Skip to content

chore(tests): pin otel collector images by digest#24889

Open
thomasqueirozb wants to merge 4 commits intomasterfrom
pin-otel-collector-image-digests
Open

chore(tests): pin otel collector images by digest#24889
thomasqueirozb wants to merge 4 commits intomasterfrom
pin-otel-collector-image-digests

Conversation

@thomasqueirozb
Copy link
Contributor

@thomasqueirozb thomasqueirozb commented Mar 10, 2026

Summary

Pin otel/opentelemetry-collector-contrib images by digest in the OpenTelemetry e2e tests to satisfy supply chain security requirements.

The digest is embedded in the collector_version matrix value using tag@sha256:... syntax. vdev's rename_environment_keys now splits values containing @ for keys containing version, producing both CONFIG_*_VERSION and CONFIG_*_DIGEST env vars automatically.

Vector configuration

NA

How did you test this PR?

NA

Change Type

  • Bug fix
  • New feature
  • Dependencies
  • Non-functional (chore, refactoring, docs)
  • Performance

Is this a breaking change?

  • Yes
  • No

Does this PR include user facing changes?

  • Yes. Please add a changelog fragment based on our guidelines.
  • No. A maintainer will apply the no-changelog label to this PR.

References

NA

@thomasqueirozb thomasqueirozb added the no-changelog Changes in this PR do not need user-facing explanations in the release changelog label Mar 10, 2026
@thomasqueirozb thomasqueirozb marked this pull request as ready for review March 10, 2026 20:49
@thomasqueirozb thomasqueirozb requested a review from a team as a code owner March 10, 2026 20:49
@github-actions github-actions bot added the domain: vdev Anything related to the vdev tooling label Mar 10, 2026
@thomasqueirozb thomasqueirozb added this pull request to the merge queue Mar 11, 2026
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Mar 11, 2026
@thomasqueirozb thomasqueirozb added this pull request to the merge queue Mar 11, 2026
@thomasqueirozb thomasqueirozb removed this pull request from the merge queue due to a manual request Mar 11, 2026
@thomasqueirozb thomasqueirozb disabled auto-merge March 11, 2026 15:35
pront
pront requested changes Mar 11, 2026
View reviewed changes
Copy link
Member

@pront pront left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually let's just pin to an actual version.

Also, not a blocker, the matrix has only one version, we can just move it directly inside the dockerfile and let dependabot bump it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pront pront pront requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

domain: vdev Anything related to the vdev tooling no-changelog Changes in this PR do not need user-facing explanations in the release changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thomasqueirozb @pront