Skip to content

OCPBUGS-76243: Backport Conforma compliance fixes to release-1.1#398

Open
alebedev87 wants to merge 5 commits intoopenshift:release-1.1from
alebedev87:backport-conforma-1.1
Open

OCPBUGS-76243: Backport Conforma compliance fixes to release-1.1#398
alebedev87 wants to merge 5 commits intoopenshift:release-1.1from
alebedev87:backport-conforma-1.1

Conversation

@alebedev87
Copy link
Copy Markdown
Contributor

@alebedev87 alebedev87 commented Apr 7, 2026
edited
Loading

  • Add build nudge annotation for operator push pipeline
  • Enforce hermetic builds and source images
  • Add OLM feature and valid-subscription annotations to CSV
  • Add set-version Makefile target with version sync/verify scripts
  • Add Renovate configuration

@alebedev87
Add build nudge annotation for operator push pipeline
d013436 
Add `build-nudge-files` annotation to the operator push pipeline
so that operator image rebuilds automatically trigger a bundle
update in `bundle-hack/container_digest.sh`.
@alebedev87
Enforce hermetic builds and source images for Conforma compliance
76bef4c 
Backport of the hermetic builds fix from main (40e8136) to release-1.2.

- Set `hermetic` and `build-source-image` defaults to `true` in all
  Tekton pipeline definitions.
- Switch bundle Containerfile update stage to `ubi9/ubi` with
  pre-packaged wheels for network-isolated builds.
- Add Conforma compliance labels to bundle Containerfile.
- Stop deleting `valid-subscription` annotation in bundle update script.
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci bot commented Apr 7, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign thealisyed for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@alebedev87 alebedev87 force-pushed the backport-conforma-1.1 branch from 4624368 to 10fa61d Compare April 8, 2026 05:45
@alebedev87
Add OLM feature and subscription annotations to CSV
0352204 
Backport from main the required OLM annotations for conforma
compliance: feature annotations (disconnected, fips-compliant,
proxy-aware, tls-profiles, token-auth-*) and valid-subscription.
Note: fips-compliant is set to "false" as the FIPS compliance
changes were not cherry-picked to release-1.2.
@alebedev87
Ensure version label is synchronized
f67df88 
Adds `hack/sync-version.sh` and `hack/verify-version.sh` to check that
the version label is set on Konflux Containerfiles.
Also updates the `Makefile` so that `BUNDLE_VERSION` derives its value
from the `VERSION` file, ensuring a single source of truth for all
version references.
@alebedev87
Add Renovate configuration
aced06f 
Add `renovate.json` to automate dependency updates for UBI8 base
images, Go toolset, and Konflux Tekton task references.
@alebedev87 alebedev87 force-pushed the backport-conforma-1.1 branch from 10fa61d to aced06f Compare April 8, 2026 05:49
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci bot commented Apr 8, 2026

@alebedev87: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@alebedev87 alebedev87 changed the title Backport Conforma compliance fixes to release-1.1 OCPBUGS-76243: Backport Conforma compliance fixes to release-1.1 Apr 8, 2026
@openshift-ci-robot openshift-ci-robot added jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Apr 8, 2026
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented Apr 8, 2026

@alebedev87: This pull request references Jira Issue OCPBUGS-76243, which is invalid:

  • release note text must be set and not match the template OR release note type must be set to "Release Note Not Required". For more information you can reference the OpenShift Bug Process.
  • expected Jira Issue OCPBUGS-76243 to depend on a bug in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

  • Add build nudge annotation for operator push pipeline
  • Enforce hermetic builds and source images
  • Add OLM feature and valid-subscription annotations to CSV
  • Add set-version Makefile target with version sync/verify scripts
  • Add Renovate configuration

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Apr 8, 2026
edited
Loading

Important

Review skipped

Auto reviews are limited based on label configuration.

🚫 Review skipped — only excluded labels are configured. (1)
  • do-not-merge/work-in-progress

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f9876b64-64c9-4aec-9411-e2fb23b58c1b

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci-robot openshift-ci-robot mentioned this pull request Apr 10, 2026
Merged
Thealisyed
Thealisyed reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@Thealisyed Thealisyed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Apr 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davidesalerno davidesalerno Awaiting requested review from davidesalerno

@grzpiotrowski grzpiotrowski Awaiting requested review from grzpiotrowski

1 more reviewer

@Thealisyed Thealisyed Thealisyed left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@Thealisyed Thealisyed

Labels

jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alebedev87 @openshift-ci-robot @Thealisyed