fix(KFLUXBUGS-1581): force releaseNotes.type when cves defined by johnbieren · Pull Request #619 · konflux-ci/release-service-catalog

johnbieren · 2024-10-16T18:28:20Z

This commit modifies the create-advisory task to fail when releaseNotes.type is RHSA but there are no CVEs listed as fixed. Also, if there are CVEs fixed, the type is forced to be RHSA regardless of what type the user provides.

openshift-ci · 2024-10-16T18:28:25Z

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

johnbieren · 2024-10-18T13:20:25Z

/retest

johnbieren · 2024-10-22T14:51:01Z

/retest

openshift-ci · 2024-10-22T16:31:16Z

@johnbieren: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/release-pipelines-e2e-suite	`3b0659c`	link	true	`/test release-pipelines-e2e-suite`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

johnbieren · 2024-10-22T17:12:36Z

/test release-pipelines-e2e-suite

openshift-ci · 2024-10-22T17:54:50Z

New changes are detected. LGTM label has been removed.

johnbieren · 2024-10-23T13:52:14Z

/retest

johnbieren · 2024-10-23T15:33:22Z

@flacatus can you help me figure out why e2e is failing here? I downloaded the artifacts but I can't figure it out

johnbieren · 2024-10-23T19:52:59Z

/retest

johnbieren · 2024-10-23T23:01:35Z

/retest

johnbieren · 2024-10-24T00:39:06Z

/retest

happybhati · 2024-10-24T02:16:59Z

/retest

jinqi7 · 2024-10-24T03:19:42Z

Rh-advisories e2e test case seems need to be changed since I saw this error from the log -

Logs from failed container 'managed-2549w-create-advisory/step-run-script':

RESULTS_FILE=/workspace/data/7a9ffd0e-5614-4b12-b829-eb434cf1e5fb/results/create-advisory-results.json
++ jq -r .application /workspace/data/7a9ffd0e-5614-4b12-b829-eb434cf1e5fb/snapshot_spec.json

application=advs-app-rjbv
++ jq -r .spec.origin /workspace/data/7a9ffd0e-5614-4b12-b829-eb434cf1e5fb/release_plan_admission.json

origin=dev-release-team-tenant
++ jq -c .releaseNotes /workspace/data/7a9ffd0e-5614-4b12-b829-eb434cf1e5fb/data.json

advisoryData='{"description":"releaseNotes description","references":["https://server.com/ref1","http://server2.com/ref2"],"solution":"some solution","synopsis":"test synopsis","topic":"test topic","cpe":"cpe:/a:example.com","product_id":555,"product_name":"test product","product_stream":"rhtas-tp1","product_version":"v1.0","type":"RHSA","content":{"images":[{"architecture":"amd64","containerImage":"registry.stage.redhat.io/rhtap/konflux-release-e2e@sha256:bf2fb2c7d63c924ff9170c27f0f15558f6a59bdfb5ad9613eb61d3e4bc1cff0a","purl":"pkg:oci/konflux-release-e2e@sha256%3Abf2fb2c7d63c924ff9170c27f0f15558f6a59bdfb5ad9613eb61d3e4bc1cff0a?arch=amd64&repository_url=registry.stage.redhat.io/rhtap","repository":"registry.stage.redhat.io/rhtap/konflux-release-e2e","tags":["latest","latest-1722908678","testtag","testtag-1722908678","testtag2","testtag2-1722908678"],"component":"advs-comp-vxvc"}]}}'
++ jq -er .sign.configMapName /workspace/data/7a9ffd0e-5614-4b12-b829-eb434cf1e5fb/data.json

configMapName=hacbs-signing-pipeline-config-redhatbeta2
++ jq -r .type

advisoryType=RHSA

[[ RHSA =~ ^(RHSA|RHBA|RHEA)$ ]]
++ jq '[.content.images[]?.cves.fixed // [] | length] | add'

NUM_CVES=0

[[ RHSA == \R\H\S\A ]]

[[ 0 -eq 0 ]]

echo 'Provided advisory type is RHSA, but no fixed CVEs were listed'
Provided advisory type is RHSA, but no fixed CVEs were listed
RHSA should only be used if CVEs are fixed in the advisory. Failing...

echo 'RHSA should only be used if CVEs are fixed in the advisory. Failing...'

exit 1
[FAILED] in [It] - /tmp/tmp.jzWiV5jUMg/tests/release/pipelines/rh_advisories.go:168 @ 10/24/24 01:58:15.051
<< Timeline

_

johnbieren · 2024-10-24T12:04:48Z

/retest

johnbieren · 2024-10-24T12:20:14Z

Rh-advisories e2e test case seems need to be changed since I saw this error from the log -

Logs from failed container 'managed-2549w-create-advisory/step-run-script':

RESULTS_FILE=/workspace/data/7a9ffd0e-5614-4b12-b829-eb434cf1e5fb/results/create-advisory-results.json
++ jq -r .application /workspace/data/7a9ffd0e-5614-4b12-b829-eb434cf1e5fb/snapshot_spec.json

application=advs-app-rjbv
++ jq -r .spec.origin /workspace/data/7a9ffd0e-5614-4b12-b829-eb434cf1e5fb/release_plan_admission.json

origin=dev-release-team-tenant
++ jq -c .releaseNotes /workspace/data/7a9ffd0e-5614-4b12-b829-eb434cf1e5fb/data.json

advisoryData='{"description":"releaseNotes description","references":["https://server.com/ref1","http://server2.com/ref2"],"solution":"some solution","synopsis":"test synopsis","topic":"test topic","cpe":"cpe:/a:example.com","product_id":555,"product_name":"test product","product_stream":"rhtas-tp1","product_version":"v1.0","type":"RHSA","content":{"images":[{"architecture":"amd64","containerImage":"registry.stage.redhat.io/rhtap/konflux-release-e2e@sha256:bf2fb2c7d63c924ff9170c27f0f15558f6a59bdfb5ad9613eb61d3e4bc1cff0a","purl":"pkg:oci/konflux-release-e2e@sha256%3Abf2fb2c7d63c924ff9170c27f0f15558f6a59bdfb5ad9613eb61d3e4bc1cff0a?arch=amd64&repository_url=registry.stage.redhat.io/rhtap","repository":"registry.stage.redhat.io/rhtap/konflux-release-e2e","tags":["latest","latest-1722908678","testtag","testtag-1722908678","testtag2","testtag2-1722908678"],"component":"advs-comp-vxvc"}]}}'
++ jq -er .sign.configMapName /workspace/data/7a9ffd0e-5614-4b12-b829-eb434cf1e5fb/data.json

configMapName=hacbs-signing-pipeline-config-redhatbeta2
++ jq -r .type

advisoryType=RHSA

[[ RHSA =~ ^(RHSA|RHBA|RHEA)$ ]]
++ jq '[.content.images[]?.cves.fixed // [] | length] | add'

NUM_CVES=0

[[ RHSA == \R\H\S\A ]]

[[ 0 -eq 0 ]]

echo 'Provided advisory type is RHSA, but no fixed CVEs were listed'
Provided advisory type is RHSA, but no fixed CVEs were listed
RHSA should only be used if CVEs are fixed in the advisory. Failing...

echo 'RHSA should only be used if CVEs are fixed in the advisory. Failing...'

exit 1
[FAILED] in [It] - /tmp/tmp.jzWiV5jUMg/tests/release/pipelines/rh_advisories.go:168 @ 10/24/24 01:58:15.051
<< Timeline

_

Thanks for pointing that out. E2E has been so flaky I didn't even look. You are right, https://github.com/konflux-ci/e2e-tests/blob/main/tests/release/pipelines/rh_advisories.go#L263 is wrong. I will update it

jinqi7 · 2024-10-24T12:26:21Z

The same for multiarch_advisories.go. I got the data from the JIRA task. I didn't know what it should be before.

Thanks for pointing that out. E2E has been so flaky I didn't even look. You are right, https://github.com/konflux-ci/e2e-tests/blob/main/tests/release/pipelines/rh_advisories.go#L263 is wrong. I will update it

johnbieren · 2024-10-24T12:34:14Z

The same for multiarch_advisories.go. I got the data from the JIRA task. I didn't know what it should be before.

