Story (Required)

As a Red Hat Engineer trying to release Builds for OpenShift I want all images for the product properly digest-pinned so that the operator can be released.

<Describes high level purpose and goal for this story. Answers the questions: Who is impacted, what is it and why do we need it? How does it improve the customer’s experience?>

Background (Required)

<Describes the context or background related to this story>

In order to release OLM operators, all operator and operand images need to be digest-pinned.

Out of scope

<Defines what is not included in this story>

• Updating pull specs to reference registry.redhat.io

Approach (Required)

<Description of the general technical path on how to achieve the goal of the story. Include details like json schema, class definitions>

• The builds-operator CSV manifest should be updated to digest-pin all operator and operand images in the `relatedImages` field. This includes images deployed by our cluster build strategies.
• Relevant environment variables used to control the deployed image refs of the operand images should also be updated to reference the operand images by digest.
• Cluster build strategies should only reference `registry.redhat.io` images by digest. These should match the reference in `relatedImages`.
• For now, pin digests referencing the build refs coming out of Konflux. See internal Konflux docs for more info.
• Update CEL expression for Konflux pipelines so operator component nudging can be enabled.

Dependencies

<Describes what this story depends on. Dependent Stories and EPICs should be linked to the story.>

• Konflux onboarding of operator.

Acceptance Criteria (Mandatory)

<Describe edge cases to consider when implementing the story and defining tests>

<Provides a required and minimum list of acceptance tests for this story. More is expected as the engineer implements this story>

• Operator CSV declares related images pinned by digest.
• Operand image deployments use images that match those in the `relatedImages` portion of the CSV.
• Image digests refer to either the internal Konflux org on quay.io, OR registry.redhat.io.
• Component nudging enabled for operator.

INVEST Checklist

Dependencies identified

Blockers noted and expected delivery timelines set

Design is implementable

Acceptance criteria agreed upon

Story estimated

Legend

Unknown

Verified

Unsatisfied

Done Checklist

• Code is completed, reviewed, documented and checked in
• Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
• Continuous Delivery pipeline(s) is able to proceed with new code included
• Customer facing documentation, API docs etc. are produced/updated, reviewed and published
• Acceptance criteria are met