diff --git a/ci-operator/config/openshift/cert-manager-operator/openshift-cert-manager-operator-cert-manager-1.20.yaml b/ci-operator/config/openshift/cert-manager-operator/openshift-cert-manager-operator-cert-manager-1.20.yaml new file mode 100644 index 0000000000000..b1811a01b67c7 --- /dev/null +++ b/ci-operator/config/openshift/cert-manager-operator/openshift-cert-manager-operator-cert-manager-1.20.yaml @@ -0,0 +1,312 @@ +base_images: + base-rhel9: + name: "4.22" + namespace: ocp + tag: base-rhel9 + cli-operator-sdk: + name: cli-operator-sdk + namespace: ocp + tag: v1.39.2 + operator-sdk: + name: "4.19" + namespace: origin + tag: operator-sdk + upi-installer: + name: "4.22" + namespace: ocp + tag: upi-installer +binary_build_commands: make build --warn-undefined-variables +build_root: + from_repository: true +images: + items: + - dockerfile_path: images/ci/Dockerfile + from: base-rhel9 + to: cert-manager-operator + - dockerfile_path: images/ci/certmanager.Dockerfile + from: base-rhel9 + to: cert-manager + - dockerfile_path: images/ci/istiocsr.Dockerfile + from: base-rhel9 + to: cert-manager-istio-csr + - dockerfile_path: images/ci/trustmanager.Dockerfile + from: base-rhel9 + to: cert-manager-trust-manager +operator: + bundles: + - as: cert-manager-operator-bundle + dockerfile_path: bundle.Dockerfile + skip_building_index: true + substitutions: + - pullspec: openshift.io/cert-manager-operator:.* + with: pipeline:cert-manager-operator + - pullspec: quay.io/jetstack/cert-manager-controller:.* + with: pipeline:cert-manager + - pullspec: quay.io/jetstack/cert-manager-webhook:.* + with: pipeline:cert-manager + - pullspec: quay.io/jetstack/cert-manager-cainjector:.* + with: pipeline:cert-manager + - pullspec: quay.io/jetstack/cert-manager-istio-csr:.* + with: pipeline:cert-manager-istio-csr + - pullspec: quay.io/jetstack/trust-manager:.* + with: pipeline:cert-manager-trust-manager +releases: + latest: + candidate: + architecture: multi + product: ocp + stream: nightly + version: "4.22" +resources: + '*': + requests: + cpu: 100m + memory: 200Mi +tests: +- as: verify + commands: | + make verify -k --warn-undefined-variables + container: + from: src +- as: unit + commands: | + make test --warn-undefined-variables + container: + from: src +- as: fips-image-scan-operator + steps: + dependencies: + SCAN_IMAGE: cert-manager-operator + test: + - ref: fips-check-image-scan +- as: fips-image-scan-cert-manager + steps: + dependencies: + SCAN_IMAGE: cert-manager + test: + - ref: fips-check-image-scan +- as: fips-image-scan-istio-csr + steps: + dependencies: + SCAN_IMAGE: cert-manager-istio-csr + test: + - ref: fips-check-image-scan +- as: fips-image-scan-trust-manager + steps: + dependencies: + SCAN_IMAGE: cert-manager-trust-manager + test: + - ref: fips-check-image-scan +- as: e2e-operator + cluster_claim: + architecture: amd64 + cloud: aws + owner: openshift-ci + product: ocp + timeout: 2h0m0s + version: "4.22" + skip_if_only_changed: ^(docs/|deploy/|jsonnet/)|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ + steps: + test: + - as: install + cli: latest + commands: | + oc create namespace cert-manager-operator + operator-sdk run bundle --timeout=10m --security-context-config=restricted --install-mode=AllNamespaces -n cert-manager-operator "$OO_BUNDLE" --verbose + oc wait --for condition=Available -n cert-manager-operator deployment cert-manager-operator-controller-manager + dependencies: + - env: OO_BUNDLE + name: cert-manager-operator-bundle + from: operator-sdk + resources: + requests: + cpu: 100m + - as: test + cli: latest + commands: | + E2E_GINKGO_LABEL_FILTER='"Platform: isSubsetOf {AWS,Generic} && CredentialsMode: isSubsetOf {Mint} && !TechPreview"' make test-e2e + from: src + resources: + requests: + cpu: 100m + workflow: generic-claim +- as: e2e-operator-tech-preview + optional: true + skip_if_only_changed: ^(docs/|deploy/|jsonnet/)|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ + steps: + cluster_profile: openshift-org-aws + dependencies: + OO_BUNDLE: cert-manager-operator-bundle + env: + GUEST_FEATURE_SET: TechPreviewNoUpgrade + OO_INSTALL_MODE: AllNamespaces + OO_INSTALL_NAMESPACE: cert-manager-operator + OO_SECURITY_CONTEXT: restricted + test: + - as: test + cli: latest + commands: | + E2E_GINKGO_LABEL_FILTER='"(Platform: isSubsetOf {Generic} || TechPreview) && !TechPreview:Inverted"' make test-e2e + from: src + resources: + requests: + cpu: 100m + workflow: optional-operators-ci-operator-sdk-hypershift +- always_run: false + as: e2e-operator-aws-proxy + optional: true + steps: + cluster_profile: openshift-org-aws + dependencies: + OO_BUNDLE: cert-manager-operator-bundle + env: + OO_INSTALL_MODE: AllNamespaces + OO_INSTALL_NAMESPACE: cert-manager-operator + OO_SECURITY_CONTEXT: restricted + test: + - ref: optional-operators-operator-sdk + - as: test + cli: latest + commands: | + E2E_GINKGO_LABEL_FILTER='"Platform: isSubsetOf {AWS} && CredentialsMode: isSubsetOf {Mint}"' make test-e2e + from: src + resources: + requests: + cpu: 100m + workflow: openshift-e2e-aws-proxy +- always_run: false + as: e2e-operator-aws-upi-proxy + optional: true + steps: + cluster_profile: