From 3fb4bb6c2e2c6286fd650f785d842ad0a5850f10 Mon Sep 17 00:00:00 2001 From: Luiz Carvalho Date: Mon, 5 Aug 2024 14:09:19 -0400 Subject: [PATCH] Add verify-signed-rpms as a required Task Ref: KONFLUX-3149 Signed-off-by: Luiz Carvalho --- data/required_tasks.yml | 84 ++++++++++++++++++++--------------------- 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/data/required_tasks.yml b/data/required_tasks.yml index 2a16105..650c9fc 100644 --- a/data/required_tasks.yml +++ b/data/required_tasks.yml @@ -2,7 +2,7 @@ # https://enterprisecontract.dev/docs/ec-policies/release_policy.html#tasks_package pipeline-required-tasks: fbc: - - effective_on: "2024-06-17T00:00:00Z" + - effective_on: "2024-09-09T00:00:00Z" tasks: - [buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote, buildah-oci-ta, buildah-remote-oci-ta] - deprecated-image-check @@ -12,19 +12,19 @@ pipeline-required-tasks: - init - inspect-image - show-sbom - - effective_on: "2023-08-31T00:00:00Z" + - verify-signed-rpms + - effective_on: "2024-06-17T00:00:00Z" tasks: - - [buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote] + - [buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote, buildah-oci-ta, buildah-remote-oci-ta] - deprecated-image-check - fbc-related-image-check - fbc-validation - - git-clone + - [git-clone, git-clone-oci-ta] - init - inspect-image - show-sbom - - summary docker: - - effective_on: "2024-06-17T00:00:00Z" + - effective_on: "2024-09-09T00:00:00Z" tasks: - [buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote, buildah-oci-ta, buildah-remote-oci-ta] - clair-scan @@ -36,21 +36,21 @@ pipeline-required-tasks: - [sast-snyk-check, sast-snyk-check-oci-ta] - show-sbom - [source-build, source-build-oci-ta] - - effective_on: "2023-12-31T00:00:00Z" + - verify-signed-rpms + - effective_on: "2024-06-17T00:00:00Z" tasks: - - [buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote] + - [buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote, buildah-oci-ta, buildah-remote-oci-ta] - clair-scan - clamav-scan - deprecated-image-check - - git-clone + - [git-clone, git-clone-oci-ta] - init - - prefetch-dependencies - - sast-snyk-check + - [prefetch-dependencies, prefetch-dependencies-oci-ta] + - [sast-snyk-check, sast-snyk-check-oci-ta] - show-sbom - - source-build - - summary + - [source-build, source-build-oci-ta] generic: - - effective_on: "2024-06-17T00:00:00Z" + - effective_on: "2024-09-09T00:00:00Z" tasks: - [buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote, buildah-oci-ta, buildah-remote-oci-ta] - clair-scan @@ -62,21 +62,21 @@ pipeline-required-tasks: - [sast-snyk-check, sast-snyk-check-oci-ta] - show-sbom - [source-build, source-build-oci-ta] - - effective_on: "2023-12-31T00:00:00Z" + - verify-signed-rpms + - effective_on: "2024-06-17T00:00:00Z" tasks: - - [buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote] + - [buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote, buildah-oci-ta, buildah-remote-oci-ta] - clair-scan - clamav-scan - deprecated-image-check - - git-clone + - [git-clone, git-clone-oci-ta] - init - - prefetch-dependencies - - sast-snyk-check + - [prefetch-dependencies, prefetch-dependencies-oci-ta] + - [sast-snyk-check, sast-snyk-check-oci-ta] - show-sbom - - source-build - - summary + - [source-build, source-build-oci-ta] java: - - effective_on: "2024-06-17T00:00:00Z" + - effective_on: "2024-09-09T00:00:00Z" tasks: - clair-scan - clamav-scan @@ -88,21 +88,21 @@ pipeline-required-tasks: - [sast-snyk-check, sast-snyk-check-oci-ta] - show-sbom - [source-build, source-build-oci-ta] - - effective_on: "2023-12-31T00:00:00Z" + - verify-signed-rpms + - effective_on: "2024-06-17T00:00:00Z" tasks: - clair-scan - clamav-scan - deprecated-image-check - - git-clone + - [git-clone, git-clone-oci-ta] - init - - prefetch-dependencies + - [prefetch-dependencies, prefetch-dependencies-oci-ta] - s2i-java - - sast-snyk-check + - [sast-snyk-check, sast-snyk-check-oci-ta] - show-sbom - - source-build - - summary + - [source-build, source-build-oci-ta] nodejs: - - effective_on: "2024-06-17T00:00:00Z" + - effective_on: "2024-09-09T00:00:00Z" tasks: - clair-scan - clamav-scan @@ -114,23 +114,23 @@ pipeline-required-tasks: - [sast-snyk-check, sast-snyk-check-oci-ta] - show-sbom - [source-build, source-build-oci-ta] - - effective_on: "2023-12-31T00:00:00Z" + - verify-signed-rpms + - effective_on: "2024-06-17T00:00:00Z" tasks: - clair-scan - clamav-scan - deprecated-image-check - - git-clone + - [git-clone, git-clone-oci-ta] - init - - prefetch-dependencies + - [prefetch-dependencies, prefetch-dependencies-oci-ta] - s2i-nodejs - - sast-snyk-check + - [sast-snyk-check, sast-snyk-check-oci-ta] - show-sbom - - source-build - - summary + - [source-build, source-build-oci-ta] # https://enterprisecontract.dev/docs/ec-policies/release_policy.html#tasks_package required-tasks: - - effective_on: "2024-06-17T00:00:00Z" + - effective_on: "2024-09-09T00:00:00Z" tasks: - clair-scan - clamav-scan @@ -139,13 +139,13 @@ required-tasks: - [prefetch-dependencies, prefetch-dependencies-oci-ta] - [sast-snyk-check, sast-snyk-check-oci-ta] - [source-build, source-build-oci-ta] - - effective_on: "2023-12-31T00:00:00Z" + - verify-signed-rpms + - effective_on: "2024-06-17T00:00:00Z" tasks: - clair-scan - clamav-scan - - git-clone + - [git-clone, git-clone-oci-ta] - init - - prefetch-dependencies - - sast-snyk-check - - source-build - - summary + - [prefetch-dependencies, prefetch-dependencies-oci-ta] + - [sast-snyk-check, sast-snyk-check-oci-ta] + - [source-build, source-build-oci-ta]