Add trusted task rule data to allow konflux-ci tekton-catalog#195
Draft
Acepresso wants to merge 1 commit into
Draft
Add trusted task rule data to allow konflux-ci tekton-catalog#195Acepresso wants to merge 1 commit into
Acepresso wants to merge 1 commit into
Conversation
a823a81 to
becf4cf
Compare
st3penta
approved these changes
Dec 15, 2025
Contributor
Author
|
Due to the global scope of the change in this PR, we have decided to defer the merge until after the end-of-year break (mid-January). This ensures we have full team capacity to provide support and avoids catching the users by surprise. |
Contributor
|
Hi @Acepresso. I think we want this data in its own file e.g: trusted_task_rules:
allow:
- name: Implicitly trust all tasks from konflux-ci/tekton-catalog
pattern: oci://quay.io/konflux-ci/tekton-catalog/* |
becf4cf to
cc56edb
Compare
Contributor
Author
Done. |
Add a new rule data file `data/trusted_task_rules.yaml` with an allow rule that trusts all tasks from oci://quay.io/konflux-ci/tekton-catalog/ Ref: https://issues.redhat.com/browse/EC-1539 Assisted-by: Cursor (using claude-4.5-sonnet)
cc56edb to
c460cca
Compare
simonbaird
reviewed
Feb 23, 2026
Comment on lines
+1
to
+4
| trusted_task_rules: | ||
| allow: | ||
| - name: Implicitly trust all tasks from konflux-ci/tekton-catalog | ||
| pattern: oci://quay.io/konflux-ci/tekton-catalog/* |
Contributor
There was a problem hiding this comment.
If we do it like this then we are more consistent with the other rule data handling, wdyt.
Suggested change
| trusted_task_rules: | |
| allow: | |
| - name: Implicitly trust all tasks from konflux-ci/tekton-catalog | |
| pattern: oci://quay.io/konflux-ci/tekton-catalog/* | |
| rule_data: | |
| trusted_task_rules: | |
| allow: | |
| - name: Implicitly trust all tasks from konflux-ci/tekton-catalog | |
| pattern: oci://quay.io/konflux-ci/tekton-catalog/* |
Contributor
Author
There was a problem hiding this comment.
though the policy lib expects it to be trusted_task_rules, should I change it there?
st3penta
added a commit
to st3penta/rhtap-ec-policy
that referenced
this pull request
Mar 26, 2026
Add a new trusted_task_rules section to rule_data.yml with an allow rule that trusts all tasks from oci://quay.io/konflux-ci/tekton-catalog/. Ref: https://issues.redhat.com/browse/EC-1539 (original story) Ref: release-engineering#195 (original PR) Ref: https://issues.redhat.com/browse/EC-1540
st3penta
added a commit
to st3penta/rhtap-ec-policy
that referenced
this pull request
Mar 26, 2026
Add a new trusted_task_rules section to rule_data.yml with an allow rule that trusts all tasks from oci://quay.io/konflux-ci/tekton-catalog/. Ref: https://issues.redhat.com/browse/EC-1539 (original story) Ref: release-engineering#195 (original PR) Ref: https://issues.redhat.com/browse/EC-1540
st3penta
added a commit
to st3penta/rhtap-ec-policy
that referenced
this pull request
Mar 30, 2026
Add a new trusted_task_rules section to rule_data.yml with an allow rule that trusts all tasks from oci://quay.io/konflux-ci/tekton-catalog/. Ref: https://issues.redhat.com/browse/EC-1539 (original story) Ref: release-engineering#195 (original PR) Ref: https://issues.redhat.com/browse/EC-1540
Contributor
|
Replaced by #218 . |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add a new
trusted_task_rulessection to rule_data.yml with an allow rule that trusts all tasks from oci://quay.io/konflux-ci/tekton-catalog/Do not merge!
Due to the global scope of the change in this PR, we have decided to defer the merge until after the end-of-year break (mid-January). This ensures we have full team capacity to provide support and avoids catching the users by surprise.
Ref: https://issues.redhat.com/browse/EC-1539
Assisted-by: Cursor (using claude-4.5-sonnet)