Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-1026

Use OSBS digest pinning to allow CVE fixes via Freshmaker; use env var tokens in devfile/plugin registries (no more images + digests)

XMLWordPrintable

    • Digest Pinning
    • 0% To Do, 0% In Progress, 100% Done

      Based on the discussion in today's Container Factory quarterly planning call, issues related to respinning operator-metadata containers when operands (related images) are going to be addressed in the next quarter.

      However, this issue around arbitrary image connections (eg., our registries referencing the digests of other containers) will likely NOT get done as it's been dubbed an Edgey McEdgeFace Case.

      Thus, we need to instead do this:

      THEN, we need to:

      • rewrite the devfile and plugin registries so that they can refer to TOKENS instead of hardcoded container references, and access the above RELATED_IMAGES env vars
        • (THIS IS THE HARD BIT)

      This would allow us to:

      • remove 2/3rds of the current push-rebuilt-container-to-quay, as we would no longer have to rebuild the registries
      • remove 2/3rds of the current update-digests-in-registries-and-metadata job, as we would no longer have to check for new registries (they'd be treated the same as sidecars and theia images) any new image would simply trigger a new operator-metadata build.

              nickboldt Nick Boldt
              nickboldt Nick Boldt
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: