Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add fbc-fips-check task #1741

Merged
merged 1 commit into from
Dec 19, 2024

Conversation

yashvardhannanavati
Copy link
Contributor

Refers to CVP-4334. This task is used to verify FIPS compliance of unreleased bundles in an FBC fragment. FBC fragment provides the target OCP version of the bundle, which enables the task to run check-payload with version specific embedded config.

@yashvardhannanavati yashvardhannanavati requested a review from a team as a code owner December 10, 2024 10:30
@yashvardhannanavati
Copy link
Contributor Author

Only to be merged after #1681

@chmeliik chmeliik requested a review from a team December 10, 2024 10:36
MartinBasti
MartinBasti previously approved these changes Dec 10, 2024
Copy link
Contributor

@MartinBasti MartinBasti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving code owner change only, the rest is for integration team

@yashvardhannanavati
Copy link
Contributor Author

@dirgim @arewm Could you please help review this?

It is fairly similar to #1681 . It even utilizes the stepAction added in that PR. The only major difference being,

  • This task cracks open the FBC fragment, gets unreleased bundles from it.
  • Performs registry replacement if required (to make unreleased bundles accessible)
  • Extracts unique relatedImages from those bundles and then passes them on to the stepAction for the check-payload scan

@dirgim
Copy link
Contributor

dirgim commented Dec 18, 2024

/ok-to-test

dirgim
dirgim previously approved these changes Dec 18, 2024
Copy link
Contributor

@dirgim dirgim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM code-wise

MartinBasti
MartinBasti previously approved these changes Dec 18, 2024
Refers to CVP-4334. This task is used to verify FIPS compliance of
unreleased bundles in an FBC fragment. FBC fragment provides the
target OCP version of the bundle, which enables the task to run
check-payload with version specific embedded config.

Signed-off-by: Yashvardhan Nanavati <[email protected]>
@yashvardhannanavati
Copy link
Contributor Author

@dirgim @MartinBasti apologies, I had to make a minor change to the task. Could you please approve it again?

Copy link
Member

@arewm arewm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@chmeliik
Copy link
Contributor

/ok-to-test

@arewm arewm added this pull request to the merge queue Dec 19, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Dec 19, 2024
@arewm arewm added this pull request to the merge queue Dec 19, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Dec 19, 2024
@arewm arewm added this pull request to the merge queue Dec 19, 2024
Merged via the queue into konflux-ci:main with commit d7fc037 Dec 19, 2024
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants