diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index ba49797f66390..a3cfe29820427 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -177,7 +177,9 @@ aliases: - dobsonj - gnufied - jsafrane + - RomanBednar - tsmetana + - mpatlasov storage-reviewers: - bertinatto - dobsonj @@ -185,6 +187,7 @@ aliases: - jsafrane - RomanBednar - tsmetana + - mpatlasov powervs-approvers: - hamzy - clnperez diff --git a/ci-operator/config/openshift/aws-efs-csi-driver-operator/openshift-aws-efs-csi-driver-operator-master.yaml b/ci-operator/config/openshift/aws-efs-csi-driver-operator/openshift-aws-efs-csi-driver-operator-master.yaml index 53b7cd419afd9..576e790029341 100644 --- a/ci-operator/config/openshift/aws-efs-csi-driver-operator/openshift-aws-efs-csi-driver-operator-master.yaml +++ b/ci-operator/config/openshift/aws-efs-csi-driver-operator/openshift-aws-efs-csi-driver-operator-master.yaml @@ -141,6 +141,12 @@ tests: steps: test: - ref: go-verify-deps +- as: security + optional: true + steps: + env: + PROJECT_NAME: aws-efs-csi-driver-operator + workflow: openshift-ci-security zz_generated_metadata: branch: master org: openshift diff --git a/ci-operator/config/openshift/aws-efs-csi-driver/openshift-aws-efs-csi-driver-master.yaml b/ci-operator/config/openshift/aws-efs-csi-driver/openshift-aws-efs-csi-driver-master.yaml index 6a99d4a94a1a7..efdd3bd630b33 100644 --- a/ci-operator/config/openshift/aws-efs-csi-driver/openshift-aws-efs-csi-driver-master.yaml +++ b/ci-operator/config/openshift/aws-efs-csi-driver/openshift-aws-efs-csi-driver-master.yaml @@ -57,6 +57,12 @@ tests: steps: test: - ref: go-verify-deps +- as: security + optional: true + steps: + env: + PROJECT_NAME: aws-efs-csi-driver + workflow: openshift-ci-security - as: verify-commits commands: | commitchecker --start ${PULL_BASE_SHA:-master} diff --git a/ci-operator/config/openshift/azure-disk-csi-driver/openshift-azure-disk-csi-driver-master.yaml b/ci-operator/config/openshift/azure-disk-csi-driver/openshift-azure-disk-csi-driver-master.yaml index 07cbdaa336b6d..da7576d4de5ec 100644 --- a/ci-operator/config/openshift/azure-disk-csi-driver/openshift-azure-disk-csi-driver-master.yaml +++ b/ci-operator/config/openshift/azure-disk-csi-driver/openshift-azure-disk-csi-driver-master.yaml @@ -58,6 +58,12 @@ tests: steps: test: - ref: go-verify-deps +- as: security + optional: true + steps: + env: + PROJECT_NAME: azure-disk-csi-driver + workflow: openshift-ci-security - as: e2e-azure steps: cluster_profile: azure4 diff --git a/ci-operator/config/openshift/azure-file-csi-driver-operator/openshift-azure-file-csi-driver-operator-main.yaml b/ci-operator/config/openshift/azure-file-csi-driver-operator/openshift-azure-file-csi-driver-operator-main.yaml index 4e7f6379c34f4..66f31a42ec379 100644 --- a/ci-operator/config/openshift/azure-file-csi-driver-operator/openshift-azure-file-csi-driver-operator-main.yaml +++ b/ci-operator/config/openshift/azure-file-csi-driver-operator/openshift-azure-file-csi-driver-operator-main.yaml @@ -80,6 +80,12 @@ tests: steps: test: - ref: go-verify-deps +- as: security + optional: true + steps: + env: + PROJECT_NAME: azure-file-csi-driver-operator + workflow: openshift-ci-security - always_run: false as: e2e-azure-manual-oidc optional: true diff --git a/ci-operator/config/openshift/azure-file-csi-driver/openshift-azure-file-csi-driver-master.yaml b/ci-operator/config/openshift/azure-file-csi-driver/openshift-azure-file-csi-driver-master.yaml index 5021dec6dd74b..ab6b95acfdea0 100644 --- a/ci-operator/config/openshift/azure-file-csi-driver/openshift-azure-file-csi-driver-master.yaml +++ b/ci-operator/config/openshift/azure-file-csi-driver/openshift-azure-file-csi-driver-master.yaml @@ -85,6 +85,12 @@ tests: steps: test: - ref: go-verify-deps +- as: security + optional: true + steps: + env: + PROJECT_NAME: azure-file-csi-driver + workflow: openshift-ci-security - always_run: false as: e2e-azure-manual-oidc optional: true diff --git a/ci-operator/config/openshift/cluster-csi-snapshot-controller-operator/openshift-cluster-csi-snapshot-controller-operator-master.yaml b/ci-operator/config/openshift/cluster-csi-snapshot-controller-operator/openshift-cluster-csi-snapshot-controller-operator-master.yaml index ae98cd4ee6581..1251ddece2886 100644 --- a/ci-operator/config/openshift/cluster-csi-snapshot-controller-operator/openshift-cluster-csi-snapshot-controller-operator-master.yaml +++ b/ci-operator/config/openshift/cluster-csi-snapshot-controller-operator/openshift-cluster-csi-snapshot-controller-operator-master.yaml @@ -71,6 +71,12 @@ tests: steps: test: - ref: go-verify-deps +- as: security + optional: true + steps: + env: + PROJECT_NAME: cluster-csi-snapshot-controller-operator + workflow: openshift-ci-security zz_generated_metadata: branch: master org: openshift diff --git a/ci-operator/config/openshift/cluster-storage-operator/openshift-cluster-storage-operator-master.yaml b/ci-operator/config/openshift/cluster-storage-operator/openshift-cluster-storage-operator-master.yaml index 17adddfadc3db..78fa9dff9e93c 100644 --- a/ci-operator/config/openshift/cluster-storage-operator/openshift-cluster-storage-operator-master.yaml +++ b/ci-operator/config/openshift/cluster-storage-operator/openshift-cluster-storage-operator-master.yaml @@ -156,6 +156,12 @@ tests: steps: test: - ref: go-verify-deps +- as: security + optional: true + steps: + env: + PROJECT_NAME: cluster-storage-operator + workflow: openshift-ci-security zz_generated_metadata: branch: master org: openshift diff --git a/ci-operator/config/openshift/csi-external-attacher/openshift-csi-external-attacher-master.yaml b/ci-operator/config/openshift/csi-external-attacher/openshift-csi-external-attacher-master.yaml index 5c69f1d384665..046d444d97db2 100644 --- a/ci-operator/config/openshift/csi-external-attacher/openshift-csi-external-attacher-master.yaml +++ b/ci-operator/config/openshift/csi-external-attacher/openshift-csi-external-attacher-master.yaml @@ -60,6 +60,12 @@ tests: steps: test: - ref: go-verify-deps +- as: security + optional: true + steps: + env: + PROJECT_NAME: csi-external-attacher + workflow: openshift-ci-security - as: verify-commits commands: | commitchecker --start ${PULL_BASE_SHA:-master} diff --git a/ci-operator/config/openshift/csi-external-provisioner/openshift-csi-external-provisioner-master.yaml b/ci-operator/config/openshift/csi-external-provisioner/openshift-csi-external-provisioner-master.yaml index 520c96da233e8..3e9ce99f8c708 100644 --- a/ci-operator/config/openshift/csi-external-provisioner/openshift-csi-external-provisioner-master.yaml +++ b/ci-operator/config/openshift/csi-external-provisioner/openshift-csi-external-provisioner-master.yaml @@ -60,6 +60,12 @@ tests: steps: test: - ref: go-verify-deps +- as: security + optional: true + steps: + env: + PROJECT_NAME: csi-external-provisioner + workflow: openshift-ci-security - as: verify-commits commands: | commitchecker --start ${PULL_BASE_SHA:-master} diff --git a/ci-operator/config/openshift/csi-node-driver-registrar/openshift-csi-node-driver-registrar-master.yaml b/ci-operator/config/openshift/csi-node-driver-registrar/openshift-csi-node-driver-registrar-master.yaml index 499c92a70f8b5..92925d47ce2df 100644 --- a/ci-operator/config/openshift/csi-node-driver-registrar/openshift-csi-node-driver-registrar-master.yaml +++ b/ci-operator/config/openshift/csi-node-driver-registrar/openshift-csi-node-driver-registrar-master.yaml @@ -60,6 +60,13 @@ tests: steps: test: - ref: go-verify-deps +- always_run: false + as: security + optional: true + steps: + env: + PROJECT_NAME: csi-node-driver-registrar + workflow: openshift-ci-security - as: verify-commits commands: | commitchecker --start ${PULL_BASE_SHA:-master} diff --git a/ci-operator/config/openshift/gcp-filestore-csi-driver-operator/openshift-gcp-filestore-csi-driver-operator-main.yaml b/ci-operator/config/openshift/gcp-filestore-csi-driver-operator/openshift-gcp-filestore-csi-driver-operator-main.yaml index 6989d1dab3857..00dc67899fe96 100644 --- a/ci-operator/config/openshift/gcp-filestore-csi-driver-operator/openshift-gcp-filestore-csi-driver-operator-main.yaml +++ b/ci-operator/config/openshift/gcp-filestore-csi-driver-operator/openshift-gcp-filestore-csi-driver-operator-main.yaml @@ -146,6 +146,12 @@ tests: steps: test: - ref: go-verify-deps +- as: security + optional: true + steps: + env: + PROJECT_NAME: gcp-filestore-csi-driver-operator + workflow: openshift-ci-security zz_generated_metadata: branch: main org: openshift diff --git a/ci-operator/config/openshift/gcp-filestore-csi-driver/openshift-gcp-filestore-csi-driver-master.yaml b/ci-operator/config/openshift/gcp-filestore-csi-driver/openshift-gcp-filestore-csi-driver-master.yaml index 4b9a6e05c953d..7c8cacf75e5e4 100644 --- a/ci-operator/config/openshift/gcp-filestore-csi-driver/openshift-gcp-filestore-csi-driver-master.yaml +++ b/ci-operator/config/openshift/gcp-filestore-csi-driver/openshift-gcp-filestore-csi-driver-master.yaml @@ -55,6 +55,13 @@ tests: steps: test: - ref: go-verify-deps +- always_run: false + as: security + optional: true + steps: + env: + PROJECT_NAME: gcp-filestore-csi-driver + workflow: openshift-ci-security - as: verify-commits commands: | commitchecker --start ${PULL_BASE_SHA:-master} diff --git a/ci-operator/config/openshift/gcp-pd-csi-driver-operator/openshift-gcp-pd-csi-driver-operator-master.yaml b/ci-operator/config/openshift/gcp-pd-csi-driver-operator/openshift-gcp-pd-csi-driver-operator-master.yaml index f2185fc04cf16..1f932941fe246 100644 --- a/ci-operator/config/openshift/gcp-pd-csi-driver-operator/openshift-gcp-pd-csi-driver-operator-master.yaml +++ b/ci-operator/config/openshift/gcp-pd-csi-driver-operator/openshift-gcp-pd-csi-driver-operator-master.yaml @@ -81,6 +81,12 @@ tests: steps: test: - ref: go-verify-deps +- as: security + optional: true + steps: + env: + PROJECT_NAME: gcp-pd-csi-driver-operator + workflow: openshift-ci-security zz_generated_metadata: branch: master org: openshift diff --git a/ci-operator/config/openshift/gcp-pd-csi-driver/openshift-gcp-pd-csi-driver-master.yaml b/ci-operator/config/openshift/gcp-pd-csi-driver/openshift-gcp-pd-csi-driver-master.yaml index cefa2d9b21825..422ad24c20fea 100644 --- a/ci-operator/config/openshift/gcp-pd-csi-driver/openshift-gcp-pd-csi-driver-master.yaml +++ b/ci-operator/config/openshift/gcp-pd-csi-driver/openshift-gcp-pd-csi-driver-master.yaml @@ -85,6 +85,12 @@ tests: steps: test: - ref: go-verify-deps +- as: security + optional: true + steps: + env: + PROJECT_NAME: gcp-pd-csi-driver + workflow: openshift-ci-security - as: verify-commits commands: | commitchecker --start ${PULL_BASE_SHA:-master} diff --git a/ci-operator/config/openshift/ibm-vpc-block-csi-driver-operator/openshift-ibm-vpc-block-csi-driver-operator-master.yaml b/ci-operator/config/openshift/ibm-vpc-block-csi-driver-operator/openshift-ibm-vpc-block-csi-driver-operator-master.yaml index 8c4cf647cc356..51ee6cff3057b 100644 --- a/ci-operator/config/openshift/ibm-vpc-block-csi-driver-operator/openshift-ibm-vpc-block-csi-driver-operator-master.yaml +++ b/ci-operator/config/openshift/ibm-vpc-block-csi-driver-operator/openshift-ibm-vpc-block-csi-driver-operator-master.yaml @@ -72,6 +72,12 @@ tests: steps: test: - ref: go-verify-deps +- as: security + optional: true + steps: + env: + PROJECT_NAME: ibm-vpc-block-csi-driver-operator + workflow: openshift-ci-security zz_generated_metadata: branch: master org: openshift diff --git a/ci-operator/config/openshift/ibm-vpc-block-csi-driver/openshift-ibm-vpc-block-csi-driver-master.yaml b/ci-operator/config/openshift/ibm-vpc-block-csi-driver/openshift-ibm-vpc-block-csi-driver-master.yaml index c1d38981fcde1..9ba28973b4de3 100644 --- a/ci-operator/config/openshift/ibm-vpc-block-csi-driver/openshift-ibm-vpc-block-csi-driver-master.yaml +++ b/ci-operator/config/openshift/ibm-vpc-block-csi-driver/openshift-ibm-vpc-block-csi-driver-master.yaml @@ -78,6 +78,12 @@ tests: steps: test: - ref: go-verify-deps +- as: security + optional: true + steps: + env: + PROJECT_NAME: ibm-vpc-block-csi-driver + workflow: openshift-ci-security - as: verify-commits commands: | commitchecker --start ${PULL_BASE_SHA:-master} diff --git a/ci-operator/config/openshift/local-storage-operator/openshift-local-storage-operator-master.yaml b/ci-operator/config/openshift/local-storage-operator/openshift-local-storage-operator-master.yaml index b7ab6b5b7efdd..a984469e2adfe 100644 --- a/ci-operator/config/openshift/local-storage-operator/openshift-local-storage-operator-master.yaml +++ b/ci-operator/config/openshift/local-storage-operator/openshift-local-storage-operator-master.yaml @@ -118,6 +118,12 @@ tests: steps: test: - ref: go-verify-deps +- as: security + optional: true + steps: + env: + PROJECT_NAME: local-storage-operator + workflow: openshift-ci-security zz_generated_metadata: branch: master org: openshift diff --git a/ci-operator/config/openshift/secrets-store-csi-driver-operator/openshift-secrets-store-csi-driver-operator-main.yaml b/ci-operator/config/openshift/secrets-store-csi-driver-operator/openshift-secrets-store-csi-driver-operator-main.yaml index 7176dcb1c908f..733690b09ff11 100644 --- a/ci-operator/config/openshift/secrets-store-csi-driver-operator/openshift-secrets-store-csi-driver-operator-main.yaml +++ b/ci-operator/config/openshift/secrets-store-csi-driver-operator/openshift-secrets-store-csi-driver-operator-main.yaml @@ -111,6 +111,12 @@ tests: steps: test: - ref: go-verify-deps +- as: security + optional: true + steps: + env: + PROJECT_NAME: secrets-store-csi-driver-operator + workflow: openshift-ci-security zz_generated_metadata: branch: main org: openshift diff --git a/ci-operator/config/openshift/secrets-store-csi-driver/openshift-secrets-store-csi-driver-main.yaml b/ci-operator/config/openshift/secrets-store-csi-driver/openshift-secrets-store-csi-driver-main.yaml index 357ec4b8fb069..1827ca4c8f983 100644 --- a/ci-operator/config/openshift/secrets-store-csi-driver/openshift-secrets-store-csi-driver-main.yaml +++ b/ci-operator/config/openshift/secrets-store-csi-driver/openshift-secrets-store-csi-driver-main.yaml @@ -72,6 +72,12 @@ tests: steps: test: - ref: go-verify-deps +- as: security + optional: true + steps: + env: + PROJECT_NAME: secrets-store-csi-driver + workflow: openshift-ci-security - as: verify-commits commands: | commitchecker --start ${PULL_BASE_SHA:-master} diff --git a/ci-operator/config/openshift/vmware-vsphere-csi-driver-operator/openshift-vmware-vsphere-csi-driver-operator-master.yaml b/ci-operator/config/openshift/vmware-vsphere-csi-driver-operator/openshift-vmware-vsphere-csi-driver-operator-master.yaml index b3113d42bdce3..05fbdecfa04b1 100644 --- a/ci-operator/config/openshift/vmware-vsphere-csi-driver-operator/openshift-vmware-vsphere-csi-driver-operator-master.yaml +++ b/ci-operator/config/openshift/vmware-vsphere-csi-driver-operator/openshift-vmware-vsphere-csi-driver-operator-master.yaml @@ -85,6 +85,12 @@ tests: steps: test: - ref: go-verify-deps +- as: security + optional: true + steps: + env: + PROJECT_NAME: vmware-vsphere-csi-driver-operator + workflow: openshift-ci-security - as: e2e-vsphere-zones optional: true steps: diff --git a/ci-operator/config/openshift/vmware-vsphere-csi-driver/openshift-vmware-vsphere-csi-driver-master.yaml b/ci-operator/config/openshift/vmware-vsphere-csi-driver/openshift-vmware-vsphere-csi-driver-master.yaml index c78cb39aa4845..9b77c8bde01a6 100644 --- a/ci-operator/config/openshift/vmware-vsphere-csi-driver/openshift-vmware-vsphere-csi-driver-master.yaml +++ b/ci-operator/config/openshift/vmware-vsphere-csi-driver/openshift-vmware-vsphere-csi-driver-master.yaml @@ -92,6 +92,12 @@ tests: steps: test: - ref: go-verify-deps +- as: security + optional: true + steps: + env: + PROJECT_NAME: vmware-vsphere-csi-driver + workflow: openshift-ci-security - as: e2e-vsphere-zones optional: true steps: diff --git a/ci-operator/config/openshift/vsphere-problem-detector/openshift-vsphere-problem-detector-master.yaml b/ci-operator/config/openshift/vsphere-problem-detector/openshift-vsphere-problem-detector-master.yaml index b86179f16920a..c8463fd1ecb10 100644 --- a/ci-operator/config/openshift/vsphere-problem-detector/openshift-vsphere-problem-detector-master.yaml +++ b/ci-operator/config/openshift/vsphere-problem-detector/openshift-vsphere-problem-detector-master.yaml @@ -74,6 +74,12 @@ tests: steps: test: - ref: go-verify-deps +- as: security + optional: true + steps: + env: + PROJECT_NAME: vsphere-problem-detector + workflow: openshift-ci-security zz_generated_metadata: branch: master org: openshift diff --git a/ci-operator/jobs/openshift/aws-efs-csi-driver-operator/openshift-aws-efs-csi-driver-operator-master-presubmits.yaml b/ci-operator/jobs/openshift/aws-efs-csi-driver-operator/openshift-aws-efs-csi-driver-operator-master-presubmits.yaml index 5176c509ac545..d567eb491f78d 100644 --- a/ci-operator/jobs/openshift/aws-efs-csi-driver-operator/openshift-aws-efs-csi-driver-operator-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/aws-efs-csi-driver-operator/openshift-aws-efs-csi-driver-operator-master-presubmits.yaml @@ -265,6 +265,67 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )operator-e2e-extended,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build05 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-aws-efs-csi-driver-operator-master-security + optional: true + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/aws-efs-csi-driver/openshift-aws-efs-csi-driver-master-presubmits.yaml b/ci-operator/jobs/openshift/aws-efs-csi-driver/openshift-aws-efs-csi-driver-master-presubmits.yaml index c44134ef1235f..bfb05091fbc6f 100644 --- a/ci-operator/jobs/openshift/aws-efs-csi-driver/openshift-aws-efs-csi-driver-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/aws-efs-csi-driver/openshift-aws-efs-csi-driver-master-presubmits.yaml @@ -55,6 +55,68 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build04 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-aws-efs-csi-driver-master-security + optional: true + path_alias: sigs.k8s.io/aws-efs-csi-driver + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/azure-disk-csi-driver/openshift-azure-disk-csi-driver-master-presubmits.yaml b/ci-operator/jobs/openshift/azure-disk-csi-driver/openshift-azure-disk-csi-driver-master-presubmits.yaml index 687c45e8548e2..47dc5b21e2157 100644 --- a/ci-operator/jobs/openshift/azure-disk-csi-driver/openshift-azure-disk-csi-driver-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/azure-disk-csi-driver/openshift-azure-disk-csi-driver-master-presubmits.yaml @@ -452,6 +452,68 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build04 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-azure-disk-csi-driver-master-security + optional: true + path_alias: github.com/kubernetes-sigs/azuredisk-csi-driver + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/azure-file-csi-driver-operator/openshift-azure-file-csi-driver-operator-main-presubmits.yaml b/ci-operator/jobs/openshift/azure-file-csi-driver-operator/openshift-azure-file-csi-driver-operator-main-presubmits.yaml index 4ff7a82412e22..60213b6fcb76e 100644 --- a/ci-operator/jobs/openshift/azure-file-csi-driver-operator/openshift-azure-file-csi-driver-operator-main-presubmits.yaml +++ b/ci-operator/jobs/openshift/azure-file-csi-driver-operator/openshift-azure-file-csi-driver-operator-main-presubmits.yaml @@ -446,6 +446,67 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build04 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-azure-file-csi-driver-operator-main-security + optional: true + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/azure-file-csi-driver/openshift-azure-file-csi-driver-master-presubmits.yaml b/ci-operator/jobs/openshift/azure-file-csi-driver/openshift-azure-file-csi-driver-master-presubmits.yaml index 30df4ee872488..43607f5fc7ced 100644 --- a/ci-operator/jobs/openshift/azure-file-csi-driver/openshift-azure-file-csi-driver-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/azure-file-csi-driver/openshift-azure-file-csi-driver-master-presubmits.yaml @@ -446,6 +446,67 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build04 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-azure-file-csi-driver-master-security + optional: true + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/cluster-csi-snapshot-controller-operator/openshift-cluster-csi-snapshot-controller-operator-master-presubmits.yaml b/ci-operator/jobs/openshift/cluster-csi-snapshot-controller-operator/openshift-cluster-csi-snapshot-controller-operator-master-presubmits.yaml index 7a4db7fa266ba..b57b72de55d8b 100644 --- a/ci-operator/jobs/openshift/cluster-csi-snapshot-controller-operator/openshift-cluster-csi-snapshot-controller-operator-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/cluster-csi-snapshot-controller-operator/openshift-cluster-csi-snapshot-controller-operator-master-presubmits.yaml @@ -371,6 +371,67 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build03 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cluster-csi-snapshot-controller-operator-master-security + optional: true + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/cluster-storage-operator/openshift-cluster-storage-operator-master-presubmits.yaml b/ci-operator/jobs/openshift/cluster-storage-operator/openshift-cluster-storage-operator-master-presubmits.yaml index f053fb3a77199..a66897c6ff42f 100644 --- a/ci-operator/jobs/openshift/cluster-storage-operator/openshift-cluster-storage-operator-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/cluster-storage-operator/openshift-cluster-storage-operator-master-presubmits.yaml @@ -1,7 +1,7 @@ presubmits: openshift/cluster-storage-operator: - agent: kubernetes - always_run: false + always_run: true branches: - ^master$ - ^master- @@ -236,7 +236,7 @@ presubmits: secretName: result-aggregator trigger: (?m)^/test( | .* )e2e-aws-ovn-upgrade,?($|\s.*) - agent: kubernetes - always_run: false + always_run: true branches: - ^master$ - ^master- @@ -629,7 +629,7 @@ presubmits: secretName: result-aggregator trigger: (?m)^/test( | .* )e2e-azure-ovn,?($|\s.*) - agent: kubernetes - always_run: false + always_run: true branches: - ^master$ - ^master- @@ -956,7 +956,7 @@ presubmits: secretName: result-aggregator trigger: (?m)^/test( | .* )e2e-ibmcloud-csi,?($|\s.*) - agent: kubernetes - always_run: false + always_run: true branches: - ^master$ - ^master- @@ -1035,7 +1035,7 @@ presubmits: secretName: result-aggregator trigger: (?m)^/test( | .* )e2e-openstack,?($|\s.*) - agent: kubernetes - always_run: false + always_run: true branches: - ^master$ - ^master- @@ -1402,6 +1402,67 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build05 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-cluster-storage-operator-master-security + optional: true + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/csi-external-attacher/openshift-csi-external-attacher-master-presubmits.yaml b/ci-operator/jobs/openshift/csi-external-attacher/openshift-csi-external-attacher-master-presubmits.yaml index bad00116f6f85..d69bddd08bd71 100644 --- a/ci-operator/jobs/openshift/csi-external-attacher/openshift-csi-external-attacher-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/csi-external-attacher/openshift-csi-external-attacher-master-presubmits.yaml @@ -217,6 +217,68 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build05 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-csi-external-attacher-master-security + optional: true + path_alias: github.com/kubernetes-csi/external-attacher + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/csi-external-provisioner/openshift-csi-external-provisioner-master-presubmits.yaml b/ci-operator/jobs/openshift/csi-external-provisioner/openshift-csi-external-provisioner-master-presubmits.yaml index 420c82cef972d..0f299045c6648 100644 --- a/ci-operator/jobs/openshift/csi-external-provisioner/openshift-csi-external-provisioner-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/csi-external-provisioner/openshift-csi-external-provisioner-master-presubmits.yaml @@ -217,6 +217,68 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build05 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-csi-external-provisioner-master-security + optional: true + path_alias: github.com/kubernetes-csi/external-provisioner + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/csi-node-driver-registrar/openshift-csi-node-driver-registrar-master-presubmits.yaml b/ci-operator/jobs/openshift/csi-node-driver-registrar/openshift-csi-node-driver-registrar-master-presubmits.yaml index 34435621c0f34..c2048200e6861 100644 --- a/ci-operator/jobs/openshift/csi-node-driver-registrar/openshift-csi-node-driver-registrar-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/csi-node-driver-registrar/openshift-csi-node-driver-registrar-master-presubmits.yaml @@ -217,6 +217,68 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build05 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-csi-node-driver-registrar-master-security + optional: true + path_alias: github.com/kubernetes-csi/node-driver-registrar + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/gcp-filestore-csi-driver-operator/openshift-gcp-filestore-csi-driver-operator-main-presubmits.yaml b/ci-operator/jobs/openshift/gcp-filestore-csi-driver-operator/openshift-gcp-filestore-csi-driver-operator-main-presubmits.yaml index 585ab68568080..a56f8d1c49cea 100644 --- a/ci-operator/jobs/openshift/gcp-filestore-csi-driver-operator/openshift-gcp-filestore-csi-driver-operator-main-presubmits.yaml +++ b/ci-operator/jobs/openshift/gcp-filestore-csi-driver-operator/openshift-gcp-filestore-csi-driver-operator-main-presubmits.yaml @@ -268,6 +268,67 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )operator-e2e-extended,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build04 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-gcp-filestore-csi-driver-operator-main-security + optional: true + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/gcp-filestore-csi-driver/openshift-gcp-filestore-csi-driver-master-presubmits.yaml b/ci-operator/jobs/openshift/gcp-filestore-csi-driver/openshift-gcp-filestore-csi-driver-master-presubmits.yaml index 98a443781a2c6..944e2c3cdb04b 100644 --- a/ci-operator/jobs/openshift/gcp-filestore-csi-driver/openshift-gcp-filestore-csi-driver-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/gcp-filestore-csi-driver/openshift-gcp-filestore-csi-driver-master-presubmits.yaml @@ -54,6 +54,67 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build04 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-gcp-filestore-csi-driver-master-security + optional: true + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/gcp-pd-csi-driver-operator/openshift-gcp-pd-csi-driver-operator-master-presubmits.yaml b/ci-operator/jobs/openshift/gcp-pd-csi-driver-operator/openshift-gcp-pd-csi-driver-operator-master-presubmits.yaml index b2156ee499a4e..f77c62efedd42 100644 --- a/ci-operator/jobs/openshift/gcp-pd-csi-driver-operator/openshift-gcp-pd-csi-driver-operator-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/gcp-pd-csi-driver-operator/openshift-gcp-pd-csi-driver-operator-master-presubmits.yaml @@ -379,6 +379,67 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build04 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-gcp-pd-csi-driver-operator-master-security + optional: true + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/gcp-pd-csi-driver/openshift-gcp-pd-csi-driver-master-presubmits.yaml b/ci-operator/jobs/openshift/gcp-pd-csi-driver/openshift-gcp-pd-csi-driver-master-presubmits.yaml index fa0c958358187..2c6b20b5ad1fa 100644 --- a/ci-operator/jobs/openshift/gcp-pd-csi-driver/openshift-gcp-pd-csi-driver-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/gcp-pd-csi-driver/openshift-gcp-pd-csi-driver-master-presubmits.yaml @@ -390,6 +390,68 @@ presubmits: - ^master$ - ^master- cluster: build04 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-gcp-pd-csi-driver-master-security + optional: true + path_alias: sigs.k8s.io/gcp-compute-persistent-disk-csi-driver + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^master$ + - ^master- + cluster: build04 context: ci/prow/test decorate: true labels: diff --git a/ci-operator/jobs/openshift/ibm-vpc-block-csi-driver-operator/openshift-ibm-vpc-block-csi-driver-operator-master-presubmits.yaml b/ci-operator/jobs/openshift/ibm-vpc-block-csi-driver-operator/openshift-ibm-vpc-block-csi-driver-operator-master-presubmits.yaml index 4885ede32fec5..c6ab2554e8e62 100644 --- a/ci-operator/jobs/openshift/ibm-vpc-block-csi-driver-operator/openshift-ibm-vpc-block-csi-driver-operator-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/ibm-vpc-block-csi-driver-operator/openshift-ibm-vpc-block-csi-driver-operator-master-presubmits.yaml @@ -212,6 +212,67 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build01 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-ibm-vpc-block-csi-driver-operator-master-security + optional: true + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/ibm-vpc-block-csi-driver/openshift-ibm-vpc-block-csi-driver-master-presubmits.yaml b/ci-operator/jobs/openshift/ibm-vpc-block-csi-driver/openshift-ibm-vpc-block-csi-driver-master-presubmits.yaml index 12fc3ff4ef4ee..6068e72f8dfb3 100644 --- a/ci-operator/jobs/openshift/ibm-vpc-block-csi-driver/openshift-ibm-vpc-block-csi-driver-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/ibm-vpc-block-csi-driver/openshift-ibm-vpc-block-csi-driver-master-presubmits.yaml @@ -215,6 +215,68 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build01 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-ibm-vpc-block-csi-driver-master-security + optional: true + path_alias: sigs.k8s.io/ibm-vpc-block-csi-driver + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/local-storage-operator/openshift-local-storage-operator-master-presubmits.yaml b/ci-operator/jobs/openshift/local-storage-operator/openshift-local-storage-operator-master-presubmits.yaml index 6b19de8cc9824..f18010b1cae8a 100644 --- a/ci-operator/jobs/openshift/local-storage-operator/openshift-local-storage-operator-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/local-storage-operator/openshift-local-storage-operator-master-presubmits.yaml @@ -264,6 +264,67 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build03 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-local-storage-operator-master-security + optional: true + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/secrets-store-csi-driver-operator/openshift-secrets-store-csi-driver-operator-main-presubmits.yaml b/ci-operator/jobs/openshift/secrets-store-csi-driver-operator/openshift-secrets-store-csi-driver-operator-main-presubmits.yaml index c4ae0d37f1109..fea5144d5c3c9 100644 --- a/ci-operator/jobs/openshift/secrets-store-csi-driver-operator/openshift-secrets-store-csi-driver-operator-main-presubmits.yaml +++ b/ci-operator/jobs/openshift/secrets-store-csi-driver-operator/openshift-secrets-store-csi-driver-operator-main-presubmits.yaml @@ -186,6 +186,67 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )operator-e2e,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build05 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-secrets-store-csi-driver-operator-main-security + optional: true + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/secrets-store-csi-driver/openshift-secrets-store-csi-driver-main-presubmits.yaml b/ci-operator/jobs/openshift/secrets-store-csi-driver/openshift-secrets-store-csi-driver-main-presubmits.yaml index ce731815ec390..6d93bd3df3ce2 100644 --- a/ci-operator/jobs/openshift/secrets-store-csi-driver/openshift-secrets-store-csi-driver-main-presubmits.yaml +++ b/ci-operator/jobs/openshift/secrets-store-csi-driver/openshift-secrets-store-csi-driver-main-presubmits.yaml @@ -55,6 +55,68 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build05 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-secrets-store-csi-driver-main-security + optional: true + path_alias: sigs.k8s.io/secrets-store-csi-driver + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/vmware-vsphere-csi-driver-operator/openshift-vmware-vsphere-csi-driver-operator-master-presubmits.yaml b/ci-operator/jobs/openshift/vmware-vsphere-csi-driver-operator/openshift-vmware-vsphere-csi-driver-operator-master-presubmits.yaml index dbd94dbd4b7ae..3554182b30971 100644 --- a/ci-operator/jobs/openshift/vmware-vsphere-csi-driver-operator/openshift-vmware-vsphere-csi-driver-operator-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/vmware-vsphere-csi-driver-operator/openshift-vmware-vsphere-csi-driver-operator-master-presubmits.yaml @@ -446,6 +446,67 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: vsphere02 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-vmware-vsphere-csi-driver-operator-master-security + optional: true + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/vmware-vsphere-csi-driver/openshift-vmware-vsphere-csi-driver-master-presubmits.yaml b/ci-operator/jobs/openshift/vmware-vsphere-csi-driver/openshift-vmware-vsphere-csi-driver-master-presubmits.yaml index b2d13c4dadbcd..68bfb55388343 100644 --- a/ci-operator/jobs/openshift/vmware-vsphere-csi-driver/openshift-vmware-vsphere-csi-driver-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/vmware-vsphere-csi-driver/openshift-vmware-vsphere-csi-driver-master-presubmits.yaml @@ -452,6 +452,68 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: vsphere02 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-vmware-vsphere-csi-driver-master-security + optional: true + path_alias: sigs.k8s.io/vsphere-csi-driver + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/ci-operator/jobs/openshift/vsphere-problem-detector/openshift-vsphere-problem-detector-master-presubmits.yaml b/ci-operator/jobs/openshift/vsphere-problem-detector/openshift-vsphere-problem-detector-master-presubmits.yaml index c56f1cd67ed2c..838293f622e52 100644 --- a/ci-operator/jobs/openshift/vsphere-problem-detector/openshift-vsphere-problem-detector-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/vsphere-problem-detector/openshift-vsphere-problem-detector-master-presubmits.yaml @@ -290,6 +290,67 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )images,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: vsphere02 + context: ci/prow/security + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-vsphere-problem-detector-master-security + optional: true + rerun_command: /test security + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=security + command: + - ci-operator + image: ci-operator:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )security,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/core-services/prow/02_config/openshift/alibaba-cloud-csi-driver/_pluginconfig.yaml b/core-services/prow/02_config/openshift/alibaba-cloud-csi-driver/_pluginconfig.yaml index 6af1cfdb26185..5ecf750fd867d 100644 --- a/core-services/prow/02_config/openshift/alibaba-cloud-csi-driver/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/alibaba-cloud-csi-driver/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/alibaba-disk-csi-driver-operator/_pluginconfig.yaml b/core-services/prow/02_config/openshift/alibaba-disk-csi-driver-operator/_pluginconfig.yaml index 3fa2ce41958f1..cd3d1f523b4a9 100644 --- a/core-services/prow/02_config/openshift/alibaba-disk-csi-driver-operator/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/alibaba-disk-csi-driver-operator/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/aws-ebs-csi-driver-operator/_pluginconfig.yaml b/core-services/prow/02_config/openshift/aws-ebs-csi-driver-operator/_pluginconfig.yaml index 0bc73be6a8104..3317430c4d780 100644 --- a/core-services/prow/02_config/openshift/aws-ebs-csi-driver-operator/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/aws-ebs-csi-driver-operator/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/aws-ebs-csi-driver/_pluginconfig.yaml b/core-services/prow/02_config/openshift/aws-ebs-csi-driver/_pluginconfig.yaml index d3fb147d21add..095d9d6a4eea5 100644 --- a/core-services/prow/02_config/openshift/aws-ebs-csi-driver/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/aws-ebs-csi-driver/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/aws-efs-csi-driver-operator/_pluginconfig.yaml b/core-services/prow/02_config/openshift/aws-efs-csi-driver-operator/_pluginconfig.yaml index 26953e3c3a274..db236742875ed 100644 --- a/core-services/prow/02_config/openshift/aws-efs-csi-driver-operator/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/aws-efs-csi-driver-operator/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/aws-efs-csi-driver/_pluginconfig.yaml b/core-services/prow/02_config/openshift/aws-efs-csi-driver/_pluginconfig.yaml index 75eaebafa1798..c34899b736b60 100644 --- a/core-services/prow/02_config/openshift/aws-efs-csi-driver/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/aws-efs-csi-driver/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/aws-efs-utils/_pluginconfig.yaml b/core-services/prow/02_config/openshift/aws-efs-utils/_pluginconfig.yaml index 5df5031e5aa60..15cdf65e83823 100644 --- a/core-services/prow/02_config/openshift/aws-efs-utils/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/aws-efs-utils/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/azure-disk-csi-driver-operator/_pluginconfig.yaml b/core-services/prow/02_config/openshift/azure-disk-csi-driver-operator/_pluginconfig.yaml index 3b3328741c772..620d5a2e6ac7c 100644 --- a/core-services/prow/02_config/openshift/azure-disk-csi-driver-operator/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/azure-disk-csi-driver-operator/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/azure-disk-csi-driver/_pluginconfig.yaml b/core-services/prow/02_config/openshift/azure-disk-csi-driver/_pluginconfig.yaml index 271627c59ffe3..dcf0f82a14d3d 100644 --- a/core-services/prow/02_config/openshift/azure-disk-csi-driver/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/azure-disk-csi-driver/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/azure-file-csi-driver-operator/_pluginconfig.yaml b/core-services/prow/02_config/openshift/azure-file-csi-driver-operator/_pluginconfig.yaml index 36c8dc836bb0e..595e577e71b5e 100644 --- a/core-services/prow/02_config/openshift/azure-file-csi-driver-operator/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/azure-file-csi-driver-operator/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/azure-file-csi-driver/_pluginconfig.yaml b/core-services/prow/02_config/openshift/azure-file-csi-driver/_pluginconfig.yaml index dc80bd79db71a..149be5301815c 100644 --- a/core-services/prow/02_config/openshift/azure-file-csi-driver/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/azure-file-csi-driver/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/cluster-csi-snapshot-controller-operator/_pluginconfig.yaml b/core-services/prow/02_config/openshift/cluster-csi-snapshot-controller-operator/_pluginconfig.yaml index 6d025ff998a3c..a25970f520520 100644 --- a/core-services/prow/02_config/openshift/cluster-csi-snapshot-controller-operator/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/cluster-csi-snapshot-controller-operator/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/cluster-storage-operator/_pluginconfig.yaml b/core-services/prow/02_config/openshift/cluster-storage-operator/_pluginconfig.yaml index 1161d9b1f1b0f..12f373e8a3395 100644 --- a/core-services/prow/02_config/openshift/cluster-storage-operator/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/cluster-storage-operator/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/csi-external-attacher/_pluginconfig.yaml b/core-services/prow/02_config/openshift/csi-external-attacher/_pluginconfig.yaml index 0fd893b877092..29fe09957e40b 100644 --- a/core-services/prow/02_config/openshift/csi-external-attacher/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/csi-external-attacher/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/csi-external-provisioner/_pluginconfig.yaml b/core-services/prow/02_config/openshift/csi-external-provisioner/_pluginconfig.yaml index d387a76036bb4..1dcf13ad2f850 100644 --- a/core-services/prow/02_config/openshift/csi-external-provisioner/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/csi-external-provisioner/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/csi-external-resizer/_pluginconfig.yaml b/core-services/prow/02_config/openshift/csi-external-resizer/_pluginconfig.yaml index d59340aaad91a..0badf2d0357f0 100644 --- a/core-services/prow/02_config/openshift/csi-external-resizer/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/csi-external-resizer/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/csi-external-snapshotter/_pluginconfig.yaml b/core-services/prow/02_config/openshift/csi-external-snapshotter/_pluginconfig.yaml index 7d2dea0d4098f..0e49238f4d510 100644 --- a/core-services/prow/02_config/openshift/csi-external-snapshotter/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/csi-external-snapshotter/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/csi-livenessprobe/_pluginconfig.yaml b/core-services/prow/02_config/openshift/csi-livenessprobe/_pluginconfig.yaml index 218df350abf7f..1ea850e0fea7c 100644 --- a/core-services/prow/02_config/openshift/csi-livenessprobe/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/csi-livenessprobe/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/csi-node-driver-registrar/_pluginconfig.yaml b/core-services/prow/02_config/openshift/csi-node-driver-registrar/_pluginconfig.yaml index 2ff6585b76b0c..ea3b11c7e0dbf 100644 --- a/core-services/prow/02_config/openshift/csi-node-driver-registrar/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/csi-node-driver-registrar/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/csi-operator/_pluginconfig.yaml b/core-services/prow/02_config/openshift/csi-operator/_pluginconfig.yaml index 20e50d9324ebf..02339f4bc483a 100644 --- a/core-services/prow/02_config/openshift/csi-operator/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/csi-operator/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/gcp-filestore-csi-driver-operator/_pluginconfig.yaml b/core-services/prow/02_config/openshift/gcp-filestore-csi-driver-operator/_pluginconfig.yaml index 1d07b7e2ae338..51b53410b7832 100644 --- a/core-services/prow/02_config/openshift/gcp-filestore-csi-driver-operator/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/gcp-filestore-csi-driver-operator/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/gcp-filestore-csi-driver/_pluginconfig.yaml b/core-services/prow/02_config/openshift/gcp-filestore-csi-driver/_pluginconfig.yaml index a4646525138dd..89fefb9c535a8 100644 --- a/core-services/prow/02_config/openshift/gcp-filestore-csi-driver/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/gcp-filestore-csi-driver/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/gcp-pd-csi-driver-operator/_pluginconfig.yaml b/core-services/prow/02_config/openshift/gcp-pd-csi-driver-operator/_pluginconfig.yaml index 80c24adf86cfe..2c68a97dc6c1d 100644 --- a/core-services/prow/02_config/openshift/gcp-pd-csi-driver-operator/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/gcp-pd-csi-driver-operator/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/gcp-pd-csi-driver/_pluginconfig.yaml b/core-services/prow/02_config/openshift/gcp-pd-csi-driver/_pluginconfig.yaml index a7d6aca7447b5..d1a56f247d279 100644 --- a/core-services/prow/02_config/openshift/gcp-pd-csi-driver/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/gcp-pd-csi-driver/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/ibm-vpc-block-csi-driver-operator/_pluginconfig.yaml b/core-services/prow/02_config/openshift/ibm-vpc-block-csi-driver-operator/_pluginconfig.yaml index b7b6444e5f704..16956cc531822 100644 --- a/core-services/prow/02_config/openshift/ibm-vpc-block-csi-driver-operator/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/ibm-vpc-block-csi-driver-operator/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/ibm-vpc-block-csi-driver/_pluginconfig.yaml b/core-services/prow/02_config/openshift/ibm-vpc-block-csi-driver/_pluginconfig.yaml index 47a877d906c36..70e91fda358a8 100644 --- a/core-services/prow/02_config/openshift/ibm-vpc-block-csi-driver/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/ibm-vpc-block-csi-driver/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/ibm-vpc-node-label-updater/_pluginconfig.yaml b/core-services/prow/02_config/openshift/ibm-vpc-node-label-updater/_pluginconfig.yaml index 74b7e0365af98..7c1dce5fb6504 100644 --- a/core-services/prow/02_config/openshift/ibm-vpc-node-label-updater/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/ibm-vpc-node-label-updater/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/local-storage-operator/_pluginconfig.yaml b/core-services/prow/02_config/openshift/local-storage-operator/_pluginconfig.yaml index f6c642ef9bd0f..eea08c01c21cb 100644 --- a/core-services/prow/02_config/openshift/local-storage-operator/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/local-storage-operator/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/secrets-store-csi-driver-operator/_pluginconfig.yaml b/core-services/prow/02_config/openshift/secrets-store-csi-driver-operator/_pluginconfig.yaml index 6ed0b2ca9cf9e..a96fa5ba1980b 100644 --- a/core-services/prow/02_config/openshift/secrets-store-csi-driver-operator/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/secrets-store-csi-driver-operator/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/secrets-store-csi-driver/_pluginconfig.yaml b/core-services/prow/02_config/openshift/secrets-store-csi-driver/_pluginconfig.yaml index 1a9b6f775582d..d5ec8fc5d5654 100644 --- a/core-services/prow/02_config/openshift/secrets-store-csi-driver/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/secrets-store-csi-driver/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/sig-storage-local-static-provisioner/_pluginconfig.yaml b/core-services/prow/02_config/openshift/sig-storage-local-static-provisioner/_pluginconfig.yaml index ffd99e7656609..0a7ebd143a338 100644 --- a/core-services/prow/02_config/openshift/sig-storage-local-static-provisioner/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/sig-storage-local-static-provisioner/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/vmware-vsphere-csi-driver-operator/_pluginconfig.yaml b/core-services/prow/02_config/openshift/vmware-vsphere-csi-driver-operator/_pluginconfig.yaml index d45109551b50f..d19c4fe3f2ac8 100644 --- a/core-services/prow/02_config/openshift/vmware-vsphere-csi-driver-operator/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/vmware-vsphere-csi-driver-operator/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/vmware-vsphere-csi-driver/_pluginconfig.yaml b/core-services/prow/02_config/openshift/vmware-vsphere-csi-driver/_pluginconfig.yaml index 8b34913de59e2..61ad7f8693863 100644 --- a/core-services/prow/02_config/openshift/vmware-vsphere-csi-driver/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/vmware-vsphere-csi-driver/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore diff --git a/core-services/prow/02_config/openshift/vsphere-problem-detector/_pluginconfig.yaml b/core-services/prow/02_config/openshift/vsphere-problem-detector/_pluginconfig.yaml index 09329dbd44f82..b399b49461160 100644 --- a/core-services/prow/02_config/openshift/vsphere-problem-detector/_pluginconfig.yaml +++ b/core-services/prow/02_config/openshift/vsphere-problem-detector/_pluginconfig.yaml @@ -13,6 +13,9 @@ label: - jsafrane - gnufied - bertinatto + - RomanBednar + - tsmetana + - mpatlasov label: backport-risk-assessed - allowed_users: - radeore