diff --git a/ci-operator/config/rh-ecosystem-edge/enclave/OWNERS b/ci-operator/config/rh-ecosystem-edge/enclave/OWNERS new file mode 100644 index 0000000000000..f02277a680268 --- /dev/null +++ b/ci-operator/config/rh-ecosystem-edge/enclave/OWNERS @@ -0,0 +1,27 @@ +# DO NOT EDIT; this file is auto-generated using https://github.com/openshift/ci-tools. +# Fetched from https://github.com/rh-ecosystem-edge/enclave root OWNERS +# If the repo had OWNERS_ALIASES then the aliases were expanded +# Logins who are not members of 'openshift' organization were filtered out +# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md + +approvers: +- agonzalezrh +- carbonin +- danielerez +- eliorerz +- eurijon +- javipolo +- maorfr +- mlorenzofr +- rporres +options: {} +reviewers: +- agonzalezrh +- carbonin +- danielerez +- eliorerz +- eurijon +- javipolo +- maorfr +- mlorenzofr +- rporres diff --git a/ci-operator/config/rh-ecosystem-edge/enclave/rh-ecosystem-edge-enclave-main.yaml b/ci-operator/config/rh-ecosystem-edge/enclave/rh-ecosystem-edge-enclave-main.yaml new file mode 100644 index 0000000000000..d21eaf86949ee --- /dev/null +++ b/ci-operator/config/rh-ecosystem-edge/enclave/rh-ecosystem-edge-enclave-main.yaml @@ -0,0 +1,49 @@ +build_root: + project_image: + dockerfile_literal: | + FROM quay.io/edge-infrastructure/enclave-lab-ci:latest + ENV HOME=/tmp ANSIBLE_REMOTE_TMP=/tmp/.ansible/tmp +resources: + '*': + limits: + memory: 4Gi + requests: + cpu: 100m + memory: 200Mi +tests: +- as: shellcheck + commands: make -f Makefile.ci validate-shell + container: + from: src +- as: yamllint + commands: make -f Makefile.ci validate-yaml + container: + from: src +- as: json-schema + commands: make -f Makefile.ci validate-json-schema + container: + from: src +- as: ansible-lint + commands: make -f Makefile.ci validate-ansible + container: + from: src +- as: ansible-tags + commands: make -f Makefile.ci validate-tags + container: + from: src +- as: template-rendering + commands: make -f Makefile.ci validate-templates + container: + from: src +- as: makefile-validation + commands: make -f Makefile.ci validate-makefile + container: + from: src +- as: plugin-validation + commands: make -f Makefile.ci validate-plugins + container: + from: src +zz_generated_metadata: + branch: main + org: rh-ecosystem-edge + repo: enclave diff --git a/ci-operator/jobs/rh-ecosystem-edge/enclave/OWNERS b/ci-operator/jobs/rh-ecosystem-edge/enclave/OWNERS new file mode 100644 index 0000000000000..fcc7150db41d1 --- /dev/null +++ b/ci-operator/jobs/rh-ecosystem-edge/enclave/OWNERS @@ -0,0 +1,27 @@ +# DO NOT EDIT; this file is auto-generated using https://github.com/openshift/ci-tools. +# Fetched from https://github.com/rh-ecosystem-edge/enclave root OWNERS +# If the repo had OWNERS_ALIASES then the aliases were expanded +# Logins who are not members of 'openshift' organization were filtered out +# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md + +approvers: +- agonzalezrh +- carbonin +- danielerez +- eliorerz +- eurijon +- javipolo +- maorfr +- mlorenzofr +- rporres +options: {} +reviewers: +- agonzalezrh +- carbonin +- danielerez +- eliorerz +- eurijon +- javipolo +- maorfr +- mlorenzofr +- rporres \ No newline at end of file diff --git a/ci-operator/jobs/rh-ecosystem-edge/enclave/rh-ecosystem-edge-enclave-main-presubmits.yaml b/ci-operator/jobs/rh-ecosystem-edge/enclave/rh-ecosystem-edge-enclave-main-presubmits.yaml new file mode 100644 index 0000000000000..8d01819547371 --- /dev/null +++ b/ci-operator/jobs/rh-ecosystem-edge/enclave/rh-ecosystem-edge-enclave-main-presubmits.yaml @@ -0,0 +1,506 @@ +presubmits: + rh-ecosystem-edge/enclave: + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build01 + context: ci/prow/ansible-lint + decorate: true + decoration_config: + skip_cloning: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-rh-ecosystem-edge-enclave-main-ansible-lint + rerun_command: /test ansible-lint + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=ansible-lint + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )ansible-lint,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build01 + context: ci/prow/ansible-tags + decorate: true + decoration_config: + skip_cloning: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-rh-ecosystem-edge-enclave-main-ansible-tags + rerun_command: /test ansible-tags + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=ansible-tags + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )ansible-tags,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build01 + context: ci/prow/json-schema + decorate: true + decoration_config: + skip_cloning: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-rh-ecosystem-edge-enclave-main-json-schema + rerun_command: /test json-schema + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=json-schema + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )json-schema,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build01 + context: ci/prow/makefile-validation + decorate: true + decoration_config: + skip_cloning: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-rh-ecosystem-edge-enclave-main-makefile-validation + rerun_command: /test makefile-validation + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=makefile-validation + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )makefile-validation,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build01 + context: ci/prow/plugin-validation + decorate: true + decoration_config: + skip_cloning: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-rh-ecosystem-edge-enclave-main-plugin-validation + rerun_command: /test plugin-validation + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=plugin-validation + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )plugin-validation,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build01 + context: ci/prow/shellcheck + decorate: true + decoration_config: + skip_cloning: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-rh-ecosystem-edge-enclave-main-shellcheck + rerun_command: /test shellcheck + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=shellcheck + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )shellcheck,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build01 + context: ci/prow/template-rendering + decorate: true + decoration_config: + skip_cloning: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-rh-ecosystem-edge-enclave-main-template-rendering + rerun_command: /test template-rendering + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=template-rendering + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )template-rendering,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^main$ + - ^main- + cluster: build01 + context: ci/prow/yamllint + decorate: true + decoration_config: + skip_cloning: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-rh-ecosystem-edge-enclave-main-yamllint + rerun_command: /test yamllint + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --report-credentials-file=/etc/report/credentials + - --target=yamllint + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )yamllint,?($|\s.*) diff --git a/core-services/prow/02_config/rh-ecosystem-edge/enclave/_pluginconfig.yaml b/core-services/prow/02_config/rh-ecosystem-edge/enclave/_pluginconfig.yaml new file mode 100644 index 0000000000000..f9000d8a31634 --- /dev/null +++ b/core-services/prow/02_config/rh-ecosystem-edge/enclave/_pluginconfig.yaml @@ -0,0 +1,55 @@ +approve: +- commandHelpLink: "" + repos: + - rh-ecosystem-edge/enclave + require_self_approval: false +external_plugins: + rh-ecosystem-edge/enclave: + - endpoint: http://refresh + events: + - issue_comment + name: refresh + - endpoint: http://cherrypick + events: + - issue_comment + - pull_request + name: cherrypick + - endpoint: http://needs-rebase + events: + - issue_comment + - pull_request + name: needs-rebase + - endpoint: http://jira-lifecycle-plugin + events: + - issue_comment + - pull_request + name: jira-lifecycle-plugin +lgtm: +- repos: + - rh-ecosystem-edge/enclave + review_acts_as_lgtm: true +plugins: + rh-ecosystem-edge/enclave: + plugins: + - assign + - blunderbuss + - help + - hold + - jira + - label + - lgtm + - lifecycle + - override + - retitle + - size + - skip + - trigger + - verify-owners + - owners-label + - wip + - approve +triggers: +- repos: + - rh-ecosystem-edge/enclave + trusted_apps: + - openshift-merge-bot diff --git a/core-services/prow/02_config/rh-ecosystem-edge/enclave/_prowconfig.yaml b/core-services/prow/02_config/rh-ecosystem-edge/enclave/_prowconfig.yaml new file mode 100644 index 0000000000000..d26a82173b5e3 --- /dev/null +++ b/core-services/prow/02_config/rh-ecosystem-edge/enclave/_prowconfig.yaml @@ -0,0 +1,14 @@ +tide: + merge_method: + rh-ecosystem-edge/enclave: squash + queries: + - labels: + - approved + - lgtm + missingLabels: + - do-not-merge/hold + - do-not-merge/invalid-owners-file + - do-not-merge/work-in-progress + - needs-rebase + repos: + - rh-ecosystem-edge/enclave