Thanks for pointing that out. E2E has been so flaky I didn't even look. You are right, https://github.com/konflux-ci/e2e-tests/blob/main/tests/release/pipelines/rh_advisories.go#L263 is wrong. I will update it

konflux-ci/e2e-tests#1440

This commit modifies the create-advisory task to fail when releaseNotes.type is RHSA but there are no CVEs listed as fixed. Also, if there are CVEs fixed, the type is forced to be RHSA regardless of what type the user provides. Signed-off-by: Johnny Bieren <jbieren@redhat.com>

openshift-ci Bot added the do-not-merge/work-in-progress label Oct 16, 2024

johnbieren force-pushed the kfluxbugs1581 branch 2 times, most recently from 30d70b4 to 9b3c6ae Compare October 16, 2024 18:42

johnbieren marked this pull request as ready for review October 16, 2024 18:48

johnbieren requested a review from a team as a code owner October 16, 2024 18:48

openshift-ci Bot removed the do-not-merge/work-in-progress label Oct 16, 2024

mmalina reviewed Oct 17, 2024

View reviewed changes

Comment thread tasks/create-advisory/create-advisory.yaml

mmalina reviewed Oct 17, 2024

View reviewed changes

Comment thread tasks/create-advisory/create-advisory.yaml

mmalina reviewed Oct 17, 2024

View reviewed changes

Comment thread tasks/create-advisory/create-advisory.yaml Outdated

johnbieren force-pushed the kfluxbugs1581 branch from 9b3c6ae to 835e219 Compare October 17, 2024 13:01

theflockers approved these changes Oct 18, 2024

View reviewed changes

openshift-ci Bot assigned theflockers Oct 18, 2024

openshift-ci Bot added the lgtm label Oct 18, 2024

mmalina approved these changes Oct 18, 2024

View reviewed changes

openshift-ci Bot assigned mmalina Oct 18, 2024

johnbieren force-pushed the kfluxbugs1581 branch from 835e219 to 57f909b Compare October 18, 2024 11:47

openshift-ci Bot removed the lgtm label Oct 18, 2024

johnbieren force-pushed the kfluxbugs1581 branch from 57f909b to c6f0c88 Compare October 18, 2024 12:50

johnbieren enabled auto-merge (squash) October 18, 2024 13:11

johnbieren force-pushed the kfluxbugs1581 branch from c6f0c88 to 7728691 Compare October 22, 2024 12:47

johnbieren force-pushed the kfluxbugs1581 branch from 7728691 to 3b0659c Compare October 22, 2024 15:21

happybhati approved these changes Oct 22, 2024

View reviewed changes

openshift-ci Bot assigned happybhati Oct 22, 2024

openshift-ci Bot added the lgtm label Oct 22, 2024

johnbieren force-pushed the kfluxbugs1581 branch from 3b0659c to bcbfd4d Compare October 22, 2024 17:54

openshift-ci Bot removed the lgtm label Oct 22, 2024

johnbieren force-pushed the kfluxbugs1581 branch 2 times, most recently from 2920ab9 to b915ff2 Compare October 23, 2024 12:04

johnbieren force-pushed the kfluxbugs1581 branch 2 times, most recently from e5e88e6 to c86e816 Compare October 23, 2024 18:44

johnbieren force-pushed the kfluxbugs1581 branch from c86e816 to fb27b27 Compare October 23, 2024 21:16

johnbieren force-pushed the kfluxbugs1581 branch from fb27b27 to a09d1ab Compare October 24, 2024 14:22

johnbieren merged commit 08770dc into konflux-ci:development Oct 24, 2024

johnbieren deleted the kfluxbugs1581 branch October 24, 2024 15:47

Conversation

johnbieren commented Oct 16, 2024

Uh oh!

openshift-ci Bot commented Oct 16, 2024

Uh oh!

Uh oh!

Uh oh!

Uh oh!

johnbieren commented Oct 18, 2024

Uh oh!

johnbieren commented Oct 22, 2024

Uh oh!

openshift-ci Bot commented Oct 22, 2024

Uh oh!

johnbieren commented Oct 22, 2024

Uh oh!

openshift-ci Bot commented Oct 22, 2024

Uh oh!

johnbieren commented Oct 23, 2024

Uh oh!

johnbieren commented Oct 23, 2024

Uh oh!

johnbieren commented Oct 23, 2024

Uh oh!

johnbieren commented Oct 23, 2024

Uh oh!

johnbieren commented Oct 24, 2024

Uh oh!

happybhati commented Oct 24, 2024

Uh oh!

jinqi7 commented Oct 24, 2024

Uh oh!

johnbieren commented Oct 24, 2024

Uh oh!

johnbieren commented Oct 24, 2024

Uh oh!

jinqi7 commented Oct 24, 2024

Uh oh!

johnbieren commented Oct 24, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants