Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,15 @@ tests:
container:
from: terraform-provider-rhcs-clients
skip_if_only_changed: ^(LICENSE|OWNERS|.*\.md|\.gitignore|\.goreleaser\.yaml|\.golang-ci\.yml|renovate\.json|\.ci-operator\.yaml)$|^(?:docs|\.github|\.tekton|subsystem|examples)(?:/|$)
- as: security
optional: true
skip_if_only_changed: ^(LICENSE|OWNERS|.*\.md|\.gitignore|\.goreleaser\.yaml|\.golang-ci\.yml|renovate\.json|\.ci-operator\.yaml)$|^(?:docs|\.github|\.tekton|subsystem|examples)(?:/|$)
Comment thread
amandahla marked this conversation as resolved.
steps:
env:
PROJECT_NAME: terraform-provider-rhcs
SNYK_ENABLE_DEPS_SCAN: "true"
SNYK_PRE_EXECUTION_HOOK_CMD: unset GOFLAGS && go mod tidy && go mod vendor
workflow: openshift-ci-security
zz_generated_metadata:
branch: main
org: terraform-redhat
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2158,3 +2158,80 @@ presubmits:
secret:
secretName: result-aggregator
trigger: (?m)^/test( | .* )pre-push-checks,?($|\s.*)
- agent: kubernetes
always_run: false
branches:
- ^main$
- ^main-
cluster: build06
context: ci/prow/security
decorate: true
decoration_config:
sparse_checkout_files:
- .ci-operator.yaml
- Dockerfile.clients
labels:
ci.openshift.io/generator: prowgen
pj-rehearse.openshift.io/can-be-rehearsed: "true"
name: pull-ci-terraform-redhat-terraform-provider-rhcs-main-security
optional: true
rerun_command: /test security
skip_if_only_changed: ^(LICENSE|OWNERS|.*\.md|\.gitignore|\.goreleaser\.yaml|\.golang-ci\.yml|renovate\.json|\.ci-operator\.yaml)$|^(?:docs|\.github|\.tekton|subsystem|examples)(?:/|$)
spec:
containers:
- args:
- --gcs-upload-secret=/secrets/gcs/service-account.json
- --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
- --lease-server-credentials-file=/etc/boskos/credentials
- --report-credentials-file=/etc/report/credentials
- --target=security
command:
- ci-operator
env:
- name: HTTP_SERVER_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest
imagePullPolicy: Always
name: ""
ports:
- containerPort: 8080
name: http
resources:
requests:
cpu: 10m
volumeMounts:
- mountPath: /etc/boskos
name: boskos
readOnly: true
- mountPath: /secrets/gcs
name: gcs-credentials
readOnly: true
- mountPath: /secrets/manifest-tool
name: manifest-tool-local-pusher
readOnly: true
- mountPath: /etc/pull-secret
name: pull-secret
readOnly: true
- mountPath: /etc/report
name: result-aggregator
readOnly: true
serviceAccountName: ci-operator
volumes:
- name: boskos
secret:
items:
- key: credentials
path: credentials
secretName: boskos-credentials
- name: manifest-tool-local-pusher
secret:
secretName: manifest-tool-local-pusher
- name: pull-secret
secret:
secretName: registry-pull-credentials
- name: result-aggregator
secret:
secretName: result-aggregator
trigger: (?m)^/test( | .* )security,?($|\s.*)