb42380e6ec + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:04f75593558f79a27da2336400bc63d460bf0c5669e3c13f40ee2fb650b1ad1e - name: kind value: task resolver: bundles @@ -594,7 +600,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:1b6c20ab3dbfb0972803d3ebcb2fa72642e59400c77bd66dfd82028bdd09e120 + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:90c2b32ebf0a00f42c0c1d1675feb75ba71793ad1a4c22ddea7cdc71ed997a04 - name: kind value: task resolver: bundles @@ -620,7 +626,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:13633d5ba8445c0f732a0a5d1b33ffbb708398e45ef1647542b0ab22fee25a6a + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:08bba4a659ecd48f871bef00b80af58954e5a09fcbb28a1783ddd640c4f6535e - name: kind value: task resolver: bundles diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 160258dde994d..38929f8fa0a44 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -49,7 +49,7 @@ spec: - name: name value: post-bigquery-metrics - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 - name: kind value: task resolver: bundles @@ -222,6 +222,10 @@ spec: type: string default: "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8" + - name: enable-cache-proxy + default: 'false' + description: Enable cache proxy configuration + type: string results: - description: "" name: IMAGE_URL @@ -235,9 +239,6 @@ spec: - description: "" name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) - - description: "" - name: SNAPSHOT_NAME - value: $(tasks.create-acs-style-snapshot.results.SNAPSHOT_NAME) workspaces: - name: git-auth @@ -258,12 +259,14 @@ spec: value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) + - name: enable-cache-proxy + value: $(params.enable-cache-proxy) taskRef: params: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:3ca52e1d8885fc229bd9067275f44d5b21a9a609981d0324b525ddeca909bf10 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:d6a10101f672a85da0a402177848a82fe7af439bc54451e54b0fbb1ddbeeb1f6 - name: kind value: task resolver: bundles @@ -287,7 +290,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3dc39eae48745a96097c07c577b944d6203a91c35d3f71d9ed5feab41d327a6a + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:0a89e1a6304076525e9766f63a4cd006763d21d5aca6863281fc427537a23c6f - name: kind value: task resolver: bundles @@ -310,7 +313,7 @@ spec: - name: name value: determine-image-expiration - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 - name: kind value: task resolver: bundles @@ -326,7 +329,7 @@ spec: - name: name value: determine-image-tag - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 - name: kind value: task resolver: bundles @@ -346,7 +349,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:569165278e3c85e3b897abad9f6d714d76be4b061f44f5f7614ed1c83ad117b4 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:3fa0204a481044b21f0e784ce39cbd25e8fb49c664a5458f3eef351fff1c906e - name: kind value: task resolver: bundles @@ -363,7 +366,7 @@ spec: - name: name value: wait-for-image - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 - name: kind value: task resolver: bundles @@ -496,7 +499,7 @@ spec: - name: name value: buildah-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.6@sha256:27d5644c496e889680422ee4383d4653d7a52972e42de2d9f9fd63cdcf94d998 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.7@sha256:916781b75e5f42a2e0b578b3ab3418e8bcc305168b2cd26ff41c8057e5c9ec28 - name: kind value: task resolver: bundles @@ -519,7 +522,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:4c2b0a2d2904108f8d19edfa878df6cd49ed19aab73ab6fc6a435fba0265f771 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:a61d8a6d0ba804869e8fe57a9289161817afad379ef2d7433d75ae40a148e2ec - name: kind value: task resolver: bundles @@ -539,7 +542,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:282cb5a9119a87e88559444feff67d76d6f356d03654b4845632c049b2314735 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:4abb2dbc9dcfad52d56b490a2f25f99989a2cb2bbd9881223025272db60fd75e - name: kind value: task resolver: bundles @@ -582,7 +585,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:8ec7d7b9438ace5ef3fb03a533d9440d0fd81e51c73b0dc1eb51602fb7cd044e + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:ee558db6af779ab162163ec88f288a5c1b2d5f70c3361f3690a474866e3bdc74 - name: kind value: task resolver: bundles @@ -604,7 +607,7 @@ spec: - name: name value: fips-operator-bundle-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-fips-operator-bundle-check-oci-ta:0.1@sha256:820475fc839568278a40d2699e791d15d7d6c7a48a430e4db695f0019da7e591 + value: quay.io/konflux-ci/tekton-catalog/task-fips-operator-bundle-check-oci-ta:0.1@sha256:d3b0730dac6a72db1de4a90f3f2703fb261365b2202cb79a9cf7cc56cec0671f - name: kind value: task resolver: bundles @@ -716,7 +719,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:1b6c20ab3dbfb0972803d3ebcb2fa72642e59400c77bd66dfd82028bdd09e120 + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:90c2b32ebf0a00f42c0c1d1675feb75ba71793ad1a4c22ddea7cdc71ed997a04 - name: kind value: task resolver: bundles @@ -742,132 +745,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:13633d5ba8445c0f732a0a5d1b33ffbb708398e45ef1647542b0ab22fee25a6a - - name: kind - value: task - resolver: bundles - - - name: create-acs-style-snapshot - description: Creates a Snapshot representing a valid set of ACS containers unlike the Snapshots created by Konflux automatically - # Explicitly running after all other tasks to ensure that - # - there are no failures that should prevent a release of the operator-bundle image (missing RPMs signatures, deprecated base images, ...) - # - the source image is present as it is required by EC - # Use scripts/ci/jobs/check-konflux-setup.sh to validate and update the list. - runAfter: - - apply-tags - - build-container - - build-source-image - - clair-scan - - clamav-scan - - clone-repository - - deprecated-base-image-check - - determine-image-expiration - - determine-image-tag - - fips-operator-bundle-check-oci-ta - - init - - post-metric-start - - prefetch-dependencies - - push-dockerfile - - rpms-signature-scan - - sast-shell-check - - sast-snyk-check - - sast-unicode-check - - wait-for-central-db-image - - wait-for-collector-image - - wait-for-main-image - - wait-for-operator-image - - wait-for-roxctl-image - - wait-for-scanner-db-image - - wait-for-scanner-db-slim-image - - wait-for-scanner-image - - wait-for-scanner-slim-image - - wait-for-scanner-v4-db-image - - wait-for-scanner-v4-image - params: - - name: PRODUCT_VERSION - value: $(tasks.determine-image-tag.results.IMAGE_TAG) - - name: COMPONENTS - value: | - [ - { - "name": "central-db", - "containerImage": "$(params.central-db-image-build-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-central-db-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-central-db-image.results.GIT_REF)" - }, - { - "name": "collector", - "containerImage": "$(params.collector-image-build-repo)@$(tasks.wait-for-collector-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-collector-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-collector-image.results.GIT_REF)" - }, - { - "name": "main", - "containerImage": "$(params.main-image-build-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-main-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-main-image.results.GIT_REF)" - }, - { - "name": "operator", - "containerImage": "$(params.operator-image-build-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-operator-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-operator-image.results.GIT_REF)" - }, - { - "name": "operator-bundle", - "containerImage": "$(params.output-image-repo)@$(tasks.build-container.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, - { - "name": "roxctl", - "containerImage": "$(params.roxctl-image-build-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-roxctl-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-roxctl-image.results.GIT_REF)" - }, - { - "name": "scanner-db", - "containerImage": "$(params.scanner-db-image-build-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-db-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-db-image.results.GIT_REF)" - }, - { - "name": "scanner-db-slim", - "containerImage": "$(params.scanner-db-slim-image-build-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REF)" - }, - { - "name": "scanner", - "containerImage": "$(params.scanner-image-build-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-image.results.GIT_REF)" - }, - { - "name": "scanner-slim", - "containerImage": "$(params.scanner-slim-image-build-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-slim-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-slim-image.results.GIT_REF)" - }, - { - "name": "scanner-v4-db", - "containerImage": "$(params.scanner-v4-db-image-build-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-v4-db-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-v4-db-image.results.GIT_REF)" - }, - { - "name": "scanner-v4", - "containerImage": "$(params.scanner-v4-image-build-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-v4-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-v4-image.results.GIT_REF)" - } - ] - taskRef: - params: - - name: name - value: create-snapshot - - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:08bba4a659ecd48f871bef00b80af58954e5a09fcbb28a1783ddd640c4f6535e - name: kind value: task resolver: bundles diff --git a/.tekton/retag-pipeline.yaml b/.tekton/retag-pipeline.yaml index 42de499e31cfb..c55a67835dd12 100644 --- a/.tekton/retag-pipeline.yaml +++ b/.tekton/retag-pipeline.yaml @@ -35,7 +35,7 @@ spec: - name: name value: post-bigquery-metrics - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 - name: kind value: task resolver: bundles @@ -117,7 +117,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3dc39eae48745a96097c07c577b944d6203a91c35d3f71d9ed5feab41d327a6a + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:0a89e1a6304076525e9766f63a4cd006763d21d5aca6863281fc427537a23c6f - name: kind value: task resolver: bundles @@ -136,7 +136,7 @@ spec: - name: name value: determine-image-tag - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 - name: kind value: task resolver: bundles @@ -154,7 +154,7 @@ spec: - name: name value: determine-dependency-image-tag - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 - name: kind value: task resolver: bundles @@ -170,7 +170,7 @@ spec: - name: name value: wait-for-image - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 - name: kind value: task resolver: bundles @@ -195,7 +195,7 @@ spec: - name: name value: retag-image - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 - name: kind value: task resolver: bundles diff --git a/.tekton/scanner-v4-pipeline.yaml b/.tekton/scanner-v4-pipeline.yaml index 723bf28d1aac9..713d3e34b19d9 100644 --- a/.tekton/scanner-v4-pipeline.yaml +++ b/.tekton/scanner-v4-pipeline.yaml @@ -49,7 +49,7 @@ spec: - name: name value: post-bigquery-metrics - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 - name: kind value: task resolver: bundles @@ -134,6 +134,10 @@ spec: name: build-platforms type: array + - name: enable-cache-proxy + default: 'false' + description: Enable cache proxy configuration + type: string results: - description: "" name: IMAGE_URL @@ -167,12 +171,14 @@ spec: value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) + - name: enable-cache-proxy + value: $(params.enable-cache-proxy) taskRef: params: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:3ca52e1d8885fc229bd9067275f44d5b21a9a609981d0324b525ddeca909bf10 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:d6a10101f672a85da0a402177848a82fe7af439bc54451e54b0fbb1ddbeeb1f6 - name: kind value: task resolver: bundles @@ -196,7 +202,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3dc39eae48745a96097c07c577b944d6203a91c35d3f71d9ed5feab41d327a6a + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:0a89e1a6304076525e9766f63a4cd006763d21d5aca6863281fc427537a23c6f - name: kind value: task resolver: bundles @@ -219,7 +225,7 @@ spec: - name: name value: determine-image-expiration - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 - name: kind value: task resolver: bundles @@ -235,7 +241,7 @@ spec: - name: name value: determine-image-tag - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 - name: kind value: task resolver: bundles @@ -255,7 +261,7 @@ spec: - name: name value: fetch-scanner-v4-vuln-mappings - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:a96905adcdd4a6b37a58a09b4e4b3e9d916c752dfb0b7d848e8fe71dab12b754 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:59148be3cd55209bb3f265cbc2e9e10223535526e34496e202e2218ab8df0dc0 - name: kind value: task resolver: bundles @@ -275,7 +281,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:569165278e3c85e3b897abad9f6d714d76be4b061f44f5f7614ed1c83ad117b4 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:3fa0204a481044b21f0e784ce39cbd25e8fb49c664a5458f3eef351fff1c906e - name: kind value: task resolver: bundles @@ -324,7 +330,7 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.6@sha256:c9eb4f18a14f4fab96add0028759af7aac21e42a93d3e098a5461de641a06f7f + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.7@sha256:ee5e01eb59a3f70bb1012950fbc4081bac96d3f3517e6d204314484cd2e0059b - name: kind value: task resolver: bundles @@ -351,7 +357,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:3411aeecdf045f8e61532abb88c28b7479cb8372420ac713f1f6756aa8fa843a + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.2@sha256:803ae1ecf35bc5d22be9882819e942e4b699cb17655055afc6bb6b02d34cfab8 - name: kind value: task resolver: bundles @@ -375,7 +381,7 @@ spec: - name: name value: apply-tags - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:4c2b0a2d2904108f8d19edfa878df6cd49ed19aab73ab6fc6a435fba0265f771 + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:a61d8a6d0ba804869e8fe57a9289161817afad379ef2d7433d75ae40a148e2ec - name: kind value: task resolver: bundles @@ -399,7 +405,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:282cb5a9119a87e88559444feff67d76d6f356d03654b4845632c049b2314735 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:4abb2dbc9dcfad52d56b490a2f25f99989a2cb2bbd9881223025272db60fd75e - name: kind value: task resolver: bundles @@ -447,7 +453,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:8ec7d7b9438ace5ef3fb03a533d9440d0fd81e51c73b0dc1eb51602fb7cd044e + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:ee558db6af779ab162163ec88f288a5c1b2d5f70c3361f3690a474866e3bdc74 - name: kind value: task resolver: bundles @@ -470,7 +476,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:9568c51a5158d534248908b9b561cf67d2826ed4ea164ffd95628bb42380e6ec + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:04f75593558f79a27da2336400bc63d460bf0c5669e3c13f40ee2fb650b1ad1e - name: kind value: task resolver: bundles @@ -587,7 +593,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:1b6c20ab3dbfb0972803d3ebcb2fa72642e59400c77bd66dfd82028bdd09e120 + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:90c2b32ebf0a00f42c0c1d1675feb75ba71793ad1a4c22ddea7cdc71ed997a04 - name: kind value: task resolver: bundles @@ -613,7 +619,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:13633d5ba8445c0f732a0a5d1b33ffbb708398e45ef1647542b0ab22fee25a6a + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:08bba4a659ecd48f871bef00b80af58954e5a09fcbb28a1783ddd640c4f6535e - name: kind value: task resolver: bundles diff --git a/CHANGELOG.md b/CHANGELOG.md index 736cf6b7e7421..ec8bb09fa799c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,12 @@ Put an entry in this file if your change is user-visible and you consider it _pa Changes should still be described appropriately in JIRA/doc input pages, for inclusion in downstream release notes. +## [4.9.2] + +**Full Changelog**: [4.9.1...4.9.2](https://github.com/stackrox/stackrox/compare/4.9.1...4.9.2) + +For a description of the changes, review the [Release Notes](https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.9/html/release_notes/index) on the Red Hat Documentation portal. + ## [4.9.1] ### Technical Changes @@ -102,7 +108,7 @@ since 4.7 and prior. before dropping occurs. New metrics have been added for monitoring sensor components: - `rox_sensor_component_process_message_duration_seconds`: Tracks processing time for messages from Central in each sensor component - `rox_sensor_component_queue_operations_total`: Tracks operations on component buffer queues - - `rox_sensor_component_process_message_errors_total`: Tracks processing errors in each sensor component + - `rox_sensor_component_process_message_errors_total`: Tracks processing errors in each sensor component (note: it will not be published until an error occurs) - ROX-30729: Allow to spin up a Sensitive File Activity monitoring agent via `ROX_SENSITIVE_FILE_ACTIVITY` env var. The agent itself is in dev preview and is not supposed to be used in production in this version. - ROX-31365: Fixed an issue that could cause DB connection exhaustion when many sensor try to reconnect at the same time diff --git a/COLLECTOR_VERSION b/COLLECTOR_VERSION index f25f29a751b3f..c873913dd1682 100644 --- a/COLLECTOR_VERSION +++ b/COLLECTOR_VERSION @@ -1 +1 @@ -3.23.2 +3.23.3 diff --git a/SCANNER_VERSION b/SCANNER_VERSION index d8c75617d30f7..5c26d0864e92e 100644 --- a/SCANNER_VERSION +++ b/SCANNER_VERSION @@ -1 +1 @@ -2.38.1 +2.38.2 diff --git a/central/graphql/resolvers/activestateenum_string.go b/central/graphql/resolvers/activestateenum_string.go index a37dee7b263b4..74f5c0d617b5d 100644 --- a/central/graphql/resolvers/activestateenum_string.go +++ b/central/graphql/resolvers/activestateenum_string.go @@ -19,8 +19,9 @@ const _ActiveStateEnum_name = "UndeterminedInactiveActiveFeatureDisabled" var _ActiveStateEnum_index = [...]uint8{0, 12, 20, 26, 41} func (i ActiveStateEnum) String() string { - if i < 0 || i >= ActiveStateEnum(len(_ActiveStateEnum_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_ActiveStateEnum_index)-1 { return "ActiveStateEnum(" + strconv.FormatInt(int64(i), 10) + ")" } - return _ActiveStateEnum_name[_ActiveStateEnum_index[i]:_ActiveStateEnum_index[i+1]] + return _ActiveStateEnum_name[_ActiveStateEnum_index[idx]:_ActiveStateEnum_index[idx+1]] } diff --git a/central/image/datastore/datastore_impl.go b/central/image/datastore/datastore_impl.go index 4731c4fd07713..50fc30aa2ec02 100644 --- a/central/image/datastore/datastore_impl.go +++ b/central/image/datastore/datastore_impl.go @@ -126,7 +126,7 @@ func (ds *datastoreImpl) SearchListImages(ctx context.Context, q *v1.Query) ([]* defer metrics.SetDatastoreFunctionDuration(time.Now(), "Image", "SearchListImages") var imgs []*storage.ListImage - err := ds.storage.WalkByQuery(ctx, q, func(img *storage.Image) error { + err := ds.storage.WalkMetadataByQuery(ctx, q, func(img *storage.Image) error { imgs = append(imgs, imageTypes.ConvertImageToListImage(img)) return nil }) diff --git a/central/image/datastore/store/mocks/store.go b/central/image/datastore/store/mocks/store.go index dceee92a2fe9b..923037595c488 100644 --- a/central/image/datastore/store/mocks/store.go +++ b/central/image/datastore/store/mocks/store.go @@ -221,3 +221,17 @@ func (mr *MockStoreMockRecorder) WalkByQuery(ctx, q, fn any) *gomock.Call { mr.mock.ctrl.T.Helper() return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "WalkByQuery", reflect.TypeOf((*MockStore)(nil).WalkByQuery), ctx, q, fn) } + +// WalkMetadataByQuery mocks base method. +func (m *MockStore) WalkMetadataByQuery(ctx context.Context, q *v1.Query, fn func(*storage.Image) error) error { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "WalkMetadataByQuery", ctx, q, fn) + ret0, _ := ret[0].(error) + return ret0 +} + +// WalkMetadataByQuery indicates an expected call of WalkMetadataByQuery. +func (mr *MockStoreMockRecorder) WalkMetadataByQuery(ctx, q, fn any) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "WalkMetadataByQuery", reflect.TypeOf((*MockStore)(nil).WalkMetadataByQuery), ctx, q, fn) +} diff --git a/central/image/datastore/store/postgres/store.go b/central/image/datastore/store/postgres/store.go index b98af7e9b1714..4585fa456676e 100644 --- a/central/image/datastore/store/postgres/store.go +++ b/central/image/datastore/store/postgres/store.go @@ -1218,6 +1218,19 @@ func (s *storeImpl) WalkByQuery(ctx context.Context, q *v1.Query, fn func(image return nil } +// This store is no longer used with the new CVE data model. Added this method to satisfy the store interface. +func (s *storeImpl) WalkMetadataByQuery(ctx context.Context, q *v1.Query, fn func(img *storage.Image) error) error { + defer metrics.SetPostgresOperationDurationTime(time.Now(), ops.WalkMetadataByQuery, "Image") + + q = applyDefaultSort(q) + + err := pgSearch.RunCursorQueryForSchemaFn(ctx, pkgSchema.ImagesSchema, q, s.db, fn) + if err != nil { + return errors.Wrap(err, "cursor by query") + } + return nil +} + //// Used for testing func dropAllTablesInImageTree(ctx context.Context, db postgres.DB) { diff --git a/central/image/datastore/store/store.go b/central/image/datastore/store/store.go index 3c20a62ac9817..f950869a20af3 100644 --- a/central/image/datastore/store/store.go +++ b/central/image/datastore/store/store.go @@ -25,6 +25,7 @@ type Store interface { GetImageMetadata(ctx context.Context, id string) (*storage.Image, bool, error) GetManyImageMetadata(ctx context.Context, id []string) ([]*storage.Image, error) WalkByQuery(ctx context.Context, q *v1.Query, fn func(img *storage.Image) error) error + WalkMetadataByQuery(ctx context.Context, q *v1.Query, fn func(img *storage.Image) error) error Upsert(ctx context.Context, image *storage.Image) error Delete(ctx context.Context, id string) error diff --git a/central/image/datastore/store/v2/postgres/store.go b/central/image/datastore/store/v2/postgres/store.go index f64ce2976e9e9..4c1730b056142 100644 --- a/central/image/datastore/store/v2/postgres/store.go +++ b/central/image/datastore/store/v2/postgres/store.go @@ -870,6 +870,18 @@ func (s *storeImpl) WalkByQuery(ctx context.Context, q *v1.Query, fn func(image return nil } +func (s *storeImpl) WalkMetadataByQuery(ctx context.Context, q *v1.Query, fn func(img *storage.Image) error) error { + defer metrics.SetPostgresOperationDurationTime(time.Now(), ops.WalkMetadataByQuery, "Image") + + q = applyDefaultSort(q) + + err := pgSearch.RunCursorQueryForSchemaFn(ctx, pkgSchema.ImagesSchema, q, s.db, fn) + if err != nil { + return errors.Wrap(err, "cursor by query") + } + return nil +} + // GetImageMetadata returns the image without scan/component data. func (s *storeImpl) GetImageMetadata(ctx context.Context, id string) (*storage.Image, bool, error) { defer metrics.SetPostgresOperationDurationTime(time.Now(), ops.Get, "ImageMetadata") diff --git a/central/image/datastore/store/v2/postgres/store_bench_test.go b/central/image/datastore/store/v2/postgres/store_bench_test.go new file mode 100644 index 0000000000000..f20a44306e7ab --- /dev/null +++ b/central/image/datastore/store/v2/postgres/store_bench_test.go @@ -0,0 +1,60 @@ +//go:build sql_integration + +package postgres + +import ( + "context" + "fmt" + "testing" + + "github.com/stackrox/rox/generated/storage" + "github.com/stackrox/rox/pkg/concurrency" + "github.com/stackrox/rox/pkg/fixtures" + "github.com/stackrox/rox/pkg/postgres/pgtest" + "github.com/stackrox/rox/pkg/sac" + "github.com/stackrox/rox/pkg/search" + "github.com/stretchr/testify/require" +) + +// BenchmarkWalkComparison benchmarks both Walk functions for comparison +func BenchmarkWalkComparison(b *testing.B) { + ctx := sac.WithAllAccess(context.Background()) + testDB := pgtest.ForT(b) + + store := New(testDB.DB, false, concurrency.NewKeyFence()) + + // Setup: Insert test images + numImages := 100 + images := make([]*storage.Image, 0, numImages) + for i := 0; i < numImages; i++ { + img := fixtures.GetImageWithUniqueComponents(5) + img.Id = fmt.Sprintf("%d", i) + images = append(images, img) + } + + for _, image := range images { + require.NoError(b, store.Upsert(ctx, image)) + } + + b.Run("WalkByQuery", func(b *testing.B) { + for b.Loop() { + count := 0 + err := store.WalkByQuery(ctx, search.EmptyQuery(), func(image *storage.Image) error { + count++ + return nil + }) + require.NoError(b, err) + } + }) + + b.Run("WalkMetadataByQuery", func(b *testing.B) { + for b.Loop() { + count := 0 + err := store.WalkMetadataByQuery(ctx, search.EmptyQuery(), func(image *storage.Image) error { + count++ + return nil + }) + require.NoError(b, err) + } + }) +} diff --git a/central/image/datastore/store/v2/postgres/store_test.go b/central/image/datastore/store/v2/postgres/store_test.go index d633c7637c284..469b529a0df27 100644 --- a/central/image/datastore/store/v2/postgres/store_test.go +++ b/central/image/datastore/store/v2/postgres/store_test.go @@ -389,6 +389,36 @@ func (s *ImagesStoreSuite) TestWalkByQuery() { s.NoError(s.store.WalkByQuery(s.ctx, q, walkFn)) } +func (s *ImagesStoreSuite) TestWalkMetadataByQuery() { + image := getTestImage("image1") + image2 := getTestImage("image2") + + // Add an image + s.NoError(s.store.Upsert(s.ctx, image)) + _, exists, err := s.store.Get(s.ctx, image.GetId()) + s.NoError(err) + s.True(exists) + + // Add a second image + s.NoError(s.store.Upsert(s.ctx, image2)) + _, exists, err = s.store.Get(s.ctx, image2.GetId()) + s.NoError(err) + s.True(exists) + + walkFn := func(obj *storage.Image) error { + if obj.GetId() != image.GetId() { + return fmt.Errorf("expected image1 but got %s", obj.GetId()) + } + if obj.GetScan().GetComponents() != nil { + return fmt.Errorf("expected scan components to be nil but got %d components", len(obj.GetScan().GetComponents())) + } + return nil + } + + q := search.NewQueryBuilder().AddExactMatches(search.ImageSHA, image.GetId()).ProtoQuery() + s.NoError(s.store.WalkMetadataByQuery(s.ctx, q, walkFn)) +} + func (s *ImagesStoreSuite) TestGetMany() { image := getTestImage("image1") image2 := getTestImage("image2") diff --git a/central/node/datastore/store/postgres/store_test.go b/central/node/datastore/store/postgres/store_test.go index fed923e2a565b..327b2b2bad563 100644 --- a/central/node/datastore/store/postgres/store_test.go +++ b/central/node/datastore/store/postgres/store_test.go @@ -4,6 +4,7 @@ package postgres import ( "context" + "fmt" "testing" "time" @@ -108,6 +109,29 @@ func (s *NodesStoreSuite) TestStore() { s.Nil(foundNode) } +func (s *NodesStoreSuite) TestWalkByQuery() { + store := CreateTableAndNewStore(s.ctx, s.T(), s.pool, s.gormDB, false) + + node := &storage.Node{} + s.NoError(testutils.FullInit(node, testutils.UniqueInitializer(), testutils.JSONFieldsFilter)) + + node2 := node.CloneVT() + node2.Id = uuid.NewDummy().String() + + s.NoError(store.Upsert(s.ctx, node)) + s.NoError(store.Upsert(s.ctx, node2)) + + walkFn := func(obj *storage.Node) error { + if obj.GetId() != node.GetId() { + return fmt.Errorf("expected node1 but got %s", obj.GetId()) + } + return nil + } + + q := search.NewQueryBuilder().AddExactMatches(search.NodeID, node.GetId()).ProtoQuery() + s.NoError(store.WalkByQuery(s.ctx, q, walkFn)) +} + func (s *NodesStoreSuite) TestStore_UpsertWithoutScan() { store := CreateTableAndNewStore(s.ctx, s.T(), s.pool, s.gormDB, false) diff --git a/central/policy/datastore/datastore_impl_postgres_test.go b/central/policy/datastore/datastore_impl_postgres_test.go index 7fb174a3c4a72..d7822494df518 100644 --- a/central/policy/datastore/datastore_impl_postgres_test.go +++ b/central/policy/datastore/datastore_impl_postgres_test.go @@ -24,6 +24,7 @@ import ( "github.com/stackrox/rox/pkg/sac" "github.com/stackrox/rox/pkg/sac/resources" pkgSearch "github.com/stackrox/rox/pkg/search" + "github.com/stackrox/rox/pkg/uuid" "github.com/stretchr/testify/suite" "go.uber.org/mock/gomock" "gorm.io/gorm" @@ -373,3 +374,106 @@ func (s *PolicyPostgresDataStoreTestSuite) TestTransactionRollbacks() { // Clean up policy _ = s.datastoreWithMockCategoryDS.RemovePolicy(ctx, policy) } + +func (s *PolicyPostgresDataStoreTestSuite) TestAddDefaultsDeduplicatesCategoryNames() { + ctx := sac.WithAllAccess(context.Background()) + + // Create a policy with incorrect category names that need to be deduplicated + policy := fixtures.GetPolicy() + policy.Id = "test-policy-dedup" + policy.Name = "Test Policy for Deduplication" + + // Add the policy first + _, err := s.datastore.AddPolicy(ctx, policy) + s.NoError(err) + + // Clear existing categories from the policy + err = s.categoryDS.SetPolicyCategoriesForPolicy(ctx, policy.GetId(), []string{}) + s.NoError(err) + + // Create categories with incorrect names directly using the store to bypass normalization + // These are the incorrect names: "Docker Cis" and "Devops Best Practices" + categoryStorage := categoryPostgres.New(s.db) + edgeStorage := edgePostgres.New(s.db) + edgeDS := policyCategoryEdgeDS.New(edgeStorage) + + dockerCisCategory := &storage.PolicyCategory{ + Id: uuid.NewV4().String(), + Name: "Docker Cis", + IsDefault: false, + } + devopsCategory := &storage.PolicyCategory{ + Id: uuid.NewV4().String(), + Name: "Devops Best Practices", + IsDefault: false, + } + + // Upsert the incorrect categories directly to the store + err = categoryStorage.Upsert(ctx, dockerCisCategory) + s.NoError(err) + err = categoryStorage.Upsert(ctx, devopsCategory) + s.NoError(err) + + // Create edges linking the policy to the incorrect categories + dockerCisEdge := &storage.PolicyCategoryEdge{ + Id: uuid.NewV4().String(), + PolicyId: policy.GetId(), + CategoryId: dockerCisCategory.GetId(), + } + devopsEdge := &storage.PolicyCategoryEdge{ + Id: uuid.NewV4().String(), + PolicyId: policy.GetId(), + CategoryId: devopsCategory.GetId(), + } + err = edgeDS.UpsertMany(ctx, []*storage.PolicyCategoryEdge{dockerCisEdge, devopsEdge}) + s.NoError(err) + + // Verify the policy has the incorrect category names + categories, err := s.categoryDS.GetPolicyCategoriesForPolicy(ctx, policy.GetId()) + s.NoError(err) + s.Len(categories, 2) + categoryNames := make([]string, len(categories)) + for i, c := range categories { + categoryNames[i] = c.GetName() + } + s.Contains(categoryNames, "Docker Cis") + s.Contains(categoryNames, "Devops Best Practices") + + // Verify the incorrect category objects exist + searchQuery := pkgSearch.NewQueryBuilder().AddExactMatches(pkgSearch.PolicyCategoryName, "Docker Cis", "Devops Best Practices").ProtoQuery() + results, err := s.categoryDS.Search(ctx, searchQuery) + s.NoError(err) + s.Len(results, 2) // Both incorrect categories should exist + + // Now call addDefaults which should fix the category names + policyStorage := policyStore.New(s.db) + addDefaults(policyStorage, s.categoryDS, s.datastore) + + // Verify the policy now has the correct category names + categories, err = s.categoryDS.GetPolicyCategoriesForPolicy(ctx, policy.GetId()) + s.NoError(err) + s.Len(categories, 2) + categoryNames = make([]string, len(categories)) + for i, c := range categories { + categoryNames[i] = c.GetName() + } + s.Contains(categoryNames, "Docker CIS") + s.Contains(categoryNames, "DevOps Best Practices") + s.NotContains(categoryNames, "Docker Cis") + s.NotContains(categoryNames, "Devops Best Practices") + + // Verify the incorrect category objects have been deleted + searchQuery = pkgSearch.NewQueryBuilder().AddExactMatches(pkgSearch.PolicyCategoryName, "Docker Cis", "Devops Best Practices").ProtoQuery() + results, err = s.categoryDS.Search(ctx, searchQuery) + s.NoError(err) + s.Len(results, 0) // Both incorrect categories should be deleted + + // Verify the correct category objects exist + searchQuery = pkgSearch.NewQueryBuilder().AddExactMatches(pkgSearch.PolicyCategoryName, "Docker CIS", "DevOps Best Practices").ProtoQuery() + results, err = s.categoryDS.Search(ctx, searchQuery) + s.NoError(err) + s.Len(results, 2) // Both correct categories should exist + + // Clean up + s.NoError(s.datastore.RemovePolicy(ctx, policy)) +} diff --git a/central/policy/datastore/singleton.go b/central/policy/datastore/singleton.go index bbb01ee410cc6..2afb24dd45e54 100644 --- a/central/policy/datastore/singleton.go +++ b/central/policy/datastore/singleton.go @@ -13,7 +13,9 @@ import ( "github.com/stackrox/rox/pkg/defaults/policies" "github.com/stackrox/rox/pkg/policyutils" "github.com/stackrox/rox/pkg/sac" + searchPkg "github.com/stackrox/rox/pkg/search" "github.com/stackrox/rox/pkg/set" + "github.com/stackrox/rox/pkg/sliceutils" "github.com/stackrox/rox/pkg/sync" "github.com/stackrox/rox/pkg/utils" ) @@ -32,7 +34,7 @@ func initialize() { categoriesDatastore := categoriesDS.Singleton() ad = New(storage, clusterDatastore, notifierDatastore, categoriesDatastore) - addDefaults(storage, categoriesDatastore) + addDefaults(storage, categoriesDatastore, ad) } // Singleton provides the interface for non-service external interaction. @@ -44,20 +46,69 @@ func Singleton() DataStore { // addDefaults adds the default policies into the postgres table for policies. // TODO: ROX-11279: Data migration for postgres should take care of removing default policies in the bolt bucket named removed_default_policies // from the policies table in postgres -func addDefaults(s policyStore.Store, categoriesDS categoriesDS.DataStore) { +func addDefaults(s policyStore.Store, categoriesDS categoriesDS.DataStore, fullStore DataStore) { policyIDSet := set.NewStringSet() + storedPolicies := make([]*storage.Policy, 0) err := s.Walk(workflowAdministrationCtx, func(p *storage.Policy) error { policyIDSet.Add(p.GetId()) // Unrelated to adding/checking default policies, this was put here to prevent looping through all policies a second time if p.Source == storage.PolicySource_DECLARATIVE { metrics.IncrementTotalExternalPoliciesGauge() } + storedPolicies = append(storedPolicies, p) return nil }) + if err != nil { panic(err) } + // ROX-31406: Fix categories that were impacted by previous bug + for _, p := range storedPolicies { + var categories []*storage.PolicyCategory + categories, err = categoriesDS.GetPolicyCategoriesForPolicy(workflowAdministrationCtx, p.GetId()) + if err != nil { + panic(err) + } + shouldReupsert := false + p.Categories = sliceutils.Map[*storage.PolicyCategory, string](categories, func(c *storage.PolicyCategory) string { + // Both Docker CIS and DevOps Best Practices were broken as a result of a change made in 4.8 that added + // a title case enforcement on policies that were added, not accounting for the fact that words may have + // more than just the first character capitalized. This code section just fixes the default categories + // that may have been duplicated as a result of this. + if c.GetName() == "Docker Cis" { + shouldReupsert = true + return "Docker CIS" + } else if c.GetName() == "Devops Best Practices" { + shouldReupsert = true + return "DevOps Best Practices" + } + return c.GetName() + }) + if shouldReupsert { + // Update policy, taking advantage of the full datastore updating edges for us + err = fullStore.UpdatePolicy(sac.WithAllAccess(context.Background()), p) + if err != nil { + panic(err) + } + } + } + + // Clean up invalid policy categories + var results []searchPkg.Result + q := searchPkg.NewQueryBuilder().AddExactMatches(searchPkg.PolicyCategoryName, "Devops Best Practices", "Docker Cis").ProtoQuery() + results, err = categoriesDS.Search(workflowAdministrationCtx, q) + if err != nil { + panic(err) + } + for _, result := range results { + err = categoriesDS.DeletePolicyCategory(sac.WithAllAccess(context.Background()), result.ID) + if err != nil { + panic(err) + } + } + // End ROX-31406-specific code + // Preload the default policies. defaultPolicies, err := policies.DefaultPolicies() // Hard panic here is okay, since we can always guarantee that we will be able to get the default policies out. diff --git a/central/policycategory/datastore/datastore_impl.go b/central/policycategory/datastore/datastore_impl.go index 3f7388a8c80be..6a9982c1b93d7 100644 --- a/central/policycategory/datastore/datastore_impl.go +++ b/central/policycategory/datastore/datastore_impl.go @@ -26,12 +26,13 @@ import ( var ( log = logging.LoggerForModule() policyCategorySAC = sac.ForResource(resources.WorkflowAdministration) - titleCase = cases.Title(language.English) policyCategoryCtx = sac.WithGlobalAccessScopeChecker(context.Background(), sac.AllowFixedScopes( sac.AccessModeScopeKeys(storage.Access_READ_ACCESS, storage.Access_READ_WRITE_ACCESS), sac.ResourceScopeKeys(resources.WorkflowAdministration))) + + titleCase = cases.Title(language.English, cases.NoLower) ) type datastoreImpl struct { diff --git a/central/scannerdefinitions/handler/updatertype_string.go b/central/scannerdefinitions/handler/updatertype_string.go index 7c3e69f7a0f23..82ec4cdeb60a0 100644 --- a/central/scannerdefinitions/handler/updatertype_string.go +++ b/central/scannerdefinitions/handler/updatertype_string.go @@ -18,8 +18,9 @@ const _updaterType_name = "mappingUpdaterTypevulnerabilityUpdaterTypev2UpdaterTy var _updaterType_index = [...]uint8{0, 18, 42, 55} func (i updaterType) String() string { - if i < 0 || i >= updaterType(len(_updaterType_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_updaterType_index)-1 { return "updaterType(" + strconv.FormatInt(int64(i), 10) + ")" } - return _updaterType_name[_updaterType_index[i]:_updaterType_index[i+1]] + return _updaterType_name[_updaterType_index[idx]:_updaterType_index[idx+1]] } diff --git a/go.mod b/go.mod index a11e070cd06fb..f9a122b07a801 100644 --- a/go.mod +++ b/go.mod @@ -138,16 +138,16 @@ require ( go.uber.org/mock v0.6.0 go.uber.org/zap v1.27.0 go.yaml.in/yaml/v3 v3.0.4 - golang.org/x/crypto v0.43.0 + golang.org/x/crypto v0.45.0 golang.org/x/mod v0.29.0 - golang.org/x/net v0.46.0 + golang.org/x/net v0.47.0 golang.org/x/oauth2 v0.31.0 - golang.org/x/sync v0.17.0 - golang.org/x/sys v0.37.0 - golang.org/x/term v0.36.0 - golang.org/x/text v0.30.0 + golang.org/x/sync v0.18.0 + golang.org/x/sys v0.38.0 + golang.org/x/term v0.37.0 + golang.org/x/text v0.31.0 golang.org/x/time v0.14.0 - golang.org/x/tools v0.37.0 + golang.org/x/tools v0.38.0 golang.stackrox.io/grpc-http1 v0.5.1 google.golang.org/api v0.252.0 google.golang.org/genproto v0.0.0-20250603155806-513f23925822 diff --git a/go.sum b/go.sum index e2b4d32d990f9..f9a18e5fc34d4 100644 --- a/go.sum +++ b/go.sum @@ -1804,8 +1804,8 @@ golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= -golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04= -golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0= +golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q= +golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1913,8 +1913,8 @@ golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= -golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4= -golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210= +golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= +golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1929,8 +1929,8 @@ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= -golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= +golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -2031,8 +2031,8 @@ golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ= -golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= +golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -2045,8 +2045,8 @@ golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= -golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q= -golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss= +golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU= +golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2064,8 +2064,8 @@ golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k= -golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM= +golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= +golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -2141,8 +2141,8 @@ golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpd golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE= -golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w= +golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= +golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= golang.org/x/tools/go/expect v0.1.0-deprecated h1:jY2C5HGYR5lqex3gEniOQL0r7Dq5+VGVgY1nudX5lXY= golang.org/x/tools/go/expect v0.1.0-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= diff --git a/image/postgres/konflux.Dockerfile b/image/postgres/konflux.Dockerfile index 3fe0d3be046e6..490be6b1405ef 100644 --- a/image/postgres/konflux.Dockerfile +++ b/image/postgres/konflux.Dockerfile @@ -1,5 +1,5 @@ ARG PG_VERSION=15 -FROM registry.redhat.io/rhel8/postgresql-${PG_VERSION}:latest@sha256:68fc74033591a7c7608adb438a81ffdf232f199adbc7c92df286097debd815d0 AS final +FROM registry.redhat.io/rhel8/postgresql-${PG_VERSION}:latest@sha256:042f6efe0f16e94ffb2d0a3bede852bb026b6dce661ac5b339e6f63846467b9d AS final USER root diff --git a/image/rhel/konflux.Dockerfile b/image/rhel/konflux.Dockerfile index 9e1fdfd83e5f6..effd81c7488f4 100644 --- a/image/rhel/konflux.Dockerfile +++ b/image/rhel/konflux.Dockerfile @@ -37,7 +37,7 @@ RUN mkdir -p image/rhel/docs/api/v1 && \ RUN make copy-go-binaries-to-image-dir -FROM registry.access.redhat.com/ubi9/nodejs-20:latest@sha256:5d78e13ba43b745fb55bc6efbd17eaf1e59cc7de885bf15c7b4d7566904ccb42 AS ui-builder +FROM registry.access.redhat.com/ubi9/nodejs-20:latest@sha256:71a3810707370f30bc0958aea14c3a5af564a3962ae0819bf16fdde7df9b4378 AS ui-builder WORKDIR /go/src/github.com/stackrox/rox/app @@ -59,7 +59,7 @@ ENV UI_PKG_INSTALL_EXTRA_ARGS="--ignore-scripts" RUN make -C ui build -FROM registry.access.redhat.com/ubi8/ubi-minimal:latest@sha256:951ee3cabb74246821ae31c2b808b7789310f5509882c153b7b178aaaeefa2d3 +FROM registry.access.redhat.com/ubi8/ubi-minimal:latest@sha256:a670c5b613280e17a666c858c9263a50aafe1a023a8d5730c7a83cb53771487b ARG PG_VERSION diff --git a/image/roxctl/konflux.Dockerfile b/image/roxctl/konflux.Dockerfile index 9f3390d232f08..d3482fddc107b 100644 --- a/image/roxctl/konflux.Dockerfile +++ b/image/roxctl/konflux.Dockerfile @@ -26,7 +26,7 @@ RUN RACE=0 CGO_ENABLED=1 GOOS=linux GOARCH=$(go env GOARCH) scripts/go-build.sh cp bin/linux_$(go env GOARCH)/roxctl image/bin/roxctl -FROM registry.access.redhat.com/ubi8/ubi-minimal:latest@sha256:951ee3cabb74246821ae31c2b808b7789310f5509882c153b7b178aaaeefa2d3 +FROM registry.access.redhat.com/ubi8/ubi-minimal:latest@sha256:a670c5b613280e17a666c858c9263a50aafe1a023a8d5730c7a83cb53771487b COPY --from=builder /go/src/github.com/stackrox/rox/app/image/bin/roxctl /usr/bin/roxctl diff --git a/operator/konflux.Dockerfile b/operator/konflux.Dockerfile index 50304e702e90d..13aa5abdbd6f6 100644 --- a/operator/konflux.Dockerfile +++ b/operator/konflux.Dockerfile @@ -17,7 +17,7 @@ ENV CI=1 GOFLAGS="" CGO_ENABLED=1 RUN GOOS=linux GOARCH=$(go env GOARCH) scripts/go-build-file.sh operator/cmd/main.go image/bin/operator -FROM registry.access.redhat.com/ubi8/ubi-minimal:latest@sha256:951ee3cabb74246821ae31c2b808b7789310f5509882c153b7b178aaaeefa2d3 +FROM registry.access.redhat.com/ubi8/ubi-minimal:latest@sha256:a670c5b613280e17a666c858c9263a50aafe1a023a8d5730c7a83cb53771487b ARG BUILD_TAG diff --git a/operator/konflux.bundle.Dockerfile b/operator/konflux.bundle.Dockerfile index d214b13df0917..e328144d2b31e 100644 --- a/operator/konflux.bundle.Dockerfile +++ b/operator/konflux.bundle.Dockerfile @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi9/python-39:latest@sha256:8093b0752e9cce0019c0708f55a032c158d70fefe31a2dcb13d179311e356e5e AS builder +FROM registry.access.redhat.com/ubi9/python-39:latest@sha256:8392799f609b0de3f9a4640400d460f5e2563b2b6f09e6b5fe89a67adda75c6a AS builder # Because 'default' user cannot create build/ directory and errrors like: # mkdir: cannot create directory ‘build/’: Permission denied diff --git a/pkg/booleanpolicy/query/operator_string.go b/pkg/booleanpolicy/query/operator_string.go index 2ab7e93626c38..b5534bd7c1b68 100644 --- a/pkg/booleanpolicy/query/operator_string.go +++ b/pkg/booleanpolicy/query/operator_string.go @@ -18,8 +18,9 @@ const _Operator_name = "UnsetAndOr" var _Operator_index = [...]uint8{0, 5, 8, 10} func (i Operator) String() string { - if i < 0 || i >= Operator(len(_Operator_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_Operator_index)-1 { return "Operator(" + strconv.FormatInt(int64(i), 10) + ")" } - return _Operator_name[_Operator_index[i]:_Operator_index[i+1]] + return _Operator_name[_Operator_index[idx]:_Operator_index[idx+1]] } diff --git a/pkg/images/enricher/scanresult_string.go b/pkg/images/enricher/scanresult_string.go index 476fc43e7e541..312f7a90e6dbb 100644 --- a/pkg/images/enricher/scanresult_string.go +++ b/pkg/images/enricher/scanresult_string.go @@ -18,8 +18,9 @@ const _ScanResult_name = "ScanNotDoneScanTriggeredScanSucceeded" var _ScanResult_index = [...]uint8{0, 11, 24, 37} func (i ScanResult) String() string { - if i < 0 || i >= ScanResult(len(_ScanResult_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_ScanResult_index)-1 { return "ScanResult(" + strconv.FormatInt(int64(i), 10) + ")" } - return _ScanResult_name[_ScanResult_index[i]:_ScanResult_index[i+1]] + return _ScanResult_name[_ScanResult_index[idx]:_ScanResult_index[idx+1]] } diff --git a/pkg/metrics/op_string.go b/pkg/metrics/op_string.go index 0aea8d9ef4266..ebb1f7ee9a70d 100644 --- a/pkg/metrics/op_string.go +++ b/pkg/metrics/op_string.go @@ -36,17 +36,19 @@ func _() { _ = x[UpsertAll-25] _ = x[Walk-26] _ = x[WalkByQuery-27] - _ = x[Unset-28] - _ = x[Dropped-29] + _ = x[WalkMetadataByQuery-28] + _ = x[Unset-29] + _ = x[Dropped-30] } -const _Op_name = "AddAddManyCountDedupeExistsGetGetAllGetManyGetExternalFlowsForDeploymentGetFlowsForDeploymentGetByQueryGetGroupedGetProcessListeningOnPortListPruneResetRenameRemoveRemoveManyRemoveFlowsByDeploymentSearchSyncUpdateUpdateManyUpsertUpsertAllWalkWalkByQueryUnsetDropped" +const _Op_name = "AddAddManyCountDedupeExistsGetGetAllGetManyGetExternalFlowsForDeploymentGetFlowsForDeploymentGetByQueryGetGroupedGetProcessListeningOnPortListPruneResetRenameRemoveRemoveManyRemoveFlowsByDeploymentSearchSyncUpdateUpdateManyUpsertUpsertAllWalkWalkByQueryWalkMetadataByQueryUnsetDropped" -var _Op_index = [...]uint16{0, 3, 10, 15, 21, 27, 30, 36, 43, 72, 93, 103, 113, 138, 142, 147, 152, 158, 164, 174, 197, 203, 207, 213, 223, 229, 238, 242, 253, 258, 265} +var _Op_index = [...]uint16{0, 3, 10, 15, 21, 27, 30, 36, 43, 72, 93, 103, 113, 138, 142, 147, 152, 158, 164, 174, 197, 203, 207, 213, 223, 229, 238, 242, 253, 272, 277, 284} func (i Op) String() string { - if i < 0 || i >= Op(len(_Op_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_Op_index)-1 { return "Op(" + strconv.FormatInt(int64(i), 10) + ")" } - return _Op_name[_Op_index[i]:_Op_index[i+1]] + return _Op_name[_Op_index[idx]:_Op_index[idx+1]] } diff --git a/pkg/metrics/operations.go b/pkg/metrics/operations.go index 895597a3ac9ea..29ac2683f8831 100644 --- a/pkg/metrics/operations.go +++ b/pkg/metrics/operations.go @@ -49,6 +49,7 @@ const ( Walk WalkByQuery + WalkMetadataByQuery Unset diff --git a/pkg/metrics/resolver_string.go b/pkg/metrics/resolver_string.go index 3b6413bf83e19..6f61cefbb3cf2 100644 --- a/pkg/metrics/resolver_string.go +++ b/pkg/metrics/resolver_string.go @@ -45,8 +45,9 @@ const _Resolver_name = "ClusterComplianceComlianceControlCVEsDeploymentsGroupsIm var _Resolver_index = [...]uint16{0, 7, 17, 33, 37, 48, 54, 60, 75, 83, 93, 98, 107, 121, 129, 134, 138, 145, 160, 168, 174, 184, 188, 206, 215, 223, 234, 248, 260, 275, 286} func (i Resolver) String() string { - if i < 0 || i >= Resolver(len(_Resolver_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_Resolver_index)-1 { return "Resolver(" + strconv.FormatInt(int64(i), 10) + ")" } - return _Resolver_name[_Resolver_index[i]:_Resolver_index[i+1]] + return _Resolver_name[_Resolver_index[idx]:_Resolver_index[idx+1]] } diff --git a/pkg/metrics/resource_string.go b/pkg/metrics/resource_string.go index 4ce5809e66591..669c27972f8a2 100644 --- a/pkg/metrics/resource_string.go +++ b/pkg/metrics/resource_string.go @@ -49,8 +49,9 @@ const _Resource_name = "AlertDeploymentProcessIndicatorProcessListeningOnPortIma var _Resource_index = [...]uint16{0, 5, 15, 31, 53, 58, 64, 73, 86, 90, 103, 119, 135, 151, 165, 178, 182, 193, 212, 215, 244, 269, 305, 327, 349, 371, 402, 426, 453, 477, 502, 533, 542, 561, 575} func (i Resource) String() string { - if i < 0 || i >= Resource(len(_Resource_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_Resource_index)-1 { return "Resource(" + strconv.FormatInt(int64(i), 10) + ")" } - return _Resource_name[_Resource_index[i]:_Resource_index[i+1]] + return _Resource_name[_Resource_index[idx]:_Resource_index[idx+1]] } diff --git a/pkg/renderer/mode_string.go b/pkg/renderer/mode_string.go index 1889125ef7b0a..4627ce4aa272b 100644 --- a/pkg/renderer/mode_string.go +++ b/pkg/renderer/mode_string.go @@ -22,8 +22,9 @@ const _mode_name = "renderAllscannerOnlycentralTLSOnlycentralDBTLSOnlyscannerTLS var _mode_index = [...]uint8{0, 9, 20, 34, 50, 64, 77, 93} func (i mode) String() string { - if i < 0 || i >= mode(len(_mode_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_mode_index)-1 { return "mode(" + strconv.FormatInt(int64(i), 10) + ")" } - return _mode_name[_mode_index[i]:_mode_index[i+1]] + return _mode_name[_mode_index[idx]:_mode_index[idx+1]] } diff --git a/pkg/search/derivationtype_string.go b/pkg/search/derivationtype_string.go index d99da7d9f828a..f854e764cd599 100644 --- a/pkg/search/derivationtype_string.go +++ b/pkg/search/derivationtype_string.go @@ -21,8 +21,9 @@ const _DerivationType_name = "CountDerivationTypeSimpleReverseSortDerivationType var _DerivationType_index = [...]uint8{0, 19, 50, 67, 82, 99, 127} func (i DerivationType) String() string { - if i < 0 || i >= DerivationType(len(_DerivationType_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_DerivationType_index)-1 { return "DerivationType(" + strconv.FormatInt(int64(i), 10) + ")" } - return _DerivationType_name[_DerivationType_index[i]:_DerivationType_index[i+1]] + return _DerivationType_name[_DerivationType_index[idx]:_DerivationType_index[idx+1]] } diff --git a/pkg/search/postgres/querytype_string.go b/pkg/search/postgres/querytype_string.go index d8d0e24eb211e..7ffaac0cabd10 100644 --- a/pkg/search/postgres/querytype_string.go +++ b/pkg/search/postgres/querytype_string.go @@ -21,8 +21,9 @@ const _QueryType_name = "SEARCHGETCOUNTDELETESELECTDELETERETURNINGIDS" var _QueryType_index = [...]uint8{0, 6, 9, 14, 20, 26, 44} func (i QueryType) String() string { - if i < 0 || i >= QueryType(len(_QueryType_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_QueryType_index)-1 { return "QueryType(" + strconv.FormatInt(int64(i), 10) + ")" } - return _QueryType_name[_QueryType_index[i]:_QueryType_index[i+1]] + return _QueryType_name[_QueryType_index[idx]:_QueryType_index[idx+1]] } diff --git a/pkg/search/querymodifier_string.go b/pkg/search/querymodifier_string.go index d7d1aa27f30c6..b6c338a4bb2fd 100644 --- a/pkg/search/querymodifier_string.go +++ b/pkg/search/querymodifier_string.go @@ -19,8 +19,9 @@ const _QueryModifier_name = "AtLeastOneNegationRegexEquality" var _QueryModifier_index = [...]uint8{0, 10, 18, 23, 31} func (i QueryModifier) String() string { - if i < 0 || i >= QueryModifier(len(_QueryModifier_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_QueryModifier_index)-1 { return "QueryModifier(" + strconv.FormatInt(int64(i), 10) + ")" } - return _QueryModifier_name[_QueryModifier_index[i]:_QueryModifier_index[i+1]] + return _QueryModifier_name[_QueryModifier_index[idx]:_QueryModifier_index[idx+1]] } diff --git a/pkg/sensorupgrader/stage_string.go b/pkg/sensorupgrader/stage_string.go index 5c26b12d84317..a83ec51afb138 100644 --- a/pkg/sensorupgrader/stage_string.go +++ b/pkg/sensorupgrader/stage_string.go @@ -30,8 +30,9 @@ const _Stage_name = "UnsetStageCleanupForeignStateStageSnapshotForRollForwardSta var _Stage_index = [...]uint16{0, 10, 34, 61, 85, 107, 123, 145, 162, 187, 201, 221, 233, 250, 270, 289} func (i Stage) String() string { - if i < 0 || i >= Stage(len(_Stage_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_Stage_index)-1 { return "Stage(" + strconv.FormatInt(int64(i), 10) + ")" } - return _Stage_name[_Stage_index[i]:_Stage_index[i+1]] + return _Stage_name[_Stage_index[idx]:_Stage_index[idx+1]] } diff --git a/pkg/version/kind_string.go b/pkg/version/kind_string.go index 0dd6a95694db1..d5a5555a336b4 100644 --- a/pkg/version/kind_string.go +++ b/pkg/version/kind_string.go @@ -20,8 +20,9 @@ const _Kind_name = "InvalidKindDevelopmentKindRCKindReleaseKindNightlyKind" var _Kind_index = [...]uint8{0, 11, 26, 32, 43, 54} func (i Kind) String() string { - if i < 0 || i >= Kind(len(_Kind_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_Kind_index)-1 { return "Kind(" + strconv.FormatInt(int64(i), 10) + ")" } - return _Kind_name[_Kind_index[i]:_Kind_index[i+1]] + return _Kind_name[_Kind_index[idx]:_Kind_index[idx+1]] } diff --git a/rpms.lock.yaml b/rpms.lock.yaml index 25382b11e36a4..8bfc162de167a 100644 --- a/rpms.lock.yaml +++ b/rpms.lock.yaml @@ -263,13 +263,13 @@ arches: name: elfutils-libs evr: 0.190-2.el8 sourcerpm: elfutils-0.190-2.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/e/expat-2.2.5-17.el8_10.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/e/expat-2.5.0-1.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 107844 - checksum: sha256:7a560a41ad9b82fbbe3a5dd65c31ce5b996a76732d856561567d9ba795d04868 + size: 124144 + checksum: sha256:b5791923f62b8666b34052bd76a3ff745d3733110fdd4a7a3502a9a777afac2f name: expat - evr: 2.2.5-17.el8_10 - sourcerpm: expat-2.2.5-17.el8_10.src.rpm + evr: 2.5.0-1.el8_10 + sourcerpm: expat-2.5.0-1.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/f/file-5.33-27.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 79708 @@ -340,34 +340,34 @@ arches: name: glib2 evr: 2.56.4-167.el8_10 sourcerpm: glib2-2.56.4-167.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/glibc-2.28-251.el8_10.25.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/glibc-2.28-251.el8_10.27.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 1883952 - checksum: sha256:838377f266587d4f2d0f6094ca35a53108e4f8c47cb51a98f73317ff83103728 + size: 1884224 + checksum: sha256:2bd1aa65fd75e285289a4caa26f38021bcc9b56d41280fecbfe2bed363429ea2 name: glibc - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/glibc-all-langpacks-2.28-251.el8_10.25.aarch64.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/glibc-all-langpacks-2.28-251.el8_10.27.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 26704288 - checksum: sha256:13fbfcfc89cf02c7052c64a8ee54231fca8e679e6d5d913c3204870630dab4bb + size: 26704852 + checksum: sha256:6253d5b7966eb1199457033ece014d940fd530e9066703796bbb7ee3d9081f31 name: glibc-all-langpacks - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/glibc-common-2.28-251.el8_10.25.aarch64.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/glibc-common-2.28-251.el8_10.27.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 1040192 - checksum: sha256:d338bd8738cc09c4e8b8252055eebf4fe5aa0550f3624a5e0c0920c9af55b17c + size: 1040484 + checksum: sha256:70f9ea83c964d4026908579933df9e24c1051ce63f4dac9662d109e3d7094664 name: glibc-common - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/glibc-gconv-extra-2.28-251.el8_10.25.aarch64.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/glibc-gconv-extra-2.28-251.el8_10.27.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 1849376 - checksum: sha256:d37555102f5b6de2d1867a10159f373909f30eba4f9532ba9b46b02306c9ce4b + size: 1849408 + checksum: sha256:77140513142bd8b300f4a131e0fd5744a79cb59f756f2c07fa61f3124bb89586 name: glibc-gconv-extra - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/g/gmp-6.1.2-11.el8.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 269880 @@ -718,20 +718,20 @@ arches: name: libsmartcols evr: 2.32.1-46.el8 sourcerpm: util-linux-2.32.1-46.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libssh-0.9.6-15.el8_10.aarch64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libssh-0.9.6-16.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 214512 - checksum: sha256:8fab1ccecb77850c81a178504ccd3d281e18984acb0611b0f23d18787612cc43 + size: 214584 + checksum: sha256:065f7ea1a082be300172266d6152a788739355406506227a4fed1943298c376e name: libssh - evr: 0.9.6-15.el8_10 - sourcerpm: libssh-0.9.6-15.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libssh-config-0.9.6-15.el8_10.noarch.rpm + evr: 0.9.6-16.el8_10 + sourcerpm: libssh-0.9.6-16.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libssh-config-0.9.6-16.el8_10.noarch.rpm repoid: rhel-8-for-aarch64-baseos-rpms - size: 20552 - checksum: sha256:5a3b7c64a7e52a1326aa06ca23bb638bb6119c6c114cf9739124b96c21e6a64d + size: 20644 + checksum: sha256:2471adc5113ee9a2ff70bbbd3c9ef2a8d63e2da99bcfb00566b0869b2f037d27 name: libssh-config - evr: 0.9.6-15.el8_10 - sourcerpm: libssh-0.9.6-15.el8_10.src.rpm + evr: 0.9.6-16.el8_10 + sourcerpm: libssh-0.9.6-16.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/l/libstdc++-8.5.0-28.el8_10.aarch64.rpm repoid: rhel-8-for-aarch64-baseos-rpms size: 454548 @@ -1315,12 +1315,12 @@ arches: checksum: sha256:54fe49a6fd4f87d6fd594b62c465105fc3efab05a1ffcc216f053c277ab619bf name: elfutils evr: 0.190-2.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/e/expat-2.2.5-17.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/e/expat-2.5.0-1.el8_10.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 8345318 - checksum: sha256:41de03fcbf3a8f7fa42e7017058ae0186e98a0e448ce01772de7af0a856a749d + size: 8388946 + checksum: sha256:566456bc755b628dc5a4ce77b6a643769165202f0ddd852ba73dd9512b994d2b name: expat - evr: 2.2.5-17.el8_10 + evr: 2.5.0-1.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/f/file-5.33-27.el8_10.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms size: 900161 @@ -1369,12 +1369,12 @@ arches: checksum: sha256:80ee50b39aa478e1503dbd18626df91a023d30e3f9b6fb588fa82e6ce2b5972e name: glib2 evr: 2.56.4-167.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/g/glibc-2.28-251.el8_10.25.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/g/glibc-2.28-251.el8_10.27.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 18515112 - checksum: sha256:cf4f9d4cf5af467b7c42faedc1b12e6457e8d0fee07cedb9e122e6ba52d86938 + size: 18525139 + checksum: sha256:c3f8d7e92cffbd4e81c33871b5c55034b3f11c7417e6d84805a67e52cc6ebec1 name: glibc - evr: 2.28-251.el8_10.25 + evr: 2.28-251.el8_10.27 - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/g/gmp-6.1.2-11.el8.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms size: 2430007 @@ -1555,12 +1555,12 @@ arches: checksum: sha256:a139e44850d9210e2a662e676dd57a6a40323b1744a14be7a87221f8e36cffe5 name: libsigsegv evr: 2.11-5.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/l/libssh-0.9.6-15.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/l/libssh-0.9.6-16.el8_10.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 1150943 - checksum: sha256:214c097b11d47a17d20b61fe6576b2df4ff0bb9feadb55fe2fea826777d4dfd4 + size: 1151564 + checksum: sha256:71e885a125f15dbbce25f515cc80bd2df63a93c904e0b71c5645d27c18c9f98c name: libssh - evr: 0.9.6-15.el8_10 + evr: 0.9.6-16.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/l/libtasn1-4.13-5.el8_10.src.rpm repoid: rhel-8-for-aarch64-baseos-source-rpms size: 1968290 @@ -1844,10 +1844,10 @@ arches: name: zstd evr: 1.4.4-1.el8 module_metadata: - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/os/repodata/2b4db4e6dfe03eee5a9dfb583c33abaf48461bb23ba7f144de543becbcb7e347-modules.yaml.gz + - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/appstream/os/repodata/358af995dc3b058c117ec6e3dbc01e3ebc9ea45e9b3fa6eada9f40ecd102247d-modules.yaml.gz repoid: rhel-8-for-aarch64-appstream-rpms - size: 740652 - checksum: sha256:2b4db4e6dfe03eee5a9dfb583c33abaf48461bb23ba7f144de543becbcb7e347 + size: 744510 + checksum: sha256:358af995dc3b058c117ec6e3dbc01e3ebc9ea45e9b3fa6eada9f40ecd102247d - arch: ppc64le packages: - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/os/Packages/j/jq-1.6-11.el8_10.ppc64le.rpm @@ -2109,13 +2109,13 @@ arches: name: elfutils-libs evr: 0.190-2.el8 sourcerpm: elfutils-0.190-2.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/e/expat-2.2.5-17.el8_10.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/e/expat-2.5.0-1.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 119236 - checksum: sha256:c7fad5d488549d79f4566b701be1f65c322096b55fd021abb4fe662eb08bf9d6 + size: 136140 + checksum: sha256:2568a6eca06a1d26161eb976577b719cbdb979690f1b6f3dbeecb2ad75402029 name: expat - evr: 2.2.5-17.el8_10 - sourcerpm: expat-2.2.5-17.el8_10.src.rpm + evr: 2.5.0-1.el8_10 + sourcerpm: expat-2.5.0-1.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/f/file-5.33-27.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 80200 @@ -2186,34 +2186,34 @@ arches: name: glib2 evr: 2.56.4-167.el8_10 sourcerpm: glib2-2.56.4-167.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/glibc-2.28-251.el8_10.25.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/glibc-2.28-251.el8_10.27.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 3516808 - checksum: sha256:094b5376183d831dcc17a543598a98c1ff29a08568b5d2b3285dffbeea00fadd + size: 3516168 + checksum: sha256:d97d81a14385cea294b40e17a9f8df18438154d4e7318aa59e3304e708c87f4d name: glibc - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/glibc-all-langpacks-2.28-251.el8_10.25.ppc64le.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/glibc-all-langpacks-2.28-251.el8_10.27.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 26767584 - checksum: sha256:9631b55e046cf10e2ba49b9c22677e56752364edbe8e10a521f047014d768b52 + size: 26768148 + checksum: sha256:fad7e00a47528172e9b6c2346a2d6979dff35fe1c4e9592aed25da51408b156c name: glibc-all-langpacks - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/glibc-common-2.28-251.el8_10.25.ppc64le.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/glibc-common-2.28-251.el8_10.27.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 1055260 - checksum: sha256:e62ac475c1cb8521b88d7baa64dc348b3705bdfa380176e30fc4145bd821ae08 + size: 1055520 + checksum: sha256:fc0c8f8937b1c25828495ff3b1f72b4b3b4017bc3e43583d1c425c9597ca4f88 name: glibc-common - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/glibc-gconv-extra-2.28-251.el8_10.25.ppc64le.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/glibc-gconv-extra-2.28-251.el8_10.27.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 1867560 - checksum: sha256:b0dae5b019df1d6cff5b015bed1146ca5712bcfc758a0a792d50109b7e1c9685 + size: 1867904 + checksum: sha256:29a05af3b712836004f8c58c11f29e7855419d261dea10ea894a33e002fc9f9f name: glibc-gconv-extra - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/g/gmp-6.1.2-11.el8.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 296280 @@ -2571,20 +2571,20 @@ arches: name: libsmartcols evr: 2.32.1-46.el8 sourcerpm: util-linux-2.32.1-46.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libssh-0.9.6-15.el8_10.ppc64le.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libssh-0.9.6-16.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 245776 - checksum: sha256:fae99dac15c7ec92c1acf69f8b6096f6f7666fe3e7b1db617b6c45e015d65ef7 + size: 245868 + checksum: sha256:a56e1939241a2ada72fcfddce3bedfa2ee55d68a20d38c19792d2cc78ddedbf5 name: libssh - evr: 0.9.6-15.el8_10 - sourcerpm: libssh-0.9.6-15.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libssh-config-0.9.6-15.el8_10.noarch.rpm + evr: 0.9.6-16.el8_10 + sourcerpm: libssh-0.9.6-16.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libssh-config-0.9.6-16.el8_10.noarch.rpm repoid: rhel-8-for-ppc64le-baseos-rpms - size: 20552 - checksum: sha256:5a3b7c64a7e52a1326aa06ca23bb638bb6119c6c114cf9739124b96c21e6a64d + size: 20644 + checksum: sha256:2471adc5113ee9a2ff70bbbd3c9ef2a8d63e2da99bcfb00566b0869b2f037d27 name: libssh-config - evr: 0.9.6-15.el8_10 - sourcerpm: libssh-0.9.6-15.el8_10.src.rpm + evr: 0.9.6-16.el8_10 + sourcerpm: libssh-0.9.6-16.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/l/libstdc++-8.5.0-28.el8_10.ppc64le.rpm repoid: rhel-8-for-ppc64le-baseos-rpms size: 528908 @@ -3168,12 +3168,12 @@ arches: checksum: sha256:54fe49a6fd4f87d6fd594b62c465105fc3efab05a1ffcc216f053c277ab619bf name: elfutils evr: 0.190-2.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/e/expat-2.2.5-17.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/e/expat-2.5.0-1.el8_10.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 8345318 - checksum: sha256:41de03fcbf3a8f7fa42e7017058ae0186e98a0e448ce01772de7af0a856a749d + size: 8388946 + checksum: sha256:566456bc755b628dc5a4ce77b6a643769165202f0ddd852ba73dd9512b994d2b name: expat - evr: 2.2.5-17.el8_10 + evr: 2.5.0-1.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/f/file-5.33-27.el8_10.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms size: 900161 @@ -3222,12 +3222,12 @@ arches: checksum: sha256:80ee50b39aa478e1503dbd18626df91a023d30e3f9b6fb588fa82e6ce2b5972e name: glib2 evr: 2.56.4-167.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/g/glibc-2.28-251.el8_10.25.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/g/glibc-2.28-251.el8_10.27.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 18515112 - checksum: sha256:cf4f9d4cf5af467b7c42faedc1b12e6457e8d0fee07cedb9e122e6ba52d86938 + size: 18525139 + checksum: sha256:c3f8d7e92cffbd4e81c33871b5c55034b3f11c7417e6d84805a67e52cc6ebec1 name: glibc - evr: 2.28-251.el8_10.25 + evr: 2.28-251.el8_10.27 - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/g/gmp-6.1.2-11.el8.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms size: 2430007 @@ -3414,12 +3414,12 @@ arches: checksum: sha256:a139e44850d9210e2a662e676dd57a6a40323b1744a14be7a87221f8e36cffe5 name: libsigsegv evr: 2.11-5.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/l/libssh-0.9.6-15.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/l/libssh-0.9.6-16.el8_10.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 1150943 - checksum: sha256:214c097b11d47a17d20b61fe6576b2df4ff0bb9feadb55fe2fea826777d4dfd4 + size: 1151564 + checksum: sha256:71e885a125f15dbbce25f515cc80bd2df63a93c904e0b71c5645d27c18c9f98c name: libssh - evr: 0.9.6-15.el8_10 + evr: 0.9.6-16.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/l/libtasn1-4.13-5.el8_10.src.rpm repoid: rhel-8-for-ppc64le-baseos-source-rpms size: 1968290 @@ -3703,10 +3703,10 @@ arches: name: zstd evr: 1.4.4-1.el8 module_metadata: - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/os/repodata/6c928a79f8ab4bff0dba7452dbc7fd9c5b270047ece8b038d409c5507dd8ae3e-modules.yaml.gz + - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/appstream/os/repodata/d3d12d70889576d4bdbc22115e6c5043f47ffd2af399189a51e1aafa75aec813-modules.yaml.gz repoid: rhel-8-for-ppc64le-appstream-rpms - size: 735161 - checksum: sha256:6c928a79f8ab4bff0dba7452dbc7fd9c5b270047ece8b038d409c5507dd8ae3e + size: 740375 + checksum: sha256:d3d12d70889576d4bdbc22115e6c5043f47ffd2af399189a51e1aafa75aec813 - arch: s390x packages: - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/os/Packages/j/jq-1.6-11.el8_10.s390x.rpm @@ -4017,13 +4017,13 @@ arches: name: ethtool evr: 2:5.13-2.el8 sourcerpm: ethtool-5.13-2.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/e/expat-2.2.5-17.el8_10.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/e/expat-2.5.0-1.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 112836 - checksum: sha256:14984a7a7991b4c31d71c853e6390386bed64d70b00616e1c3f8761d271b9663 + size: 129316 + checksum: sha256:557227064a4eeb6065f44be3e84f1320540bf816d4790bc328995e69992b2319 name: expat - evr: 2.2.5-17.el8_10 - sourcerpm: expat-2.2.5-17.el8_10.src.rpm + evr: 2.5.0-1.el8_10 + sourcerpm: expat-2.5.0-1.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/f/file-5.33-27.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 79180 @@ -4087,34 +4087,34 @@ arches: name: glib2 evr: 2.56.4-167.el8_10 sourcerpm: glib2-2.56.4-167.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/glibc-2.28-251.el8_10.25.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/glibc-2.28-251.el8_10.27.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 1876452 - checksum: sha256:fac8df4ecd6aea4213786aca01d24a9e5211d6b8ff674660ad4dd268673ac676 + size: 1876988 + checksum: sha256:c944278e98456a7a28df9b3e3210e717f19111152be728bbe6e0bdd5d1ca8e93 name: glibc - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/glibc-all-langpacks-2.28-251.el8_10.25.s390x.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/glibc-all-langpacks-2.28-251.el8_10.27.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 25899496 - checksum: sha256:e6c755142065999fbeead361eb3ceca70da40c4774302b6446b17ee668702ea0 + size: 25900128 + checksum: sha256:da42288138b51afe5d7473ba4f69a87044a91f0cca7a91c34fc94efc1c7a67d6 name: glibc-all-langpacks - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/glibc-common-2.28-251.el8_10.25.s390x.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/glibc-common-2.28-251.el8_10.27.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 1220760 - checksum: sha256:52836fabdf2695da3b2fd0dc0b22a1ceb1b94e96f531875864ccd558181db0bd + size: 1220936 + checksum: sha256:610bc4457f38e9b31bb3014ad3d8429a3c59cf20a5fb7807643796831a4c6006 name: glibc-common - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/glibc-gconv-extra-2.28-251.el8_10.25.s390x.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/glibc-gconv-extra-2.28-251.el8_10.27.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 1588004 - checksum: sha256:c833f3bc8653379f829ed2fa3709bc5642b331bbb508758feb8000e884672e12 + size: 1588036 + checksum: sha256:1c8a4dcadc9c7a6a4ffdba6737bb7195b9948dba6fcb7bc68d235632d5a1b68e name: glibc-gconv-extra - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/g/gmp-6.1.2-11.el8.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 288604 @@ -4388,20 +4388,20 @@ arches: name: libsmartcols evr: 2.32.1-46.el8 sourcerpm: util-linux-2.32.1-46.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libssh-0.9.6-15.el8_10.s390x.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libssh-0.9.6-16.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 208516 - checksum: sha256:6b0e0ecc7508c7989b432c02633c29b697fda3689802aa158074fef971d24764 + size: 208564 + checksum: sha256:8f51b2c41b1d960278171ec5df483cffc538f4edc8ca0a1bc366d1d7d87e2e12 name: libssh - evr: 0.9.6-15.el8_10 - sourcerpm: libssh-0.9.6-15.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libssh-config-0.9.6-15.el8_10.noarch.rpm + evr: 0.9.6-16.el8_10 + sourcerpm: libssh-0.9.6-16.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libssh-config-0.9.6-16.el8_10.noarch.rpm repoid: rhel-8-for-s390x-baseos-rpms - size: 20552 - checksum: sha256:5a3b7c64a7e52a1326aa06ca23bb638bb6119c6c114cf9739124b96c21e6a64d + size: 20644 + checksum: sha256:2471adc5113ee9a2ff70bbbd3c9ef2a8d63e2da99bcfb00566b0869b2f037d27 name: libssh-config - evr: 0.9.6-15.el8_10 - sourcerpm: libssh-0.9.6-15.el8_10.src.rpm + evr: 0.9.6-16.el8_10 + sourcerpm: libssh-0.9.6-16.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/l/libstdc++-8.5.0-28.el8_10.s390x.rpm repoid: rhel-8-for-s390x-baseos-rpms size: 487712 @@ -5245,12 +5245,12 @@ arches: checksum: sha256:9d27b5c50f4ed21ada0e3a2a4e3ffab0df5b0856f052b2ae602d3e04f75f853e name: ethtool evr: 2:5.13-2.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/e/expat-2.2.5-17.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/e/expat-2.5.0-1.el8_10.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 8345318 - checksum: sha256:41de03fcbf3a8f7fa42e7017058ae0186e98a0e448ce01772de7af0a856a749d + size: 8388946 + checksum: sha256:566456bc755b628dc5a4ce77b6a643769165202f0ddd852ba73dd9512b994d2b name: expat - evr: 2.2.5-17.el8_10 + evr: 2.5.0-1.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/f/file-5.33-27.el8_10.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms size: 900161 @@ -5299,12 +5299,12 @@ arches: checksum: sha256:80ee50b39aa478e1503dbd18626df91a023d30e3f9b6fb588fa82e6ce2b5972e name: glib2 evr: 2.56.4-167.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/g/glibc-2.28-251.el8_10.25.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/g/glibc-2.28-251.el8_10.27.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 18515112 - checksum: sha256:cf4f9d4cf5af467b7c42faedc1b12e6457e8d0fee07cedb9e122e6ba52d86938 + size: 18525139 + checksum: sha256:c3f8d7e92cffbd4e81c33871b5c55034b3f11c7417e6d84805a67e52cc6ebec1 name: glibc - evr: 2.28-251.el8_10.25 + evr: 2.28-251.el8_10.27 - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/g/gmp-6.1.2-11.el8.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms size: 2430007 @@ -5467,12 +5467,12 @@ arches: checksum: sha256:a139e44850d9210e2a662e676dd57a6a40323b1744a14be7a87221f8e36cffe5 name: libsigsegv evr: 2.11-5.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/l/libssh-0.9.6-15.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/l/libssh-0.9.6-16.el8_10.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms - size: 1150943 - checksum: sha256:214c097b11d47a17d20b61fe6576b2df4ff0bb9feadb55fe2fea826777d4dfd4 + size: 1151564 + checksum: sha256:71e885a125f15dbbce25f515cc80bd2df63a93c904e0b71c5645d27c18c9f98c name: libssh - evr: 0.9.6-15.el8_10 + evr: 0.9.6-16.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/l/libtasn1-4.13-5.el8_10.src.rpm repoid: rhel-8-for-s390x-baseos-source-rpms size: 1968290 @@ -5918,10 +5918,10 @@ arches: name: zstd evr: 1.4.4-1.el8 module_metadata: - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/os/repodata/63b776c8858a7df991dc504e6c6789331a1f67e6bb2f6528ea9f4f3986791c65-modules.yaml.gz + - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/appstream/os/repodata/5a6fc588701b5d38d4c98646ae66a536139ff446aa1c75f185d50c980b7d5047-modules.yaml.gz repoid: rhel-8-for-s390x-appstream-rpms - size: 740780 - checksum: sha256:63b776c8858a7df991dc504e6c6789331a1f67e6bb2f6528ea9f4f3986791c65 + size: 745194 + checksum: sha256:5a6fc588701b5d38d4c98646ae66a536139ff446aa1c75f185d50c980b7d5047 - arch: x86_64 packages: - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/Packages/j/jq-1.6-11.el8_10.x86_64.rpm @@ -6183,13 +6183,13 @@ arches: name: elfutils-libs evr: 0.190-2.el8 sourcerpm: elfutils-0.190-2.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/e/expat-2.2.5-17.el8_10.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/e/expat-2.5.0-1.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 117960 - checksum: sha256:d01df6f542762d94bd73a87f61d19fb98a6304eb9a2eb114a872a91d3312ea34 + size: 134428 + checksum: sha256:ea9b034a79279668a1eca4be141617e6a9f04ffc616033f035380f80c073837a name: expat - evr: 2.2.5-17.el8_10 - sourcerpm: expat-2.2.5-17.el8_10.src.rpm + evr: 2.5.0-1.el8_10 + sourcerpm: expat-2.5.0-1.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/f/file-5.33-27.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 79492 @@ -6260,34 +6260,34 @@ arches: name: glib2 evr: 2.56.4-167.el8_10 sourcerpm: glib2-2.56.4-167.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/glibc-2.28-251.el8_10.25.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/glibc-2.28-251.el8_10.27.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 2307440 - checksum: sha256:67268caded60da2761ad9129cc5e137a9354ec3d82cf04faff37aad6f4aac5cd + size: 2307356 + checksum: sha256:73f2be29dc8efc28f1952424f8ca93caff70758be821eef76a3a19bd8b27eae8 name: glibc - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/glibc-all-langpacks-2.28-251.el8_10.25.x86_64.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/glibc-all-langpacks-2.28-251.el8_10.27.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 26776648 - checksum: sha256:259cabde2b4fe5c56e3d40eaa64cbe7d699f717b5342cdd7b78ae162fe40cb02 + size: 26777212 + checksum: sha256:b1e3db05ee8fcf0d849376022537dd306aa2b11919cc06c7a9f1521b0a020102 name: glibc-all-langpacks - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/glibc-common-2.28-251.el8_10.25.x86_64.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/glibc-common-2.28-251.el8_10.27.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 1052268 - checksum: sha256:81b4674165aaf00314eb2d0543e015c98f0429f8ae6f0f9115061af4db8754fa + size: 1052412 + checksum: sha256:1ae6a4a88193309d4074744e4a21402c6b10f886d24564108024addc3dfa3ab8 name: glibc-common - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/glibc-gconv-extra-2.28-251.el8_10.25.x86_64.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/glibc-gconv-extra-2.28-251.el8_10.27.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 1626580 - checksum: sha256:d5b12f8689cc4c880cbe0b68c241d08b762736286f7cd228c681f9353a167f38 + size: 1628144 + checksum: sha256:7cb343f85ab0aff5caeddf596474908e136088704c7c90f745bcda6aa8dd29cd name: glibc-gconv-extra - evr: 2.28-251.el8_10.25 - sourcerpm: glibc-2.28-251.el8_10.25.src.rpm + evr: 2.28-251.el8_10.27 + sourcerpm: glibc-2.28-251.el8_10.27.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/g/gmp-6.1.2-11.el8.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 325760 @@ -6638,20 +6638,20 @@ arches: name: libsmartcols evr: 2.32.1-46.el8 sourcerpm: util-linux-2.32.1-46.el8.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libssh-0.9.6-15.el8_10.x86_64.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libssh-0.9.6-16.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 224332 - checksum: sha256:c50bf55740ac72099b22258aab051f2c5dab8e31a5c47618ad10318b489d579d + size: 224400 + checksum: sha256:752f11a5a8d6e9218427504dd49a42c0deb897665a7abf31306877d3568ef0bb name: libssh - evr: 0.9.6-15.el8_10 - sourcerpm: libssh-0.9.6-15.el8_10.src.rpm - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libssh-config-0.9.6-15.el8_10.noarch.rpm + evr: 0.9.6-16.el8_10 + sourcerpm: libssh-0.9.6-16.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libssh-config-0.9.6-16.el8_10.noarch.rpm repoid: rhel-8-for-x86_64-baseos-rpms - size: 20552 - checksum: sha256:5a3b7c64a7e52a1326aa06ca23bb638bb6119c6c114cf9739124b96c21e6a64d + size: 20644 + checksum: sha256:2471adc5113ee9a2ff70bbbd3c9ef2a8d63e2da99bcfb00566b0869b2f037d27 name: libssh-config - evr: 0.9.6-15.el8_10 - sourcerpm: libssh-0.9.6-15.el8_10.src.rpm + evr: 0.9.6-16.el8_10 + sourcerpm: libssh-0.9.6-16.el8_10.src.rpm - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/l/libstdc++-8.5.0-28.el8_10.x86_64.rpm repoid: rhel-8-for-x86_64-baseos-rpms size: 485052 @@ -7235,12 +7235,12 @@ arches: checksum: sha256:54fe49a6fd4f87d6fd594b62c465105fc3efab05a1ffcc216f053c277ab619bf name: elfutils evr: 0.190-2.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/e/expat-2.2.5-17.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/e/expat-2.5.0-1.el8_10.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 8345318 - checksum: sha256:41de03fcbf3a8f7fa42e7017058ae0186e98a0e448ce01772de7af0a856a749d + size: 8388946 + checksum: sha256:566456bc755b628dc5a4ce77b6a643769165202f0ddd852ba73dd9512b994d2b name: expat - evr: 2.2.5-17.el8_10 + evr: 2.5.0-1.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/f/file-5.33-27.el8_10.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms size: 900161 @@ -7289,12 +7289,12 @@ arches: checksum: sha256:80ee50b39aa478e1503dbd18626df91a023d30e3f9b6fb588fa82e6ce2b5972e name: glib2 evr: 2.56.4-167.el8_10 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/g/glibc-2.28-251.el8_10.25.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/g/glibc-2.28-251.el8_10.27.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 18515112 - checksum: sha256:cf4f9d4cf5af467b7c42faedc1b12e6457e8d0fee07cedb9e122e6ba52d86938 + size: 18525139 + checksum: sha256:c3f8d7e92cffbd4e81c33871b5c55034b3f11c7417e6d84805a67e52cc6ebec1 name: glibc - evr: 2.28-251.el8_10.25 + evr: 2.28-251.el8_10.27 - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/g/gmp-6.1.2-11.el8.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms size: 2430007 @@ -7475,12 +7475,12 @@ arches: checksum: sha256:a139e44850d9210e2a662e676dd57a6a40323b1744a14be7a87221f8e36cffe5 name: libsigsegv evr: 2.11-5.el8 - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/l/libssh-0.9.6-15.el8_10.src.rpm + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/l/libssh-0.9.6-16.el8_10.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 1150943 - checksum: sha256:214c097b11d47a17d20b61fe6576b2df4ff0bb9feadb55fe2fea826777d4dfd4 + size: 1151564 + checksum: sha256:71e885a125f15dbbce25f515cc80bd2df63a93c904e0b71c5645d27c18c9f98c name: libssh - evr: 0.9.6-15.el8_10 + evr: 0.9.6-16.el8_10 - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/l/libtasn1-4.13-5.el8_10.src.rpm repoid: rhel-8-for-x86_64-baseos-source-rpms size: 1968290 @@ -7764,7 +7764,7 @@ arches: name: zstd evr: 1.4.4-1.el8 module_metadata: - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/repodata/dd98a49c18cc26a7da968956a8e16246547b93f8465305bf2546652d8cc5dde8-modules.yaml.gz + - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os/repodata/de23fa9e77ebe06ba24e5b1514be3e13cf5efb176d97a76c68a0400fa7aba1ee-modules.yaml.gz repoid: rhel-8-for-x86_64-appstream-rpms - size: 759963 - checksum: sha256:dd98a49c18cc26a7da968956a8e16246547b93f8465305bf2546652d8cc5dde8 + size: 766779 + checksum: sha256:de23fa9e77ebe06ba24e5b1514be3e13cf5efb176d97a76c68a0400fa7aba1ee diff --git a/scanner/enricher/csaf/internal/zreader/compression_string.go b/scanner/enricher/csaf/internal/zreader/compression_string.go index 50a5eb446f4e0..f0f1ab3bc02c8 100644 --- a/scanner/enricher/csaf/internal/zreader/compression_string.go +++ b/scanner/enricher/csaf/internal/zreader/compression_string.go @@ -19,8 +19,9 @@ const _Compression_name = "KindGzipKindZstdKindBzip2KindNone" var _Compression_index = [...]uint8{0, 8, 16, 25, 33} func (i Compression) String() string { - if i < 0 || i >= Compression(len(_Compression_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_Compression_index)-1 { return "Compression(" + strconv.FormatInt(int64(i), 10) + ")" } - return _Compression_name[_Compression_index[i]:_Compression_index[i+1]] + return _Compression_name[_Compression_index[idx]:_Compression_index[idx+1]] } diff --git a/scanner/enricher/fixedby/versiontype_string.go b/scanner/enricher/fixedby/versiontype_string.go index ca4539400f4a2..f98b5bfbe06d5 100644 --- a/scanner/enricher/fixedby/versiontype_string.go +++ b/scanner/enricher/fixedby/versiontype_string.go @@ -20,8 +20,9 @@ const _versionType_name = "unknownVersionTypenormalVersionTypeurlEncodedVersionT var _versionType_index = [...]uint8{0, 18, 35, 56, 73, 92} func (i versionType) String() string { - if i < 0 || i >= versionType(len(_versionType_index)-1) { + idx := int(i) - 0 + if i < 0 || idx >= len(_versionType_index)-1 { return "versionType(" + strconv.FormatInt(int64(i), 10) + ")" } - return _versionType_name[_versionType_index[i]:_versionType_index[i+1]] + return _versionType_name[_versionType_index[idx]:_versionType_index[idx+1]] } diff --git a/scanner/image/db/konflux.Dockerfile b/scanner/image/db/konflux.Dockerfile index be40ad1220982..20e9af6d20e25 100644 --- a/scanner/image/db/konflux.Dockerfile +++ b/scanner/image/db/konflux.Dockerfile @@ -1,4 +1,4 @@ -FROM registry.redhat.io/rhel8/postgresql-15:latest@sha256:68fc74033591a7c7608adb438a81ffdf232f199adbc7c92df286097debd815d0 +FROM registry.redhat.io/rhel8/postgresql-15:latest@sha256:042f6efe0f16e94ffb2d0a3bede852bb026b6dce661ac5b339e6f63846467b9d ARG BUILD_TAG RUN if [[ "$BUILD_TAG" == "" ]]; then >&2 echo "error: required BUILD_TAG arg is unset"; exit 6; fi diff --git a/scanner/image/scanner/konflux.Dockerfile b/scanner/image/scanner/konflux.Dockerfile index 6e7ada7fe6427..98308f097664c 100644 --- a/scanner/image/scanner/konflux.Dockerfile +++ b/scanner/image/scanner/konflux.Dockerfile @@ -17,7 +17,7 @@ WORKDIR /src RUN make -C scanner NODEPS=1 CGO_ENABLED=1 image/scanner/bin/scanner copy-scripts -FROM registry.access.redhat.com/ubi8-minimal:latest@sha256:951ee3cabb74246821ae31c2b808b7789310f5509882c153b7b178aaaeefa2d3 +FROM registry.access.redhat.com/ubi8-minimal:latest@sha256:a670c5b613280e17a666c858c9263a50aafe1a023a8d5730c7a83cb53771487b ARG BUILD_TAG diff --git a/scripts/ci/jobs/check-konflux-setup.sh b/scripts/ci/jobs/check-konflux-setup.sh index 052e768a1f1a7..d150a5482c963 100755 --- a/scripts/ci/jobs/check-konflux-setup.sh +++ b/scripts/ci/jobs/check-konflux-setup.sh @@ -8,58 +8,13 @@ set -euo pipefail FAIL_FLAG="$(mktemp)" trap 'rm -f $FAIL_FLAG' EXIT -check_create_snapshot_runs_last() { - local -r pipeline_path=".tekton/operator-bundle-pipeline.yaml" - local -r task_name="create-acs-style-snapshot" - - local expected_runafter - expected_runafter="$(yq eval '.spec.tasks[] | select(.name != '\"${task_name}\"') | .name' "${pipeline_path}" | sort)" - - local actual_runafter - actual_runafter="$(yq eval '.spec.tasks[] | select(.name == '\"${task_name}\"') | .runAfter[]' "${pipeline_path}")" - - echo - echo "➤ ${pipeline_path} // checking ${task_name}: task's runAfter contents shall match the expected ones." - if ! compare "${expected_runafter}" "${actual_runafter}"; then - echo >&2 -e "How to resolve: -1. Open ${pipeline_path} and locate the ${task_name} task -2. Update the runAfter attribute of this task to the following list (all previous tasks in the pipeline, sorted alphabetically): -${expected_runafter}" - record_failure "${FUNCNAME[0]}" - fi -} - -check_all_components_are_part_of_custom_snapshot() { - local -r pipeline_path=".tekton/operator-bundle-pipeline.yaml" - local -r task_name="create-acs-style-snapshot" - - # Actual components are based on the COMPONENTS parameter and stored as sorted multi-line string. - local actual_components - actual_components="$(yq eval '.spec.tasks[] | select(.name == '\"${task_name}\"') | .params[] | select(.name == "COMPONENTS") | .value' "${pipeline_path}" | yq eval '.[].name' - | tr " " "\n" | sort)" - - # Expected components are based on the wait-for-*-image task plus the operator-bundle and stored as a sorted multi-line string. - local expected_components_from_images - local expected_components - expected_components_from_images="$(yq eval '.spec.tasks[] | select(.name == "wait-for-*-image") | .name | sub("(wait-for-|-image)", "")' ${pipeline_path})" - expected_components=$(echo "${expected_components_from_images} operator-bundle" | tr " " "\n" | sort) - - echo - echo "➤ ${pipeline_path} // checking ${task_name}: COMPONENTS contents shall include all ACS images." - if ! compare "${expected_components}" "${actual_components}"; then - echo >&2 -e "How to resolve: -1. Open ${pipeline_path} and locate the ${task_name} task -2. Update the COMPONENTS parameter of this task to include entries for the missing components or delete references to removed components. COMPONENTS should include entries for (sorted alphabetically): -${expected_components}" - record_failure "${FUNCNAME[0]}" - fi -} - check_example_rpmdb_files_are_ignored() { # At the time of this writing, Konflux uses syft to generate SBOMs for built containers. # If we happen to have test rpmdb databases in the repo, syft will union their contents with RPMs that it finds # installed in the container resulting in a misleading SBOM. # This check is to make sure the exclusion list in Syft config enumerates all such rpmdbs. # Ref https://github.com/anchore/syft/wiki/configuration + # TODO: the check can be removed after KONFLUX-3515 is implemented. local -r syft_config=".syft.yaml" local -r exclude_attribute=".exclude" @@ -99,8 +54,6 @@ record_failure() { } echo "Checking our Konflux pipelines and builds setup." -check_create_snapshot_runs_last -check_all_components_are_part_of_custom_snapshot check_example_rpmdb_files_are_ignored if [[ -s "$FAIL_FLAG" ]]; then diff --git a/scripts/ci/lib.sh b/scripts/ci/lib.sh index 6551a84a86fc0..23fe73e625db2 100755 --- a/scripts/ci/lib.sh +++ b/scripts/ci/lib.sh @@ -83,21 +83,25 @@ handle_dangling_processes() { info "Process state at exit:" ps -e -O ppid - local psline this_pid pid - ps -e -O ppid | while read -r psline; do + local psline pid ppid + ps -e -O ppid | while read -r pid ppid psline; do + # Example output: + # PID PPID S TTY TIME COMMAND + # 1 0 S ? 00:00:00 /tmp/entrypoint-wrapper/entrypoint-wrapper /tools/entrypoint + # [...] + # 179283 25 R ? 00:00:00 ps -e -O ppid + # trim leading whitespace - psline="$(echo "$psline" | xargs)" - if [[ "$psline" =~ ^PID ]]; then + psline="$pid $ppid $psline" + if [[ "$pid" == "PID" ]]; then # Ignoring header continue fi - this_pid="$$" - if [[ "$psline" =~ ^$this_pid ]]; then + if [[ "$pid" == "$$" ]]; then echo "Ignoring self: $psline" continue fi - # shellcheck disable=SC1087 - if [[ "$psline" =~ [[:space:]]$this_pid[[:space:]] ]]; then + if [[ "$ppid" == "$$" ]]; then echo "Ignoring child: $psline" continue fi @@ -106,7 +110,6 @@ handle_dangling_processes() { continue fi echo "A candidate to kill: $psline" - pid="$(echo "$psline" | cut -d' ' -f1)" echo "Will kill $pid" kill "$pid" || { echo "Error killing $pid" diff --git a/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-connections.yml b/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-connections.yml index caa5ffa9d97e3..b69487ad4912e 100644 --- a/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-connections.yml +++ b/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-connections.yml @@ -13,10 +13,10 @@ data: server = true address = "223.42.0.1" target_port = 1337 - arrival_rate = 10 - departure_rate = 10 + arrival_rate = 0.1 + departure_rate = 0.1 conns_per_addr = 2 - nconnections = 4000 + nconnections = 100 network-client.toml: | restart_interval = 10 @@ -28,7 +28,7 @@ data: server = false address = "223.42.0.1" target_port = 1337 - arrival_rate = 10 - departure_rate = 10 + arrival_rate = 0.1 + departure_rate = 0.1 conns_per_addr = 2 - nconnections = 4000 + nconnections = 100 diff --git a/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-endpoints-zipf.yml b/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-endpoints-zipf.yml index a221a17326dff..8841c5541cd58 100644 --- a/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-endpoints-zipf.yml +++ b/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-endpoints-zipf.yml @@ -10,5 +10,5 @@ data: [workload] type = "endpoints" distribution = "zipf" - n_ports = 2000 + n_ports = 200 exponent = 1.4 diff --git a/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-processes.yml b/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-processes.yml deleted file mode 100644 index c006a48b997a9..0000000000000 --- a/scripts/release-tools/kube-burner-configs/berserker-load/berserker-configmap-processes.yml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{.JobName}}-berserker-process-config -data: - workload.toml: | - restart_interval = 10 - - [workload] - type = "processes" - arrival_rate = 1000.0 - departure_rate = 200.0 - random_process = true diff --git a/scripts/release-tools/kube-burner-configs/berserker-load/config.yml b/scripts/release-tools/kube-burner-configs/berserker-load/config.yml index 52a2c63efb9c8..466080c1e1c7d 100644 --- a/scripts/release-tools/kube-burner-configs/berserker-load/config.yml +++ b/scripts/release-tools/kube-burner-configs/berserker-load/config.yml @@ -19,10 +19,10 @@ jobs: waitWhenFinished: true preLoadImages: true preLoadPeriod: 30s - churn: true + churn: false churnDuration: 1000h - churnDelay: 10m - churnPercent: 80 + churnDelay: 200h + churnPercent: 20 namespaceLabels: security.openshift.io/scc.podSecurityLabelSync: false pod-security.kubernetes.io/enforce: privileged @@ -30,23 +30,23 @@ jobs: pod-security.kubernetes.io/warn: privileged objects: - - objectTemplate: process-load-daemonset.yml - replicas: 6 + - objectTemplate: process-load-deployment.yml + replicas: 5 inputVars: podReplicas: 2 - - objectTemplate: endpoint-load-daemonset.yml - replicas: 6 + - objectTemplate: endpoint-load-deployment.yml + replicas: 5 inputVars: podReplicas: 2 - - objectTemplate: connection-load-daemonset.yml - replicas: 6 + - objectTemplate: connection-load-deployment.yml + replicas: 5 inputVars: podReplicas: 2 - objectTemplate: service.yml - replicas: 10 + replicas: 5 - objectTemplate: secret.yml replicas: 10 @@ -56,6 +56,3 @@ jobs: - objectTemplate: berserker-configmap-connections.yml replicas: 10 - - - objectTemplate: berserker-configmap-processes.yml - replicas: 10 diff --git a/scripts/release-tools/kube-burner-configs/berserker-load/connection-load-daemonset.yml b/scripts/release-tools/kube-burner-configs/berserker-load/connection-load-deployment.yml similarity index 95% rename from scripts/release-tools/kube-burner-configs/berserker-load/connection-load-daemonset.yml rename to scripts/release-tools/kube-burner-configs/berserker-load/connection-load-deployment.yml index 4a6d8a3a53985..6e218d4ac8909 100644 --- a/scripts/release-tools/kube-burner-configs/berserker-load/connection-load-daemonset.yml +++ b/scripts/release-tools/kube-burner-configs/berserker-load/connection-load-deployment.yml @@ -1,5 +1,5 @@ # We only want unicast addresses -{{ $ip1 := randInt 1 223 }} +{{ $ip1 := randInt 0 223 }} {{ $ip2 := randInt 0 255 }} {{ $ip3 := randInt 0 255 }} {{ $ip4 := randInt 0 255 }} @@ -7,11 +7,12 @@ {{ $ip := printf "%d.%d.%d.%d/16" $ip1 $ip2 $ip3 $ip4 }} {{ $berserker_address := printf "%d.%d.%d.%d" $ip1 $ip2 $ip3 $ip4 }} -kind: DaemonSet +kind: Deployment apiVersion: apps/v1 metadata: name: connection-load-{{.Replica}} spec: + replicas: {{.podReplicas}} selector: matchLabels: app: connection-load-{{.Replica}} @@ -29,7 +30,7 @@ spec: memory: "100Mi" cpu: "25m" limits: - memory: "180Mi" + memory: "100Mi" cpu: "25m" env: - name: IP_BASE diff --git a/scripts/release-tools/kube-burner-configs/berserker-load/endpoint-load-daemonset.yml b/scripts/release-tools/kube-burner-configs/berserker-load/endpoint-load-deployment.yml similarity index 95% rename from scripts/release-tools/kube-burner-configs/berserker-load/endpoint-load-daemonset.yml rename to scripts/release-tools/kube-burner-configs/berserker-load/endpoint-load-deployment.yml index 969c475fcc4d7..45b34a80a8019 100644 --- a/scripts/release-tools/kube-burner-configs/berserker-load/endpoint-load-daemonset.yml +++ b/scripts/release-tools/kube-burner-configs/berserker-load/endpoint-load-deployment.yml @@ -1,9 +1,10 @@ --- -kind: DaemonSet +kind: Deployment apiVersion: apps/v1 metadata: name: endpoint-load-{{.Replica}} spec: + replicas: {{.podReplicas}} selector: matchLabels: app: endpoint-load-{{.Replica}} @@ -21,7 +22,7 @@ spec: memory: "100Mi" cpu: "25m" limits: - memory: "180Mi" + memory: "100Mi" cpu: "25m" volumeMounts: - name: config diff --git a/scripts/release-tools/kube-burner-configs/berserker-load/process-load-daemonset.yml b/scripts/release-tools/kube-burner-configs/berserker-load/process-load-deployment.yml similarity index 74% rename from scripts/release-tools/kube-burner-configs/berserker-load/process-load-daemonset.yml rename to scripts/release-tools/kube-burner-configs/berserker-load/process-load-deployment.yml index 8c11c9c4223d9..11d638907e4bb 100644 --- a/scripts/release-tools/kube-burner-configs/berserker-load/process-load-daemonset.yml +++ b/scripts/release-tools/kube-burner-configs/berserker-load/process-load-deployment.yml @@ -1,9 +1,10 @@ --- -kind: DaemonSet +kind: Deployment apiVersion: apps/v1 metadata: name: process-load-{{.Replica}} spec: + replicas: {{.podReplicas}} selector: matchLabels: app: process-load-{{.Replica}} @@ -21,15 +22,11 @@ spec: image: quay.io/rhacs-eng/qa:berserker-1.0-63-g7b0a20bf5f resources: requests: - memory: "10Mi" - cpu: "15m" + memory: "100Mi" + cpu: "25m" limits: - memory: "10Mi" - cpu: "15m" - volumeMounts: - - name: config - mountPath: "/etc/berserker" - readOnly: true + memory: "100Mi" + cpu: "25m" imagePullPolicy: IfNotPresent name: berserker env: @@ -42,13 +39,6 @@ spec: - path: "labels" fieldRef: fieldPath: metadata.labels - volumes: - - name: config - configMap: - name: {{.JobName}}-berserker-process-config - items: - - key: workload.toml - path: workload.toml # Add not-ready/unreachable tolerations for 15 minutes so that node # failure doesn't trigger pod deletion. tolerations: diff --git a/sensor/upgrader/resources/purpose_string.go b/sensor/upgrader/resources/purpose_string.go index 9c2cfd29db16f..7b690efe6087a 100644 --- a/sensor/upgrader/resources/purpose_string.go +++ b/sensor/upgrader/resources/purpose_string.go @@ -17,9 +17,9 @@ const _Purpose_name = "StateResourceBundleResource" var _Purpose_index = [...]uint8{0, 13, 27} func (i Purpose) String() string { - i -= 1 - if i < 0 || i >= Purpose(len(_Purpose_index)-1) { - return "Purpose(" + strconv.FormatInt(int64(i+1), 10) + ")" + idx := int(i) - 1 + if i < 1 || idx >= len(_Purpose_index)-1 { + return "Purpose(" + strconv.FormatInt(int64(i), 10) + ")" } - return _Purpose_name[_Purpose_index[i]:_Purpose_index[i+1]] + return _Purpose_name[_Purpose_index[idx]:_Purpose_index[idx+1]] } diff --git a/tests/common.go b/tests/common.go index 06d905783f8d3..9781255a65829 100644 --- a/tests/common.go +++ b/tests/common.go @@ -337,7 +337,10 @@ func createK8sClientWithConfig(t T, restCfg *rest.Config) kubernetes.Interface { retryClient.RetryWaitMax = 2 * time.Second retryClient.Logger = logWrapper{t: t} if restCfg.Timeout == 0 { - restCfg.Timeout = 10 * time.Second + // Increased from 10s to 30s to handle slower API responses, especially + // in compatibility test scenarios with mixed versions (e.g., old Central + // with new Sensor). + restCfg.Timeout = 30 * time.Second } // Set retryable timeout to 90% of rest config timeout to allow retries retryClient.HTTPClient.Timeout = (9 * restCfg.Timeout) / 10