From d28a64d21651f52028816c67b257c37749d722d9 Mon Sep 17 00:00:00 2001 From: Misha Sugakov <537715+msugakov@users.noreply.github.com> Date: Wed, 15 Oct 2025 13:59:15 +0200 Subject: [PATCH 1/3] ROX-30918, ROX-31049: Update labels, fix docker mediaType (#2568) --- .tekton/collector-build.yaml | 4 ++++ .tekton/collector-component-pipeline.yaml | 25 +++++++++++++++++++++++ collector/container/konflux.Dockerfile | 8 +++----- 3 files changed, 32 insertions(+), 5 deletions(-) diff --git a/.tekton/collector-build.yaml b/.tekton/collector-build.yaml index b9d55f4f22..6952f56037 100644 --- a/.tekton/collector-build.yaml +++ b/.tekton/collector-build.yaml @@ -47,6 +47,10 @@ spec: value: 'true' - name: build-source-image value: 'true' + - name: extra-labels + value: + # X.Y in the cpe label must be adjusted for every version stream. + - "cpe=cpe:/a:redhat:advanced_cluster_security:X.Y::el8" workspaces: - name: git-auth diff --git a/.tekton/collector-component-pipeline.yaml b/.tekton/collector-component-pipeline.yaml index c4190f2200..97ffeef980 100644 --- a/.tekton/collector-component-pipeline.yaml +++ b/.tekton/collector-component-pipeline.yaml @@ -111,6 +111,9 @@ spec: default: docker type: string description: The format for the resulting image's mediaType. Valid values are oci or docker. + - name: extra-labels + type: array + description: Additional labels to put on the built containers. results: - description: "" name: IMAGE_URL @@ -263,6 +266,10 @@ spec: value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - name: BUILDAH_FORMAT value: $(params.buildah-format) + - name: LABELS + value: ["$(params.extra-labels[*])"] + - name: BUILD_TIMESTAMP + value: "$(tasks.clone-repository.results.commit-timestamp)" taskRef: params: - name: name @@ -303,6 +310,12 @@ spec: value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - name: PLATFORM value: linux/s390x + - name: BUILDAH_FORMAT + value: $(params.buildah-format) + - name: LABELS + value: ["$(params.extra-labels[*])"] + - name: BUILD_TIMESTAMP + value: "$(tasks.clone-repository.results.commit-timestamp)" taskRef: params: - name: name @@ -344,6 +357,12 @@ spec: value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - name: PLATFORM value: linux/ppc64le + - name: BUILDAH_FORMAT + value: $(params.buildah-format) + - name: LABELS + value: ["$(params.extra-labels[*])"] + - name: BUILD_TIMESTAMP + value: "$(tasks.clone-repository.results.commit-timestamp)" taskRef: params: - name: name @@ -385,6 +404,12 @@ spec: value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - name: PLATFORM value: linux/arm64 + - name: BUILDAH_FORMAT + value: $(params.buildah-format) + - name: LABELS + value: ["$(params.extra-labels[*])"] + - name: BUILD_TIMESTAMP + value: "$(tasks.clone-repository.results.commit-timestamp)" taskRef: params: - name: name diff --git a/collector/container/konflux.Dockerfile b/collector/container/konflux.Dockerfile index 3c31243884..aee2faef10 100644 --- a/collector/container/konflux.Dockerfile +++ b/collector/container/konflux.Dockerfile @@ -93,12 +93,15 @@ ARG COLLECTOR_TAG WORKDIR / LABEL \ + com.redhat.component="rhacs-collector-container" \ com.redhat.license_terms="https://www.redhat.com/agreements" \ description="This image supports runtime data collection for Red Hat Advanced Cluster Security for Kubernetes" \ distribution-scope="public" \ io.k8s.description="This image supports runtime data collection for Red Hat Advanced Cluster Security for Kubernetes" \ + io.k8s.display-name="collector" \ io.openshift.tags="rhacs,collector,stackrox" \ maintainer="Red Hat, Inc." \ + name="advanced-cluster-security/rhacs-collector-rhel8" \ # Custom Snapshot creation in `operator-bundle-pipeline` depends on source-location label to be set correctly. source-location="https://github.com/stackrox/collector" \ summary="Runtime data collection for Red Hat Advanced Cluster Security for Kubernetes" \ @@ -123,8 +126,3 @@ COPY LICENSE /licenses/LICENSE EXPOSE 8080 9090 ENTRYPOINT ["collector"] - -LABEL \ - com.redhat.component="rhacs-collector-container" \ - io.k8s.display-name="collector" \ - name="rhacs-collector-rhel8" From f198a60ed4e12121379f2a3e8c4e3f1ff78836bc Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Thu, 16 Oct 2025 19:09:51 +0200 Subject: [PATCH 2/3] Bump arm64 instance type for speedier builds. This is a cherry-pick of https://github.com/stackrox/collector/pull/2433 --- .tekton/collector-component-pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/collector-component-pipeline.yaml b/.tekton/collector-component-pipeline.yaml index 97ffeef980..2183d7c569 100644 --- a/.tekton/collector-component-pipeline.yaml +++ b/.tekton/collector-component-pipeline.yaml @@ -403,7 +403,7 @@ spec: - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - name: PLATFORM - value: linux/arm64 + value: linux-c2xlarge/arm64 - name: BUILDAH_FORMAT value: $(params.buildah-format) - name: LABELS From 77cd4d009ee3dcb9244aa33622a00779a561fdbb Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Thu, 16 Oct 2025 19:11:23 +0200 Subject: [PATCH 3/3] Update `cpe` label --- .tekton/collector-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/collector-build.yaml b/.tekton/collector-build.yaml index 6952f56037..69a1fe803b 100644 --- a/.tekton/collector-build.yaml +++ b/.tekton/collector-build.yaml @@ -50,7 +50,7 @@ spec: - name: extra-labels value: # X.Y in the cpe label must be adjusted for every version stream. - - "cpe=cpe:/a:redhat:advanced_cluster_security:X.Y::el8" + - "cpe=cpe:/a:redhat:advanced_cluster_security:4.7::el8" workspaces: - name: git-auth