Skip to content

feat(ISV-6032): verify URLs of released SBOMs #1661

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

feat(ISV-6032): verify URLs of released SBOMs #1661

wants to merge 4 commits into from
+46 −0

Conversation

jedinym
Copy link
Contributor

@jedinym jedinym commented Aug 4, 2025
edited
Loading

The rh-advisories pipeline now also attaches SBOM artifacts to Release.Status.Artifacts. In the E2E tests we parse them and verify that the Atlas URLs of the SBOMs are valid.

Tested by running the E2E tests from the release-service-catalog side: konflux-ci/release-service-catalog#1294

https://issues.redhat.com/browse/ISV-6032

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Aug 4, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Aug 4, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign davidmogar for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jedinym
Copy link
Contributor Author

jedinym commented Aug 4, 2025

/ok-to-test

@jedinym jedinym mentioned this pull request Aug 4, 2025
Draft
@jedinym
Copy link
Contributor Author

jedinym commented Aug 4, 2025

/retest

1 similar comment
@jedinym
Copy link
Contributor Author

jedinym commented Aug 5, 2025

/retest

@konflux-ci-qe-bot
Copy link

@jedinym: The following test has Failed, say /retest to rerun failed tests.

PipelineRun Name Status Rerun command Build Log Test Log
konflux-e2e-sprvc Failed /retest View Pipeline Log View Test Logs

Inspecting Test Artifacts

To inspect your test artifacts, follow these steps:

  1. Install ORAS (see the ORAS installation guide).
  2. Download artifacts with the following commands:
mkdir -p oras-artifacts
cd oras-artifacts
oras pull quay.io/konflux-test-storage/konflux-team/e2e-tests:konflux-e2e-sprvc

Test results analysis

🚨 Error occurred while running the E2E tests, list of failed Spec(s):

➡️ [failed] [It] [release-pipelines-suite e2e tests for rh-advisories pipeline] Rh-advisories happy path Post-release verification verifies that Atlas SBOM URLs in Release artifacts are valid [release-pipelines, rh-advisories, rhAdvisories]

Click to view logs

Expected
    <[]string | len:0, cap:0>: nil
to have length 1

@jedinym jedinym mentioned this pull request Aug 5, 2025
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
do-not-merge/work-in-progress ok-to-test < 1 min
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jedinym @konflux-ci-qe-bot