ROSA-745: branch-protection for addon-operator (Konflux + mandatory prow)#79947
Conversation
|
@MitaliBhalla: This pull request references ROSA-745 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the initiative to target the "5.0.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository YAML (base), Central YAML (inherited) Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (1)
WalkthroughAdds a branch-protection section to the Prow config for openshift/addon-operator, protecting the ChangesBranch Protection for addon-operator
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Suggested reviewers
🚥 Pre-merge checks | ✅ 15✅ Passed checks (15 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Require primary Konflux on-pull-request and mandatory ci/prow/* presubmits (non-optional only; derived from ci-operator presubmits + DPP-20685 list). Repo settings (auto-merge, merge commits) remain DPP. Repos: addon-operator
e5ea8ae to
9128ecb
Compare
|
@MitaliBhalla: |
Branch protection layout (ROSA-745)Supplemental
Dependency PRs must pass prow/Konflux when those jobs run. |
|
The FedRAMP team has looked at this PR, and we don't have any concerns. |
| required_status_checks: | ||
| contexts: | ||
| - Konflux kflux-prd-rh03 / addon-operator-on-pull-request | ||
| - ci/prow/ci-index-addon-operator-bundle |
There was a problem hiding this comment.
This is not needed anymore since addon-operator is deployed via package-operator packages.
addon-operator is deployed via package-operator packages; the OLM bundle index presubmit is not needed as a branch-protection gate (erdii review). Co-authored-by: Cursor <cursoragent@cursor.com>
|
[REHEARSALNOTIFIER] Note: If this PR includes changes to step registry files ( Interacting with pj-rehearseComment: Once you are satisfied with the results of the rehearsals, comment: |
|
@MitaliBhalla: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: MitaliBhalla, psalajova The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
@MitaliBhalla: Updated the following 2 configmaps:
DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
…row) (openshift#79947) * ROSA-745: branch-protection for fedramp (Konflux + mandatory prow) Require primary Konflux on-pull-request and mandatory ci/prow/* presubmits (non-optional only; derived from ci-operator presubmits + DPP-20685 list). Repo settings (auto-merge, merge commits) remain DPP. Repos: addon-operator * ROSA-745: drop ci-index-addon-operator-bundle from required checks addon-operator is deployed via package-operator packages; the OLM bundle index presubmit is not needed as a branch-protection gate (erdii review). Co-authored-by: Cursor <cursoragent@cursor.com> --------- Co-authored-by: Cursor <cursoragent@cursor.com>
…row) (openshift#79947) * ROSA-745: branch-protection for fedramp (Konflux + mandatory prow) Require primary Konflux on-pull-request and mandatory ci/prow/* presubmits (non-optional only; derived from ci-operator presubmits + DPP-20685 list). Repo settings (auto-merge, merge commits) remain DPP. Repos: addon-operator * ROSA-745: drop ci-index-addon-operator-bundle from required checks addon-operator is deployed via package-operator packages; the OLM bundle index presubmit is not needed as a branch-protection gate (erdii review). Co-authored-by: Cursor <cursoragent@cursor.com> --------- Co-authored-by: Cursor <cursoragent@cursor.com>
…row) (openshift#79947) * ROSA-745: branch-protection for fedramp (Konflux + mandatory prow) Require primary Konflux on-pull-request and mandatory ci/prow/* presubmits (non-optional only; derived from ci-operator presubmits + DPP-20685 list). Repo settings (auto-merge, merge commits) remain DPP. Repos: addon-operator * ROSA-745: drop ci-index-addon-operator-bundle from required checks addon-operator is deployed via package-operator packages; the OLM bundle index presubmit is not needed as a branch-protection gate (erdii review). Co-authored-by: Cursor <cursoragent@cursor.com> --------- Co-authored-by: Cursor <cursoragent@cursor.com>
…row) (openshift#79947) * ROSA-745: branch-protection for fedramp (Konflux + mandatory prow) Require primary Konflux on-pull-request and mandatory ci/prow/* presubmits (non-optional only; derived from ci-operator presubmits + DPP-20685 list). Repo settings (auto-merge, merge commits) remain DPP. Repos: addon-operator * ROSA-745: drop ci-index-addon-operator-bundle from required checks addon-operator is deployed via package-operator packages; the OLM bundle index presubmit is not needed as a branch-protection gate (erdii review). Co-authored-by: Cursor <cursoragent@cursor.com> --------- Co-authored-by: Cursor <cursoragent@cursor.com>
Summary
ROSA-745 branch-protection for FedRAMP
addon-operator(main).Konflux + mandatory prow (7 contexts). DPP: repo settings only.
Test plan
Summary by CodeRabbit
This PR establishes branch protection for the
openshift/addon-operatorrepository'smainbranch as part of the ROSA-745 FedRAMP compliance initiative. The change adds a Prow configuration file that enforces required status checks before code can be merged.What's protected:
The
mainbranch ofaddon-operatornow requires the following checks to pass before pull requests can merge:addon-operator-on-pull-requestcoverage,images,lint,precommit-check, andunitPractical impact:
Any PR to the
addon-operatorrepository targeting themainbranch must now pass both the Konflux build verification and all five mandatory Prow presubmit jobs before it can be merged. This ensures code quality and compliance requirements are met through both build and test infrastructure.The configuration is limited to branch-protection rules and tide query settings, with no changes to the job definitions themselves.