Enable hermetic pipeline builds #598
Conversation
openshift-ci
bot
added
the
approved
|
This should hopefully start working once konflux-ci/build-definitions#1205 lands. |
openshift-merge-robot
added
the
needs-rebase
yuumasato
force-pushed
the
enable-hermetic-builds
branch
from
fe509a7 to
22398dc
Compare
openshift-merge-robot
removed
the
needs-rebase
yuumasato
force-pushed
the
enable-hermetic-builds
branch
from
22398dc to
b56bb85
Compare
yuumasato
force-pushed
the
enable-hermetic-builds
branch
from
b56bb85 to
e31c7f1
Compare
|
/retest |
yuumasato
force-pushed
the
enable-hermetic-builds
branch
2 times, most recently
from
2aac018 to
b7cd6c4
Compare
yuumasato
force-pushed
the
enable-hermetic-builds
branch
3 times, most recently
from
0d02299 to
340cbd4
Compare
|
/retest |
Hermetic builds are built in total isolation.
They will not work on hermetic builds.
Konflux prefetch task needs up to date list of modules and checksums.
yuumasato
force-pushed
the
enable-hermetic-builds
branch
from
340cbd4 to
6e5746f
Compare
yuumasato
force-pushed
the
enable-hermetic-builds
branch
7 times, most recently
from
cf47786 to
e82a404
Compare
yuumasato
force-pushed
the
enable-hermetic-builds
branch
3 times, most recently
from
674b945 to
6af8345
Compare
yuumasato
force-pushed
the
enable-hermetic-builds
branch
from
6af8345 to
6f8a566
Compare
yuumasato
force-pushed
the
enable-hermetic-builds
branch
from
d9418e9 to
bb3401f
Compare
|
|
||
| FIO_IMAGE_PULLSPEC := "quay.io/redhat-user-workloads/ocp-isc-tenant/file-integrity-operator@sha256:148940c5046c11914540b7c9ad872f5b7c1219d2c75d2eeb6d721c9578b9f43a" | ||
|
|
||
| env, ok := csv["spec"].(map[string]interface{})["install"].(map[string]interface{})["spec"].(map[string]interface{})["deployments"].([]interface{})[0].(map[string]interface{})["spec"].(map[string]interface{})["template"].(map[string]interface{})["spec"].(map[string]interface{})["containers"].([]interface{})[0].(map[string]interface{})["env"].([]interface{}) |
There was a problem hiding this comment.
Not happy with this, couldn't find a good way to write this.
Unless I add a function to iterate over the a list of tuple (keys, type) while casting.
There was a problem hiding this comment.
Using CSV struct from operator-framework package helped, but it had problems parsing the CSV version.
There was a problem hiding this comment.
This will still only update the CSV file with pull specs from our public Konflux instance, right? We'll need to add another step to build a bundle that will work with registry.redhat.io, right?
|
/retest |
yuumasato
force-pushed
the
enable-hermetic-builds
branch
2 times, most recently
from
b7a119f to
a466ad1
Compare
This will avoid need to prefetch RPMs and python packages.
yuumasato
force-pushed
the
enable-hermetic-builds
branch
from
a466ad1 to
e66f6b4
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Vincent056, yuumasato The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@Vincent056 I'm reverting to using maps instead of the CSV struct to unmarshal the yaml, since that was working. |
yuumasato
force-pushed
the
enable-hermetic-builds
branch
from
7134350 to
e66f6b4
Compare
|
New changes are detected. LGTM label has been removed. |
|
/retest |
|
@yuumasato: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
thanks the update, the change looks good! |
There was a problem hiding this comment.
I wonder if those are still needed
There was a problem hiding this comment.
I don't think so - since we're using update_csv.go for the heavy lifting now.
Hermetic builds are built in total isolation.
These are required to make a release.