Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-1066

CRW 2.2 images in Errata are not all listed in operator metadata image

    XMLWordPrintable

Details

    Description

      I wanted to verify is the small matter of the fact that the images in errata are for 4 cases different from those in Quay

      specifically: server, java11, kube, and openshift images were respun by Freshmaker but NOT also pushed to Quay

      codeready-workspaces-server-rhel8-container-2.2-13.1593144446
codeready-workspaces-plugin-java11-rhel8-container-2.2-9.1593143007
codeready-workspaces-plugin-kubernetes-rhel8-container-2.2-11.1593143021
codeready-workspaces-plugin-openshift-rhel8-container-2.2-7.1593143018
codeready-workspaces-stacks-dotnet-rhel8-container-2.2-2.1593124851 (already in Quay)

      My concern is that we might have invalid metadata in the operator-metadata image in osbs and in RHCC stage.

      And it looks like we do. latest in both registry-proxy.engineering.redhat.com/rh-osbs/codeready-workspaces-operator-metadata:2.2-49 (and 2.2-50) and quay.io/crw/crw-2-rhel8-operator-metadata:2.2-49 (and 2.2-50) all point at the un-cve-fixed images, eg.,

      checking the digest to tag mapping for plugin-java-11... it's the same as

      $➔ skopeo inspect docker:// quay.io/crw/plugin-java11-rhel8:2.2-9 | jq -r '.Digest'
sha256:8b6a89e4c7bb16d764767fc494a28735b0b9c05b50277e7f46fc55e0bcda8258

      but:

      $➔ skopeo inspect docker:// registry-proxy.engineering.redhat.com/rh-osbs/codeready-workspaces-plugin-java11-rhel8:2.2-9.1593143007 | jq -r '.Digest'
sha256:00f5031b5b1adab0ba29a5b993773f15fb2b7dbef25d62d326e99cb4c7d12f20

      So the operator metadata refers to images that are no longer in the errata because Freshmaker replaced them.

      Attachments

        1. screenshot-1.png
          screenshot-1.png
          425 kB
        2. screenshot-2.png
          screenshot-2.png
          93 kB
        3. screenshot-3.png
          screenshot-3.png
          111 kB

        Issue Links

          is related to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. CRW-1026 Use OSBS digest pinning to allow CVE fixes via Freshmaker; use env var tokens in devfile/plugin registries (no more images + digests)

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Task - Represents a small unit of work that is not end-user facing. CRW-1069 Should freshmaker respins be tagged :2.x and :latest, and used in OSBS and Quay registry/metadata builds?

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          QE Task - QE Task CRW-1067 QE automated tests need to be runnable against 4 different image sources

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              nickboldt Nick Boldt
              nickboldt Nick Boldt
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: