diff --git a/ci-operator/config/openshift/ocp-secrets-management-console/OWNERS b/ci-operator/config/openshift/ocp-secrets-management-console/OWNERS index c8462b85d28a6..80382ad37bc1b 100644 --- a/ci-operator/config/openshift/ocp-secrets-management-console/OWNERS +++ b/ci-operator/config/openshift/ocp-secrets-management-console/OWNERS @@ -6,8 +6,12 @@ approvers: - anandkuma77 +- bharath-b-rh +- mytreya-rh - sarthakpurohit options: {} reviewers: - anandkuma77 +- bharath-b-rh +- mytreya-rh - sarthakpurohit diff --git a/ci-operator/config/openshift/ocp-secrets-management-console/openshift-ocp-secrets-management-console-main.yaml b/ci-operator/config/openshift/ocp-secrets-management-console/openshift-ocp-secrets-management-console-main.yaml index a3bf29506d874..7e6a3005f6670 100644 --- a/ci-operator/config/openshift/ocp-secrets-management-console/openshift-ocp-secrets-management-console-main.yaml +++ b/ci-operator/config/openshift/ocp-secrets-management-console/openshift-ocp-secrets-management-console-main.yaml @@ -1,8 +1,17 @@ base_images: + base-rhel9: + name: "4.21" + namespace: ocp + tag: base-rhel9 golang: name: builder namespace: ocp - tag: rhel-9-golang-1.23-openshift-4.19 + tag: rhel-9-golang-1.23-openshift-4.21 + operator-sdk: + name: "4.21" + namespace: origin + tag: operator-sdk +binary_build_commands: cd operator && make build build_root: image_stream_tag: name: console-plugin-test-cypress @@ -11,7 +20,27 @@ build_root: images: items: - dockerfile_path: Dockerfile - to: ocp-secrets-management-console + to: ocp-secrets-management + - dockerfile_path: operator/images/ci/Dockerfile + from: base-rhel9 + to: ocp-secrets-management-operator +operator: + bundles: + - as: ocp-secrets-management-operator-bundle + dockerfile_path: operator/bundle.Dockerfile + skip_building_index: true + substitutions: + - pullspec: openshift.io/ocp-secrets-management-operator:.* + with: pipeline:ocp-secrets-management-operator + - pullspec: openshift.io/ocp-secrets-management:.* + with: pipeline:ocp-secrets-management +releases: + latest: + candidate: + architecture: multi + product: ocp + stream: nightly + version: "4.21" resources: '*': limits: @@ -30,6 +59,63 @@ tests: unset GOFLAGS && cd operator && make test container: from: golang +- as: verify + commands: | + yarn install && LANG=en_US.UTF-8 yarn lint + container: + from: src +- as: fips-image-scan-plugin + steps: + dependencies: + SCAN_IMAGE: ocp-secrets-management + test: + - ref: fips-check-image-scan +- as: fips-image-scan-operator + steps: + dependencies: + SCAN_IMAGE: ocp-secrets-management-operator + test: + - ref: fips-check-image-scan +- as: e2e-operator + cluster_claim: + architecture: amd64 + cloud: aws + owner: openshift-ci + product: ocp + timeout: 2h0m0s + version: "4.21" + skip_if_only_changed: ^(docs/|scripts/)|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|LICENSE)$ + steps: + test: + - as: install + cli: latest + commands: | + oc create namespace openshift-secrets-management + operator-sdk run bundle --timeout=10m --security-context-config=restricted --install-mode=AllNamespaces -n openshift-secrets-management "$OO_BUNDLE" --verbose + oc wait --for condition=Available -n openshift-secrets-management deployment secrets-management-operator --timeout=10m + dependencies: + - env: OO_BUNDLE + name: ocp-secrets-management-operator-bundle + from: operator-sdk + resources: + requests: + cpu: 100m + - as: test + cli: latest + commands: | + # Create SecretsManagementConfig CR + oc apply -f operator/config/samples/secrets-management_v1alpha1_secretsmanagementconfig.yaml + # Wait for plugin deployment + oc wait --for condition=Available -n openshift-secrets-management deployment ocp-secrets-management-plugin --timeout=5m + # Verify plugin pods are running + oc get pods -n openshift-secrets-management -l app.kubernetes.io/name=ocp-secrets-management + # Verify ConsolePlugin resource exists + oc get consoleplugin ocp-secrets-management + from: src + resources: + requests: + cpu: 100m + workflow: generic-claim zz_generated_metadata: branch: main org: openshift diff --git a/ci-operator/jobs/openshift/ocp-secrets-management-console/OWNERS b/ci-operator/jobs/openshift/ocp-secrets-management-console/OWNERS index c8462b85d28a6..80382ad37bc1b 100644 --- a/ci-operator/jobs/openshift/ocp-secrets-management-console/OWNERS +++ b/ci-operator/jobs/openshift/ocp-secrets-management-console/OWNERS @@ -6,8 +6,12 @@ approvers: - anandkuma77 +- bharath-b-rh +- mytreya-rh - sarthakpurohit options: {} reviewers: - anandkuma77 +- bharath-b-rh +- mytreya-rh - sarthakpurohit diff --git a/ci-operator/jobs/openshift/ocp-secrets-management-console/openshift-ocp-secrets-management-console-main-presubmits.yaml