feat: add fips-operator-check task #1681
Conversation
task/fips-operator-check/0.1/fips-operator-check-step-action.yaml
Outdated
Show resolved
Hide resolved
yashvardhannanavati
force-pushed
the
fips_check
branch
from
756ee03 to
ee556cf
Compare
dirgim
requested review from
dirgim,
14rcole,
hongweiliu17,
kasemAlem,
dheerajodha,
sonam1412,
jsztuka,
jencull and
chipspeak
yashvardhannanavati
force-pushed
the
fips_check
branch
13 times, most recently
from
c350bbf to
1be8abc
Compare
task/fips-operator-bundle-check/0.1/fips-operator-bundle-check.yaml
Outdated
Show resolved
Hide resolved
task/fips-operator-bundle-check/0.1/fips-operator-bundle-check.yaml
Outdated
Show resolved
Hide resolved
task/fips-operator-bundle-check/0.1/fips-operator-bundle-check.yaml
Outdated
Show resolved
Hide resolved
task/fips-operator-bundle-check/0.1/fips-operator-bundle-check.yaml
Outdated
Show resolved
Hide resolved
task/fips-operator-bundle-check/0.1/fips-operator-bundle-check.yaml
Outdated
Show resolved
Hide resolved
| capabilities: | ||
| add: | ||
| - SETFCAP | ||
| script: | |
There was a problem hiding this comment.
This script is doing a lot of work that would be great to unit test. Would you be opposed to putting it in an image (or elsewhere) where we can add tests? Even if it is something like https://github.com/konflux-ci/oras-container/blob/main/.tekton/test.yaml . This would also enable better reusability of functionality like getting all related images.
There was a problem hiding this comment.
Would moving parts of the script as functions to the konflux-test image utils be acceptable?
The bash functions there can be unit tested.
There was a problem hiding this comment.
+1 to Kruno's idea. We already have a few functions there which will be used in the new fbc task we will introduce. I'll work on creating those functions
There was a problem hiding this comment.
Yes, I think that would work. I understand that this is a balance between technical debt and doing more of what we have been doing.
I think that there is likely some technical debt of the current validate-fbc task where some of that functionality can be moved to the utils as well. :)
task/fips-operator-bundle-check/0.1/fips-operator-bundle-check.yaml
Outdated
Show resolved
Hide resolved
yashvardhannanavati
force-pushed
the
fips_check
branch
from
1be8abc to
a004f49
Compare
task/fips-operator-bundle-check/0.1/fips-operator-bundle-check.yaml
Outdated
Show resolved
Hide resolved
yashvardhannanavati
force-pushed
the
fips_check
branch
from
c473776 to
43bea9c
Compare
yashvardhannanavati
force-pushed
the
fips_check
branch
from
43bea9c to
fdd4578
Compare
|
/ok-to-test |
yashvardhannanavati
force-pushed
the
fips_check
branch
3 times, most recently
from
5760539 to
82b0df6
Compare
stepactions/fips-operator-check-step-action/0.1/fips-operator-check-step-action.yaml
Outdated
Show resolved
Hide resolved
yashvardhannanavati
force-pushed
the
fips_check
branch
from
82b0df6 to
65dd7e6
Compare
yashvardhannanavati
force-pushed
the
fips_check
branch
from
65dd7e6 to
6b9c1fb
Compare
Refers to CVP-4333. This task uses the check-payload tool to verify if an operator bundle image is FIPS compliant.It utilizes Tekton stepAction because the code will be reused for checking FBC fragments in the fbc-validation check. Signed-off-by: Yashvardhan Nanavati <[email protected]>
yashvardhannanavati
force-pushed
the
fips_check
branch
from
6b9c1fb to
c94a207
Compare
|
@dirgim @arewm @hongweiliu17 The task image have now been updated and all suggested changes have been made. Can I please request a final review? |
|
/ok-to-test |
Refers to CVP-4333. This task uses the check-payload tool to verify if an operator bundle image is FIPS compliant.It utilizes Tekton stepAction because the code will be reused for checking FBC fragments in the fbc-validation check.