Add embargo-check task to push-disk-images-to-cdn pipeline#2342
Add embargo-check task to push-disk-images-to-cdn pipeline#2342jangel97 wants to merge 1 commit into
Conversation
ef8abda to
939ba14
Compare
|
While working on this, I noticed that |
|
Thanks for submitting a fix for this! What It runs the Takes check-issues step — reads |
I don't think it's a bad idea to have for all pipelines unless I'm overlooking something. @johnbieren wdyt? @jangel97 I wouldn't expect you to do it everywhere unless you just want to. We certainly appreciate the contribution! |
Any pipeline that creates an advisory should likely have the embargo-check task. I am not sure if it hurts to have embargo-check in all pipelines, but we'd have to look into it |
Disk image releases were missing the embargo check that rh-advisories already has, allowing releases with embargoed CVEs in the release notes to be pushed to CDN without being caught. Signed-off-by: Jose Angel Morena <jmorenas@redhat.com>
939ba14 to
6839367
Compare
|
@swickersh The chain is now Please, let me know if anything else would be needed and thank you for the review! |
Summary
embargo-checktask to thepush-disk-images-to-cdnpipeline, matching whatrh-advisoriesalready hascheck-data-keysand beforepush-disk-images, gating artifact distribution on CVE embargo validationChanges
jiraAdvisorySecretextraction tocollect-task-paramsembargo-checktask betweencheck-data-keysandpush-disk-imagespush-disk-imagesto chainsourceDataArtifactfromembargo-checkSigned-off-by: Jose Angel Morena jmorenas@redhat.com