Loading...

XML

Word

Printable

Type: Task
Resolution: Unresolved
Priority: Major
Fix Version/s: rhwa-4.21-0
Affects Version/s: None
Component/s: rhwa
Labels:
None

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
rhwa-25.y-release
Intelligence Requested:
Market:

Target Version:

rhwa-4.21-0

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Konflux supports many build pipelines https://konflux.pages.redhat.com/docs/users/installing/enabling-builds.html#available-pipelines, and we have been using the docker-build pipeline for our non-FBC components and docker-build-oci-ta for FBC components.

Required Changes

fbc changes

Move from docker-build-oci-ta to fbc-builder, since we the new one is ideal for FBC builds.

non-fbc changes

Given the optional build pipelines, we should transition from the docker-build pipeline to the docker-build-oci-ta pipeline for non-fbc components, since the oci-ta (in short) addresses significant architectural challenges related to scalability, resource contention (PVC quotas), and Enterprise Contract (EC) security enforcement.
Moreover (in long), the oci-ta pipelines leverage trusted artifacts. It also optionally creates a source image and runs some build-time tests. This pipeline requires that the multi platform controller is deployed and configured on your Konflux instance. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the trusted_task.trusted policy as long as all data used to build the artifact is generated from trusted tasks. This pipeline is pushed as a Tekton bundle to quay.io

After we switch to docker-build-oci-ta pipeline, we can aim for docker-build-multi-platform-oci-ta, which allows us to continue using one platform until we complete the switch to multiple platforms (RHWA-372 & ECOPROJECT-716), and see more at https://konflux.pages.redhat.com/docs/users/getting-started/multi-platform-builds.html).

How?

Modify the current pipeline based on the desired pipeline- e.g., https://github.com/konflux-ci/build-definitions/blob/main/pipelines/fbc-builder/fbc-builder.yaml
We can reconfigure the build pipeline https://konflux.pages.redhat.com/docs/users/building/reconfiguring-build-pipeline.html#changing-pipelines, and verify that with https://github.com/konflux-ci/olm-operator-konflux-sample/blob/e0fe58178ff82586cfd004065d0586f016aa6a9a/docs/konflux-onboarding.md#customize-tekton-pipleines and https://github.com/konflux-ci/olm-operator-konflux-sample/blob/e0fe58178ff82586cfd004065d0586f016aa6a9a/.tekton/gatekeeper-push.yaml#L35-L40.

More reference at https://konflux.pages.redhat.com/docs/users/building/customizing-the-build.html#_bring_your_own_quay_repository_to_the_build_pipeline

blocks

RHWA-514 Support multiple architectures / operating systems

Backlog

RHWA-372 Build NMO Images for ppc64le and s390x Architectures

Assignee:: Or Raz

Reporter:: Or Raz

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/11/16 1:24 PM

Updated:: 2026/01/05 11:38 AM

Details

Description

Required Changes

fbc changes

non-fbc changes

How?

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

PagerDuty