Closed QiWang19 closed 1 week ago
Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all
@QiWang19: This pull request references Jira Issue OCPBUGS-36344, which is invalid:
Comment /jira refresh
to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.
The bug has been updated to refer to the pull request using the external bug tracker.
/jira refresh
@QiWang19: This pull request references Jira Issue OCPBUGS-36344, which is valid. The bug has been moved to the POST state.
No GitHub users were found matching the public email listed for the QA contact in Jira (schoudha@redhat.com), skipping review request.
/test all
@QiWang19: This pull request references Jira Issue OCPBUGS-36344, which is valid.
No GitHub users were found matching the public email listed for the QA contact in Jira (schoudha@redhat.com), skipping review request.
The bug has been updated to refer to the pull request using the external bug tracker.
@mtrmac could you review?
Arguably, it might not be strictly necessary to be precise in the use-sigstore-attachments
configuration, the performance impact of enabling that unnecessarily is a few HTTP round-trips per image. OTOH it does add some interoperability risk — if we don’t correctly recognize the registry’s response as “sigstore image not found”, that can cause the whole pull to fail.
So, I think, at the very least, it should not be hard-coded enabled via default-docker
, at least for now; using somewhat wider scopes within a registry which is used to fetch sigstore-signed images is not ideal but might be acceptable if we were under time pressure.
@mtrmac Could you review?
I think we can move the code to runtime-utils/pkg/registries
in the follow-up PRs since we are under time pressure. What do you think?
/lgtm
The unit test failure seems not to be obviously related, but I didn’t investigate beyond reading the backtrace.
/test unit
/assign @saschagrunert Could you approve?
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: mtrmac, QiWang19, saschagrunert
The full list of commands accepted by this bot can be found here.
The pull request process is described here
@QiWang19: The following test failed, say /retest
to rerun all failed tests or /retest-required
to rerun all mandatory failed tests:
Test name | Commit | Details | Required | Rerun command |
---|---|---|---|---|
ci/prow/e2e-gcp-op-techpreview | 861d9aff147e97f0b20fc5eb532ae6f7589a6b04 | link | false | /test e2e-gcp-op-techpreview |
Full PR test history. Your PR dashboard.
@QiWang19: Jira Issue OCPBUGS-36344: All pull requests linked via external trackers have merged:
Jira Issue OCPBUGS-36344 has been moved to the MODIFIED state.
[ART PR BUILD NOTIFIER]
This PR has been included in build ose-machine-config-operator-container-v4.17.0-202407111341.p0.g35ce1c1.assembly.stream.el9 for distgit ose-machine-config-operator. All builds following this will include this PR.
Close: #4446 - What I did
- How to verify it
Cluster 4.17.0-0.ci.test-2024-07-08-173847 has default ICSP:
Apply CIP:
Pull from mirror, check the log:
Looking for sigstore attachments
- Description for the changelog
Add icsp/idms/itms mirrors of CIP scope to /etc/containers/registries.d, so sigstore attachment will be used during the image pull and verification.