Merge branch 'master' into dependabot/go_modules/github.com/minio/min…

…io-go/v7-7.0.76
RedHatInsights · Oct 10, 2024 · 08fec38 · 08fec38
2 parents e6fabf6 + 5a06ada
commit 08fec38
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 20 deletions.
diff --git a/.github/workflows/bots-automerge.yml b/.github/workflows/bots-automerge.yml
@@ -10,31 +10,25 @@ permissions:
 jobs:
   bot-automerge:
     runs-on: ubuntu-latest
+    # Check the pull request author.
     if: |
-      github.actor == 'red-hat-konflux[bot]' ||
-      github.actor == 'dependabot[bot]' ||
-      github.actor == 'InsightsDroid'
+      github.event.pull_request.user.login == 'dependabot[bot]' ||
+      github.event.pull_request.user.login == 'red-hat-konflux[bot]' ||
+      github.event.pull_request.user.login == 'InsightsDroid'
     steps:
+      # NOTE: PR approval does not work on PRs from forks
       - name: Github Actions bot approves the PR
         run: gh pr review --approve "$PR_URL"
         env:
-            PR_URL: ${{github.event.pull_request.html_url}}
-            GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{ github.token }}
       - name: InsightsDroid approves the PR
         run: gh pr review --approve "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
           GH_TOKEN: ${{secrets.INSIGHTSDROID_TOKEN}}
-      - name: Enable auto-merge for Dependabot PRs
-        # We can filter depending on the semver major, minor, or patch updates,
-        # but let's not do it for now
-        #   - name: Dependabot metadata
-        #     id: metadata
-        #     uses: dependabot/fetch-metadata@v1
-        #     with:
-        #       github-token: "${{ secrets.GITHUB_TOKEN }}"
-        # if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
+      - name: Enable auto-merge for PR
         run: gh pr merge --auto --merge "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
-          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+          GH_TOKEN: ${{ github.token }}
diff --git a/.tekton/aggregator-exporter-pull-request.yaml b/.tekton/aggregator-exporter-pull-request.yaml
@@ -31,6 +31,11 @@ spec:
   - name: path-context
     value: .
   pipelineSpec:
+    description: |
+      This pipeline is ideal for building container images from a Containerfile while reducing network traffic.
+
+      _Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) if any tasks are added to the pipeline.
+      This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_
     finally:
     - name: show-sbom
       params:
@@ -237,7 +242,7 @@ spec:
         - name: name
           value: buildah
         - name: bundle
-          value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.2@sha256:8cc93c901e612b744a5fad4692f00ba48c08fcd18d4877d6356847906d5f3147
+          value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.2@sha256:e107cfdf4ee68741ad366b2768cd33e2d5f99569b639f95f50df8b9835c2d144
         - name: kind
           value: task
         resolver: bundles
@@ -340,7 +345,7 @@ spec:
         - name: name
           value: clair-scan
         - name: bundle
-          value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:9f4ddafd599e06b319cece5a4b8ac36b9e7ec46bea378bc6c6af735d3f7f8060
+          value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:37b9187c1d5f6672bbc9c61d88fc71a3ee688076cb16edef42d1ff92a59027fb
         - name: kind
           value: task
         resolver: bundles

diff --git a/.tekton/aggregator-exporter-push.yaml b/.tekton/aggregator-exporter-push.yaml
@@ -28,6 +28,11 @@ spec:
   - name: path-context
     value: .
   pipelineSpec:
+    description: |
+      This pipeline is ideal for building container images from a Containerfile while reducing network traffic.
+
+      _Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) if any tasks are added to the pipeline.
+      This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_
     finally:
     - name: show-sbom
       params:
@@ -234,7 +239,7 @@ spec:
         - name: name
           value: buildah
         - name: bundle
-          value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.2@sha256:8cc93c901e612b744a5fad4692f00ba48c08fcd18d4877d6356847906d5f3147
+          value: quay.io/konflux-ci/tekton-catalog/task-buildah:0.2@sha256:e107cfdf4ee68741ad366b2768cd33e2d5f99569b639f95f50df8b9835c2d144
         - name: kind
           value: task
         resolver: bundles
@@ -337,7 +342,7 @@ spec:
         - name: name
           value: clair-scan
         - name: bundle
-          value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:9f4ddafd599e06b319cece5a4b8ac36b9e7ec46bea378bc6c6af735d3f7f8060
+          value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:37b9187c1d5f6672bbc9c61d88fc71a3ee688076cb16edef42d1ff92a59027fb
         - name: kind
           value: task
         resolver: bundles

diff --git a/deploy/clowdapp.yaml b/deploy/clowdapp.yaml
@@ -136,7 +136,7 @@ parameters:
   value: "1"
 - name: IMAGE
   description: Image ID of the job.
-  value: quay.io/cloudservices/insights-results-aggregator-exporter
+  value: quay.io/redhat-services-prod/obsint-processing-tenant/aggregator-exporter/aggregator-exporter
 - name: IMAGE_TAG
   description: The image tag.
   value: latest

diff --git a/pr_check.sh b/pr_check.sh
@@ -23,6 +23,9 @@ IMAGE="quay.io/cloudservices/insights-results-aggregator-exporter"
 COMPONENTS="insights-results-aggregator-exporter ccx-notification-service ccx-notification-db-cleaner"  # space-separated list of components to laod
 COMPONENTS_W_RESOURCES="insights-results-aggregator-exporter"  # component to keep
 CACHE_FROM_LATEST_IMAGE="true"
+# Set the correct images for pull requests.
+# pr_check in pull requests still uses the old cloudservices images
+EXTRA_DEPLOY_ARGS="--set-parameter insights-results-aggregator-exporter/IMAGE=quay.io/cloudservices/insights-results-aggregator-exporter"
 
 export IQE_PLUGINS="ccx"
 export IQE_MARKER_EXPRESSION=""