Skip to content

Disable harden-runner step for nightly build#4988

Merged
tekton-robot merged 1 commit into
tektoncd:mainfrom
AlanGreene:nightly_harden_runner
May 22, 2026
Merged

Disable harden-runner step for nightly build#4988
tekton-robot merged 1 commit into
tektoncd:mainfrom
AlanGreene:nightly_harden_runner

Conversation

@AlanGreene

@AlanGreene AlanGreene commented May 22, 2026
edited
Loading

Copy link
Copy Markdown
Member

Changes

Related: #4975
Reverts #4983

This was re-enabled as the previous issue with gsutil is no longer relevant due to our move to OCI buckets.

However, we are now encountering a different error due to the proxy config that's preventing npm resolving the registry IP during the release pipeline's build-static step. This appears similar to a known issue with harden-runner reported with podman containers.

/kind misc

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

  • Docs included if any changes are user facing
  • Tests included if any functionality added or changed
  • Follows the commit message standard
  • Meets the Tekton contributor standards (including
    functionality, content, code)
  • Has a kind label. You can add one by adding a comment on this PR that contains /kind <type>. Valid types are bug, cleanup, design, documentation, feature, flake, misc, question, tep
  • Release notes block below has been updated with any user facing changes (new features, significant UI changes, API changes, bug fixes, changes requiring upgrade notices or deprecation warnings)
  • Release notes contains the string "action required" if the change requires additional action from users switching to the new release

Release Notes

NONE

@AlanGreene
Disable harden-runner step for nightly build
6dcc6ba 
This was re-enabled as the previous issue with gsutil is no longer
relevant due to our move to OCI buckets.

However, we are now encountering a different error due to the proxy
config that's preventing npm resolving the registry IP during the
release pipeline's build-static step. This appears similar to a
known issue with harden-runner reported with podman containers.
@tekton-robot tekton-robot added kind/misc Categorizes issue or PR as a miscellaneuous one. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels May 22, 2026
kaushalnavneet
kaushalnavneet approved these changes May 22, 2026
View reviewed changes

@kaushalnavneet kaushalnavneet left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label May 22, 2026
@AlanGreene

AlanGreene commented May 22, 2026

Copy link
Copy Markdown
Member Author

Existing issue tracking podman container problem: https://github.com/step-security/harden-runner/issues/559
I'll work on a simplified reproduction using kind and provide it to them either as a comment on that issue or in a new issue.

For now we'll just disable the step again.

@AlanGreene

AlanGreene commented May 22, 2026

Copy link
Copy Markdown
Member Author

/approve

@tekton-robot

tekton-robot commented May 22, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: AlanGreene, kaushalnavneet

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 22, 2026
@tekton-robot tekton-robot merged commit 02ae07c into tektoncd:main May 22, 2026
18 checks passed
@AlanGreene AlanGreene deleted the nightly_harden_runner branch May 22, 2026 20:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kaushalnavneet kaushalnavneet kaushalnavneet approved these changes
@briangleeson briangleeson Awaiting requested review from briangleeson
@LyndseyBu LyndseyBu Awaiting requested review from LyndseyBu

Assignees

@kaushalnavneet kaushalnavneet

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/misc Categorizes issue or PR as a miscellaneuous one. lgtm Indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AlanGreene @tekton-robot @kaushalnavneet