diff --git a/ci-operator/config/openshift/cluster-machine-approver/openshift-cluster-machine-approver-release-4.22.yaml b/ci-operator/config/openshift/cluster-machine-approver/openshift-cluster-machine-approver-release-4.22.yaml index 6575448c155cd..91b1a96aead2b 100644 --- a/ci-operator/config/openshift/cluster-machine-approver/openshift-cluster-machine-approver-release-4.22.yaml +++ b/ci-operator/config/openshift/cluster-machine-approver/openshift-cluster-machine-approver-release-4.22.yaml @@ -1,8 +1,43 @@ +base_images: + cluster-api-actuator-pkg-test: + name: cluster-api-actuator-pkg-test + namespace: ci + tag: latest + tests-private: + name: tests-private + namespace: ci + tag: latest +binary_build_commands: NO_DOCKER=1 make build build_root: from_repository: true images: - dockerfile_path: Dockerfile.rhel to: cluster-machine-approver +- dockerfile_literal: | + FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.24-openshift-4.22 AS builder + WORKDIR /app + RUN git clone --depth=1 --branch=main https://github.com/openshift/tls-scanner.git . && \ + make + + FROM registry.ci.openshift.org/ocp/4.22:base-rhel9 + ARG OC_VERSION=latest + ARG UMOCI_VERSION=latest + RUN dnf -y update && \ + dnf install -y binutils file go podman runc jq skopeo nmap tar lsof && \ + dnf clean all + RUN wget -O "openshift-client-linux-${OC_VERSION}.tar.gz" "https://mirror.openshift.com/pub/openshift-v4/amd64/clients/ocp/${OC_VERSION}/openshift-client-linux.tar.gz" && \ + tar -C /usr/local/bin -xzvf "openshift-client-linux-$OC_VERSION.tar.gz" oc && \ + rm -f "openshift-client-linux-$OC_VERSION.tar.gz" + RUN curl --fail --retry 3 -LJO https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/latest-4.14/opm-linux.tar.gz && \ + tar -xzf opm-linux.tar.gz && \ + mv ./opm /usr/local/bin/ && \ + rm -f opm-linux.tar.gz + RUN wget -O /usr/local/bin/umoci "https://github.com/opencontainers/umoci/releases/$UMOCI_VERSION/download/umoci.linux.amd64" && \ + chmod +x /usr/local/bin/umoci + COPY --from=builder /app/bin/tls-scanner /usr/local/bin/tls-scanner + ENTRYPOINT ["/usr/local/bin/tls-scanner"] + LABEL com.redhat.component="tls-scanner" + to: tls-scanner-tool promotion: to: - disabled: true @@ -77,6 +112,27 @@ tests: cpu: 100m timeout: 3h0m0s workflow: ipi-gcp +- as: regression-clusterinfra-gcp-ipi-mapi-tls + optional: true + run_if_changed: ^(go\.mod|go\.sum)$ + steps: + cluster_profile: gcp + env: + CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: registry.build10.ci.openshift.org/ci-ln-sjfd8wb/release:latest + E2E_RUN_TAGS: '@mapi' + TEST_FILTERS_CLUSTERINFRASTRUCTURE: periodic&&!qe-only&&mapi + TEST_SCENARIOS: Cluster_Infrastructure CMA + test: + - chain: openshift-e2e-test-clusterinfra-qe-regression + workflow: cucushift-installer-rehearse-gcp-ipi +- as: tls13-conformance-cma + steps: + cluster_profile: aws-5 + env: + CUSTOM_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: registry.build10.ci.openshift.org/ci-ln-sjfd8wb/release:latest + test: + - ref: tls-scanner-run + workflow: openshift-e2e-aws-ovn-tls-13 - as: e2e-upgrade skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ steps: diff --git a/ci-operator/jobs/openshift/cluster-machine-approver/openshift-cluster-machine-approver-release-4.22-presubmits.yaml b/ci-operator/jobs/openshift/cluster-machine-approver/openshift-cluster-machine-approver-release-4.22-presubmits.yaml index 259abc1e4d8d2..b366d6cbe7b1b 100644 --- a/ci-operator/jobs/openshift/cluster-machine-approver/openshift-cluster-machine-approver-release-4.22-presubmits.yaml +++ b/ci-operator/jobs/openshift/cluster-machine-approver/openshift-cluster-machine-approver-release-4.22-presubmits.yaml @@ -491,6 +491,152 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^release-4\.22$ + - ^release-4\.22- + cluster: build02 + context: ci/prow/regression-clusterinfra-gcp-ipi-mapi-tls + decorate: true + labels: + ci-operator.openshift.io/cloud: gcp + ci-operator.openshift.io/cloud-cluster-profile: gcp + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cluster-machine-approver-release-4.22-regression-clusterinfra-gcp-ipi-mapi-tls + optional: true + rerun_command: /test regression-clusterinfra-gcp-ipi-mapi-tls + run_if_changed: ^(go\.mod|go\.sum)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=regression-clusterinfra-gcp-ipi-mapi-tls + command: + - ci-operator + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )regression-clusterinfra-gcp-ipi-mapi-tls,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^release-4\.22$ + - ^release-4\.22- + cluster: build01 + context: ci/prow/tls13-conformance-cma + decorate: true + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: aws-5 + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cluster-machine-approver-release-4.22-tls13-conformance-cma + rerun_command: /test tls13-conformance-cma + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=tls13-conformance-cma + command: + - ci-operator + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )tls13-conformance-cma,?($|\s.*) - agent: kubernetes always_run: true branches: