Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-20668

Enterprise contract failures for acm grafana-dashboard-loader

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • None
    • ACM 2.14.0
    • Observability
    • Product / Portfolio Work
    • 1
    • False
    • Hide

      None

      Show
      None
    • False
    • Observability Sprint 42
    • Critical
    • None

      Description of problem:

      There are many failures. Make sure you have attempted a build with updated pipelines

      Some violations are

      [Violation] slsa_build_scripted_build.image_built_by_trusted_task 
        ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/grafana-dashboard-loader-acm-214@sha256:cf659add3a490441c32d8ede09e1b6a6f2cd1cb183356c98faf2ba72b7aa34bd
        Reason: Image
        "quay.io/redhat-user-workloads/crt-redhat-acm-tenant/grafana-dashboard-loader-acm-214@sha256:cf659add3a490441c32d8ede09e1b6a6f2cd1cb183356c98faf2ba72b7aa34bd"
        not built by a trusted task: Build Task(s) "build-image-index" are not trusted
        Title: Image built by trusted Task
        Description: Verify the digest of the image being validated is reported by a trusted Task in its IMAGE_DIGEST result. To exclude
        this rule add "slsa_build_scripted_build.image_built_by_trusted_task" to the `exclude` section of the policy configuration.
        Solution: Make sure the build Pipeline definition uses a trusted Task to build images.
        
      [Violation] tasks.required_tasks_found
        ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/grafana-dashboard-loader-acm-214@sha256:cf659add3a490441c32d8ede09e1b6a6f2cd1cb183356c98faf2ba72b7aa34bd
        Reason: One of "buildah", "buildah-10gb", "buildah-6gb", "buildah-8gb", "buildah-remote", "buildah-oci-ta",
        "buildah-remote-oci-ta" tasks is missing
        Terms: buildah, buildah-10gb, buildah-6gb, buildah-8gb, buildah-remote, buildah-oci-ta, buildah-remote-oci-ta
        Title: All required tasks were included in the pipeline
        Description: Ensure that the set of required tasks are included in the PipelineRun attestation. To exclude this rule add one or
        more of "tasks.required_tasks_found:buildah", "tasks.required_tasks_found:buildah-10gb",
        "tasks.required_tasks_found:buildah-6gb", "tasks.required_tasks_found:buildah-8gb", "tasks.required_tasks_found:buildah-remote",
        "tasks.required_tasks_found:buildah-oci-ta", "tasks.required_tasks_found:buildah-remote-oci-ta" to the `exclude` section of the
        policy configuration.
        Solution: Make sure all required tasks are in the build pipeline. The required task list is contained as
        https://conforma.dev/docs/ec-cli/configuration.html#_data_sources under the key 'required-tasks'.

       

      Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:

      1.  
      2.  
      3. ...

      Actual results:

      Expected results:

      Additional info:

              rh-ee-jachanse Jacob Baungard Hansen
              gparvin-redhat Gus Parvin
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: