Release v1.20

.tekton/create-ci-image-pipelinerun.yaml

@@ -102,6 +102,8 @@ spec:
             value: $(tasks.generate-image-name.results.image-name)
           - name: DOCKERFILE
             value: ./Dockerfile.CI
+          - name: TLSVERIFY
+            value: 'true'
         runAfter: 
           - generate-image-name
         workspaces:
@@ -129,11 +131,15 @@ spec:
             value: $(tasks.generate-image-name.results.image-name)
           - name: DOCKERFILE
             value: ./Dockerfile.CI
+          - name: TLSVERIFY
+            value: 'true'
         runAfter: 
           - generate-image-name
         workspaces:
           - name: source
             workspace: source
+          - name: dockerconfig
+            workspace: dockerconfig
         when: 
           - input: "{{ event_type }}"
             operator: in 
@@ -157,6 +163,10 @@ spec:
             value: docker://$(tasks.generate-image-name.results.image-name)
           - name: DESTINATION_IMAGE_URL
             value: docker://$(tasks.generate-image-name.results.image-name-timestamp)
+          - name: SRC_TLS_VERIFY
+            value: 'false'
+          - name: DEST_TLS_VERIFY
+            value: 'true'
         runAfter:
           - buildah-push
           - buildah-pull-request

Dockerfile.CI

@@ -10,10 +10,10 @@ RUN wget https://certs.corp.redhat.com/certs/Current-IT-Root-CAs.pem \
     -O /etc/pki/ca-trust/source/anchors/Current-IT-Root-CAs.pem && \
     update-ca-trust extract
 
-RUN wget https://github.com/mikefarah/yq/releases/download/v4.45.1/yq_linux_amd64 -O /usr/bin/yq &&\
+RUN wget https://github.com/mikefarah/yq/releases/download/v4.50.1/yq_linux_amd64 -O /usr/bin/yq &&\
     chmod +x /usr/bin/yq
 
-ENV OC_VERSION=4.18
+ENV OC_VERSION=4.19
 RUN wget https://mirror.openshift.com/pub/openshift-v4/clients/ocp/fast-${OC_VERSION}/openshift-client-linux.tar.gz \
     -O /tmp/openshift-client.tar.gz &&\
     tar xzf /tmp/openshift-client.tar.gz -C /usr/bin oc &&\
@@ -37,7 +37,7 @@ RUN wget https://mirror.openshift.com/pub/openshift-v4/clients/rosa/latest/rosa-
     tar xzf /tmp/rosa.tar.gz -C /usr/bin --no-same-owner rosa &&\
     rm /tmp/rosa.tar.gz
 
-ENV TKN_VERSION=1.18.0
+ENV TKN_VERSION=1.20.0
 RUN wget https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/${TKN_VERSION}/tkn-linux-amd64.tar.gz \
    -O /tmp/tkn.tar.gz &&\
    tar xzf /tmp/tkn.tar.gz -C /usr/bin --no-same-owner tkn tkn-pac opc &&\
@@ -46,29 +46,30 @@ RUN wget https://mirror.openshift.com/pub/openshift-v4/clients/pipelines/${TKN_V
 RUN wget https://dl.min.io/client/mc/release/linux-amd64/mc -O /usr/bin/mc &&\
     chmod u+x /usr/bin/mc
 
-ENV GAUGE_VERSION=1.6.16
+ENV GAUGE_VERSION=1.6.20
 RUN wget https://github.com/getgauge/gauge/releases/download/v${GAUGE_VERSION}/gauge-${GAUGE_VERSION}-linux.x86_64.zip \
     -O /tmp/gauge.zip &&\
     unzip /tmp/gauge.zip gauge -d /usr/bin &&\
     rm /tmp/gauge.zip &&\
     ln -s /usr/bin/oc /usr/bin/kubectl &&\
     gauge install go &&\
     gauge install html-report &&\
-    gauge install xml-report &&\
+    gauge uninstall xml-report &&\
+    gauge install xml-report -v 0.5.3 &&\
     gauge install reportportal -v 1.16.2 &&\
     gauge config check_updates false &&\
     gauge config runner_connection_timeout 600000 && \
     gauge config runner_request_timeout 300000 &&\
     go env -w GOPROXY="https://proxy.golang.org,direct" &&\
     gauge version
 
-RUN wget https://github.com/sigstore/cosign/releases/download/v2.5.0/cosign-linux-amd64 -O /usr/bin/cosign && \
+RUN wget https://github.com/sigstore/cosign/releases/download/v3.0.3/cosign-linux-amd64 -O /usr/bin/cosign && \
     chmod a+x /usr/bin/cosign
 
-RUN wget https://github.com/sigstore/rekor/releases/download/v1.3.10/rekor-cli-linux-amd64 -O /usr/bin/rekor-cli && \
+RUN wget https://github.com/sigstore/rekor/releases/download/v1.4.3/rekor-cli-linux-amd64 -O /usr/bin/rekor-cli && \
     chmod u+x /usr/bin/rekor-cli
 
-ENV GOLANGCI_LINT_VERSION=2.1.5
+ENV GOLANGCI_LINT_VERSION=2.7.2
 RUN wget -O /tmp/golangci-lint.tar.gz https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64.tar.gz \
     && tar --strip-components=1 -C /usr/bin -xzf /tmp/golangci-lint.tar.gz golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64/golangci-lint \
     && rm -f /tmp/golangci-lint.tar.gz

env/default/default.properties

@@ -43,14 +43,14 @@ CATALOG_SOURCE = redhat-operators
 SUBSCRIPTION_NAME = openshift-pipelines-operator-rh
 
 CHAINS_VERSION = v0.25
-HUB_VERSION = v1.21
-MANUAL_APPROVAL_VERSION = v0.6
-OPERATOR_VERSION = devel
-OSP_VERSION = 5.0.5
-OSP_TUTORIAL_BRANCH = master
-PAC_VERSION = 0.35
-PIPELINE_VERSION = v1.0
-RESULTS_VERSION = v0.15
+HUB_VERSION = v1.22
+MANUAL_APPROVAL_VERSION = v0.7
+OPERATOR_VERSION = 0.77
+OSP_VERSION = 1.20
+OSP_TUTORIAL_BRANCH = pipelines-1.20
+PAC_VERSION = 0.37
+PIPELINE_VERSION = v1.3
+RESULTS_VERSION = v0.16
 TARGET = openshift
-TKN_CLIENT_VERSION = 0.41
-TRIGGERS_VERSION = v0.32
+TKN_CLIENT_VERSION = 0.42
+TRIGGERS_VERSION = v0.33

manifest.json

@@ -3,5 +3,6 @@
   "Plugins": [
     "html-report",
     "xml-report"
-  ]
-}
+  ],
+  "EnvironmentDir": ""
+}

pkg/oc/oc.go

@@ -127,6 +127,10 @@ func CreateSecretForGitResolver(secretData string) {
 	cmd.MustSucceed("oc", "create", "secret", "generic", "github-auth-secret", "--from-literal", "github-auth-key="+secretData, "-n", "openshift-pipelines")
 }
 
+func CreateSecretInNamespace(secretData, secretName, namespace string) {
+	cmd.MustSucceed("oc", "create", "secret", "generic", secretName, "--from-literal", "private-repo-token="+secretData, "-n", namespace)
+}
+
 func CreateSecretForWebhook(tokenSecretData, webhookSecretData, namespace string) {
 	cmd.MustSucceed("oc", "create", "secret", "generic", "gitlab-webhook-config", "--from-literal", "provider.token="+tokenSecretData, "--from-literal", "webhook.secret="+webhookSecretData, "-n", namespace)
 }
@@ -168,4 +172,4 @@ func CopySecret(secretName string, sourceNamespace string, destNamespace string)
 	cmdOutput := cmd.MustSucceed("bash", "-c", fmt.Sprintf(`echo '%s' | jq 'del(.metadata["namespace", "creationTimestamp", "resourceVersion", "selfLink", "uid", "annotations"]) | .data |= with_entries(if .key == "github-auth-key" then .key = "token" else . end)'`, secretJson)).Stdout()
 	cmd.MustSucceed("bash", "-c", fmt.Sprintf(`echo '%s' | kubectl apply -n %s -f -`, cmdOutput, destNamespace))
 	log.Printf("Successfully copied secret %s from %s to %s", secretName, sourceNamespace, destNamespace)
-}
+}

pkg/operator/operator.go

@@ -42,15 +42,20 @@ func ValidateRBACAfterDisable(cs *clients.Clients, rnames utils.ResourceNames) {
 	AssertServiceAccountPresent(cs, store.Namespace(), "pipeline")
 	// Verify clusterrole does not create
 	AssertClusterRoleNotPresent(cs, "pipelines-scc-clusterrole")
-	// Verify configmaps is not created in any namespace
-	AssertConfigMapNotPresent(cs, store.Namespace(), "config-service-cabundle")
-	AssertConfigMapNotPresent(cs, store.Namespace(), "config-trusted-cabundle")
 	// Verify roleBindings is not created in any namespace
 	AssertRoleBindingNotPresent(cs, store.Namespace(), "edit")
 	AssertRoleBindingNotPresent(cs, store.Namespace(), "pipelines-scc-rolebinding")
 	AssertSCCNotPresent(cs, "pipelines-scc")
 }
 
+func ValidateCABundleConfigMaps(cs *clients.Clients, rnames utils.ResourceNames) {
+	log.Printf("Verifying that TektonConfig status is \"installed\"\n")
+	EnsureTektonConfigStatusInstalled(cs.TektonConfig(), rnames)
+	// Verify CA Bundle ConfigMaps are created
+	AssertConfigMapPresent(cs, store.Namespace(), "config-service-cabundle")
+	AssertConfigMapPresent(cs, store.Namespace(), "config-trusted-cabundle")
+}
+
 func ValidatePipelineDeployments(cs *clients.Clients, rnames utils.ResourceNames) {
 	if _, err := EnsureTektonPipelineExists(cs.TektonPipeline(), rnames); err != nil {
 		testsuit.T.Fail(fmt.Errorf("TektonPipelines doesn't exists\n %v", err))