-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(RELEASE-1176): only sign registry.access if required #601
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Skipping CI for Draft Pull Request. |
mmalina
force-pushed
the
require-terms-switch
branch
6 times, most recently
from
October 8, 2024 13:03
7f23c36
to
3bd01f6
Compare
/retest |
mmalina
force-pushed
the
require-terms-switch
branch
2 times, most recently
from
October 9, 2024 07:36
877c7a6
to
8f7c960
Compare
mmalina
force-pushed
the
require-terms-switch
branch
from
October 14, 2024 08:35
8f7c960
to
1cf72c3
Compare
/retest |
mmalina
force-pushed
the
require-terms-switch
branch
from
October 15, 2024 06:53
1cf72c3
to
bc15ef7
Compare
johnbieren
reviewed
Oct 15, 2024
tasks/publish-pyxis-repository/tests/test-publish-pyxis-repository-no-terms-required.yaml
Show resolved
Hide resolved
tasks/publish-pyxis-repository/tests/test-publish-pyxis-repository-skip-publishing.yaml
Outdated
Show resolved
Hide resolved
mmalina
force-pushed
the
require-terms-switch
branch
3 times, most recently
from
October 21, 2024 11:32
8341108
to
cf4fc35
Compare
johnbieren
previously approved these changes
Oct 21, 2024
mmalina
force-pushed
the
require-terms-switch
branch
from
October 22, 2024 08:30
cf4fc35
to
3237cef
Compare
@johnbieren I think I lost your approval when I needed to resolve a conflict. |
johnbieren
previously approved these changes
Oct 22, 2024
mmalina
force-pushed
the
require-terms-switch
branch
from
October 23, 2024 13:58
a5522ef
to
f1421d6
Compare
/retest |
2 similar comments
/retest |
/retest |
mmalina
force-pushed
the
require-terms-switch
branch
from
October 25, 2024 04:50
f1421d6
to
80a0623
Compare
mmalina
force-pushed
the
require-terms-switch
branch
3 times, most recently
from
October 25, 2024 09:54
9f0c96d
to
d0a8af0
Compare
mmalina
force-pushed
the
require-terms-switch
branch
from
October 25, 2024 11:55
d0a8af0
to
7e09bc8
Compare
johnbieren
reviewed
Oct 25, 2024
pipelines/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml
Outdated
Show resolved
Hide resolved
mmalina
force-pushed
the
require-terms-switch
branch
from
October 25, 2024 12:03
7e09bc8
to
bf3bfb5
Compare
johnbieren
approved these changes
Oct 25, 2024
mmalina
force-pushed
the
require-terms-switch
branch
from
October 25, 2024 15:10
bf3bfb5
to
e2e8fd5
Compare
New changes are detected. LGTM label has been removed. |
/retest |
`rh-sign-image` and `rh-sign-image-cosign` will now only sign registry.access.redhat.com references if requires_terms is false in the corresponding repository object in Pyxis. If require_terms is true (the vast majority of repos), signing of registry.access references will be skipped which will result in 50 % reduction of signing requests. Several changes are included: * `publish-pyxis-repository` provides a new result that points to a file that contains a list of repos where signing of registry.access references is needed. * `rh-sign-image` and `rh-sign-image-cosign` take this result as a new mandatory parameter and will skip registry.access signing unless the given repo is included in the file. * `rh-advisories` and `rh-push-to-registry-redhat-io` pipelines were modified for this. The order of tasks was also slightly modified so that `publish-pyxis-repository` runs earlier in the pipeline. Signed-off-by: Martin Malina <[email protected]>
mmalina
force-pushed
the
require-terms-switch
branch
from
October 25, 2024 16:56
e2e8fd5
to
6a3b7e5
Compare
/retest |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
rh-sign-image
andrh-sign-image-cosign
will now only sign registry.access.redhat.com references if requires_terms is false in the corresponding repository object in Pyxis.If require_terms is true (the vast majority of repos), signing of registry.access references will be skipped which will result in 50 % reduction of signing
requests.
Several changes are included:
publish-pyxis-repository
provides a new result that points to a file that contains a list of repos where signing of registry.access references is needed.rh-sign-image
andrh-sign-image-cosign
take this result as a new mandatory parameter and will skip registry.access signing unless the given repo is included in the file.rh-advisories
andrh-push-to-registry-redhat-io
pipelines were modified for this. The order of tasks was also slightly modified so thatpublish-pyxis-repository
runs earlier in the pipeline.