User Story

As a cluster admin trying to install the Shared Resource CSI driver, I want all images to come from the Red Hat container catalog so that I run fully supported and secured installations of the CSI driver.

Background

Akin to BUILD-109.

We have decided to onboard Builds for OpenShift to Konflux for v1.1 (instead of CPaaS)

Out of Scope

• Re-productizing the webhook for the csi driver
• Re-productizing the must-gather image for the csi driver
• Driving CI through Konflux. We have CI infrastructure via OpenShift CI today, we don't need to disable this right now.

Approach (Required)

• Onboard openshift/csi-driver-shared-resource to Konflux.
• Enable SDL required tasks (ClamAV, Snyk scan, SBOM).
• (maybe?) Update openshift/release so we run OpenShift CI checks against the respective release branch.

Dependencies

• Konflux workspace for the Builds for OpenShift product
• Konflux GitHub app installed in the openshift org

Acceptance Criteria (Required)

• CSI driver image is built on Konflux
• SDL tasks are enabled for csi driver image (ClamAV, Snyk, SBOM)
• CI via openshift-ci continues to function

Open Questions

• Declaring a "release branch" - do we need permission to create our own branch for "builds-1.1"? Or do we continue with the default branch ("master")?
• Who do we reach out to when enabling the Konflux GitHub app for the openshift GitHub org?

INVEST Checklist

• Dependencies identified
• Blockers noted and expected delivery timelines set
• Design is implementable
• Acceptance criteria agreed upon
• Story estimated

Legend

• Unknown
• Verified
• Unsatisfied

Done Checklist

• Code is completed, reviewed, documented and checked in
• Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
• Continuous Delivery pipeline(s) is able to proceed with new code included
• Customer facing documentation, API docs etc. are produced/updated, reviewed and published
• Acceptance criteria are met