Skip to content

feat(ISV-7320): create script for direct index image signing#823

Merged
johnbieren merged 1 commit into
konflux-ci:mainfrom
JakubDurkac:ISV-7320
Jun 26, 2026
Merged

feat(ISV-7320): create script for direct index image signing#823
johnbieren merged 1 commit into
konflux-ci:mainfrom
JakubDurkac:ISV-7320

Conversation

@JakubDurkac

@JakubDurkac JakubDurkac commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

REFERENCE:
Here's a proposed new implementation of direct-sign-index-image tekton task this python util is intended to be used in: konflux-ci/release-service-catalog#2315

CHANGES:
Adds direct_sign_index_image.py for signing FBC index images via the
container-signing pipeline, handling the logic from start to finish:
ConfigMap reading, reference translation, Pyxis signature filtering,
batching, and InternalRequest submission. Therefore, it's meant to
be called as a standalone single command from a new managed Tekton
task direct-sign-index-image with no other steps needed in bash.

Imports shared utilities from rh_direct_sign_image.py for signing
item model, Pyxis lookups, batching, and request submission.

  • Two functions specific to direct-sign-index-image:
    translate_reference, collect_fbc_signing_items
  • main() orchestrates args, ConfigMap, collection, filtering,
    batching, and submission via get_submit_config/submit_batches
  • Full unit test suite (25 tests)

Assisted-by: Claude Opus 4.6
Signed-off-by: Jakub Durkac jdurkac@redhat.com

@codecov-commenter

codecov-commenter commented Jun 12, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 95.52%. Comparing base (cec3549) to head (41081ff).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #823      +/-   ##
==========================================
+ Coverage   95.46%   95.52%   +0.06%     
==========================================
  Files          65       66       +1     
  Lines        6441     6531      +90     
==========================================
+ Hits         6149     6239      +90     
  Misses        292      292              
Flag Coverage Δ
unit-tests 95.52% <100.00%> (+0.06%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
...ts/python/tasks/managed/direct_sign_index_image.py 100.00% <100.00%> (ø)

Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cec3549...41081ff. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@JakubDurkac JakubDurkac changed the title feat(ISV-7320): prepare index image signing feat(ISV-7320): create script for direct index image signing Jun 23, 2026
@JakubDurkac JakubDurkac marked this pull request as ready for review June 23, 2026 11:08
Comment thread scripts/python/tasks/internal/rh_direct_sign_image.py
Comment thread scripts/python/tasks/managed/direct_sign_index_image.py
Comment thread scripts/python/tasks/managed/direct_sign_index_image.py Outdated
Adds direct_sign_index_image.py for signing FBC index images via the
container-signing pipeline, handling the logic from start to finish:
ConfigMap reading, reference translation, Pyxis signature filtering,
batching, and InternalRequest submission. Therefore, it's meant to
be called as a standalone single command from a new managed Tekton
task direct-sign-index-image with no other steps needed in bash.

Imports shared utilities from rh_direct_sign_image.py for signing
item model, Pyxis lookups, batching, and request submission.

- Two functions specific to direct-sign-index-image:
  translate_reference, collect_fbc_signing_items
- main() orchestrates args, ConfigMap, collection, filtering,
  batching, and submission via get_submit_config/submit_batches
- Full unit test suite (25 tests)

Assisted-by: Claude Opus 4.6
Signed-off-by: Jakub Durkac <jdurkac@redhat.com>
@davidmogar

Copy link
Copy Markdown
Contributor

Production Approval Record

Field Value
Action APPROVED
Reviewer @davidmogar
Timestamp 2026-06-26T08:38:39.546Z

@johnbieren johnbieren added this pull request to the merge queue Jun 26, 2026
Merged via the queue into konflux-ci:main with commit bde83bf Jun 26, 2026
25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

8 participants