Closed edewata closed 2 months ago
sonarcloud[bot]
commented
2 months ago 
Quality Gate passedIssues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
edewata
commented
2 months ago @fmarco76 Thanks! I'll merge but feel free to continue the discussion.
I think the focus of PKI CI should be to make sure that PKI itself, not the dependencies, is free of issues, and in order to achieve that we require that the dependencies themselves are also free of issues. The DS container doesn't have issues, at least for the cases that we're testing, but the DS RPM does, so we cannot use the RPM at least for now. Ideally this DS issue should have been tested and caught by DS CI or maybe IdM test farm. I don't think we should repeat the same test in PKI CI considering our resources are limited.
From PKI's perspective the DS container and RPM are functionally identical, so technically we should be able to use any of them to test PKI. Also, if needed, we can still use the DS RPM by configuring the DS_IMAGE variable, but it should not be the default because of this issue and also it's relatively slower to install.
In contrast, Tomcat 9 and 10 will require different code in PKI, so it would make sense to test both Tomcat versions in PKI CI in case we need to support both of them at the same time (e.g. for different platforms).
The tests for CA with secure DS connection (including cloning) have been updated to use DS containers instead of DS RPM packages from Fedora to avoid DS issue #6316.
https://github.com/389ds/389-ds-base/issues/6316