ci-operator/config/openshift/cincinnati-graph-data: Publish graph-data image

[wking]

We'd removed similar publishing in 45509b1 (#31237). But it turns out some folks are interested in a graph-data image that contains only YAML configuration, even if those images are not produced by Red Hat's internal build system and signed. This commit asks Prow to build and promote a from-scratch graph-data image for those consumers, using the dockerfile_literal approach.

[openshift-ci-robot]

@wking: the following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-openshift-cincinnati-graph-data-master-e2e	openshift/cincinnati-graph-data	presubmit	Ci-operator config changed
pull-ci-openshift-cincinnati-graph-data-master-e2e-latest-cincinnati	openshift/cincinnati-graph-data	presubmit	Ci-operator config changed
pull-ci-openshift-cincinnati-graph-data-master-errata-webhook-unittests	openshift/cincinnati-graph-data	presubmit	Ci-operator config changed
pull-ci-openshift-cincinnati-graph-data-master-images	openshift/cincinnati-graph-data	presubmit	Ci-operator config changed
pull-ci-openshift-cincinnati-graph-data-master-validate-blocked-edges	openshift/cincinnati-graph-data	presubmit	Ci-operator config changed

Prior to this PR being merged, you will need to either run and acknowledge or opt to skip these rehearsals.

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 10 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse more to run up to 20 rehearsals
Comment: /pj-rehearse max to run up to 35 rehearsals
Comment: /pj-rehearse auto-ack to run up to 10 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse refresh to get an updated list of affected jobs (useful if you have new pushes to the branch)

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[wking]

/pj-rehearse

[wking]

/pj-rehearse

[wking]

/pj-rehearse

[wking]

/pj-rehearse ack

With a build03 registry token, using the output of the rehearsal job:

$ oc image mirror registry.build03.ci.openshift.org/ci-op-n1pkzi1j/stable:graph-data file://graph-data/:latest
$ tree v2
v2
└── graph-data
    ├── blobs
    │   ├── sha256:652d957b74550724ff8a7a00ae3a36a1a69d8ab9da1fff3c7fcb3e0df33939a4
    │   ├── sha256:9318a8e36ef583f50017c8e57fcdc7113ca46e60ff6eabbff961cb81ca07a775
    │   └── sha256:a431d5bdd3fd8a54de2cc2762416728cc0b71afb275cd4c04cc31b258dcbfb1c
    └── manifests
        ├── latest -> sha256:652d957b74550724ff8a7a00ae3a36a1a69d8ab9da1fff3c7fcb3e0df33939a4
        └── sha256:652d957b74550724ff8a7a00ae3a36a1a69d8ab9da1fff3c7fcb3e0df33939a4
$ jq . v2/graph-data/manifests/latest
{
  "schemaVersion": 2,
  "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
  "config": {
    "mediaType": "application/vnd.docker.container.image.v1+json",
    "size": 3986,
    "digest": "sha256:a431d5bdd3fd8a54de2cc2762416728cc0b71afb275cd4c04cc31b258dcbfb1c"
  },
  "layers": [
    {
      "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
      "size": 17021,
      "digest": "sha256:9318a8e36ef583f50017c8e57fcdc7113ca46e60ff6eabbff961cb81ca07a775"
    }
  ]
}
$ sha256sum v2/graph-data/manifests/latest
652d957b74550724ff8a7a00ae3a36a1a69d8ab9da1fff3c7fcb3e0df33939a4  v2/graph-data/manifests/latest
$ tar tvz <v2/graph-data/blobs/sha256:9318a8e36ef583f50017c8e57fcdc7113ca46e60ff6eabbff961cb81ca07a775 | head -n4
drwxr-xr-x root/root         0 2022-12-02 05:04 blocked-edges/
-rw-r--r-- root/root        19 2022-12-02 05:04 blocked-edges/4.1.1.yaml
-rw-r--r-- root/root        20 2022-12-02 05:04 blocked-edges/4.1.10.yaml
-rw-r--r-- root/root       145 2022-12-02 05:04 blocked-edges/4.10.0-fc.0.yaml
$ tar tvz <v2/graph-data/blobs/sha256:9318a8e36ef583f50017c8e57fcdc7113ca46e60ff6eabbff961cb81ca07a775 | grep -v '[.]yaml$'
drwxr-xr-x root/root         0 2022-12-02 05:04 blocked-edges/
drwxr-xr-x root/root         0 2022-12-02 05:04 channels/
drwxr-xr-x root/root         0 2022-12-02 05:04 raw/
-rw-r--r-- root/root       380 2022-12-02 05:04 raw/metadata.json

So that's a single layer with just the YAML/JSON config that Cincinnati needs, an image config, and an image manifest to tie the config and layer together, which is exactly what I wanted.

[petr-muller]

/hold

Configuration LGTM. There are still some discussions whether we actually want this or not, so holding, but feel free to unhold.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: petr-muller, wking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/config/openshift/cincinnati-graph-data/OWNERS [petr-muller,wking]
• ci-operator/jobs/openshift/cincinnati-graph-data/OWNERS [petr-muller,wking]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[LalatenduMohanty]

/hold cancel

[wking]

We're still discussing whether this is useful for QE or anything.

/hold

[openshift-bot]

Issues in openshift/release go stale after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 15d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

[openshift-bot]

Stale issue in openshift/release rot after 15d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 15d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten
/remove-lifecycle stale

[openshift-ci]

@wking: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[openshift-bot]

Rotten issues in openshift/release close after 15d of inactivity.

Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.

/close

[openshift-ci]

@openshift-bot: Closed this PR.

Details

In response to this:

Rotten issues in openshift/release close after 15d of inactivity.

Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.