diff --git a/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-master.yaml b/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-master.yaml index 561aedbfb33d..94658ab53577 100644 --- a/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-master.yaml +++ b/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-master.yaml @@ -81,6 +81,12 @@ tests: env: FEATURE_SET: TechPreviewNoUpgrade workflow: openshift-e2e-aws-builds +- as: security + optional: true + steps: + env: + PROJECT_NAME: openshift-controller-manager + workflow: openshift-ci-security zz_generated_metadata: branch: master org: openshift-priv diff --git a/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.11.yaml b/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.11.yaml index 1f44505286d8..5b03efc5f0fd 100644 --- a/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.11.yaml +++ b/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.11.yaml @@ -79,6 +79,12 @@ tests: steps: cluster_profile: aws workflow: openshift-e2e-aws-builds-techpreview +- as: security + optional: true + steps: + env: + PROJECT_NAME: openshift-controller-manager + workflow: openshift-ci-security zz_generated_metadata: branch: release-4.11 org: openshift-priv diff --git a/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.12.yaml b/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.12.yaml index 208a927267ce..713200b4b9bc 100644 --- a/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.12.yaml +++ b/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.12.yaml @@ -81,6 +81,12 @@ tests: env: FEATURE_SET: TechPreviewNoUpgrade workflow: openshift-e2e-aws-builds +- as: security + optional: true + steps: + env: + PROJECT_NAME: openshift-controller-manager + workflow: openshift-ci-security zz_generated_metadata: branch: release-4.12 org: openshift-priv diff --git a/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.13.yaml b/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.13.yaml index d9d57860e4d0..5b5826b2c30a 100644 --- a/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.13.yaml +++ b/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.13.yaml @@ -81,6 +81,12 @@ tests: env: FEATURE_SET: TechPreviewNoUpgrade workflow: openshift-e2e-aws-builds +- as: security + optional: true + steps: + env: + PROJECT_NAME: openshift-controller-manager + workflow: openshift-ci-security zz_generated_metadata: branch: release-4.13 org: openshift-priv diff --git a/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.14.yaml b/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.14.yaml index a6d9cc86a339..2020913bd160 100644 --- a/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.14.yaml +++ b/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.14.yaml @@ -81,6 +81,12 @@ tests: env: FEATURE_SET: TechPreviewNoUpgrade workflow: openshift-e2e-aws-builds +- as: security + optional: true + steps: + env: + PROJECT_NAME: openshift-controller-manager + workflow: openshift-ci-security zz_generated_metadata: branch: release-4.14 org: openshift-priv diff --git a/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.15.yaml b/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.15.yaml index 786fc3fc1062..f108ab957e3c 100644 --- a/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.15.yaml +++ b/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.15.yaml @@ -82,6 +82,12 @@ tests: env: FEATURE_SET: TechPreviewNoUpgrade workflow: openshift-e2e-aws-builds +- as: security + optional: true + steps: + env: + PROJECT_NAME: openshift-controller-manager + workflow: openshift-ci-security zz_generated_metadata: branch: release-4.15 org: openshift-priv diff --git a/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.16.yaml b/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.16.yaml index 8173d7204757..63321ae38113 100644 --- a/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.16.yaml +++ b/ci-operator/config/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.16.yaml @@ -81,6 +81,12 @@ tests: env: FEATURE_SET: TechPreviewNoUpgrade workflow: openshift-e2e-aws-builds +- as: security + optional: true + steps: + env: + PROJECT_NAME: openshift-controller-manager + workflow: openshift-ci-security zz_generated_metadata: branch: release-4.16 org: openshift-priv diff --git a/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-master.yaml b/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-master.yaml index 899dabd8f7b3..6ed432ea8461 100644 --- a/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-master.yaml +++ b/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-master.yaml @@ -90,6 +90,12 @@ tests: steps: cluster_profile: gcp workflow: openshift-e2e-gcp-builds +- as: security + optional: true + steps: + env: + PROJECT_NAME: openshift-controller-manager + workflow: openshift-ci-security zz_generated_metadata: branch: master org: openshift-priv diff --git a/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.11.yaml b/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.11.yaml index ac022a222272..269d33c8bcc1 100644 --- a/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.11.yaml +++ b/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.11.yaml @@ -88,6 +88,12 @@ tests: steps: cluster_profile: gcp workflow: openshift-e2e-gcp-builds +- as: security + optional: true + steps: + env: + PROJECT_NAME: openshift-controller-manager + workflow: openshift-ci-security zz_generated_metadata: branch: release-4.11 org: openshift-priv diff --git a/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.12.yaml b/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.12.yaml index 3f9f2d2049d7..4efe6e79707d 100644 --- a/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.12.yaml +++ b/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.12.yaml @@ -90,6 +90,12 @@ tests: steps: cluster_profile: gcp workflow: openshift-e2e-gcp-builds +- as: security + optional: true + steps: + env: + PROJECT_NAME: openshift-controller-manager + workflow: openshift-ci-security zz_generated_metadata: branch: release-4.12 org: openshift-priv diff --git a/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.13.yaml b/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.13.yaml index 39012b8c9007..571616aef828 100644 --- a/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.13.yaml +++ b/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.13.yaml @@ -90,6 +90,12 @@ tests: steps: cluster_profile: gcp workflow: openshift-e2e-gcp-builds +- as: security + optional: true + steps: + env: + PROJECT_NAME: openshift-controller-manager + workflow: openshift-ci-security zz_generated_metadata: branch: release-4.13 org: openshift-priv diff --git a/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.14.yaml b/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.14.yaml index e756abd11454..67135d53bac1 100644 --- a/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.14.yaml +++ b/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.14.yaml @@ -90,6 +90,12 @@ tests: steps: cluster_profile: gcp workflow: openshift-e2e-gcp-builds +- as: security + optional: true + steps: + env: + PROJECT_NAME: openshift-controller-manager + workflow: openshift-ci-security zz_generated_metadata: branch: release-4.14 org: openshift-priv diff --git a/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.15.yaml b/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.15.yaml index e5a576a8a791..90dfb20ff6ec 100644 --- a/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.15.yaml +++ b/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.15.yaml @@ -91,6 +91,12 @@ tests: steps: cluster_profile: gcp workflow: openshift-e2e-gcp-builds +- as: security + optional: true + steps: + env: + PROJECT_NAME: openshift-controller-manager + workflow: openshift-ci-security zz_generated_metadata: branch: release-4.15 org: openshift-priv diff --git a/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.16.yaml b/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.16.yaml index 8d34e5eb100d..feb4472c7910 100644 --- a/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.16.yaml +++ b/ci-operator/config/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.16.yaml @@ -90,6 +90,12 @@ tests: steps: cluster_profile: gcp workflow: openshift-e2e-gcp-builds +- as: security + optional: true + steps: + env: + PROJECT_NAME: openshift-controller-manager + workflow: openshift-ci-security zz_generated_metadata: branch: release-4.16 org: openshift-priv diff --git a/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-master-presubmits.yaml b/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-master-presubmits.yaml index 5692a4a01c45..2beb4d423696 100644 --- a/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-master-presubmits.yaml +++ b/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-master-presubmits.yaml @@ -420,6 +420,77 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )openshift-e2e-aws-builds-techpreview,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build01 + context: ci/prow/security + decorate: true + decoration_config: + oauth_token_secret: + key: oauth + name: github-credentials-openshift-ci-robot-private-git-cloner + hidden: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-priv-cluster-openshift-controller-manager-operator-master-security + optional: true + path_alias: github.com/openshift/cluster-openshift-controller-manager-operator + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: false branches: diff --git a/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.11-presubmits.yaml b/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.11-presubmits.yaml index 80431b9dfadc..52b62a0f0bdc 100644 --- a/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.11-presubmits.yaml +++ b/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.11-presubmits.yaml @@ -420,6 +420,77 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )openshift-e2e-aws-builds-techpreview,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^release-4\.11$ + - ^release-4\.11- + cluster: build01 + context: ci/prow/security + decorate: true + decoration_config: + oauth_token_secret: + key: oauth + name: github-credentials-openshift-ci-robot-private-git-cloner + hidden: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-priv-cluster-openshift-controller-manager-operator-release-4.11-security + optional: true + path_alias: github.com/openshift/cluster-openshift-controller-manager-operator + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: false branches: diff --git a/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.12-presubmits.yaml b/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.12-presubmits.yaml index 4ad8f9751480..a0038e7e378d 100644 --- a/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.12-presubmits.yaml +++ b/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.12-presubmits.yaml @@ -420,6 +420,77 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )openshift-e2e-aws-builds-techpreview,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^release-4\.12$ + - ^release-4\.12- + cluster: build01 + context: ci/prow/security + decorate: true + decoration_config: + oauth_token_secret: + key: oauth + name: github-credentials-openshift-ci-robot-private-git-cloner + hidden: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-priv-cluster-openshift-controller-manager-operator-release-4.12-security + optional: true + path_alias: github.com/openshift/cluster-openshift-controller-manager-operator + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: false branches: diff --git a/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.13-presubmits.yaml b/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.13-presubmits.yaml index 100350a4d8bb..105965c9e88c 100644 --- a/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.13-presubmits.yaml +++ b/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.13-presubmits.yaml @@ -420,6 +420,77 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )openshift-e2e-aws-builds-techpreview,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^release-4\.13$ + - ^release-4\.13- + cluster: build01 + context: ci/prow/security + decorate: true + decoration_config: + oauth_token_secret: + key: oauth + name: github-credentials-openshift-ci-robot-private-git-cloner + hidden: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-priv-cluster-openshift-controller-manager-operator-release-4.13-security + optional: true + path_alias: github.com/openshift/cluster-openshift-controller-manager-operator + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: false branches: diff --git a/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.14-presubmits.yaml b/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.14-presubmits.yaml index bc5f469e38fd..7428b56e6ea9 100644 --- a/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.14-presubmits.yaml +++ b/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.14-presubmits.yaml @@ -420,6 +420,77 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )openshift-e2e-aws-builds-techpreview,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^release-4\.14$ + - ^release-4\.14- + cluster: build01 + context: ci/prow/security + decorate: true + decoration_config: + oauth_token_secret: + key: oauth + name: github-credentials-openshift-ci-robot-private-git-cloner + hidden: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-priv-cluster-openshift-controller-manager-operator-release-4.14-security + optional: true + path_alias: github.com/openshift/cluster-openshift-controller-manager-operator + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: false branches: diff --git a/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.15-presubmits.yaml b/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.15-presubmits.yaml index 8f2531defce2..fbf91c65c4ac 100644 --- a/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.15-presubmits.yaml +++ b/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.15-presubmits.yaml @@ -420,6 +420,77 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )openshift-e2e-aws-builds-techpreview,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^release-4\.15$ + - ^release-4\.15- + cluster: build01 + context: ci/prow/security + decorate: true + decoration_config: + oauth_token_secret: + key: oauth + name: github-credentials-openshift-ci-robot-private-git-cloner + hidden: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-priv-cluster-openshift-controller-manager-operator-release-4.15-security + optional: true + path_alias: github.com/openshift/cluster-openshift-controller-manager-operator + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: false branches: diff --git a/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.16-presubmits.yaml b/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.16-presubmits.yaml index 8fef393909f5..bcc9c82629ec 100644 --- a/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.16-presubmits.yaml +++ b/ci-operator/jobs/openshift-priv/cluster-openshift-controller-manager-operator/openshift-priv-cluster-openshift-controller-manager-operator-release-4.16-presubmits.yaml @@ -420,6 +420,77 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )openshift-e2e-aws-builds-techpreview,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^release-4\.16$ + - ^release-4\.16- + cluster: build01 + context: ci/prow/security + decorate: true + decoration_config: + oauth_token_secret: + key: oauth + name: github-credentials-openshift-ci-robot-private-git-cloner + hidden: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-priv-cluster-openshift-controller-manager-operator-release-4.16-security + optional: true + path_alias: github.com/openshift/cluster-openshift-controller-manager-operator + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: false branches: diff --git a/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-master-presubmits.yaml b/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-master-presubmits.yaml index 68f42974e2c0..be9b021c02e7 100644 --- a/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-master-presubmits.yaml +++ b/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-master-presubmits.yaml @@ -696,6 +696,77 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )openshift-e2e-aws-ovn-builds-techpreview,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build03 + context: ci/prow/security + decorate: true + decoration_config: + oauth_token_secret: + key: oauth + name: github-credentials-openshift-ci-robot-private-git-cloner + hidden: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-priv-openshift-controller-manager-master-security + optional: true + path_alias: github.com/openshift/openshift-controller-manager + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: false branches: diff --git a/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.11-presubmits.yaml b/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.11-presubmits.yaml index abe20eab7caf..4753b4aa8531 100644 --- a/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.11-presubmits.yaml +++ b/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.11-presubmits.yaml @@ -696,6 +696,77 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )openshift-e2e-aws-builds-techpreview,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^release-4\.11$ + - ^release-4\.11- + cluster: build03 + context: ci/prow/security + decorate: true + decoration_config: + oauth_token_secret: + key: oauth + name: github-credentials-openshift-ci-robot-private-git-cloner + hidden: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-priv-openshift-controller-manager-release-4.11-security + optional: true + path_alias: github.com/openshift/openshift-controller-manager + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: false branches: diff --git a/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.12-presubmits.yaml b/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.12-presubmits.yaml index f20da9940fed..5002ef977d27 100644 --- a/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.12-presubmits.yaml +++ b/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.12-presubmits.yaml @@ -696,6 +696,77 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )openshift-e2e-aws-ovn-builds-techpreview,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^release-4\.12$ + - ^release-4\.12- + cluster: build03 + context: ci/prow/security + decorate: true + decoration_config: + oauth_token_secret: + key: oauth + name: github-credentials-openshift-ci-robot-private-git-cloner + hidden: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-priv-openshift-controller-manager-release-4.12-security + optional: true + path_alias: github.com/openshift/openshift-controller-manager + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: false branches: diff --git a/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.13-presubmits.yaml b/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.13-presubmits.yaml index 9a499676ca5f..0731e24e9ed9 100644 --- a/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.13-presubmits.yaml +++ b/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.13-presubmits.yaml @@ -696,6 +696,77 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )openshift-e2e-aws-ovn-builds-techpreview,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^release-4\.13$ + - ^release-4\.13- + cluster: build03 + context: ci/prow/security + decorate: true + decoration_config: + oauth_token_secret: + key: oauth + name: github-credentials-openshift-ci-robot-private-git-cloner + hidden: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-priv-openshift-controller-manager-release-4.13-security + optional: true + path_alias: github.com/openshift/openshift-controller-manager + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: false branches: diff --git a/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.14-presubmits.yaml b/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.14-presubmits.yaml index bc4a5f5a3f5e..159c246c365a 100644 --- a/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.14-presubmits.yaml +++ b/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.14-presubmits.yaml @@ -696,6 +696,77 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )openshift-e2e-aws-ovn-builds-techpreview,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^release-4\.14$ + - ^release-4\.14- + cluster: build03 + context: ci/prow/security + decorate: true + decoration_config: + oauth_token_secret: + key: oauth + name: github-credentials-openshift-ci-robot-private-git-cloner + hidden: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-priv-openshift-controller-manager-release-4.14-security + optional: true + path_alias: github.com/openshift/openshift-controller-manager + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: false branches: diff --git a/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.15-presubmits.yaml b/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.15-presubmits.yaml index 8524bb74d75f..2bc75a40c07a 100644 --- a/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.15-presubmits.yaml +++ b/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.15-presubmits.yaml @@ -696,6 +696,77 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )openshift-e2e-aws-ovn-builds-techpreview,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^release-4\.15$ + - ^release-4\.15- + cluster: build03 + context: ci/prow/security + decorate: true + decoration_config: + oauth_token_secret: + key: oauth + name: github-credentials-openshift-ci-robot-private-git-cloner + hidden: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-priv-openshift-controller-manager-release-4.15-security + optional: true + path_alias: github.com/openshift/openshift-controller-manager + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: false branches: diff --git a/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.16-presubmits.yaml b/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.16-presubmits.yaml index a154e206c8a0..3b8dc309411a 100644 --- a/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.16-presubmits.yaml +++ b/ci-operator/jobs/openshift-priv/openshift-controller-manager/openshift-priv-openshift-controller-manager-release-4.16-presubmits.yaml @@ -696,6 +696,77 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )openshift-e2e-aws-ovn-builds-techpreview,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^release-4\.16$ + - ^release-4\.16- + cluster: build03 + context: ci/prow/security + decorate: true + decoration_config: + oauth_token_secret: + key: oauth + name: github-credentials-openshift-ci-robot-private-git-cloner + hidden: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-priv-openshift-controller-manager-release-4.16-security + optional: true + path_alias: github.com/openshift/openshift-controller-manager + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --oauth-token-path=/usr/local/github-credentials/oauth + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /usr/local/github-credentials + name: github-credentials-openshift-ci-robot-private-git-cloner + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: false branches: diff --git a/clusters/hive/pools/cvp/cvp-ocp-4-12-amd64-aws-eu-west-3_clusterpool.yaml b/clusters/hive/pools/cvp/cvp-ocp-4-12-amd64-aws-eu-west-3_clusterpool.yaml index 225baf0dbf6f..27fe7044bbc1 100644 --- a/clusters/hive/pools/cvp/cvp-ocp-4-12-amd64-aws-eu-west-3_clusterpool.yaml +++ b/clusters/hive/pools/cvp/cvp-ocp-4-12-amd64-aws-eu-west-3_clusterpool.yaml @@ -18,7 +18,7 @@ spec: hibernationConfig: resumeTimeout: 15m0s imageSetRef: - name: ocp-release-4.12.39-x86-64-for-4.12.0-0-to-4.13.0-0 + name: ocp-release-4.12.40-x86-64-for-4.12.0-0-to-4.13.0-0 installAttemptsLimit: 1 installConfigSecretTemplateRef: name: install-config-aws-eu-west-3 diff --git a/clusters/hive/pools/msp/msp-ocp-4-12-medium-single-az-aws_clusterpool.yaml b/clusters/hive/pools/msp/msp-ocp-4-12-medium-single-az-aws_clusterpool.yaml index 93edf9e10f8e..540f17af3ee6 100644 --- a/clusters/hive/pools/msp/msp-ocp-4-12-medium-single-az-aws_clusterpool.yaml +++ b/clusters/hive/pools/msp/msp-ocp-4-12-medium-single-az-aws_clusterpool.yaml @@ -20,7 +20,7 @@ spec: hibernationConfig: resumeTimeout: 15m0s imageSetRef: - name: ocp-release-4.12.39-x86-64-for-4.12.0-0-to-4.13.0-0 + name: ocp-release-4.12.40-x86-64-for-4.12.0-0-to-4.13.0-0 installAttemptsLimit: 1 installConfigSecretTemplateRef: name: install-config-medium-aws-us-east-1 diff --git a/clusters/hive/pools/msp/msp-ocp-4-12-small-single-az-aws_clusterpool.yaml b/clusters/hive/pools/msp/msp-ocp-4-12-small-single-az-aws_clusterpool.yaml index d2c0e9dc8b84..f1b167ffc9d1 100644 --- a/clusters/hive/pools/msp/msp-ocp-4-12-small-single-az-aws_clusterpool.yaml +++ b/clusters/hive/pools/msp/msp-ocp-4-12-small-single-az-aws_clusterpool.yaml @@ -20,7 +20,7 @@ spec: hibernationConfig: resumeTimeout: 15m0s imageSetRef: - name: ocp-release-4.12.39-x86-64-for-4.12.0-0-to-4.13.0-0 + name: ocp-release-4.12.40-x86-64-for-4.12.0-0-to-4.13.0-0 installAttemptsLimit: 1 installConfigSecretTemplateRef: name: install-config-small-aws-us-east-2 diff --git a/clusters/hive/pools/ocp-release-4.12.39-x86-64-for-4.12.0-0-to-4.13.0-0_clusterimageset.yaml b/clusters/hive/pools/ocp-release-4.12.40-x86-64-for-4.12.0-0-to-4.13.0-0_clusterimageset.yaml similarity index 57% rename from clusters/hive/pools/ocp-release-4.12.39-x86-64-for-4.12.0-0-to-4.13.0-0_clusterimageset.yaml rename to clusters/hive/pools/ocp-release-4.12.40-x86-64-for-4.12.0-0-to-4.13.0-0_clusterimageset.yaml index 2a812460548c..4615a431c5e9 100644 --- a/clusters/hive/pools/ocp-release-4.12.39-x86-64-for-4.12.0-0-to-4.13.0-0_clusterimageset.yaml +++ b/clusters/hive/pools/ocp-release-4.12.40-x86-64-for-4.12.0-0-to-4.13.0-0_clusterimageset.yaml @@ -5,7 +5,7 @@ metadata: version_lower: 4.12.0-0 version_upper: 4.13.0-0 creationTimestamp: null - name: ocp-release-4.12.39-x86-64-for-4.12.0-0-to-4.13.0-0 + name: ocp-release-4.12.40-x86-64-for-4.12.0-0-to-4.13.0-0 spec: - releaseImage: quay.io/openshift-release-dev/ocp-release:4.12.39-x86_64 + releaseImage: quay.io/openshift-release-dev/ocp-release:4.12.40-x86_64 status: {} diff --git a/clusters/hive/pools/openshift-ci/ci-ocp-4-12-0-amd64-aws-us-east-1_clusterpool.yaml b/clusters/hive/pools/openshift-ci/ci-ocp-4-12-0-amd64-aws-us-east-1_clusterpool.yaml index 71f9797e04f3..37275be17273 100644 --- a/clusters/hive/pools/openshift-ci/ci-ocp-4-12-0-amd64-aws-us-east-1_clusterpool.yaml +++ b/clusters/hive/pools/openshift-ci/ci-ocp-4-12-0-amd64-aws-us-east-1_clusterpool.yaml @@ -18,7 +18,7 @@ spec: hibernationConfig: resumeTimeout: 20m0s imageSetRef: - name: ocp-release-4.12.39-x86-64-for-4.12.0-0-to-4.13.0-0 + name: ocp-release-4.12.40-x86-64-for-4.12.0-0-to-4.13.0-0 installAttemptsLimit: 1 installConfigSecretTemplateRef: name: install-config-aws-us-east-1 diff --git a/clusters/hive/pools/openstack-k8s-operators/openstack-k8s-operators-4-12-vexxhost-hybrid_clusterpool.yaml b/clusters/hive/pools/openstack-k8s-operators/openstack-k8s-operators-4-12-vexxhost-hybrid_clusterpool.yaml index dd082bd074e8..41da324a8359 100644 --- a/clusters/hive/pools/openstack-k8s-operators/openstack-k8s-operators-4-12-vexxhost-hybrid_clusterpool.yaml +++ b/clusters/hive/pools/openstack-k8s-operators/openstack-k8s-operators-4-12-vexxhost-hybrid_clusterpool.yaml @@ -16,7 +16,7 @@ spec: baseDomain: oooci.ccitredhat.com hibernationConfig: null imageSetRef: - name: ocp-release-4.12.39-x86-64-for-4.12.0-0-to-4.13.0-0 + name: ocp-release-4.12.40-x86-64-for-4.12.0-0-to-4.13.0-0 installAttemptsLimit: 3 installConfigSecretTemplateRef: name: install-config-hybrid-3cp