-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Recommended configuration after reaching out the ACS team regarding RHTAPBUGS-1316. Must not be merged before ACS has been updated to 4.6.
- Loading branch information
Showing
3 changed files
with
60 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| #!/usr/bin/env bash | ||
| set -o errexit | ||
| set -o nounset | ||
| set -o pipefail | ||
|
|
||
| export ROX_CENTRAL_ENDPOINT="$(kubectl get secrets -n rhtap rhtap-acs-integration -o jsonpath='{.data.endpoint}' | base64 -d)" | ||
| export ROX_API_TOKEN="$(kubectl get secrets -n rhtap rhtap-acs-integration -o jsonpath='{.data.token}' | base64 -d)" | ||
|
|
||
| IMAGE="${IMAGE:-quay.io/fedora/fedora:36-x86_64@sha256:d6e4c7d6d1eaa24d71c8efd7432890acdc0179502224d0aaad6bb05d15ffde19}" | ||
|
|
||
| echo "# Download roxctl cli from ${ROX_CENTRAL_ENDPOINT}" | ||
| curl --insecure -s -L -H "Authorization: Bearer $ROX_API_TOKEN" \ | ||
| "https://${ROX_CENTRAL_ENDPOINT}/api/cli/download/roxctl-linux" \ | ||
| --output ./roxctl \ | ||
| > /dev/null | ||
| if [ $? -ne 0 ]; then | ||
| note='Failed to download roxctl' | ||
| echo $note | ||
| exit 1 | ||
| fi | ||
| chmod +x ./roxctl > /dev/null | ||
| echo | ||
|
|
||
| while true; do | ||
| echo "# roxctl image scan" | ||
| date | ||
| if ./roxctl image scan \ | ||
| "--insecure-skip-tls-verify" \ | ||
| -e "${ROX_CENTRAL_ENDPOINT}" \ | ||
| --image "$IMAGE" \ | ||
| --output json \ | ||
| --force; then | ||
| break | ||
| fi | ||
| echo "Waiting" | ||
| echo | ||
| sleep 60 | ||
| echo "Retrying" | ||
| done | ||
| rm ./roxctl | ||
| echo | ||
|
|
||
| echo "# Success" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -21,6 +21,22 @@ spec: | |
| # | ||
| {{- include "acs.copyScripts" . | nindent 4 }} | ||
| containers: | ||
| # | ||
| # Test ACS availibility, pending https://issues.redhat.com/browse/RFE-6727 | ||
| # | ||
| - name: acs-image-scan | ||
|
Check warning Code scanning / SonarCloud Memory limits should be enforced Medium test
Specify a memory limit for this container. See more on SonarQube Cloud
Check warning Code scanning / SonarCloud Storage limits should be enforced Medium test
Specify a storage limit for this container. See more on SonarQube Cloud
|
||
| image: quay.io/codeready-toolchain/oc-client-base:latest | ||
| env: | ||
| - name: IMAGE | ||
| value: quay.io/fedora/fedora:36-x86_64@sha256:d6e4c7d6d1eaa24d71c8efd7432890acdc0179502224d0aaad6bb05d15ffde19 | ||
| command: | ||
| - /scripts/test-acs-image-scan.sh | ||
| volumeMounts: | ||
| - name: scripts | ||
| mountPath: /scripts | ||
| securityContext: | ||
| runAsNonRoot: false | ||
| allowPrivilegeEscalation: false | ||
| {{- range tuple "central" "central-db" "scanner" "scanner-db" }} | ||
| # | ||
| # Test the ACS rollout status. | ||
|
|
||