Story (Required)

As a cluster admin trying to add OpenShift Builds to my cluster I want to install an operator that gives me an API to manage components.

<Describes high level purpose and goal for this story. Answers the questions: Who is impacted, what is it and why do we need it? How does it improve the customer’s experience?>

Background (Required)

<Describes the context or background related to this story>

Our first version of the OpenShift Builds operator is based on the upstream Shipwright operator. Shipwright is not a suitable upstream home for the Shared Resource CSI driver - and thus the upstream operator should not contain logic to deploy it.

As a first step, this story will bootstrap a new OLM operator repo that provides a new API for managing OpenShift Build components.

Out of scope

<Defines what is not included in this story>

• Deploying Shipwright components via the new operator.
• Deploying the Shared Resource CSI Driver via the new operator.
• Integration testing that involves deploying on an OpenShift cluster.
• Releasing the operator through Konflux.

Approach (Required)

<Description of the general technical path on how to achieve the goal of the story. Include details like json schema, class definitions>

1. Create a new GitHub organization - "redhat-openshift-builds"
2. Create repository within new org - "operator"
3. Initialize with operator-sdk, create a stub API:
   • Group: operator.openshift.io
   • Version: v1alpha1
   • Kind: OpenShiftBuild
4. Onboard operator repository to Konflux
   • rh-openshift-builds for the Konflux workspace name.
   • Application name: "Builds for Red Hat Openshift" (builds-rh-openshift )?
5. Enable security tasks in Konflux via the customized pipeline:
   1. ClamAV scan (Malware detection)
   2. Snyk code scan (SAST)
   3. SBOM generation and upload (Manifest + Bill of Materials)
6. Configure basic CI checks through Konflux (most likely a separate Pipelines as Code pipeline that runs `make test` in a container)

Initial sketch of the API discussed in https://github.com/openshift/enhancements/pull/1457

Dependencies

<Describes what this story depends on. Dependent Stories and EPICs should be linked to the story.>

• Operator SDK with OLM support/features.

Acceptance Criteria (Mandatory)

<Describe edge cases to consider when implementing the story and defining tests>

<Provides a required and minimum list of acceptance tests for this story. More is expected as the engineer implements this story>

• New GitHub repository for the operator
• OpenShiftBuilds custom resource is installed via OLM when the operator is installed.
• Konflux is able to build the operator container image. Team is able to manage the build process in the Konflux workspace.
• We are able to run the operator-sdk "make test" target on Konflux infrastructure.

INVEST Checklist

• Dependencies identified
• Blockers noted and expected delivery timelines set
• Design is implementable
• Acceptance criteria agreed upon
• Story estimated

Legend

• Unknown
• Verified
• Unsatisfied

Done Checklist

• Code is completed, reviewed, documented and checked in
• Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
• Continuous Delivery pipeline(s) is able to proceed with new code included
• Customer facing documentation, API docs etc. are produced/updated, reviewed and published
• Acceptance criteria are met