Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validation pipeline for FIPS stemcell #1135

Merged
merged 8 commits into from
Dec 13, 2023
Merged

Validation pipeline for FIPS stemcell #1135

merged 8 commits into from
Dec 13, 2023

Conversation

jochenehret
Copy link
Contributor

@jochenehret jochenehret commented Nov 13, 2023
edited
Loading

WHAT is this change about?

New validation pipeline for the FIPS Jammy stemcell.

What customer problem is being addressed? Use customer persona to define the problem e.g. Alana is unable to...

Alana wants to deploy CF on a FIPS compliant environment. CF shall be validated on a FIPS compliant stemcell.

Please provide any contextual information.

#1140

Has a cf-deployment including this change passed cf-acceptance-tests?

  • YES
  • NO

Does this PR introduce a breaking change? Please take a moment to read through the examples before answering the question.

  • YES - please choose the category from below. Feel free to provide additional details.
  • NO

How should this change be described in cf-deployment release notes?

Not relevant (new pipeline for CI infrastructure).

Does this PR introduce a new BOSH release into the base cf-deployment.yml manifest or any ops-files?

  • YES - please specify
  • NO

Does this PR make a change to an experimental or GA'd feature/component?

  • experimental feature/component
  • GA'd feature/component

Please provide Acceptance Criteria for this change?

Pipeline can be uploaded and executed: https://concourse.wg-ard.ci.cloudfoundry.org/teams/main/pipelines/fips-stemcell

What is the level of urgency for publishing this change?

  • Urgent - unblocks current or future work
  • Slightly Less than Urgent

@jochenehret
Copy link
Contributor Author

Waiting for concourse/bosh-io-stemcell-resource#33

@jochenehret
Add bosh-io stemcell resource with authentication for FIPS stemcell
5570a11
@jochenehret
Use dev bosh-io-stemcell resource
58d344e 
* downloading the fips-stemcell with credentials now works
* add upload-stemcell task
* configure use-fips-stemcell ops file
@jochenehret
fix collect-ops-files config
816f040
@jochenehret
Remove "use-fips-stemcell" ops file from pipeline
ebed84d 
* FIPS stemcell will have the same os name as the regular stemcell, so we don't need an ops file
dimivel
dimivel approved these changes Dec 4, 2023
View reviewed changes
Copy link
Contributor

@dimivel dimivel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jochenehret jochenehret mentioned this pull request Dec 4, 2023
Merged
8 tasks
@jochenehret
Use "latest" stemcell and skip stemcell upload in bosh-deploy task
2d81076 
* this ensures that we always use the latest version of the "fips-stemcell" input
@jochenehret jochenehret mentioned this pull request Dec 6, 2023
Closed
@jochenehret jochenehret marked this pull request as ready for review December 6, 2023 12:39
@jochenehret
Copy link
Contributor Author

Note: When the jobs are green, we should add the ops file https://github.com/cloudfoundry/cf-deployment/blob/main/operations/stop-skipping-tls-validation.yml to enable SSL for the API access.

@jochenehret jochenehret requested a review from a team December 12, 2023 10:24
@jochenehret jochenehret merged commit fa63c68 into develop Dec 13, 2023
@jochenehret jochenehret deleted the fips_pipeline_2 branch December 13, 2023 08:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dimivel dimivel dimivel approved these changes

@iaftab-alam iaftab-alam iaftab-alam approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jochenehret @iaftab-alam @dimivel