Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-41211

Implement Foreman-specific trusted-artifacts repository for Konflux release pipeline

XMLWordPrintable

    • False
    • None

      The Konflux release pipeline for Foreman components (Pulpcore, Foreman, Candlepin) is currently blocked at the push-to-external-registry step due to inability to pull from the default quay.io/konflux-ci/release-service-trusted-artifacts repository. Following the bootc team's approach, Foreman needs to implement its own trusted-artifacts solution within the Foreman Quay instance.

      Context: ReleasePlan and ReleasePlanAdmission configurations have been successfully merged for all three components (SAT-41059, SAT-41060, SAT-41061), but the release workflow fails when attempting to access Konflux's default trusted-artifacts repository.

      Failure Evidence: Konflux Release Tasks

      Root Cause: The push-to-external-registry.yaml pipeline references quay.io/konflux-ci/release-service-trusted-artifacts which Foreman cannot access.

      Reference Implementations:

      Expected Steps

      • Study bootc team's implementation to understand their trusted-artifacts approach
      • Analyze bootc patch.yaml to understand required customizations
      • Create trusted-artifacts repository in Foreman Quay instance (quay.io/foreman)
      • Fork/customize push-to-external-registry pipeline for Foreman
      • Adapt patch.yaml for Foreman-specific requirements and quirks
      • Configure appropriate permissions and access for the trusted-artifacts repository
      • Update ReleasePlan configurations to reference Foreman's trusted-artifacts repository
      • Test release pipeline with one component (e.g., Pulpcore)
      • Validate pipeline works for all three components (Pulpcore, Foreman, Candlepin)
      • Document the implementation and maintenance procedures

      Definition of Done

      • Foreman trusted-artifacts repository created in quay.io/foreman namespace
      • Custom push-to-external-registry pipeline implemented with Foreman-specific patches
      • All three component release pipelines (Pulpcore, Foreman, Candlepin) successfully complete push-to-external-registry step
      • Container images successfully pushed to external registries
      • Release workflow validated end-to-end for at least one component
      • Implementation documented with maintenance procedures
      • Solution follows bootc team's proven pattern while accommodating Foreman quirks
      • Pipeline failures resolved as evidenced by successful Konflux release task completions

              Unassigned Unassigned
              rhn-support-osousa Odilon Sousa
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: