Skip to content

Porridge/try broken project #19296

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
porridge wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

Porridge/try broken project #19296

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
aa756c7
ROX-33117: basic support for operator chart publishing
porridge Feb 19, 2026
d7a5348
changelog
porridge Mar 4, 2026
748e1c3
see what happens when operator/PROJECT is broken
porridge Mar 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions .github/workflows/build.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -661,6 +661,21 @@ jobs:
run: |
./scripts/ci/lib.sh registry_rw_login "quay.io/${QUAY_ORG}"

- name: Build operator helm chart
if: matrix.arch == 'amd64'
run: make -C operator/ chart

- name: Bundle chart to preserve permissions
if: matrix.arch == 'amd64'
run: tar -cvzf "$(pwd)/operator-chart-${{ matrix.name }}.tgz" -C operator/dist/chart .

- uses: ./.github/actions/upload-artifact-with-retry
if: matrix.arch == 'amd64'
with:
name: operator-chart-${{ matrix.name }}
path: operator-chart-${{ matrix.name }}.tgz
if-no-files-found: error

- name: Build Operator Bundle image
if: |
matrix.name != 'STACKROX_BRANDING'
Expand Down
8 changes: 7 additions & 1 deletion .github/workflows/release-ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,12 @@ jobs:
- uses: ./.github/actions/download-artifact-with-retry
with:
name: cli-build
- uses: ./.github/actions/download-artifact-with-retry
with:
name: operator-chart-RHACS_BRANDING
- uses: ./.github/actions/download-artifact-with-retry
with:
name: operator-chart-STACKROX_BRANDING
- name: Publish Helm charts to stackrox/release-artifacts
env:
STACKROX_TAG: ${{ github.ref_name }}
Expand All @@ -109,7 +115,7 @@ jobs:
mkdir -p "${HOME}/.local/bin"
mv bin/linux_amd64/roxctl "${HOME}/.local/bin/roxctl"
scripts/ci/lib.sh \
push_helm_charts "${STACKROX_TAG}"
push_helm_charts "${STACKROX_TAG}" "$(pwd)/operator-chart-RHACS_BRANDING.tgz" "$(pwd)/operator-chart-STACKROX_BRANDING.tgz"

# Publish `roxagent` and `roxctl`.
publish-cli:
Expand Down
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Changes should still be described appropriately in JIRA/doc input pages, for inc
roxctl's "central crs generate" supports specifying a maximum number of cluster registrations
using the new parameter "--max-clusters".
- ROX-24311: Detection and enforcement for pods/attach Kubernetes event.
- ROX-33099: New Operator Helm Chart is now the only recommended way to install on non-OpenShift clusters.
- ROX-33098 (Tech Preview): Effective path and Actual Path have been combined into a single File Path policy criterion.
- ROX-33156 (Tech Preview): A new default policy category called "File Activity Monitoring" is now available.

Expand Down
2 changes: 2 additions & 0 deletions operator/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -323,7 +323,9 @@ build-installer: manifests generate kustomize ## Generate a consolidated YAML wi
chart: kubebuilder manifests ## Generate a helm chart with all necessary resources.
# The dependency above makes sure protos are up to date, so we can skip this time-consuming process below
# by specifying the SKIP env var. Otherwise each target that kubebuilder invokes (and there is a bunch) would regen protos.
if [ "$(ROX_IMAGE_FLAVOR)" = opensource ]; then sed -i'.bak' -e 's,^projectName: rhacs-operator,projectName: stackrox-operator,' PROJECT; fi
ROX_OPERATOR_SKIP_PROTO_GENERATED_SRCS=true $(KUBEBUILDER) edit --plugins=helm/v2-alpha --force
if [ "$(ROX_IMAGE_FLAVOR)" = opensource ]; then mv PROJECT.bak PROJECT; fi
sed -i'.bak' -e 's,0.1.0,$(VERSION),g' dist/chart/Chart.yaml
rm -f dist/chart/Chart.yaml.bak

Expand Down
2 changes: 1 addition & 1 deletion operator/PROJECT
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ plugins:
output: dist
manifests.sdk.operatorframework.io/v2: {}
scorecard.sdk.operatorframework.io/v2: {}
projectName: rhacs-operator
projectName: stackrox-operator
repo: github.com/stackrox/rox
resources:
- api:
Expand Down
13 changes: 10 additions & 3 deletions scripts/ci/lib.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1111,23 +1111,30 @@ publish_openapispec() {
}

push_helm_charts() {
if [[ "$#" -ne 1 ]]; then
die "missing arg. usage: push_helm_charts <tag>"
if [[ "$#" -ne 3 ]]; then
die "missing arg. usage: push_helm_charts <tag> <operator_rhacs_chart_tarball> <operator_stackrox_chart_tarball>"
fi

local tag="$1"
local operator_rhacs_chart_tarball="$2"
local operator_stackrox_chart_tarball="$3"

echo "Publish Helm charts to github repository stackrox/release-artifacts and create a PR" >> "${GITHUB_STEP_SUMMARY}"

local central_services_chart_dir
local secured_cluster_services_chart_dir
central_services_chart_dir="$(mktemp -d)"
secured_cluster_services_chart_dir="$(mktemp -d)"
operator_chart_dir="$(mktemp -d)"
roxctl helm output central-services --image-defaults=rhacs --output-dir "${central_services_chart_dir}/rhacs"
roxctl helm output central-services --image-defaults=opensource --output-dir "${central_services_chart_dir}/opensource"
roxctl helm output secured-cluster-services --image-defaults=rhacs --output-dir "${secured_cluster_services_chart_dir}/rhacs"
roxctl helm output secured-cluster-services --image-defaults=opensource --output-dir "${secured_cluster_services_chart_dir}/opensource"
"${SCRIPTS_ROOT}/scripts/ci/publish-helm-charts.sh" "${tag}" "${central_services_chart_dir}" "${secured_cluster_services_chart_dir}"
mkdir "${operator_chart_dir}/rhacs"
tar -zxf "${operator_rhacs_chart_tarball}" -C "${operator_chart_dir}/rhacs"
mkdir "${operator_chart_dir}/opensource"
tar -zxf "${operator_stackrox_chart_tarball}" -C "${operator_chart_dir}/opensource"
"${SCRIPTS_ROOT}/scripts/ci/publish-helm-charts.sh" "${tag}" "${central_services_chart_dir}" "${secured_cluster_services_chart_dir}" "${operator_chart_dir}"
}

gitbot() {
Expand Down
13 changes: 10 additions & 3 deletions scripts/ci/publish-helm-charts.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,17 +11,20 @@ set -euo pipefail
remote_repository="https://github.com/stackrox/release-artifacts.git"
remote_subdirectory="helm-charts"

version="$1"
central_services_chart="$2"
secured_cluster_services_chart="$3"
version="${1:-}"
central_services_chart="${2:-}"
secured_cluster_services_chart="${3:-}"
operator_chart_dir="${4:-}"

[[ -n "$version" ]] || die "No version specified"
[[ -n "$central_services_chart" ]] || die "No central services chart path specified!"
[[ -n "$secured_cluster_services_chart" ]] || die "No secured cluster services chart path specified!"
[[ -n "$operator_chart_dir" ]] || die "No operator chart path specified!"

echo "Publishing charts for version $version"
echo " Central Services Chart location: ${central_services_chart}"
echo " Secured Cluster Services Chart location: ${secured_cluster_services_chart}"
echo " Operator Chart location: ${operator_chart_dir}"

if is_release_test_stream "$version"; then
# send to #acs-slack-integration-testing when testing the release process
Expand All @@ -45,18 +48,22 @@ mkdir "${tmp_remote_repository}/${remote_subdirectory}/${version}"

cp -a "${central_services_chart}/opensource" "${tmp_remote_repository}/${remote_subdirectory}/${version}/central-services"
cp -a "${secured_cluster_services_chart}/opensource" "${tmp_remote_repository}/${remote_subdirectory}/${version}/secured-cluster-services"
cp -a "${operator_chart_dir}/opensource" "${tmp_remote_repository}/${remote_subdirectory}/${version}/operator"

mkdir "${tmp_remote_repository}/${remote_subdirectory}/rhacs/${version}"

cp -a "${central_services_chart}/rhacs" "${tmp_remote_repository}/${remote_subdirectory}/rhacs/${version}/central-services"
cp -a "${secured_cluster_services_chart}/rhacs" "${tmp_remote_repository}/${remote_subdirectory}/rhacs/${version}/secured-cluster-services"
cp -a "${operator_chart_dir}/rhacs" "${tmp_remote_repository}/${remote_subdirectory}/rhacs/${version}/operator"

mkdir -p "${tmp_remote_repository}/${remote_subdirectory}/opensource"

echo "Packaging Helm chart for file ${central_services_chart}/opensource/Chart.yaml"
helm package -d "${tmp_remote_repository}/${remote_subdirectory}/opensource" "${central_services_chart}/opensource"
echo "Packaging Helm chart for file ${secured_cluster_services_chart}/opensource/Chart.yaml"
helm package -d "${tmp_remote_repository}/${remote_subdirectory}/opensource" "${secured_cluster_services_chart}/opensource"
echo "Packaging Helm chart for file ${operator_chart_dir}/opensource/Chart.yaml"
helm package -d "${tmp_remote_repository}/${remote_subdirectory}/opensource" "${operator_chart_dir}/opensource"

echo "Building OSS helm repo index"
helm repo index "${tmp_remote_repository}/${remote_subdirectory}/opensource"
Expand Down
Loading