test-infra
test-infra copied to clipboard
kyma-project
Test infrastructure for the Kyma project.
**Description** Image builder supports `push` or `pull_request_target` events only. Because the workflow file is taken from base branch for these events, it makes difficult to test changes in workflows using...
**Description** The oidc-token-verifier is loading GitHub identity provider public keys every time it runs in oci-image-builder pipeline. The GitHub OIDC identity provider supports scenario when public keys can be cached...
**Description** oidc-token-verifier checks the value of job_workflow_ref claim against an expected trusted workflow value. The expected workflow value is hardcoded along with trusted issuer data. These configuration data should be...
**Description** Image-builder tool triggers oci-image-builder pipeline when running as a client. Until pipeline finish execution a client provides only messages that the pipeline is still running. Once pipeline finish, image-buidler...
**Description** Access to the ADO PAT stored in GCP secret manager is granted using WIF PrincipalSet attribute. The attribute used in PrincipalSet must contain repository owner for the accessing workflow...
**Description** Autobumper tool must update image versions in all .tf files existing in our repositories. Updating an image versions to the latests available is needed for security fixes and features...
**Description** Autobumper tool does not updated image versions in github actions yml files. image-builder github action uses an one month old image version. https://github.com/kyma-project/test-infra/blob/79d1c90bd68539ab9ec97e4c6d2772afbc672c8e/.github/actions/image-builder/action.yml#L79 If the tools is excluding a...
**Description** Remove support for building images using kaniko and buildkit backend from image-builder tool. **Reasons** Image-builder is using a ADO backend as SLC-29 certified build system. **Acceptance Criteria** - [...
**Description** Image-builder tool has a sign-images mode. This mode signs images which were build previously. This mode does not need information about commit hashes of pull request or push event....
**Description** The prowjob `pre-test-infra-validate-kaniko-build-config` tests changes in kaniko config. This should be migrated to the GitHub Actions. The image-builder reusable workflow does not accept an input parameter `test-kaniko-build-config`. Path to...