Skip to content

chore(KONFLUX-6210): Update CPE label and naming for release 1.7#188

Closed
clyang82 wants to merge 105 commits into
release-1.7from
release-1.7-branch
Closed

chore(KONFLUX-6210): Update CPE label and naming for release 1.7#188
clyang82 wants to merge 105 commits into
release-1.7from
release-1.7-branch

Conversation

@clyang82
Copy link
Copy Markdown

@clyang82 clyang82 commented Jan 22, 2026

Summary

  • Add CPE label cpe:/a:redhat:multicluster_globalhub:1.7::el9 for KONFLUX-6210 compliance
  • Update component name to multicluster-globalhub-grafana-rhel9
  • Update name label to multicluster-globalhub/multicluster-globalhub-grafana-rhel9
  • Update version from release-1.5 to release-1.7

Context

This change addresses KONFLUX-6210, which requires Clair to have access to name and CPE labels for VEX statement lookups.

See also: release-engineering/rhtap-ec-policy#149

🤖 Generated with Claude Code

red-hat-konflux Bot and others added 30 commits August 6, 2024 14:41
@red-hat-konflux
Update mcr.microsoft.com/azure-sql-edge Docker tag to v1.0.7
0970e79 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux
Update ubuntu Docker tag to v14.04.5
394e3b4 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux
Update centos Docker tag to v6.10
2a5077f 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux
Update mysql Docker tag to v8.4.2
e4e2d04 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux
Update postgres Docker tag to v11.22
7889409 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux
Update nginx Docker tag to v1.27.1
3e34f3a 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux @clyang82
Update Konflux references (#24)
8d3ab04 
* Update Konflux references

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>

* Migration from 0.1 to 0.2

Signed-off-by: clyang82 <chuyang@redhat.com>

---------

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
Signed-off-by: clyang82 <chuyang@redhat.com>
Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com>
Co-authored-by: clyang82 <chuyang@redhat.com>
@red-hat-konflux
Update Node.js to v20
b088052 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux
Update golang Docker tag
35fda65 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux
Update alpine Docker tag to v3.20.3
4aff44c 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@smithbw88
Merge pull request #25 from stolostron/konflux/mintmaker/release-1.3/…
bca32f1 
…mcr.microsoft.com-azure-sql-edge-1.x

Update mcr.microsoft.com/azure-sql-edge Docker tag to v1.0.7
@smithbw88
Merge pull request #26 from stolostron/konflux/mintmaker/release-1.3/…
40b799a 
…ubuntu-14.x

Update ubuntu Docker tag to v14.04.5
@smithbw88
Merge pull request #35 from stolostron/konflux/mintmaker/release-1.3/…
fbb7f50 
…node-20.x

Update Node.js to v20
@smithbw88
Merge pull request #28 from stolostron/konflux/mintmaker/release-1.3/…
aecacb7 
…alpine-3.x

Update alpine Docker tag to v3.20.3
@smithbw88
Merge pull request #29 from stolostron/konflux/mintmaker/release-1.3/…
dc449d2 
…centos-6.x

Update centos Docker tag to v6.10
@smithbw88
Merge pull request #30 from stolostron/konflux/mintmaker/release-1.3/…
39a565c 
…golang-1.x

Update golang Docker tag
@smithbw88
Merge pull request #31 from stolostron/konflux/mintmaker/release-1.3/…
dcc79a0 
…mysql-8.x

Update mysql Docker tag to v8.4.2
@smithbw88
Merge pull request #32 from stolostron/konflux/mintmaker/release-1.3/…
de2cb6e 
…nginx-1.x

Update nginx Docker tag to v1.27.1
@smithbw88
Merge pull request #33 from stolostron/konflux/mintmaker/release-1.3/…
60ad4be 
…postgres-11.x

Update postgres Docker tag to v11.22
@red-hat-konflux
chore(deps): update centos docker tag to v8
6ff6ff3 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux
chore(deps): update debian docker tag to v12
91741a9 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux
chore(deps): update mcr.microsoft.com/azure-sql-edge docker tag to v2
44f2e16 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux
chore(deps): update mcr.microsoft.com/windows docker tag to v2009
147325b 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux
chore(deps): update mysql docker tag to v9
6042bb0 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux
chore(deps): update postgres docker tag to v16
166e506 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux
chore(deps): update ubuntu docker tag to v24
42477d6 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux
chore(deps): update konflux references
c48e7cc 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@smithbw88
Merge pull request #36 from stolostron/konflux/references/release-1.3
595617a 
chore(deps): update konflux references
@smithbw88
Merge pull request #43 from stolostron/konflux/mintmaker/release-1.3/…
e629bcd 
…ubuntu-24.x

chore(deps): update ubuntu docker tag to v24
@smithbw88
Merge pull request #42 from stolostron/konflux/mintmaker/release-1.3/…
2d8afc3 
…postgres-16.x

chore(deps): update postgres docker tag to v16
red-hat-konflux Bot and others added 24 commits June 24, 2025 13:45
@red-hat-konflux @clyang82
Red Hat Konflux update glo-grafana-globalhub-1-6 (#146)
8878b58 
* Red Hat Konflux update glo-grafana-globalhub-1-6
Signed-off-by: red-hat-konflux <konflux@no-reply.konflux-ci.dev>

* remove 1.5 and update 1.6

Signed-off-by: clyang82 <chuyang@redhat.com>

---------

Signed-off-by: clyang82 <chuyang@redhat.com>
Co-authored-by: red-hat-konflux <konflux@no-reply.konflux-ci.dev>
Co-authored-by: clyang82 <chuyang@redhat.com>
@clyang82
Update renovate.json to match supported version
3676d6c
Red Hat Konflux purge glo-grafana-globalhub-1-6
46f963b 
Signed-off-by: red-hat-konflux <konflux@no-reply.konflux-ci.dev>
@clyang82
Merge pull request #154 from stolostron/konflux-purge-glo-grafana-glo…
d416d4c 
…balhub-1-6

Red Hat Konflux purge glo-grafana-globalhub-1-6
@red-hat-konflux @clyang82
Red Hat Konflux update glo-grafana-globalhub-1-6 (#155)
8c702a8 
* Red Hat Konflux update glo-grafana-globalhub-1-6

Signed-off-by: red-hat-konflux <konflux@no-reply.konflux-ci.dev>

* Manually update

Signed-off-by: clyang82 <chuyang@redhat.com>

---------

Signed-off-by: red-hat-konflux <konflux@no-reply.konflux-ci.dev>
Signed-off-by: clyang82 <chuyang@redhat.com>
Co-authored-by: red-hat-konflux <konflux@no-reply.konflux-ci.dev>
Co-authored-by: clyang82 <chuyang@redhat.com>
@clyang82
Add back nudge
c9087ad 
Signed-off-by: clyang82 <chuyang@redhat.com>
@clyang82
Merge pull request #156 from stolostron/nudge
835f63f 
Add back nudge
@red-hat-konflux
chore(config): migrate config renovate.json
93d7494
@clyang82
Merge pull request #158 from stolostron/konflux/mintmaker/migrate-config
90c9912 
chore(config): migrate renovate config
@clyang82 @claude
Add slack notification configuration for glo-grafana release 1.6
aadfbd1 
Enable slack notifications for the glo-grafana component build pipeline
by adding required parameters including webhook configuration and member ID
for notification alerts on pipeline failures.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@clyang82
Update glo-grafana-globalhub-1-6-push.yaml
c3f380b
@clyang82
Merge pull request #161 from stolostron/release-1.6-add-slack-notific…
2eb99cf 
…ation

Add slack notification configuration for glo-grafana release 1.6
@clyang82 @claude
Replace slack-member-id with slack-group-id in .tekton files for rele…
f416faf 
…ase 1.6

This change updates the Tekton pipeline configuration to use slack-group-id
instead of slack-member-id parameter for Slack notifications.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: clyang82 <chuyang@redhat.com>
@clyang82
Merge pull request #162 from stolostron/release-1.6-replace-slack-mem…
1c823c2 
…ber-id-with-slack-group-id

Replace slack-member-id with slack-group-id in .tekton files for release 1.6
@yanmxa
Update glo-grafana for release-1.7 (Global Hub v1.7.0)
c525e57 
- Rename and update pull-request pipeline for globalhub-1-7
- Rename and update push pipeline for globalhub-1-7
- Update branch references to release-1.7

Corresponds to ACM release-2.16 / Global Hub v1.7.0

Signed-off-by: myan <myan@redhat.com>
@clyang82
Change base image to ubi-minimal for container
9257ea4
@clyang82
Merge pull request #163 from yanmxa/release-1.7-update-1762228879
6c98924 
Update release-1.7 grafana configuration
@clyang82
Merge pull request #165 from openshift-cherrypick-robot/cherry-pick-1…
9d2dbfe 
…64-to-release-1.7

[release-1.7] Change base image to ubi-minimal for container
@clyang82
Upgrade golang to 1.25.3
e035e6f 
Signed-off-by: clyang82 <chuyang@redhat.com>
@clyang82
increase memory limits to avoid OOM
4d3d8fc 
Signed-off-by: clyang82 <chuyang@redhat.com>
@clyang82
Merge pull request #177 from stolostron/upgrade_golang_1_25
71f385b 
Upgrade golang to 1.25.3
@clyang82 @claude
Fix CVE-2025-64756 and CVE-2025-66031: Upgrade glob and node-forge (#185
c7b606c 
)

* Fix CVE-2025-64756 and CVE-2025-66031: Upgrade glob and node-forge

This commit addresses two security vulnerabilities in dependencies:

1. CVE-2025-64756 (ACM-27068): glob command injection vulnerability
   - Upgraded glob from 10.4.1 to 11.1.0
   - Vulnerability allowed arbitrary command execution via malicious filenames
   - Fixed by upgrading to glob 11.1.0+

2. CVE-2025-66031 (ACM-27062): node-forge ASN.1 unbounded recursion
   - Upgraded node-forge from ^1.3.1 to ^1.3.2
   - Vulnerability could cause DoS via stack exhaustion
   - Fixed by upgrading to node-forge 1.3.2+

Changes:
- Updated package.json with new dependency versions
- Updated yarn.lock with resolved dependencies

Fixes: ACM-27068, ACM-27062

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Signed-off-by: clyang82 <chuyang@redhat.com>

* Update build artifacts after dependency upgrades

This commit updates the build artifacts after upgrading glob and
node-forge dependencies for CVE fixes (ACM-27068, ACM-27062).

Changes:
- Rebuilt AngularApp bundle with new hash
- Rebuilt runtime bundle with new hash
- Updated assets manifest

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Signed-off-by: clyang82 <chuyang@redhat.com>

* rerun in linux

---------

Signed-off-by: clyang82 <chuyang@redhat.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
@clyang82 @claude
Fix CVE-2024-25621: Upgrade containerd to v1.7.29 (#181)
91caf82 
* Fix CVE-2024-25621: Upgrade containerd to v1.7.29

This commit fixes CVE-2024-25621, a local privilege escalation
vulnerability in containerd versions up to 1.7.28. The issue involved
overly broad default permissions for directory paths in containerd.

Changes:
- Added replace directive to force containerd v1.7.29
- Updated go.mod and go.sum with new containerd version
- Also updated transitive dependencies (go-jose, golang.org/x/crypto)

Fixes: ACM-27214

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Signed-off-by: clyang82 <chuyang@redhat.com>

* Fix k8s.io dependency resolution for go work vendor

Add replace directives in go.mod for k8s.io components to resolve
v0.0.0 dependency issues that prevented go work vendor from running
successfully.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

---------

Signed-off-by: clyang82 <chuyang@redhat.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
@clyang82 @claude
chore(KONFLUX-6210): fix and set name and cpe label for grafana
43719b5 
For https://issues.redhat.com/browse/KONFLUX-6210, clair needs access to a name and cpe label that it can use to look up the image in VEX statements.

This commit updates:
- Component name from multicluster-global-hub-grafana to multicluster-globalhub-grafana-rhel9
- Image name from multicluster-global-hub/multicluster-global-hub-grafana to multicluster-globalhub/multicluster-globalhub-grafana-rhel9
- Version from release-1.5 to release-1.7
- Added CPE label: cpe:/a:redhat:multicluster_globalhub:1.7::el9

See also release-engineering/rhtap-ec-policy#149

Signed-off-by: Chunlin Yang <chuyang@redhat.com>

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Signed-off-by: clyang82 <chuyang@redhat.com>
@openshift-merge-robot
Copy link
Copy Markdown

openshift-merge-robot commented Jan 22, 2026

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci
Copy link
Copy Markdown

openshift-ci Bot commented Jan 22, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: clyang82
Once this PR has been reviewed and has the lgtm label, please assign jacobbaungard for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@clyang82
Copy link
Copy Markdown
Author

clyang82 commented Jan 27, 2026

close it in favor of #190

@clyang82 clyang82 closed this Jan 27, 2026
@github-actions github-actions Bot deleted the release-1.7-branch branch April 6, 2026 09:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

needs-rebase

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@clyang82 @openshift-merge-robot @smithbw88 @yanmxa