diff --git a/ci-operator/config/openshift/router/openshift-router-master.yaml b/ci-operator/config/openshift/router/openshift-router-master.yaml index 4edb2c2883ca8..085ed6a5121df 100644 --- a/ci-operator/config/openshift/router/openshift-router-master.yaml +++ b/ci-operator/config/openshift/router/openshift-router-master.yaml @@ -40,6 +40,24 @@ tests: commands: go test -race ./... container: from: src +- as: fips-image-scan-haproxy-router + steps: + dependencies: + SCAN_IMAGE: haproxy-router + test: + - ref: fips-check-image-scan +- as: e2e-aws-fips + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|OWNERS_ALIASES|PROJECT|LICENSE)$ + steps: + cluster_profile: openshift-org-aws + env: + FIPS_ENABLED: "true" + pre: + - chain: ipi-aws-pre + - ref: fips-check + test: + - ref: openshift-e2e-test + workflow: ipi-aws - as: e2e-agnostic skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|OWNERS_ALIASES|PROJECT|LICENSE)$ steps: diff --git a/ci-operator/jobs/openshift/router/openshift-router-master-presubmits.yaml b/ci-operator/jobs/openshift/router/openshift-router-master-presubmits.yaml index 2f16438876453..41669c719f660 100644 --- a/ci-operator/jobs/openshift/router/openshift-router-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/router/openshift-router-master-presubmits.yaml @@ -81,6 +81,87 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )e2e-agnostic,?($|\s.*) + - agent: kubernetes + always_run: false + branches: + - ^master$ + - ^master- + cluster: build11 + context: ci/prow/e2e-aws-fips + decorate: true + labels: + ci-operator.openshift.io/cloud: aws + ci-operator.openshift.io/cloud-cluster-profile: openshift-org-aws + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-router-master-e2e-aws-fips + rerun_command: /test e2e-aws-fips + skip_if_only_changed: ^docs/|\.md$|^(?:.*/)?(?:\.gitignore|OWNERS|OWNERS_ALIASES|PROJECT|LICENSE)$ + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=e2e-aws-fips + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )e2e-aws-fips,?($|\s.*) - agent: kubernetes always_run: false branches: @@ -572,6 +653,84 @@ presubmits: secret: secretName: result-aggregator trigger: (?m)^/test( | .* )e2e-upgrade,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - ^master$ + - ^master- + cluster: build09 + context: ci/prow/fips-image-scan-haproxy-router + decorate: true + labels: + ci.openshift.io/generator: prowgen + pj-rehearse.openshift.io/can-be-rehearsed: "true" + name: pull-ci-openshift-router-master-fips-image-scan-haproxy-router + rerun_command: /test fips-image-scan-haproxy-router + spec: + containers: + - args: + - --gcs-upload-secret=/secrets/gcs/service-account.json + - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson + - --lease-server-credentials-file=/etc/boskos/credentials + - --report-credentials-file=/etc/report/credentials + - --secret-dir=/secrets/ci-pull-credentials + - --target=fips-image-scan-haproxy-router + command: + - ci-operator + env: + - name: HTTP_SERVER_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + image: quay-proxy.ci.openshift.org/openshift/ci:ci_ci-operator_latest + imagePullPolicy: Always + name: "" + ports: + - containerPort: 8080 + name: http + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/boskos + name: boskos + readOnly: true + - mountPath: /secrets/ci-pull-credentials + name: ci-pull-credentials + readOnly: true + - mountPath: /secrets/gcs + name: gcs-credentials + readOnly: true + - mountPath: /secrets/manifest-tool + name: manifest-tool-local-pusher + readOnly: true + - mountPath: /etc/pull-secret + name: pull-secret + readOnly: true + - mountPath: /etc/report + name: result-aggregator + readOnly: true + serviceAccountName: ci-operator + volumes: + - name: boskos + secret: + items: + - key: credentials + path: credentials + secretName: boskos-credentials + - name: ci-pull-credentials + secret: + secretName: ci-pull-credentials + - name: manifest-tool-local-pusher + secret: + secretName: manifest-tool-local-pusher + - name: pull-secret + secret: + secretName: registry-pull-credentials + - name: result-aggregator + secret: + secretName: result-aggregator + trigger: (?m)^/test( | .* )fips-image-scan-haproxy-router,?($|\s.*) - agent: kubernetes always_run: true branches: