diff --git a/ci-operator/config/ComplianceAsCode/compliance-sdk/ComplianceAsCode-compliance-sdk-main.yaml b/ci-operator/config/ComplianceAsCode/compliance-sdk/ComplianceAsCode-compliance-sdk-main.yaml new file mode 100644 index 0000000000000..5c82c8bcf6ac5 --- /dev/null +++ b/ci-operator/config/ComplianceAsCode/compliance-sdk/ComplianceAsCode-compliance-sdk-main.yaml @@ -0,0 +1,62 @@ +build_root: + image_stream_tag: + name: release + namespace: openshift + tag: golang-1.24 +releases: + initial: + integration: + name: "4.19" + namespace: ocp + latest: + integration: + include_built_images: true + name: "4.19" + namespace: ocp +resources: + '*': + requests: + cpu: 200m + memory: 400Mi +tests: +- as: compliance-sdk-integration-tests + skip_if_only_changed: ^.*md$|^OWNERS$|^LICENSE$ + steps: + cluster_profile: quay-aws + env: + BASE_DOMAIN: quay.devcluster.openshift.com + test: + - as: test + cli: latest + commands: make test-integration + from: src + resources: + requests: + cpu: 100m + workflow: ipi-aws +- as: compliance-sdk-unit-tests + steps: + cluster_profile: quay-aws + test: + - as: test + cli: latest + commands: make test-unit + from: src + resources: + requests: + cpu: 100m +- as: compliance-sdk-lint + steps: + cluster_profile: quay-aws + test: + - as: test + cli: latest + commands: make lint + from: src + resources: + requests: + cpu: 100m +zz_generated_metadata: + branch: main + org: ComplianceAsCode + repo: compliance-sdk diff --git a/ci-operator/config/ComplianceAsCode/compliance-sdk/OWNERS b/ci-operator/config/ComplianceAsCode/compliance-sdk/OWNERS new file mode 100644 index 0000000000000..2d28b9eb6c2d0 --- /dev/null +++ b/ci-operator/config/ComplianceAsCode/compliance-sdk/OWNERS @@ -0,0 +1,11 @@ +component: "compliance-sdk" +approvers: + - xiaojiey + - Vincent056 + - rhmdnd + - yuumasato +reviewers: + - xiaojiey + - Vincent056 + - rhmdnd + - yuumasato diff --git a/ci-operator/jobs/ComplianceAsCode/compliance-sdk/ComplianceAsCode-compliance-sdk-main-presubmits.yaml b/ci-operator/jobs/ComplianceAsCode/compliance-sdk/ComplianceAsCode-compliance-sdk-main-presubmits.yaml new file mode 100644 index 0000000000000..32c0b632f29cb --- /dev/null +++ b/ci-operator/jobs/ComplianceAsCode/compliance-sdk/ComplianceAsCode-compliance-sdk-main-presubmits.yaml @@ -0,0 +1,225 @@ +presubmits: + ComplianceAsCode/compliance-sdk: + - agent: kubernetes + always_run: false + branches: + - ^main$ + - ^main- + cluster: build07 + context: ci/prow/compliance-sdk-integration-tests + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: quay-aws + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-ComplianceAsCode-compliance-sdk-main-compliance-sdk-integration-tests + rerun_command: /test compliance-sdk-integration-tests + skip_if_only_changed: ^.*md$|^OWNERS$|^LICENSE$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=compliance-sdk-integration-tests + command: + - ci-operator + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )compliance-sdk-integration-tests,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build07 + context: ci/prow/compliance-sdk-lint + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: quay-aws + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-ComplianceAsCode-compliance-sdk-main-compliance-sdk-lint + rerun_command: /test compliance-sdk-lint + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=compliance-sdk-lint + command: + - ci-operator + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )compliance-sdk-lint,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build07 + context: ci/prow/compliance-sdk-unit-tests + decorate: true + decoration_config: + skip_cloning: true + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: quay-aws + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-ComplianceAsCode-compliance-sdk-main-compliance-sdk-unit-tests + rerun_command: /test compliance-sdk-unit-tests + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=compliance-sdk-unit-tests + command: + - ci-operator + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )compliance-sdk-unit-tests,?($|\s.*) diff --git a/ci-operator/jobs/ComplianceAsCode/compliance-sdk/OWNERS b/ci-operator/jobs/ComplianceAsCode/compliance-sdk/OWNERS new file mode 100644 index 0000000000000..2d28b9eb6c2d0 --- /dev/null +++ b/ci-operator/jobs/ComplianceAsCode/compliance-sdk/OWNERS @@ -0,0 +1,11 @@ +component: "compliance-sdk" +approvers: + - xiaojiey + - Vincent056 + - rhmdnd + - yuumasato +reviewers: + - xiaojiey + - Vincent056 + - rhmdnd + - yuumasato diff --git a/core-services/prow/02_config/ComplianceAsCode/compliance-sdk/OWNERS b/core-services/prow/02_config/ComplianceAsCode/compliance-sdk/OWNERS new file mode 100644 index 0000000000000..9e02aa9dd8578 --- /dev/null +++ b/core-services/prow/02_config/ComplianceAsCode/compliance-sdk/OWNERS @@ -0,0 +1,11 @@ +approvers: +- rhmdnd +- vincent056 +- xiaojiey +- yuumasato +options: {} +reviewers: +- rhmdnd +- vincent056 +- xiaojiey +- yuumasato diff --git a/core-services/prow/02_config/ComplianceAsCode/compliance-sdk/_pluginconfig.yaml b/core-services/prow/02_config/ComplianceAsCode/compliance-sdk/_pluginconfig.yaml new file mode 100644 index 0000000000000..a58b9a7d15683 --- /dev/null +++ b/core-services/prow/02_config/ComplianceAsCode/compliance-sdk/_pluginconfig.yaml @@ -0,0 +1,56 @@ +approve: +- commandHelpLink: https://go.k8s.io/bot-commands + repos: + - ComplianceAsCode/compliance-sdk + require_self_approval: false +external_plugins: + ComplianceAsCode/compliance-sdk: + - endpoint: http://refresh + events: + - issue_comment + name: refresh + - endpoint: http://cherrypick + events: + - issue_comment + - pull_request + name: cherrypick + - endpoint: http://needs-rebase + events: + - pull_request + name: needs-rebase + - endpoint: http://jira-lifecycle-plugin + events: + - issue_comment + - pull_request + name: jira-lifecycle-plugin +lgtm: +- repos: + - ComplianceAsCode/compliance-sdk + review_acts_as_lgtm: true +plugins: + ComplianceAsCode/compliance-sdk: + plugins: + - assign + - blunderbuss + - cat + - dog + - heart + - golint + - goose + - help + - hold + - label + - lgtm + - lifecycle + - override + - pony + - retitle + - shrug + - sigmention + - skip + - trigger + - verify-owners + - owners-label + - wip + - yuks + - approve diff --git a/core-services/prow/02_config/ComplianceAsCode/compliance-sdk/_prowconfig.yaml b/core-services/prow/02_config/ComplianceAsCode/compliance-sdk/_prowconfig.yaml new file mode 100644 index 0000000000000..9b0f07cf2e1d7 --- /dev/null +++ b/core-services/prow/02_config/ComplianceAsCode/compliance-sdk/_prowconfig.yaml @@ -0,0 +1,33 @@ +tide: + queries: + - excludedBranches: + - main + labels: + - approved + - docs-approved + - lgtm + - qe-approved + missingLabels: + - backports/unvalidated-commits + - do-not-merge/hold + - do-not-merge/invalid-owners-file + - do-not-merge/work-in-progress + - jira/invalid-bug + - needs-rebase + repos: + - ComplianceAsCode/compliance-sdk + - includedBranches: + - main + labels: + - approved + - lgtm + missingLabels: + - backports/unvalidated-commits + - do-not-merge/hold + - do-not-merge/invalid-owners-file + - do-not-merge/work-in-progress + - jira/invalid-bug + - keep-main-query-separate + - needs-rebase + repos: + - ComplianceAsCode/compliance-sdk