openshift-org-aws + dependencies: + OO_BUNDLE: cert-manager-operator-bundle + env: + OO_INSTALL_MODE: AllNamespaces + OO_INSTALL_NAMESPACE: cert-manager-operator + OO_SECURITY_CONTEXT: restricted + test: + - ref: optional-operators-operator-sdk + - as: test + cli: latest + commands: | + E2E_GINKGO_LABEL_FILTER='"Platform: isSubsetOf {AWS} && CredentialsMode: isSubsetOf {Mint}"' make test-e2e + from: src + resources: + requests: + cpu: 100m + workflow: openshift-e2e-aws-upi-proxy +- always_run: false + as: e2e-operator-aws-sts + optional: true + steps: + cluster_profile: openshift-org-aws + dependencies: + OO_BUNDLE: cert-manager-operator-bundle + env: + OO_INSTALL_MODE: AllNamespaces + OO_INSTALL_NAMESPACE: cert-manager-operator + OO_SECURITY_CONTEXT: restricted + test: + - ref: optional-operators-operator-sdk + - as: test + cli: latest + commands: | + E2E_GINKGO_LABEL_FILTER='"Platform: isSubsetOf {AWS} && CredentialsMode: isSubsetOf {Manual}"' make test-e2e + from: src + resources: + requests: + cpu: 100m + workflow: openshift-e2e-aws-manual-oidc-sts +- always_run: false + as: e2e-operator-gcp-ovn + optional: true + steps: + cluster_profile: openshift-org-gcp + dependencies: + OO_BUNDLE: cert-manager-operator-bundle + env: + OO_INSTALL_MODE: AllNamespaces + OO_INSTALL_NAMESPACE: cert-manager-operator + OO_SECURITY_CONTEXT: restricted + test: + - ref: optional-operators-operator-sdk + - as: test + cli: latest + commands: | + E2E_GINKGO_LABEL_FILTER='"Platform: isSubsetOf {GCP} && CredentialsMode: isSubsetOf {Mint}"' make test-e2e + from: src + resources: + requests: + cpu: 100m + workflow: openshift-e2e-gcp-ovn +- always_run: false + as: e2e-operator-gcp-workload-identity + optional: true + steps: + cluster_profile: openshift-org-gcp + dependencies: + OO_BUNDLE: cert-manager-operator-bundle + env: + OO_INSTALL_MODE: AllNamespaces + OO_INSTALL_NAMESPACE: cert-manager-operator + OO_SECURITY_CONTEXT: restricted + test: + - ref: optional-operators-operator-sdk + - as: test + cli: latest + commands: | + E2E_GINKGO_LABEL_FILTER='"Platform: isSubsetOf {GCP} && CredentialsMode: isSubsetOf {Manual}"' make test-e2e + from: src + resources: + requests: + cpu: 100m + workflow: openshift-e2e-gcp-manual-oidc-workload-identity +- always_run: false + as: e2e-operator-azure-ovn + optional: true + steps: + cluster_profile: openshift-org-azure + dependencies: + OO_BUNDLE: cert-manager-operator-bundle + env: + OO_INSTALL_MODE: AllNamespaces + OO_INSTALL_NAMESPACE: cert-manager-operator + OO_SECURITY_CONTEXT: restricted + test: + - ref: optional-operators-operator-sdk + - as: test + cli: latest + commands: | + E2E_GINKGO_LABEL_FILTER='"Platform: isSubsetOf {Azure} && CredentialsMode: isSubsetOf {Mint}"' make test-e2e + from: src + resources: + requests: + cpu: 100m + workflow: openshift-e2e-azure-ovn +- always_run: false + as: e2e-operator-azure-workload-identity + optional: true + steps: + cluster_profile: openshift-org-azure + dependencies: + OO_BUNDLE: cert-manager-operator-bundle + env: + OO_INSTALL_MODE: AllNamespaces + OO_INSTALL_NAMESPACE: cert-manager-operator + OO_SECURITY_CONTEXT: restricted + test: + - ref: optional-operators-operator-sdk + - as: test + cli: latest + commands: | + E2E_GINKGO_LABEL_FILTER='"Platform: isSubsetOf {Azure} && CredentialsMode: isSubsetOf {Manual}"' make test-e2e + from: src + resources: + requests: + cpu: 100m + workflow: openshift-e2e-azure-manual-oidc-workload-identity +zz_generated_metadata: + branch: cert-manager-1.20 + org: openshift + repo: cert-manager-operator diff --git a/ci-operator/config/openshift/cert-manager-operator/openshift-cert-manager-operator-master.yaml b/ci-operator/config/openshift/cert-manager-operator/openshift-cert-manager-operator-master.yaml index c826d9954ae4c..9c6f4988c1d94 100644 --- a/ci-operator/config/openshift/cert-manager-operator/openshift-cert-manager-operator-master.yaml +++ b/ci-operator/config/openshift/cert-manager-operator/openshift-cert-manager-operator-master.yaml @@ -1,6 +1,6 @@ base_images: base-rhel9: - name: "4.20" + name: "4.22" namespace: ocp tag: base-rhel9 cli-operator-sdk: @@ -12,7 +12,7 @@ base_images: namespace: origin tag: operator-sdk upi-installer: - name: "4.20" + name: "4.22" namespace: ocp tag: upi-installer binary_build_commands: make build --warn-undefined-variables @@ -56,7 +56,7 @@ releases: architecture: multi product: ocp stream: nightly - version: "4.20" + version: "4.22" resources: '*': requests: @@ -104,7 +104,7 @@ tests: owner: openshift-ci product: ocp timeout: 2h0m0s - version: "4.20" + version: "4.22" skip_if_only_changed: ^(docs/|deploy/|jsonnet/)|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ steps: test: diff --git a/ci-operator/config/openshift/external-secrets-operator/openshift-external-secrets-operator-main.yaml b/ci-operator/config/openshift/external-secrets-operator/openshift-external-secrets-operator-main.yaml index f8669c1305c62..0f4ffe23666b4 100644 --- a/ci-operator/config/openshift/external-secrets-operator/openshift-external-secrets-operator-main.yaml +++ b/ci-operator/config/openshift/external-secrets-operator/openshift-external-secrets-operator-main.yaml @@ -1,6 +1,6 @@ base_images: base-rhel9: - name: "4.21" + name: "4.22" namespace: ocp tag: base-rhel9 operator-sdk: @@ -36,7 +36,7 @@ releases: architecture: multi product: ocp stream: nightly - version: "4.21" + version: "4.22" resources: '*': requests: @@ -72,7 +72,7 @@ tests: owner: openshift-ci product: ocp timeout: 2h0m0s - version: "4.21" + version: "4.22" skip_if_only_changed: ^(docs/|bundle/|tools/)|\.md$|^(?:.*/)?(?:\.gitignore|.dockerignore|.golangci.yml|Makefile|OWNERS|PROJECT|LICENSE)$ steps: post: @@ -117,7 +117,7 @@ tests: - as: test cli: latest commands: | - E2E_GINKGO_LABEL_FILTER='"Platform: isSubsetOf {AWS} && !TechPreview"' make test-e2e + E2E_GINKGO_LABEL_FILTER='"Platform: isSubsetOf {AWS,Generic} && !(Feature: containsAny Proxy) && !TechPreview"' make test-e2e from: src resources: requests: @@ -130,7 +130,7 @@ tests: owner: openshift-ci product: ocp timeout: 2h0m0s - version: "4.21" + version: "4.22" postsubmit: true steps: post: @@ -175,7 +175,7 @@ tests: - as: test cli: latest commands: | - E2E_GINKGO_LABEL_FILTER='"Platform: isSubsetOf {AWS} && !TechPreview"' make test-e2e + E2E_GINKGO_LABEL_FILTER='"Platform: isSubsetOf {AWS,Generic} && !(Feature: containsAny Proxy) && !TechPreview"' make test-e2e from: src resources: requests: diff --git a/ci-operator/config/openshift/external-secrets-operator/openshift-external-secrets-operator-release-1.2.yaml b/ci-operator/config/openshift/external-secrets-operator/openshift-external-secrets-operator-release-1.2.yaml new file mode 100644 index 0000000000000..84592f59f2ce8 --- /dev/null +++ b/ci-operator/config/openshift/external-secrets-operator/openshift-external-secrets-operator-release-1.2.yaml @@ -0,0 +1,102 @@ +base_images: + base-rhel9: + name: "4.22" + namespace: ocp + tag: base-rhel9 + operator-sdk: + name: "4.19" + namespace: origin + tag: operator-sdk +binary_build_commands: make build +build_root: + from_repository: true +images: + items: + - dockerfile_path: images/ci/Dockerfile + from: base-rhel9 + to: external-secrets-operator + - dockerfile_path: images/ci/operand.Dockerfile + from: base-rhel9 + to: external-secrets +operator: + bundles: + - as: external-secrets-operator-bundle + dockerfile_path: bundle.Dockerfile + skip_building_index: true + substitutions: + - pullspec: openshift.io/external-secrets-operator:latest + with: pipeline:external-secrets-operator + - pullspec: oci.external-secrets.io/external-secrets/external-secrets:.* + with: pipeline:external-secrets +releases: + latest: + candidate: + architecture: multi + product: ocp + stream: nightly + version: "4.22" +resources: + '*': + requests: + cpu: 100m + memory: 200Mi +tests: +- as: verify + commands: | + make verify -k + container: + from: src +- as: unit + commands: | + make test + container: + from: src +- as: fips-image-scan-operator + steps: + dependencies: + SCAN_IMAGE: external-secrets-operator + test: + - ref: fips-check-image-scan +- as: fips-image-scan-external-secrets + steps: + dependencies: + SCAN_IMAGE: external-secrets + test: + - ref: fips-check-image-scan +- as: e2e-operator + cluster_claim: + architecture: amd64 + cloud: aws + owner: openshift-ci + product: ocp + timeout: 2h0m0s + version: "4.22" + skip_if_only_changed: ^(docs/|bundle/|tools/)|\.md$|^(?:.*/)?(?:\.gitignore|.dockerignore|.golangci.yml|Makefile|OWNERS|PROJECT|LICENSE)$ + steps: + test: + - as: install + cli: latest + commands: | + oc create namespace external-secrets-operator + operator-sdk run bundle --timeout=10m --security-context-config=restricted --install-mode=AllNamespaces -n external-secrets-operator "$OO_BUNDLE" --verbose + oc wait --for condition=Available -n external-secrets-operator deployment external-secrets-operator-controller-manager + dependencies: + - env: OO_BUNDLE + name: external-secrets-operator-bundle + from: operator-sdk + resources: + requests: + cpu: 100m + - as: test + cli: latest + commands: | + E2E_GINKGO_LABEL_FILTER='"Platform: isSubsetOf {AWS,Generic} && !(Feature: containsAny Proxy) && !TechPreview"' make test-e2e + from: src + resources: + requests: + cpu: 100m + workflow: generic-claim +zz_generated_metadata: + branch: release-1.2 + org: openshift + repo: external-secrets-operator diff --git a/ci-operator/jobs/openshift/cert-manager-operator/openshift-cert-manager-operator-cert-manager-1.20-presubmits.yaml b/ci-operator/jobs/openshift/cert-manager-operator/openshift-cert-manager-operator-cert-manager-1.20-presubmits.yaml new file mode 100644 index 0000000000000..88ba3906b0536 --- /dev/null +++ b/ci-operator/jobs/openshift/cert-manager-operator/openshift-cert-manager-operator-cert-manager-1.20-presubmits.yaml @@ -0,0 +1,1413 @@ +presubmits: + openshift/cert-manager-operator: + - agent: kubernetes + always_run: true + branches: + - ^cert-manager-1\.20$ + - ^cert-manager-1\.20- + cluster: build01 + context: ci/prow/ci-bundle-cert-manager-operator-bundle + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/certmanager.Dockerfile + - images/ci/istiocsr.Dockerfile + - images/ci/trustmanager.Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cert-manager-operator-cert-manager-1.20-ci-bundle-cert-manager-operator-bundle + rerun_command: /test ci-bundle-cert-manager-operator-bundle + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=cert-manager-operator-bundle + command: + - ci-operator + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )ci-bundle-cert-manager-operator-bundle,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^cert-manager-1\.20$ + - ^cert-manager-1\.20- + cluster: build01 + context: ci/prow/e2e-operator + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/certmanager.Dockerfile + - images/ci/istiocsr.Dockerfile + - images/ci/trustmanager.Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cert-manager-operator-cert-manager-1.20-e2e-operator + rerun_command: /test e2e-operator + skip_if_only_changed: ^(docs/|deploy/|jsonnet/)|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --hive-kubeconfig=/secrets/hive-hive-credentials/kubeconfig + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-operator + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/hive-hive-credentials + name: hive-hive-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: hive-hive-credentials + secret: + secretName: hive-hive-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-operator,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^cert-manager-1\.20$ + - ^cert-manager-1\.20- + cluster: build03 + context: ci/prow/e2e-operator-aws-proxy + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/certmanager.Dockerfile + - images/ci/istiocsr.Dockerfile + - images/ci/trustmanager.Dockerfile + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: openshift-org-aws + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cert-manager-operator-cert-manager-1.20-e2e-operator-aws-proxy + optional: true + rerun_command: /test e2e-operator-aws-proxy + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-operator-aws-proxy + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-operator-aws-proxy,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^cert-manager-1\.20$ + - ^cert-manager-1\.20- + cluster: build03 + context: ci/prow/e2e-operator-aws-sts + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/certmanager.Dockerfile + - images/ci/istiocsr.Dockerfile + - images/ci/trustmanager.Dockerfile + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: openshift-org-aws + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cert-manager-operator-cert-manager-1.20-e2e-operator-aws-sts + optional: true + rerun_command: /test e2e-operator-aws-sts + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-operator-aws-sts + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-operator-aws-sts,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^cert-manager-1\.20$ + - ^cert-manager-1\.20- + cluster: build03 + context: ci/prow/e2e-operator-aws-upi-proxy + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/certmanager.Dockerfile + - images/ci/istiocsr.Dockerfile + - images/ci/trustmanager.Dockerfile + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: openshift-org-aws + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cert-manager-operator-cert-manager-1.20-e2e-operator-aws-upi-proxy + optional: true + rerun_command: /test e2e-operator-aws-upi-proxy + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-operator-aws-upi-proxy + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-operator-aws-upi-proxy,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^cert-manager-1\.20$ + - ^cert-manager-1\.20- + cluster: build01 + context: ci/prow/e2e-operator-azure-ovn + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/certmanager.Dockerfile + - images/ci/istiocsr.Dockerfile + - images/ci/trustmanager.Dockerfile + labels: + ci-operator.openshift.io/cloud: azure4 + ci-operator.openshift.io/cloud-cluster-profile: openshift-org-azure + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cert-manager-operator-cert-manager-1.20-e2e-operator-azure-ovn + optional: true + rerun_command: /test e2e-operator-azure-ovn + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-operator-azure-ovn + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-operator-azure-ovn,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^cert-manager-1\.20$ + - ^cert-manager-1\.20- + cluster: build01 + context: ci/prow/e2e-operator-azure-workload-identity + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/certmanager.Dockerfile + - images/ci/istiocsr.Dockerfile + - images/ci/trustmanager.Dockerfile + labels: + ci-operator.openshift.io/cloud: azure4 + ci-operator.openshift.io/cloud-cluster-profile: openshift-org-azure + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cert-manager-operator-cert-manager-1.20-e2e-operator-azure-workload-identity + optional: true + rerun_command: /test e2e-operator-azure-workload-identity + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-operator-azure-workload-identity + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-operator-azure-workload-identity,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^cert-manager-1\.20$ + - ^cert-manager-1\.20- + cluster: build02 + context: ci/prow/e2e-operator-gcp-ovn + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/certmanager.Dockerfile + - images/ci/istiocsr.Dockerfile + - images/ci/trustmanager.Dockerfile + labels: + ci-operator.openshift.io/cloud: gcp + ci-operator.openshift.io/cloud-cluster-profile: openshift-org-gcp + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cert-manager-operator-cert-manager-1.20-e2e-operator-gcp-ovn + optional: true + rerun_command: /test e2e-operator-gcp-ovn + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-operator-gcp-ovn + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-operator-gcp-ovn,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^cert-manager-1\.20$ + - ^cert-manager-1\.20- + cluster: build02 + context: ci/prow/e2e-operator-gcp-workload-identity + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/certmanager.Dockerfile + - images/ci/istiocsr.Dockerfile + - images/ci/trustmanager.Dockerfile + labels: + ci-operator.openshift.io/cloud: gcp + ci-operator.openshift.io/cloud-cluster-profile: openshift-org-gcp + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cert-manager-operator-cert-manager-1.20-e2e-operator-gcp-workload-identity + optional: true + rerun_command: /test e2e-operator-gcp-workload-identity + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-operator-gcp-workload-identity + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-operator-gcp-workload-identity,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^cert-manager-1\.20$ + - ^cert-manager-1\.20- + cluster: build03 + context: ci/prow/e2e-operator-tech-preview + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/certmanager.Dockerfile + - images/ci/istiocsr.Dockerfile + - images/ci/trustmanager.Dockerfile + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: openshift-org-aws + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cert-manager-operator-cert-manager-1.20-e2e-operator-tech-preview + optional: true + rerun_command: /test e2e-operator-tech-preview + skip_if_only_changed: ^(docs/|deploy/|jsonnet/)|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|PROJECT|LICENSE)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-operator-tech-preview + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-operator-tech-preview,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^cert-manager-1\.20$ + - ^cert-manager-1\.20- + cluster: build01 + context: ci/prow/fips-image-scan-cert-manager + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/certmanager.Dockerfile + - images/ci/istiocsr.Dockerfile + - images/ci/trustmanager.Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cert-manager-operator-cert-manager-1.20-fips-image-scan-cert-manager + rerun_command: /test fips-image-scan-cert-manager + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=fips-image-scan-cert-manager + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )fips-image-scan-cert-manager,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^cert-manager-1\.20$ + - ^cert-manager-1\.20- + cluster: build01 + context: ci/prow/fips-image-scan-istio-csr + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/certmanager.Dockerfile + - images/ci/istiocsr.Dockerfile + - images/ci/trustmanager.Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cert-manager-operator-cert-manager-1.20-fips-image-scan-istio-csr + rerun_command: /test fips-image-scan-istio-csr + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=fips-image-scan-istio-csr + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )fips-image-scan-istio-csr,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^cert-manager-1\.20$ + - ^cert-manager-1\.20- + cluster: build01 + context: ci/prow/fips-image-scan-operator + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/certmanager.Dockerfile + - images/ci/istiocsr.Dockerfile + - images/ci/trustmanager.Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cert-manager-operator-cert-manager-1.20-fips-image-scan-operator + rerun_command: /test fips-image-scan-operator + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=fips-image-scan-operator + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )fips-image-scan-operator,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^cert-manager-1\.20$ + - ^cert-manager-1\.20- + cluster: build01 + context: ci/prow/fips-image-scan-trust-manager + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/certmanager.Dockerfile + - images/ci/istiocsr.Dockerfile + - images/ci/trustmanager.Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cert-manager-operator-cert-manager-1.20-fips-image-scan-trust-manager + rerun_command: /test fips-image-scan-trust-manager + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=fips-image-scan-trust-manager + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )fips-image-scan-trust-manager,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^cert-manager-1\.20$ + - ^cert-manager-1\.20- + cluster: build01 + context: ci/prow/images + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/certmanager.Dockerfile + - images/ci/istiocsr.Dockerfile + - images/ci/trustmanager.Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cert-manager-operator-cert-manager-1.20-images + rerun_command: /test images + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=[images] + command: + - ci-operator + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^cert-manager-1\.20$ + - ^cert-manager-1\.20- + cluster: build01 + context: ci/prow/unit + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/certmanager.Dockerfile + - images/ci/istiocsr.Dockerfile + - images/ci/trustmanager.Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cert-manager-operator-cert-manager-1.20-unit + rerun_command: /test unit + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=unit + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )unit,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^cert-manager-1\.20$ + - ^cert-manager-1\.20- + cluster: build01 + context: ci/prow/verify + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/certmanager.Dockerfile + - images/ci/istiocsr.Dockerfile + - images/ci/trustmanager.Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cert-manager-operator-cert-manager-1.20-verify + rerun_command: /test verify + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=verify + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )verify,?($|\s.*) diff --git a/ci-operator/jobs/openshift/cert-manager-operator/openshift-cert-manager-operator-master-presubmits.yaml b/ci-operator/jobs/openshift/cert-manager-operator/openshift-cert-manager-operator-master-presubmits.yaml index 265cfdc78363b..4d77df99355e7 100644 --- a/ci-operator/jobs/openshift/cert-manager-operator/openshift-cert-manager-operator-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/cert-manager-operator/openshift-cert-manager-operator-master-presubmits.yaml @@ -17,7 +17,7 @@ presubmits: - images/ci/trustmanager.Dockerfile labels: ci.openshift.io/generator: prowgen - job-release: "4.20" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-cert-manager-operator-master-ci-bundle-cert-manager-operator-bundle rerun_command: /test ci-bundle-cert-manager-operator-bundle @@ -78,7 +78,7 @@ presubmits: - images/ci/trustmanager.Dockerfile labels: ci.openshift.io/generator: prowgen - job-release: "4.20" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-cert-manager-operator-master-e2e-operator rerun_command: /test e2e-operator @@ -174,7 +174,7 @@ presubmits: ci-operator.openshift.io/cloud: aws ci-operator.openshift.io/cloud-cluster-profile: openshift-org-aws ci.openshift.io/generator: prowgen - job-release: "4.20" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-cert-manager-operator-master-e2e-operator-aws-proxy optional: true @@ -263,7 +263,7 @@ presubmits: ci-operator.openshift.io/cloud: aws ci-operator.openshift.io/cloud-cluster-profile: openshift-org-aws ci.openshift.io/generator: prowgen - job-release: "4.20" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-cert-manager-operator-master-e2e-operator-aws-sts optional: true @@ -352,7 +352,7 @@ presubmits: ci-operator.openshift.io/cloud: aws ci-operator.openshift.io/cloud-cluster-profile: openshift-org-aws ci.openshift.io/generator: prowgen - job-release: "4.20" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-cert-manager-operator-master-e2e-operator-aws-upi-proxy optional: true @@ -441,7 +441,7 @@ presubmits: ci-operator.openshift.io/cloud: azure4 ci-operator.openshift.io/cloud-cluster-profile: openshift-org-azure ci.openshift.io/generator: prowgen - job-release: "4.20" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-cert-manager-operator-master-e2e-operator-azure-ovn optional: true @@ -530,7 +530,7 @@ presubmits: ci-operator.openshift.io/cloud: azure4 ci-operator.openshift.io/cloud-cluster-profile: openshift-org-azure ci.openshift.io/generator: prowgen - job-release: "4.20" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-cert-manager-operator-master-e2e-operator-azure-workload-identity optional: true @@ -619,7 +619,7 @@ presubmits: ci-operator.openshift.io/cloud: gcp ci-operator.openshift.io/cloud-cluster-profile: openshift-org-gcp ci.openshift.io/generator: prowgen - job-release: "4.20" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-cert-manager-operator-master-e2e-operator-gcp-ovn optional: true @@ -708,7 +708,7 @@ presubmits: ci-operator.openshift.io/cloud: gcp ci-operator.openshift.io/cloud-cluster-profile: openshift-org-gcp ci.openshift.io/generator: prowgen - job-release: "4.20" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-cert-manager-operator-master-e2e-operator-gcp-workload-identity optional: true @@ -797,7 +797,7 @@ presubmits: ci-operator.openshift.io/cloud: aws ci-operator.openshift.io/cloud-cluster-profile: openshift-org-aws ci.openshift.io/generator: prowgen - job-release: "4.20" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-cert-manager-operator-master-e2e-operator-tech-preview optional: true @@ -885,7 +885,7 @@ presubmits: - images/ci/trustmanager.Dockerfile labels: ci.openshift.io/generator: prowgen - job-release: "4.20" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-cert-manager-operator-master-fips-image-scan-cert-manager rerun_command: /test fips-image-scan-cert-manager @@ -971,7 +971,7 @@ presubmits: - images/ci/trustmanager.Dockerfile labels: ci.openshift.io/generator: prowgen - job-release: "4.20" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-cert-manager-operator-master-fips-image-scan-istio-csr rerun_command: /test fips-image-scan-istio-csr @@ -1057,7 +1057,7 @@ presubmits: - images/ci/trustmanager.Dockerfile labels: ci.openshift.io/generator: prowgen - job-release: "4.20" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-cert-manager-operator-master-fips-image-scan-operator rerun_command: /test fips-image-scan-operator @@ -1143,7 +1143,7 @@ presubmits: - images/ci/trustmanager.Dockerfile labels: ci.openshift.io/generator: prowgen - job-release: "4.20" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-cert-manager-operator-master-fips-image-scan-trust-manager rerun_command: /test fips-image-scan-trust-manager @@ -1229,7 +1229,7 @@ presubmits: - images/ci/trustmanager.Dockerfile labels: ci.openshift.io/generator: prowgen - job-release: "4.20" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-cert-manager-operator-master-images rerun_command: /test images @@ -1290,7 +1290,7 @@ presubmits: - images/ci/trustmanager.Dockerfile labels: ci.openshift.io/generator: prowgen - job-release: "4.20" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-cert-manager-operator-master-unit rerun_command: /test unit @@ -1359,7 +1359,7 @@ presubmits: - images/ci/trustmanager.Dockerfile labels: ci.openshift.io/generator: prowgen - job-release: "4.20" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-cert-manager-operator-master-verify rerun_command: /test verify diff --git a/ci-operator/jobs/openshift/external-secrets-operator/openshift-external-secrets-operator-main-postsubmits.yaml b/ci-operator/jobs/openshift/external-secrets-operator/openshift-external-secrets-operator-main-postsubmits.yaml index 10ec65788cfbb..028a4fad5c8b3 100644 --- a/ci-operator/jobs/openshift/external-secrets-operator/openshift-external-secrets-operator-main-postsubmits.yaml +++ b/ci-operator/jobs/openshift/external-secrets-operator/openshift-external-secrets-operator-main-postsubmits.yaml @@ -14,7 +14,7 @@ postsubmits: - images/ci/operand.Dockerfile labels: ci.openshift.io/generator: prowgen - job-release: "4.21" + job-release: "4.22" max_concurrency: 1 name: branch-ci-openshift-external-secrets-operator-main-publish-e2e-coverage spec: diff --git a/ci-operator/jobs/openshift/external-secrets-operator/openshift-external-secrets-operator-main-presubmits.yaml b/ci-operator/jobs/openshift/external-secrets-operator/openshift-external-secrets-operator-main-presubmits.yaml index 2d6d4ccfb82c9..904766edcc366 100644 --- a/ci-operator/jobs/openshift/external-secrets-operator/openshift-external-secrets-operator-main-presubmits.yaml +++ b/ci-operator/jobs/openshift/external-secrets-operator/openshift-external-secrets-operator-main-presubmits.yaml @@ -16,7 +16,7 @@ presubmits: - images/ci/operand.Dockerfile labels: ci.openshift.io/generator: prowgen - job-release: "4.21" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-external-secrets-operator-main-ci-bundle-external-secrets-operator-bundle rerun_command: /test ci-bundle-external-secrets-operator-bundle @@ -76,7 +76,7 @@ presubmits: - images/ci/operand.Dockerfile labels: ci.openshift.io/generator: prowgen - job-release: "4.21" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-external-secrets-operator-main-e2e-operator rerun_command: /test e2e-operator @@ -169,7 +169,7 @@ presubmits: - images/ci/operand.Dockerfile labels: ci.openshift.io/generator: prowgen - job-release: "4.21" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-external-secrets-operator-main-fips-image-scan-external-secrets rerun_command: /test fips-image-scan-external-secrets @@ -254,7 +254,7 @@ presubmits: - images/ci/operand.Dockerfile labels: ci.openshift.io/generator: prowgen - job-release: "4.21" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-external-secrets-operator-main-fips-image-scan-operator rerun_command: /test fips-image-scan-operator @@ -339,7 +339,7 @@ presubmits: - images/ci/operand.Dockerfile labels: ci.openshift.io/generator: prowgen - job-release: "4.21" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-external-secrets-operator-main-images rerun_command: /test images @@ -399,7 +399,7 @@ presubmits: - images/ci/operand.Dockerfile labels: ci.openshift.io/generator: prowgen - job-release: "4.21" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-external-secrets-operator-main-unit rerun_command: /test unit @@ -467,7 +467,7 @@ presubmits: - images/ci/operand.Dockerfile labels: ci.openshift.io/generator: prowgen - job-release: "4.21" + job-release: "4.22" pj-rehearse.openshift.io/can-be-rehearsed: "true" name: pull-ci-openshift-external-secrets-operator-main-verify rerun_command: /test verify diff --git a/ci-operator/jobs/openshift/external-secrets-operator/openshift-external-secrets-operator-release-1.2-presubmits.yaml b/ci-operator/jobs/openshift/external-secrets-operator/openshift-external-secrets-operator-release-1.2-presubmits.yaml new file mode 100644 index 0000000000000..5670da448f14e --- /dev/null +++ b/ci-operator/jobs/openshift/external-secrets-operator/openshift-external-secrets-operator-release-1.2-presubmits.yaml @@ -0,0 +1,514 @@ +presubmits: + openshift/external-secrets-operator: + - agent: kubernetes + always_run: true + branches: + - ^release-1\.2$ + - ^release-1\.2- + cluster: build01 + context: ci/prow/ci-bundle-external-secrets-operator-bundle + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/operand.Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-external-secrets-operator-release-1.2-ci-bundle-external-secrets-operator-bundle + rerun_command: /test ci-bundle-external-secrets-operator-bundle + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=external-secrets-operator-bundle + command: + - ci-operator + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )ci-bundle-external-secrets-operator-bundle,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^release-1\.2$ + - ^release-1\.2- + cluster: build01 + context: ci/prow/e2e-operator + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/operand.Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-external-secrets-operator-release-1.2-e2e-operator + rerun_command: /test e2e-operator + skip_if_only_changed: ^(docs/|bundle/|tools/)|\.md$|^(?:.*/)?(?:\.gitignore|.dockerignore|.golangci.yml|Makefile|OWNERS|PROJECT|LICENSE)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --hive-kubeconfig=/secrets/hive-hive-credentials/kubeconfig + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-operator + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/hive-hive-credentials + name: hive-hive-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: hive-hive-credentials + secret: + secretName: hive-hive-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-operator,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^release-1\.2$ + - ^release-1\.2- + cluster: build01 + context: ci/prow/fips-image-scan-external-secrets + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/operand.Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-external-secrets-operator-release-1.2-fips-image-scan-external-secrets + rerun_command: /test fips-image-scan-external-secrets + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=fips-image-scan-external-secrets + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )fips-image-scan-external-secrets,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^release-1\.2$ + - ^release-1\.2- + cluster: build01 + context: ci/prow/fips-image-scan-operator + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/operand.Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-external-secrets-operator-release-1.2-fips-image-scan-operator + rerun_command: /test fips-image-scan-operator + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=fips-image-scan-operator + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )fips-image-scan-operator,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^release-1\.2$ + - ^release-1\.2- + cluster: build01 + context: ci/prow/images + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/operand.Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-external-secrets-operator-release-1.2-images + rerun_command: /test images + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=[images] + command: + - ci-operator + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^release-1\.2$ + - ^release-1\.2- + cluster: build01 + context: ci/prow/unit + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/operand.Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-external-secrets-operator-release-1.2-unit + rerun_command: /test unit + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=unit + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )unit,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^release-1\.2$ + - ^release-1\.2- + cluster: build01 + context: ci/prow/verify + decorate: true + decoration_config: + sparse_checkout_files: + - .ci-operator.yaml + - images/ci/Dockerfile + - images/ci/operand.Dockerfile + labels: + ci.openshift.io/generator: prowgen + job-release: "4.22" + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-external-secrets-operator-release-1.2-verify + rerun_command: /test verify + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=verify + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )verify,?($|\s.*) diff --git a/core-services/prow/02_config/openshift/cert-manager-operator/_prowconfig.yaml b/core-services/prow/02_config/openshift/cert-manager-operator/_prowconfig.yaml index 147166f039262..a84cbf5b21308 100644 --- a/core-services/prow/02_config/openshift/cert-manager-operator/_prowconfig.yaml +++ b/core-services/prow/02_config/openshift/cert-manager-operator/_prowconfig.yaml @@ -22,6 +22,8 @@ branch-protection: protect: true cert-manager-1.19: protect: true + cert-manager-1.20: + protect: true cert-manager-v1.10.x: protect: true master: diff --git a/core-services/prow/02_config/openshift/external-secrets-operator/_prowconfig.yaml b/core-services/prow/02_config/openshift/external-secrets-operator/_prowconfig.yaml index 76aa1c38c02bd..361e5cc3521b3 100644 --- a/core-services/prow/02_config/openshift/external-secrets-operator/_prowconfig.yaml +++ b/core-services/prow/02_config/openshift/external-secrets-operator/_prowconfig.yaml @@ -10,6 +10,8 @@ branch-protection: protect: true release-1.1: protect: true + release-1.2: + protect: true tide: queries: - labels: