Uploaded image for project: 'OpenShift Workloads'
  1. OpenShift Workloads
  2. WRKLDS-1031

05- [OSSO 1.3.0] Create builds/images/advisories

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Major Major
    • None
    • None

      1.At this point either a new advisory needs to be created or an advisory for the given release already exists. In both cases the release-pipeline job needs to be run to attach the latest Brew builds to the advisory. In case a new advisory is created, the release-pipeline job will probably fail since the metadata CDN repos are not selected. One needs to:
      a.Find the newly created advisory (the release-pipeline logs will hold the number), e.g. https://errata.devel.redhat.com/advisory/117245
      b.Search for “CDN Repos for Advisory Metadata” (third row), push the “Set” button, check the “CDN” for “OSSO-1.1-RHEL-8” release and push the “Update” button
      c.Re-run the pipeline-release job
      d.Check the new builds got attached to the advisory
      e. Set Release Date on the advisory
      2.Attach any existing bugs/jira cards to the advisory (e.g. CVEs) in the “Details” tab. You can check the previous advisories for tips. All the bugs/jira cards need to be in MODIFIED state first before they can be properly attached.
      3.The advisory needs to be switched into QA state before our quality engineer can start testing the latest release. Switching to QA state is automatically done by the release-pipeline job. If that’s not the case something needs to be resolved first in the advisory. Once resolved, the release-pipeline job can be re-run.
      4.Check the “Greenwave CVP” tab. All test runs need to be green here. If not, all the failed runs need to be troubleshooted. Tip: Sometimes, it is necessary to select "Re-fetch" on the Errata to grab latest result on CVP. Also, sometimes it just takes longer to finish a test run. You can check the running CVP Jenkins job for progress. Each test run has a link to the job. E.g. https://jenkins-cvp-61d59c5412abd998d2073e5b.apps.ocp-c1.prod.psi.redhat.com/job/cvp-redhat-operator-bundle-image-validation-test/1/console.
      5.If any CVE is attached to the advisory check the errata type needs to be switched to RHSA. All the attached CVE need to be inspected for the Impact (Low, Moderate, Important, Critical). The highest impact of all CVEs wins.

      Notes:
      1. If your operator supports EOL OCP Version (eg. 4.10), you will have to build an extra bundle with “com.redhat.openshift.version” label set to "=v4.10". https://docs.engineering.redhat.com/display/SP/Shipping+Operators+to+EOL+OCP+versions
      2. Check for CVP Gating Validation to ensure correct annotation is set in the CSV (also make sure comet has the right/matching Required Subscription Type field/ not blank)

      Dependencies: CPaaS and SP Pipeline Configuration
      Responsible: Engineering

              jchaloup@redhat.com Jan Chaloupka
              rhn-support-rsidhart Ramona Sidharta
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: