Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-1065

when updating registries and metadata, check for new CVE spins in Brew

XMLWordPrintable

      Recently we've seen that Freshmaker is aggressively rebuilding containers in unreleased Erratas.

      This results in a disconnect where the images in the errata are NEWER than those in Quay.

      Since QE won't test the staging bits because [reasons] and instead base most of their tests on the Quay copies, this means they're not actually testing the images included in the product.

      We should update this job
      https://codeready-workspaces-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/CRW_CI/view/Releng/job/update-digests-in-registries-and-metadata/

      so that it's checking osbs images instead of quay images, and if a disparity is found, the newer CVE fixed image in osbs should be pushed to quay before proceeding.

      We should also consider having this job

      https://codeready-workspaces-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/CRW_CI/view/Releng/job/push-latest-containers-to-quay/

      run on intervals to make sure we're always up to date in Quay when things are triggered via non-Jenkins processes like Freshmaker.

              nickboldt Nick Boldt
              nickboldt Nick Boldt
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: