Uploaded image for project: 'CentOS Stream Pipeline'
  1. CentOS Stream Pipeline
  2. CS-1770

Need documentation on the CS build to release pipeline

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • Release Engineering
    • None
    • 3
    • False
    • None
    • False
    • Testable

      When dealing with CS-2023-4911 (glibc local privilege escalation), which was an embargoed update for RHEL and is still not pushed to CS at the time of writing, it occurred to me that it's hard to figure out the relationship between the tags on kojihub.stream.centos.org, where the packages can be downloaded from, and what sort of testing has been done.

      Motivation: get access to signed packages that have undergone a reasonable amount of testing, so they can be evaluated for deployment in case of critical security updates, without waiting for the compose to hit mirrors

      Some questions:

      • what does the workflow look like, at a high level?
      • what's the transition between c9s-pending and c9s-pending-signed?
      • what sort of tests get run before a package hits c9s-pending-signed?
      • once a package gets tagged, how often do composes happen?
      • what sort of tests are run on a compose before the compose is ready to be pushed out? – bookwar said https://github.com/CentOS/sig-core-t_functional
      • do releases get pushed out automatically, periodically, or ad hoc?
      • can we expedite getting composes out if they contain critical security fixes?

          There are no Sub-Tasks for this issue.

              asamalik@redhat.com Adam Samalik
              michel.lind Michel Lind
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: