fix(operator): Add RELATED_IMAGE_FACT to config#19231
Open
vladbologa wants to merge 2 commits intomasterfrom
Open
fix(operator): Add RELATED_IMAGE_FACT to config#19231vladbologa wants to merge 2 commits intomasterfrom
vladbologa wants to merge 2 commits intomasterfrom
Conversation
erthalion
approved these changes
Feb 27, 2026
Contributor
|
Images are ready for the commit at 1a5b6ae. To use with deploy scripts, first |
|
@vladbologa: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Contributor
|
Do we need to backport this to 4.10? |
Contributor
Author
I'm trying to understand the implications. Do release builds have My current understanding is this only affects builds where the tags don't exist in |
Contributor
Author
|
/fixxx |
Contributor
I see |
make: Entering directory '/__w/stackrox/stackrox/operator'
+ yq
[[ ${ROX_OPERATOR_SKIP_PROTO_GENERATED_SRCS:-false} = true ]] || make -C .. proto-generated-srcs
make[1]: Entering directory '/__w/stackrox/stackrox'
+ /__w/stackrox/stackrox/generated/internalapi/sensor/sfa_iservice_vtproto.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/sensor/network_enums_vtproto.pb.go
+ /__w/stackrox/stackrox/generated/api/v2/vuln_state_vtproto.pb.go
+ /__w/stackrox/stackrox/generated/api/v1/report_service_vtproto.pb.go
+ /__w/stackrox/stackrox/generated/storage/operation_status_vtproto.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/compliance/compliance_data_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/virtualmachine/v1/virtual_machine_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/virtualmachine/v1/index_report_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/sensor/network_connection_info_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/sensor/sfa_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/sensor/admission_control_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/sensor/collector_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/sensor/network_enums_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/central/baseline_sync_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/central/cluster_status_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/central/cluster_config_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/central/policy_sync_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/central/deployment_enhancement_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/central/network_flow_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/central/sensor_events_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/central/compliance_operator_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/central/cluster_metrics_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/central/network_baseline_sync_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/central/auth_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/central/delegated_registry_config_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/central/image_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/central/local_scanner_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/central/sensor_upgrade_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/central/telemetry_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/central/secured_cluster_cert_refresh_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/central/hello_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/central/process_listening_on_ports_update_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/wrapper/splunk_alert_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/scanner/v4/vulnerability_report_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/scanner/v4/common_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/scanner/v4/index_report_grpc.pb.go
+ /__w/stackrox/stackrox/generated/test/test_grpc.pb.go
+ /__w/stackrox/stackrox/generated/api/v2/vuln_state_grpc.pb.go
+ /__w/stackrox/stackrox/generated/api/v2/pagination_grpc.pb.go
+ /__w/stackrox/stackrox/generated/api/v2/search_query_grpc.pb.go
+ /__w/stackrox/stackrox/generated/api/v2/common_grpc.pb.go
+ /__w/stackrox/stackrox/generated/api/v2/scan_component_grpc.pb.go
+ /__w/stackrox/stackrox/generated/api/v2/user_grpc.pb.go
+ /__w/stackrox/stackrox/generated/api/v2/vulnerability_grpc.pb.go
+ /__w/stackrox/stackrox/generated/api/v2/compliance_common_grpc.pb.go
+ /__w/stackrox/stackrox/generated/api/common/extended_rpc_status_grpc.pb.go
+ /__w/stackrox/stackrox/generated/api/integrations/splunk_service_grpc.pb.go
+ /__w/stackrox/stackrox/generated/api/v1/pagination_grpc.pb.go
+ /__w/stackrox/stackrox/generated/api/v1/notifications_grpc.pb.go
+ /__w/stackrox/stackrox/generated/api/v1/common_grpc.pb.go
+ /__w/stackrox/stackrox/generated/api/v1/sbom_grpc.pb.go
+ /__w/stackrox/stackrox/generated/api/v1/audit_grpc.pb.go
+ /__w/stackrox/stackrox/generated/api/v1/signal_grpc.pb.go
+ /__w/stackrox/stackrox/generated/api/v1/traits_grpc.pb.go
+ /__w/stackrox/stackrox/generated/api/v1/empty_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/virtual_machine_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/node_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/relations_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/notification_schedule_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/report_configuration_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/process_listening_on_port_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/service_identity_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/taints_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/network_baseline_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/version_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/cluster_init_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/test_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/base_image_repository_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/kube_event_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/process_baseline_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/report_notifier_configuration_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/compliance_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/network_flow_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/image_v2_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/cluster_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/declarative_config_health_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/namespace_metadata_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/service_account_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/installation_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/vuln_requests_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/node_component_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/http_endpoint_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/compliance_operator_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/compliance_operator_v2_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/operation_status_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/network_policy_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/rbac_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/base_image_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/policy_category_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/compliance_config_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/schedule_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/common_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/image_integration_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/group_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/orchestrator_integration_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/risk_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/administration_usage_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/scope_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/alert_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/blob_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/node_integration_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/policy_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/image_component_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/delegated_registry_config_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/helm_cluster_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/discovered_cluster_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/user_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/mitre_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/process_indicator_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/image_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/api_token_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/administration_event_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/secret_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/signature_integration_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/vulnerability_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/network_graph_config_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/integration_health_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/container_runtime_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/report_snapshot_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/auth_provider_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/sensor_upgrade_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/telemetry_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/resource_collection_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/traits_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/config_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/notifier_enc_config_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/deployment_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/external_backup_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/file_access_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/role_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/compliance_integration_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/hash_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/cve_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/labels_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/system_info_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/auth_machine_to_machine_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/log_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/cloud_source_grpc.pb.go
+ /__w/stackrox/stackrox/generated/storage/notifier_grpc.pb.go
+ /__w/stackrox/stackrox/generated/tools/local-sensor/message_grpc.pb.go
+ /__w/stackrox/stackrox/generated/internalapi/central/development_service.pb.gw.go
+ /__w/stackrox/stackrox/generated/internalapi/central/v1/token_service.pb.gw.go
+ /__w/stackrox/stackrox/generated/internalapi/scanner/v4/matcher_service.pb.gw.go
+ /__w/stackrox/stackrox/generated/internalapi/scanner/v4/indexer_service.pb.gw.go
+ /__w/stackrox/stackrox/generated/api/v2/report_service.pb.gw.go
+ /__w/stackrox/stackrox/generated/api/integrations/splunk_service.pb.gw.go
+ /__w/stackrox/stackrox/generated/api/v1/probe_upload_service.pb.gw.go
+ inject-proto-tags
+ cleanup-swagger-json-gotags
+ proto-generated-srcs
make[2]: Entering directory '/__w/stackrox/stackrox'
+ clean-obsolete-protos
/__w/stackrox/stackrox/tools/clean_autogen_protos.py --protos /__w/stackrox/stackrox/proto --generated /__w/stackrox/stackrox/generated
make[2]: Leaving directory '/__w/stackrox/stackrox'
make[1]: Leaving directory '/__w/stackrox/stackrox'
/__w/stackrox/stackrox/operator/.gotools/bin/controller-gen rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+ kustomize
+ operator-sdk
rm -rf bundle
rm -rf config/manifests/bases && /__w/stackrox/stackrox/operator/.gotools/bin/operator-sdk generate kustomize manifests --input-dir=config/ui-metadata
Generating kustomize files in config/manifests
Kustomize files generated successfully
cd config/scorecard-versioned && /__w/stackrox/stackrox/operator/.gotools/bin/kustomize edit set image quay.io/operator-framework/scorecard-test=quay.io/operator-framework/scorecard-test:v1.42.0
rm -rf build/manifests
mkdir -p build/manifests
echo 'resources: [ "../../config/flavors/development_build", "../../config/manifests" ]' > build/manifests/kustomization.yaml
/__w/stackrox/stackrox/operator/.gotools/bin/kustomize build build/manifests | /__w/stackrox/stackrox/operator/.gotools/bin/operator-sdk generate bundle --overwrite --version 0.0.1 --channels=stable
Generating bundle version 0.0.1
Generating bundle manifests
# Warning: 'patchesJson6902' is deprecated. Please use 'patches' instead. Run 'kustomize edit fix' to update your Kustomization automatically.
time="2026-02-27T12:07:55Z" level=warning msg="warning: multiple related images with the same image ref, \"main\", and different names found.The image will only be listed once with an empty name.It is recmmended to either remove the duplicate or use the exact same name."
time="2026-02-27T12:07:55Z" level=warning msg="ClusterServiceVersion validation: [OperationFailed] provided API should have an example annotation"
Bundle manifests generated successfully in bundle
Generating bundle metadata
time="2026-02-27T12:07:55Z" level=info msg="Creating bundle.Dockerfile"
time="2026-02-27T12:07:55Z" level=info msg="Creating bundle/metadata/annotations.yaml"
time="2026-02-27T12:07:55Z" level=info msg="Bundle metadata generated successfully"
/__w/stackrox/stackrox/operator/.gotools/bin/yq -i '.metadata.annotations.createdAt = ""' bundle/manifests/rhacs-operator.clusterserviceversion.yaml
sed -i'.bak' -e '/operators\.operatorframework\.io\.bundle\.channel/d' bundle.Dockerfile
sed -i'.bak' -e '/# Copy files to locations specified by labels./d' bundle.Dockerfile
sed -i'.bak' -E -e '/^COPY .* \/(manifests|metadata|tests\/scorecard)\/$/d' bundle.Dockerfile
rm -f bundle.Dockerfile.bak
cat bundle.Dockerfile.extra >> bundle.Dockerfile
set -euo pipefail ;\
python3 -m venv bundle_helpers/.venv ; . bundle_helpers/.venv/bin/activate ; pip3 install --upgrade pip==21.3.1 setuptools==59.6.0 ; pip3 install -r bundle_helpers/requirements.txt ;\
bundle_helpers/fix-spec-descriptor-order.py \
<bundle/manifests/rhacs-operator.clusterserviceversion.yaml \
>bundle/manifests/rhacs-operator.clusterserviceversion.yaml.fixed
Collecting pip==21.3.1
Downloading https://files.pythonhosted.org/packages/a4/6d/6463d49a933f547439d6b5b98b46af8742cc03ae83543e4d7688c2420f8b/pip-21.3.1-py3-none-any.whl (1.7MB)
Collecting setuptools==59.6.0
Downloading https://files.pythonhosted.org/packages/b0/3a/88b210db68e56854d0bcf4b38e165e03be377e13907746f825790f3df5bf/setuptools-59.6.0-py3-none-any.whl (952kB)
Installing collected packages: pip, setuptools
Found existing installation: pip 9.0.3
Uninstalling pip-9.0.3:
Successfully uninstalled pip-9.0.3
Found existing installation: setuptools 39.2.0
Uninstalling setuptools-39.2.0:
Successfully uninstalled setuptools-39.2.0
Successfully installed pip-21.3.1 setuptools-59.6.0
You are using pip version 21.3.1, however version 26.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
Collecting PyYAML==6.0
Downloading PyYAML-6.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (603 kB)
Collecting pytest==7.0.1
Downloading pytest-7.0.1-py3-none-any.whl (296 kB)
Collecting iniconfig
Downloading iniconfig-1.1.1-py2.py3-none-any.whl (5.0 kB)
Collecting py>=1.8.2
Downloading py-1.11.0-py2.py3-none-any.whl (98 kB)
Collecting pluggy<2.0,>=0.12
Downloading pluggy-1.0.0-py2.py3-none-any.whl (13 kB)
Collecting attrs>=19.2.0
Downloading attrs-22.2.0-py3-none-any.whl (60 kB)
Collecting tomli>=1.0.0
Downloading tomli-1.2.3-py3-none-any.whl (12 kB)
Collecting importlib-metadata>=0.12
Downloading importlib_metadata-4.8.3-py3-none-any.whl (17 kB)
Collecting packaging
Downloading packaging-21.3-py3-none-any.whl (40 kB)
Collecting zipp>=0.5
Downloading zipp-3.6.0-py3-none-any.whl (5.3 kB)
Collecting typing-extensions>=3.6.4
Downloading typing_extensions-4.1.1-py3-none-any.whl (26 kB)
Collecting pyparsing!=3.0.5,>=2.0.2
Downloading pyparsing-3.1.4-py3-none-any.whl (104 kB)
Installing collected packages: zipp, typing-extensions, pyparsing, importlib-metadata, tomli, py, pluggy, packaging, iniconfig, attrs, PyYAML, pytest
Successfully installed PyYAML-6.0 attrs-22.2.0 importlib-metadata-4.8.3 iniconfig-1.1.1 packaging-21.3 pluggy-1.0.0 py-1.11.0 pyparsing-3.1.4 pytest-7.0.1 tomli-1.2.3 typing-extensions-4.1.1 zipp-3.6.0
mv bundle/manifests/rhacs-operator.clusterserviceversion.yaml.fixed \
bundle/manifests/rhacs-operator.clusterserviceversion.yaml
/__w/stackrox/stackrox/operator/.gotools/bin/operator-sdk bundle validate ./bundle --select-optional suite=operatorframework
time="2026-02-27T12:08:03Z" level=warning msg="Warning: Value config.stackrox.io/v1alpha1, Kind=SecurityPolicy: provided API should have an example annotation"
time="2026-02-27T12:08:03Z" level=warning msg="Warning: Value rhacs-operator.v0.0.1: owned CRD \"securitypolicies.config.stackrox.io\" has an empty description"
time="2026-02-27T12:08:03Z" level=info msg="All validation tests have completed successfully"
make: Leaving directory '/__w/stackrox/stackrox/operator'
Contributor
Author
So I think we should backport this to 4.10, I'm just not sure if it should be in 4.10.0, or it's ok to put in a later version. For OLM installations, I see that our official releases are setting |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #19231 +/- ##
==========================================
- Coverage 49.56% 49.55% -0.01%
==========================================
Files 2675 2675
Lines 201838 201838
==========================================
- Hits 100036 100022 -14
- Misses 94345 94357 +12
- Partials 7457 7459 +2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Add RELATED_IMAGE_FACT environment variable to the operator deployment template for consistency with other component images.
User-facing documentation
Testing and quality
Automated testing
How I validated my change
change me!