Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 42 additions & 0 deletions pipelines/managed/slan-cuan-release/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# slan-cuan-release pipeline

Release pipeline for Lightwell Java artifacts (slan-cuan).
Comment on lines +1 to +3

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

1. Added pipelines/.../readme.md 📘 Rule violation ⚙ Maintainability

This PR adds pipelines/managed/slan-cuan-release/README.md, which is disallowed because README
files under pipelines/ are treated as auto-generated and must not be edited directly. Keeping this
change risks future drift from generator output and violates the no-README-edits policy.
Agent Prompt
## Issue description
A `README.md` was added under `pipelines/`, which is not allowed because these READMEs are auto-generated and must not be edited/committed directly.

## Issue Context
Compliance requires avoiding any content changes to `README.md` files under `tasks/` and `pipelines/`. Documentation should be produced via the repository’s README generation workflow rather than being edited in PRs.

## Fix Focus Areas
- pipelines/managed/slan-cuan-release/README.md[1-85]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


This pipeline orchestrates the complete release workflow for Java artifacts built by
PNC (Project Newcastle). All per-release configuration (image reference, signing key,
Trustify URLs, Pulp target) is derived from the Snapshot and ReleasePlanAdmission data
via collect-data, so no pipeline parameters need to be supplied at invocation time.

## Parameters

| Name | Description | Optional | Default value |
|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|------------------------------------------------------|
| release | The namespaced name (namespace/name) of the Release | No | - |
| releasePlan | The namespaced name (namespace/name) of the ReleasePlan | No | - |
| releasePlanAdmission | The namespaced name (namespace/name) of the ReleasePlanAdmission | No | - |
| releaseServiceConfig | The namespaced name (namespace/name) of the ReleaseServiceConfig | No | - |
| snapshot | The namespaced name (namespace/name) of the Snapshot | No | - |
| ociStorage | The OCI repository where Trusted Artifacts are stored | Yes | empty |
| ociArtifactExpiresAfter | Expiration date for trusted artifacts created in the OCI repository | Yes | 1d |
| trustedArtifactsDebug | Flag to enable debug logging in trusted artifacts | Yes | "" |
| orasOptions | oras options to pass to Trusted Artifacts calls | Yes | "" |
| dataDir | The location where data will be stored | Yes | /var/workdir/release |
| caTrustConfigMapName | The name of the ConfigMap to read CA bundle data from | Yes | trusted-ca |
| caTrustConfigMapKey | The name of the key in the ConfigMap that contains the CA bundle data | Yes | ca-bundle.crt |
| catalogGitUrl | The url to the git repo where release-service-catalog tasks are stored | Yes | https://github.com/arewm/release-service-catalog.git |
| catalogGitRevision | The revision in the catalogGitUrl repo to be used | Yes | lightwell-pipeline |
| taskGitUrl | The url to the git repo where the slan-cuan tasks are stored | Yes | https://github.com/konflux-lightwell/slan-cuan.git |
| taskGitRevision | The revision in the taskGitUrl repo to be used | No | - |
| registry-auth-secret | Kubernetes Secret name for registry authentication (.dockerconfigjson format). Points to a Docker/Podman auth config for accessing private registries | Yes | registry-auth |
| force-extract | Overwrite existing output directory if it exists. Without this flag, the extract task refuses to overwrite existing directories | Yes | false |
| radas-config-secret | Kubernetes Secret name containing RADAS configuration JSON. The secret must have a `config.json` key with RADAS API URL and credentials | Yes | radas-config |
| requester-id | Requester identity for signing operations. Used for audit trails and RADAS access control. Typically an email address | Yes | slan-cuan@org.com |
| zip-root-path | Root of the Maven repository tree inside the ZIP archive submitted to RADAS. The ZIP file structure is <ZIP_ROOT_PATH>/<maven-layout> | Yes | repository |
| product-key | Product key for metadata tagging. Identifies the product in RADAS records and signing logs | Yes | slan-cuan |
| ignore-patterns | Comma-separated regex patterns to exclude files from signing. Example: ".*-sources\\.jar$,.*-javadoc\\.jar$" excludes source and javadoc JARs | Yes | "" |
| sso-secret-name | Kubernetes Secret name with OIDC credentials. The secret must have `client-id` and `client-secret` keys for OAuth2 client credentials flow | Yes | trustify-sso |
| register-insecure | Disable TLS verification for Trustify API calls. Set to "true" to skip certificate validation (not recommended for production) | Yes | false |
| register-retries | Number of retry attempts for Trustify API calls. The task will retry failed API calls this many times before giving up | Yes | 3 |
| register-ca-cert-secret | Kubernetes Secret name for custom CA certificate (optional). The secret must have a `ca.crt` key containing the PEM-encoded CA certificate. Leave empty to use system CA bundle | Yes | "" |
| publish-insecure | Disable TLS verification for Pulp API calls. Set to "true" to skip certificate validation (not recommended for production) | Yes | false |
| publish-ca-cert-secret | Kubernetes Secret name for custom CA certificate (optional). The secret must have a `ca.crt` key containing the PEM-encoded CA certificate. Leave empty to use system CA bundle | Yes | "" |
Loading
Loading