From fe779df8eba88e772b3d362a622e48db1bb96405 Mon Sep 17 00:00:00 2001
From: Ilya Maximets <i.maximets@ovn.org>
Date: Thu, 30 Oct 2025 23:47:58 +0100
Subject: [PATCH] ovn-kubernetes: Remove exemptions for now unpinned OVN rpms.

ovn* RPMs are no longer pinned in ovn-kubernetes images in order to
facilitate timely CVE and bug fix delivery.  Remove from exemptions.

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED

Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
---
 images/ose-ovn-kubernetes.yml        | 10 ----------
 images/ovn-kubernetes-base.yml       | 10 ----------
 images/ovn-kubernetes-microshift.yml | 10 ----------
 3 files changed, 30 deletions(-)

diff --git a/images/ose-ovn-kubernetes.yml b/images/ose-ovn-kubernetes.yml
index 5a30db4ee1..6a08cf1d28 100644
--- a/images/ose-ovn-kubernetes.yml
+++ b/images/ose-ovn-kubernetes.yml
@@ -15,16 +15,6 @@ enabled_repos:
 - rhel-8-fast-datapath-rpms
 - rhel-8-server-ose-rpms-embargoed
 
-# Generally doozer scan-sources will detect all possible change factors automatically and trigger rebuilds.
-# However, certain images may consume RPMs in unexpected way that make it programmatically impossible to
-# detect they were used.
-scan_sources:
-  # ovn-kubernetes uses pins in the Dockerfile.
-  # We should configure exemptions for those known pins to avoid meaningless rebuild.
-  # https://github.com/openshift/ovn-kubernetes/blob/e236fea83d62de8b60b9456770a3e0b525830051/Dockerfile.base#L22
-  exempt_rpms:
-  - ovn*
-
 for_payload: true
 from:
   builder:
diff --git a/images/ovn-kubernetes-base.yml b/images/ovn-kubernetes-base.yml
index fce6ccc24e..a5cea2daea 100644
--- a/images/ovn-kubernetes-base.yml
+++ b/images/ovn-kubernetes-base.yml
@@ -19,16 +19,6 @@ enabled_repos:
 - rhel-8-fast-datapath-rpms
 - rhel-8-server-ose-rpms-embargoed
 
-# Generally doozer scan-sources will detect all possible change factors automatically and trigger rebuilds.
-# However, certain images may consume RPMs in unexpected way that make it programmatically impossible to
-# detect they were used.
-scan_sources:
-  # ovn-kubernetes uses pins in the Dockerfile.
-  # We should configure exemptions for those known pins to avoid meaningless rebuild.
-  # https://github.com/openshift/ovn-kubernetes/blob/e236fea83d62de8b60b9456770a3e0b525830051/Dockerfile.base#L22
-  exempt_rpms:
-  - ovn*
-
 for_payload: false
 for_release: false
 from:
diff --git a/images/ovn-kubernetes-microshift.yml b/images/ovn-kubernetes-microshift.yml
index fe21e66804..f52eca6e4b 100644
--- a/images/ovn-kubernetes-microshift.yml
+++ b/images/ovn-kubernetes-microshift.yml
@@ -18,16 +18,6 @@ enabled_repos:
 - rhel-8-fast-datapath-rpms
 - rhel-8-server-ose-rpms-embargoed
 
-# Generally doozer scan-sources will detect all possible change factors automatically and trigger rebuilds.
-# However, certain images may consume RPMs in unexpected way that make it programmatically impossible to
-# detect they were used.
-scan_sources:
-  # ovn-kubernetes uses pins in the Dockerfile.
-  # We should configure exemptions for those known pins to avoid meaningless rebuild.
-  # https://github.com/openshift/ovn-kubernetes/blob/e236fea83d62de8b60b9456770a3e0b525830051/Dockerfile.base#L22
-  exempt_rpms:
-  - ovn*
-
 for_payload: true
 from:
   builder: