feat(ISV-5130): add pipeline steps for SBOM upload #627
Conversation
|
Hi @jedinym. Thanks for your PR. I'm waiting for a konflux-ci member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
jedinym
force-pushed
the
ISV-5130
branch
2 times, most recently
from
e03c642
to
96b9878
Compare
jedinym
changed the title
jedinym
changed the title
jedinym
changed the title
|
@mmalina In the latest commit, I made the SBOM processing optional when the Atlas fields are not provided in the RPA. |
Let's continue in this thread: #627 (comment) |
tasks/collect-atlas-params/tests/test-collect-atlas-params-stage.yaml
Outdated
Show resolved
Hide resolved
pipelines/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml
Outdated
Show resolved
Hide resolved
pipelines/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml
Outdated
Show resolved
Hide resolved
|
New changes are detected. LGTM label has been removed. |
|
@jedinym it looks good. One last thing - can you improve the commit message? Now it just includes an ugly list of all the commits from the squash. It would be nice to have some summary of what's included in this. |
jedinym
force-pushed
the
ISV-5130
branch
2 times, most recently
from
683e232
to
2ee5465
Compare
|
/ok-to-test |
|
/retest |
|
Hmm, the tests failed in a different way than in the e2e repo. Are they using the same vault for secrets? Could you please rerun them? @johnbieren @mmalina |
The secrets are deployed to the clusters manually (if we're talking about the tests that run on staging Konflux cluster - not sure about the ones that run on the provisioned clusters), so you would need to ask Scott. But I don't see a reason why he would deploy something else here. |
|
/retest |
|
@mmalina I was thinking of the secrets used in the e2e test setup, not the ones used in the pipeline. I added those to the QE vault and it worked in the e2e repo. Here though, the test logs suggest that the new secrets were not found (somehow). |
|
AFAIK, there is nothing different in the way e2e runs in this repo and in the e2e repo.
e2e runs the pipeline, so the secrets always need to be there in that environment. As you said, for the provisioned clusters, the qa vault is used. But some of our tests use staging Konflux, so for those, the secrets need to be set up manually. @jinqi7 am I right? |
There is some difference. Please see the bug. Before it's fixed, we need to merge the PR in e2e-tests first. |
|
@mmalina The e2e PR is merged, could you please rerun the tests? |
|
/retest |
|
/retest |
|
/ok-to-test |
|
/retest |
|
/ok-to-test |
The rh-advisories pipeline now supports generating product-level SBOMs at release time and enhancing component-level SBOMs created at build time with additional release-time data. Signed-off-by: Martin Jediny <jedinym@proton.me>
|
/ok-to-test |
|
@jedinym: The following test has Failed, say /retest to rerun failed tests.
Inspecting Test ArtifactsTo inspect your test artifacts, follow these steps:
mkdir -p oras-artifacts
cd oras-artifacts
oras pull quay.io/konflux-test-storage/konflux-team/release-service-catalog:konflux-e2e-tests-catalog-tfsdw |
This PR extends the
rh-advisoriespipeline to create and upload product-level SBOMs.Product-level SBOMs have been tested in Konflux with the help of @.scoheb.
A new tekton Task (
collect-atlas-params) is added to generate Atlas parameters from the Atlas field RPAs. If no Atlas-related data is provided in the RPA, the SBOM processing is skipped.