b/ci-operator/jobs/openshift/ocp-secrets-management-console/openshift-ocp-secrets-management-console-main-presubmits.yaml index 000af194c3acf..313e5d82dd609 100644 --- a/ci-operator/jobs/openshift/ocp-secrets-management-console/openshift-ocp-secrets-management-console-main-presubmits.yaml +++ b/ci-operator/jobs/openshift/ocp-secrets-management-console/openshift-ocp-secrets-management-console-main-presubmits.yaml @@ -1,5 +1,320 @@ presubmits: openshift/ocp-secrets-management-console: + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build13 + context: ci/prow/ci-bundle-ocp-secrets-management-operator-bundle + decorate: true + decoration_config: + sparse_checkout_files: + - Dockerfile + - operator/images/ci/Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-ocp-secrets-management-console-main-ci-bundle-ocp-secrets-management-operator-bundle + rerun_command: /test ci-bundle-ocp-secrets-management-operator-bundle + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=ocp-secrets-management-operator-bundle + command: + - ci-operator + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )ci-bundle-ocp-secrets-management-operator-bundle,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^main$ + - ^main- + cluster: build13 + context: ci/prow/e2e-operator + decorate: true + decoration_config: + sparse_checkout_files: + - Dockerfile + - operator/images/ci/Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-ocp-secrets-management-console-main-e2e-operator + rerun_command: /test e2e-operator + skip_if_only_changed: ^(docs/|scripts/)|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|LICENSE)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --hive-kubeconfig=/secrets/hive-hive-credentials/kubeconfig + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-operator + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/hive-hive-credentials + name: hive-hive-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: hive-hive-credentials + secret: + secretName: hive-hive-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-operator,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build13 + context: ci/prow/fips-image-scan-operator + decorate: true + decoration_config: + sparse_checkout_files: + - Dockerfile + - operator/images/ci/Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-ocp-secrets-management-console-main-fips-image-scan-operator + rerun_command: /test fips-image-scan-operator + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=fips-image-scan-operator + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )fips-image-scan-operator,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build13 + context: ci/prow/fips-image-scan-plugin + decorate: true + decoration_config: + sparse_checkout_files: + - Dockerfile + - operator/images/ci/Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-ocp-secrets-management-console-main-fips-image-scan-plugin + rerun_command: /test fips-image-scan-plugin + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=fips-image-scan-plugin + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )fips-image-scan-plugin,?($|\s.*) - agent: kubernetes always_run: true branches: @@ -11,8 +326,10 @@ presubmits: decoration_config: sparse_checkout_files: - Dockerfile + - operator/images/ci/Dockerfile labels: ci.openshift.io/generator: prowgen + job-release: "4.21" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-ocp-secrets-management-console-main-images rerun_command: /test images @@ -67,8 +384,10 @@ presubmits: decoration_config: sparse_checkout_files: - Dockerfile + - operator/images/ci/Dockerfile labels: ci.openshift.io/generator: prowgen + job-release: "4.21" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-ocp-secrets-management-console-main-operator-unit rerun_command: /test operator-unit @@ -131,8 +450,10 @@ presubmits: decoration_config: sparse_checkout_files: - Dockerfile + - operator/images/ci/Dockerfile labels: ci.openshift.io/generator: prowgen + job-release: "4.21" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-ocp-secrets-management-console-main-unit rerun_command: /test unit @@ -184,3 +505,69 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )unit,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build13 + context: ci/prow/verify + decorate: true + decoration_config: + sparse_checkout_files: + - Dockerfile + - operator/images/ci/Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.21" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-ocp-secrets-management-console-main-verify + rerun_command: /test verify + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=verify + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )verify,?($|\s.*)