feat(RELEASE-1176): only sign registry.access if required #601
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Skipping CI for Draft Pull Request. |
mmalina
force-pushed
the
require-terms-switch
branch
6 times, most recently
from
7f23c36
to
3bd01f6
Compare
|
/retest |
mmalina
force-pushed
the
require-terms-switch
branch
2 times, most recently
from
877c7a6
to
8f7c960
Compare
mmalina
force-pushed
the
require-terms-switch
branch
from
8f7c960
to
1cf72c3
Compare
|
/retest |
mmalina
force-pushed
the
require-terms-switch
branch
from
1cf72c3
to
bc15ef7
Compare
johnbieren
reviewed
Oct 15, 2024
tasks/publish-pyxis-repository/tests/test-publish-pyxis-repository-no-terms-required.yaml
Show resolved
Hide resolved
tasks/publish-pyxis-repository/tests/test-publish-pyxis-repository-skip-publishing.yaml
Outdated
Show resolved
Hide resolved
mmalina
force-pushed
the
require-terms-switch
branch
3 times, most recently
from
8341108
to
cf4fc35
Compare
johnbieren
previously approved these changes
Oct 21, 2024
mmalina
force-pushed
the
require-terms-switch
branch
from
cf4fc35
to
3237cef
Compare
|
@johnbieren I think I lost your approval when I needed to resolve a conflict. |
johnbieren
previously approved these changes
Oct 22, 2024
mmalina
force-pushed
the
require-terms-switch
branch
from
a5522ef
to
f1421d6
Compare
|
/retest |
2 similar comments
|
/retest |
|
/retest |
mmalina
force-pushed
the
require-terms-switch
branch
from
f1421d6
to
80a0623
Compare
mmalina
force-pushed
the
require-terms-switch
branch
3 times, most recently
from
9f0c96d
to
d0a8af0
Compare
mmalina
force-pushed
the
require-terms-switch
branch
from
d0a8af0
to
7e09bc8
Compare
johnbieren
reviewed
Oct 25, 2024
pipelines/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml
Outdated
Show resolved
Hide resolved
mmalina
force-pushed
the
require-terms-switch
branch
from
7e09bc8
to
bf3bfb5
Compare
johnbieren
approved these changes
Oct 25, 2024
mmalina
force-pushed
the
require-terms-switch
branch
from
bf3bfb5
to
e2e8fd5
Compare
|
New changes are detected. LGTM label has been removed. |
|
/retest |
`rh-sign-image` and `rh-sign-image-cosign` will now only sign registry.access.redhat.com references if requires_terms is false in the corresponding repository object in Pyxis. If require_terms is true (the vast majority of repos), signing of registry.access references will be skipped which will result in 50 % reduction of signing requests. Several changes are included: * `publish-pyxis-repository` provides a new result that points to a file that contains a list of repos where signing of registry.access references is needed. * `rh-sign-image` and `rh-sign-image-cosign` take this result as a new mandatory parameter and will skip registry.access signing unless the given repo is included in the file. * `rh-advisories` and `rh-push-to-registry-redhat-io` pipelines were modified for this. The order of tasks was also slightly modified so that `publish-pyxis-repository` runs earlier in the pipeline. Signed-off-by: Martin Malina <[email protected]>
mmalina
force-pushed
the
require-terms-switch
branch
from
e2e8fd5
to
6a3b7e5
Compare
|
/retest |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
rh-sign-imageandrh-sign-image-cosignwill now only sign registry.access.redhat.com references if requires_terms is false in the corresponding repository object in Pyxis.If require_terms is true (the vast majority of repos), signing of registry.access references will be skipped which will result in 50 % reduction of signing
requests.
Several changes are included:
publish-pyxis-repositoryprovides a new result that points to a file that contains a list of repos where signing of registry.access references is needed.rh-sign-imageandrh-sign-image-cosigntake this result as a new mandatory parameter and will skip registry.access signing unless the given repo is included in the file.rh-advisoriesandrh-push-to-registry-redhat-iopipelines were modified for this. The order of tasks was also slightly modified so thatpublish-pyxis-repositoryruns earlier in the pipeline.