Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add Operator FIPS Compliance checks as required tasks #96

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: add Operator FIPS Compliance checks as required tasks #96

wants to merge 2 commits into from

Conversation

yashvardhannanavati
Copy link

CVP-4373. This commit adds fbc-fips-check as a required task to the FBC pipeline and fips-operator-bundle-check as a required task in the container pipeline. The commit also adds their repective TA versions.

@yashvardhannanavati
Copy link
Author

To be merged after konflux-ci/build-definitions#1741. thank you! :)

@yashvardhannanavati
Copy link
Author

@arewm @simonbaird FYI

arewm
arewm reviewed Dec 18, 2024
View reviewed changes
Copy link
Contributor

@arewm arewm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason why the effective on date is set for January 24th? That will be less than a month for users to react to the change (assuming that many will not be back until January).

@ralphbean
Copy link
Member

This needs to be preceded by a mass update of users' .tekton/ files in git by sending PRs and MRs to add the task.

@yashvardhannanavati
feat: add Operator FIPS Compliance checks as required tasks
1b329ec 
CVP-4373. This commit adds fbc-fips-check as a required task
to the FBC pipeline and fips-operator-bundle-check as a required
task in the container pipeline. The commit also adds their repective
TA versions.

Signed-off-by: Yashvardhan Nanavati <[email protected]>
@yashvardhannanavati
Copy link
Author

Is there a reason why the effective on date is set for January 24th? That will be less than a month for users to react to the change (assuming that many will not be back until January).

The date has been revised to March 1, 2025.

@yashvardhannanavati
feat: add FIPS operator bundle checks as informative tests
a04eff4 
with fips-operator-bundle-check and fips-operator-bundle-check-ta
being added as required tasks, they may fail even if the operator
bundle is FIPS compliant for a specific OCP version. This is because
on a bundle level, there's no way to determine the target OCP version
for it and hence, we cannot apply the appropriate exception list during
the check. This can only be determined when dealing with an FBC fragment.
Hence, this commit adds the operator bundle check as informative.

Signed-off-by: Yashvardhan Nanavati <[email protected]>
@simonbaird simonbaird mentioned this pull request Jan 7, 2025
Open
@simonbaird
Copy link
Contributor

simonbaird commented Jan 7, 2025
edited
Loading

This needs to be preceded by a mass update of users' .tekton/ files in git by sending PRs and MRs to add the task.

I was thinking this one (and #95) could be merged before that, and then the mass update, which would need to be done in advance of the effective on date, i.e. March 1st. See also EC-1063 and CVP-4376.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arewm arewm arewm left review comments

@rhartman93 rhartman93 Awaiting requested review from rhartman93 rhartman93 is a code owner

@ralphbean ralphbean Awaiting requested review from ralphbean ralphbean is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@yashvardhannanavati @ralphbean @simonbaird @arewm