*** [INFO] Showing oc get 'builds' NAME TYPE FROM STATUS STARTED DURATION service-telemetry-operator-2 Docker Binary@52b6e47 Cancelled (CancelledBuild) 14 minutes ago 8s service-telemetry-operator-3 Docker Binary@52b6e47 Complete 14 minutes ago 1m57s smart-gateway-operator-2 Docker Binary@05457be Complete 12 minutes ago 1m17s sg-core-2 Docker Binary@3b4e5c4 Complete 10 minutes ago 3m34s sg-bridge-2 Docker Binary@20b3380 Complete 6 minutes ago 52s prometheus-webhook-snmp-2 Docker Binary@e992231 Complete 5 minutes ago 1m9s [INFO] oc get 'builds' -oyaml apiVersion: v1 items: - apiVersion: build.openshift.io/v1 kind: Build metadata: annotations: openshift.io/build-config.name: prometheus-webhook-snmp openshift.io/build.number: "2" openshift.io/build.pod-name: prometheus-webhook-snmp-2-build creationTimestamp: "2026-02-19T00:27:40Z" generation: 2 labels: build: prometheus-webhook-snmp buildconfig: prometheus-webhook-snmp openshift.io/build-config.name: prometheus-webhook-snmp openshift.io/build.start-policy: Serial name: prometheus-webhook-snmp-2 namespace: service-telemetry ownerReferences: - apiVersion: build.openshift.io/v1 controller: true kind: BuildConfig name: prometheus-webhook-snmp uid: 54364999-7f42-496e-98dc-6479409fae48 resourceVersion: "36172" uid: 577eb23c-2764-404a-82f0-c9b3578339fe spec: nodeSelector: null output: pushSecret: name: builder-dockercfg-9cxxm to: kind: ImageStreamTag name: prometheus-webhook-snmp:latest postCommit: {} resources: {} revision: git: author: email: victoria@redhat.com name: Victoria Martinez de la Cruz commit: e9922314cc777d251a07a5352311dc7afed0257d committer: email: noreply@github.com name: GitHub message: |- STF 1.5.7 release ops (#49) * Add calver as a build requirement calver is actually a build requirement of trove-classifiers, but it goes undetected by pip_find_builddeps.py because of [1]. This causes disconnected builds that rely on explicit requirements listings (like those done with Cachito) to fail. By adding it explicitly those builds should be fixed. Future runs of pip_find_builddeps.py will preserve this manual addition as long as the --append argument is passed to it. Related: RELDEL-6094 [1] https://github.com/pypa/pip/issues/7863 * Fixup prometheus_client requirement We were declaring 0.21.0 in setup.py and 0.21.1 elsewhere. Make everything match by declaring 0.21.1. * Bump pip from 25.0.1 to 25.3 Bumps [pip](https://github.com/pypa/pip) from 25.0.1 to 25.3. - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](https://github.com/pypa/pip/compare/25.0.1...25.3) --- updated-dependencies: - dependency-name: pip dependency-version: '25.3' dependency-type: direct:production ... Signed-off-by: dependabot[bot] * Use UBI9 instead of CentOS 9 Stream - Drop telnet - Ignore hadolint DL3007 * Update requirements and requirements-build (>= py3.9) (#47) * Dependencies are outdated and this could carry severe security concerns. Update dependencies using: pipreqs (used to generate a requirements.in) pip_find_builddeps (used to generate a requirements-build.in) pip-compile --allow-unsafe (used to generate requirements.txt and requirements-build.txt) See https://github.com/containerbuildsystem/cachito/blob/01a944ebe81c58e294aa79bda43b475634306828/docs/pip.md?plain=1#L166 for details * Remove comment from setuptools-scm in requirements-build.in (#50) * Remove comment from setuptools-scm Only comment out setuptools_scm<8.0 from requirements-build.in, which is conflicting with the other versions * Add calver dependency back --------- Signed-off-by: dependabot[bot] Co-authored-by: Miguel Garcia Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> type: Git serviceAccount: builder source: binary: {} dockerfile: | FROM registry.access.redhat.com/ubi9:latest # >> ignore SC2086 because passing quoted env vars to dnf causes issues (fail to install) # hadolint ignore=SC2086 RUN INSTALL_PKGS="\ procps-ng \ lsof \ python3 \ python3-devel \ gcc \ " && \ dnf -y --setopt=tsflags=nodocs --setopt=skip_missing_names_on_install=False install $INSTALL_PKGS && \ dnf -y clean all COPY . /source/app WORKDIR /source/app RUN python3 -m pip install --no-cache-dir -r requirements-build.txt && \ python3 -m pip install --no-cache-dir . && \ python3 -m pip freeze # Cleanup # >> ignore SC2086 because passing quoted env vars to dnf causes issues (fail to install) # hadolint ignore=SC2086 RUN UNINSTALL_PKGS="\ gcc \ " && \ dnf remove -y $UNINSTALL_PKGS && \ dnf -y clean all ENV SNMP_COMMUNITY="public" ENV SNMP_PORT=162 ENV SNMP_HOST="localhost" ENV SNMP_RETRIES=5 ENV SNMP_TIMEOUT=1 ENV ALERT_OID_LABEL="oid" ENV TRAP_OID_PREFIX="1.3.6.1.4.1.50495.15" ENV TRAP_DEFAULT_OID="1.3.6.1.4.1.50495.15.1.2.1" ENV TRAP_DEFAULT_SEVERITY="" EXPOSE 9099 CMD ["sh", "-c", "/usr/local/bin/prometheus-webhook-snmp --debug --snmp-port=\"${SNMP_PORT}\" --snmp-host=\"${SNMP_HOST}\" --snmp-community=\"${SNMP_COMMUNITY}\" --snmp-retries=\"${SNMP_RETRIES}\" --snmp-timeout=\"${SNMP_TIMEOUT}\" --alert-oid-label=\"${ALERT_OID_LABEL}\" --trap-oid-prefix=\"${TRAP_OID_PREFIX}\" --trap-default-oid=\"${TRAP_DEFAULT_OID}\" --trap-default-severity=\"${TRAP_DEFAULT_SEVERITY}\" run"] type: Binary strategy: dockerStrategy: from: kind: DockerImage name: registry.access.redhat.com/ubi9@sha256:0d37bd2384f10881a2b0fdf695af99816fdf468a499fe3ace43da84c3cb566aa type: Docker status: completionTimestamp: "2026-02-19T00:28:49Z" conditions: - lastTransitionTime: "2026-02-19T00:27:40Z" lastUpdateTime: "2026-02-19T00:27:40Z" status: "False" type: New - lastTransitionTime: "2026-02-19T00:27:42Z" lastUpdateTime: "2026-02-19T00:27:42Z" status: "False" type: Pending - lastTransitionTime: "2026-02-19T00:28:49Z" lastUpdateTime: "2026-02-19T00:28:49Z" status: "False" type: Running - lastTransitionTime: "2026-02-19T00:28:49Z" lastUpdateTime: "2026-02-19T00:28:49Z" status: "True" type: Complete config: kind: BuildConfig name: prometheus-webhook-snmp namespace: service-telemetry duration: 69000000000 output: to: imageDigest: sha256:f529469a21eca73426dd43ca14306c7ea43b8237d0961fc64f3bcedc7d4951ee outputDockerImageReference: image-registry.openshift-image-registry.svc:5000/service-telemetry/prometheus-webhook-snmp:latest phase: Complete stages: - durationMilliseconds: 6960 name: PullImages startTime: "2026-02-19T00:27:44Z" steps: - durationMilliseconds: 6960 name: PullBaseImage startTime: "2026-02-19T00:27:44Z" - durationMilliseconds: 53959 name: Build startTime: "2026-02-19T00:27:51Z" steps: - durationMilliseconds: 53959 name: DockerBuild startTime: "2026-02-19T00:27:51Z" - durationMilliseconds: 1182 name: PushImage startTime: "2026-02-19T00:28:45Z" steps: - durationMilliseconds: 1182 name: PushDockerImage startTime: "2026-02-19T00:28:45Z" startTimestamp: "2026-02-19T00:27:40Z" - apiVersion: build.openshift.io/v1 kind: Build metadata: annotations: openshift.io/build-config.name: service-telemetry-operator openshift.io/build.number: "2" openshift.io/build.pod-name: service-telemetry-operator-2-build creationTimestamp: "2026-02-19T00:18:35Z" generation: 2 labels: build: service-telemetry-operator buildconfig: service-telemetry-operator openshift.io/build-config.name: service-telemetry-operator openshift.io/build.start-policy: Serial name: service-telemetry-operator-2 namespace: service-telemetry ownerReferences: - apiVersion: build.openshift.io/v1 controller: true kind: BuildConfig name: service-telemetry-operator uid: e0d7dc12-5875-4ac9-b0a3-3892a380c95f resourceVersion: "34264" uid: 3a1cfb1c-5d4a-474c-a7fa-8af62195d088 spec: nodeSelector: null output: pushSecret: name: builder-dockercfg-9cxxm to: kind: ImageStreamTag name: service-telemetry-operator:latest postCommit: {} resources: {} revision: git: author: email: victoria@redhat.com name: Victoria Martinez de la Cruz commit: 52b6e47374323c8ae05a6bfbe1790b393fbcd8b6 committer: email: noreply@github.com name: GitHub message: |- STF 1.5.7 release ops (#697) * Update ansible-core in CI (#662) Updates the ansible-core version to 2.17.6 to fix several vulnerabilities existing in the current version (ansible-core==2.15.9). By default, Python3.9 is available in Centos 9 Stream. Unfortunately, newer versions of ansible-core are not available for Python3.9, so this change also updates our CI to install and consume Python 3.12. Also use kubernetes.core 5.0.0 in CI, we are already building STO with this version. Related commit a2ec3840033e8cdd327710b4751fddd3a930a394 * Fix CI readme Jobs now run on OCP 4.16 and OCP 4.18. And we were missing the nighly bundles + index deploy jobs index description * Fix Ansible-Core vulnerable to content protections bypass (#664) A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks. Affected versions >= 2.17.0b1, < 2.17.7rc1 Patched version 2.17.7rc1 * Use operator-sdk v1.39.2 (#666) Using a newer operator-sdk will make dependency management a lot easier for downstream hermetic build systems, like the ones used downstream. It also lets us do away with using different versions for bundle generation and deployment in our CI. * Close stdin on workflow operator-sdk generate bundle calls An open stdin makes operator-sdk assume it's supposed to take input from stdin, when we actually want it to look at the working directory. There is no way to avoid this using command-line flags, so we need to explicitly close the stdin pipe in all calls to it. * Bundle changes for Konflux support (#669) * Use full pullspecs for related images Renovate, used by Konflux for updating dependency references, works better with full container pullspecs rather than separate repository URLs and tags. This lets us inject pullspecs pinned by digest, which don't quite follow the repo:tag syntax. * Don't set update graph metadata in CSV This was originally added for the benefit of downstream builds, but those are moving to file-based catalog fragments which don't need update graph metadata to be embedded in the bundle. * Refactor pullspec building to make it more readable * Use /tmp instead of the base_dir to fetch CSV files * Update selector to get builder-dockercfg secret name (#674) Fix the step to properly gather the builder-dockercfg secret name. This is required to correctly set up the auth when building the index image * Use sto/sgo_bundle_image_path_internal for the index (#675) sto_bundle_image_path and sg_bundle_image_path variable names are used already by some parts of the automation and there is an overlap * Refactor steps for getting bundles info for local builds * Drop when clause for "Generate default package names" step We already check the condition holds for the entire block * Bump requests from 2.32.0 to 2.32.4 in /build/stf-run-ci (#672) Bumps [requests](https://github.com/psf/requests) from 2.32.0 to 2.32.4. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.32.0...v2.32.4) --- updated-dependencies: - dependency-name: requests dependency-version: 2.32.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Victoria Martinez de la Cruz * Set permissions explicitly to actions job (#676) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * bundle gen: allow passing in pre-generated bundle version (#678) This improves our support for generating bundles as part of multistage container builds, as a single pre-generated bundle version can be fed into the generated bundle and into the bundle container labels. RELDEL-7554 * Use crc-cloud image for OCP 4.18 jobs (#680) coreos-crc-extracted-2-48-0-3xl is deprecated, the replacement for it is crc-cloud-ocp-4-18-1-3xl Available images are in https://review.rdoproject.org/zuul/labels * Add support for deploy from catalog Add __deploy_from_catalog and __stf_catalog_index_image_path options to stf-run-ci. This new option allows to create a CatalogSource using a pre-built index image and deploy STF from it. This is particularly useful to test package metadata issues that would be invisible when testing bundles but very apparent when installing from the actual catalog. Closes: OSPRH-19028 * Update ansible-lint-ignore and fix linting issues We had some pre-existing linting issues that reappeared when renaming create_catalog.yml to create_index_image.yml. Update ansible-lint-ignore to supress these warnings. Also fixes create_catalog.yml linting issue (missing empty line at EOF) * Update olm.maxOpenShiftVersion to 4.18 olm.maxOpenShiftVersion in STO should be 4.18 instead of 4.16 This wrongly set config is preventing STF users to easily perform upgrades to the latest OCP supported version Closes-Bug: OSPRH-18670 * [zuul] Add PR jobs to the periodic lines Since there is less development in STF now, we don't run the PR jobs as often. Running the jobs reqularly helps to find issues that crop up due to changing deps, etc and make sure the jobs still work. This change adds the jobs from the github-check pipeline into the periodic line, ensuring that they run regularly. * Use include_tasks instead of include_role * Drop name from include_tasks * Use catalogSource name and namespace for subscriptions Update setup_stf to use infrawatch_operators and namespace variables instead of hardwiring them. We have some logic that could go away now that we can select to deploy from a specific catalogsource. Precisely, infrawatch_catalog_source_manifest param. This was being used to pass a catalogsource manifest and deploy from it. * Drop "Set default InfraWatch OperatorSource manifest" This step is not longer useful since we can deploy from catalog by passing a pre-built index image or by using the default (which corresponds to the default in use here) * Clean up setup and deploy logic * Fix typo in catalog name for infrawatch_operators * Add jobs for deploy_from_catalog (#685) Add two jobs to test the deploy_from_catalog option By default, it will use the index image in https://quay.io/repository/infrawatch-operators/infrawatch-catalog Test deploying from the two latest supported OCP versions Closes: https://issues.redhat.com/browse/OSPRH-19031 * Enable all check jobs * Update ansible-lint pinned version (#688) Bump ansible-lint to 25.2.0 * Update ansible-lint-ignore with new linting issues ansible-lint 25.2.0 introduces new linting rules that we are not following. Add them to the ignore list. * Pin to ansible 12.0.0 * Fix stf-run-ci mutually exclusive deployment flags (#686) Fail when two or more of the non compatible deployment options are set. To make the check simpler, convert them to integers (where true becomes 1 and false becomes 0) and check if their sum is greater than 1. Closes-Bug: OSPRH-20165 * Use openshift-ansible-operator 4.20 in STO (#695) Partially-Closes: OSPRH-21875 * Bump the major supported OCP version for STO to OCP 4.20 (#693) * Bump the major supported OCP version for STO to OCP 4.20 * Drop OCP 4.16 from Dockerfile * Add OCP 4.20 jobs (#694) Add job definitions using crc-cloud-ocp-4-20-1-3xl as base image * Update nodesets name to stf-crc_cloud-ocpX.Y We no longer use crc extracted images, we now use crc cloud images Update the naming accordingly * Drop OCP 4.16 jobs Closes: OSPRH-21881 Closes: OSPRH-21882 * Fix typo in build/stf-run-ci/README.md (#698) --------- Signed-off-by: dependabot[bot] Co-authored-by: migarcia Co-authored-by: Emma Foley Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Emma Foley Co-authored-by: Alex Yefimov <126113326+ayefimov-1@users.noreply.github.com> type: Git serviceAccount: builder source: binary: {} dockerfile: | FROM quay.io/operator-framework/ansible-operator:v1.38.1 # temporarily switch to root user to adjust image layers USER 0 # Upstream CI builds need the additional EPEL sources for python3-passlib and python3-bcrypt but have no working repos to install epel-release # NO_PROXY is undefined in upstream CI builds, but defined (usually blank) during openshift builds (a possibly brittle hack) RUN bash -c -- 'if [ "${NO_PROXY:-__ZZZZZ}" == "__ZZZZZ" ]; then echo "Applying upstream EPEL hacks" && echo -e "-----BEGIN PGP PUBLIC KEY BLOCK-----\nmQINBGE3mOsBEACsU+XwJWDJVkItBaugXhXIIkb9oe+7aadELuVo0kBmc3HXt/Yp\nCJW9hHEiGZ6z2jwgPqyJjZhCvcAWvgzKcvqE+9i0NItV1rzfxrBe2BtUtZmVcuE6\n2b+SPfxQ2Hr8llaawRjt8BCFX/ZzM4/1Qk+EzlfTcEcpkMf6wdO7kD6ulBk/tbsW\nDHX2lNcxszTf+XP9HXHWJlA2xBfP+Dk4gl4DnO2Y1xR0OSywE/QtvEbN5cY94ieu\nn7CBy29AleMhmbnx9pw3NyxcFIAsEZHJoU4ZW9ulAJ/ogttSyAWeacW7eJGW31/Z\n39cS+I4KXJgeGRI20RmpqfH0tuT+X5Da59YpjYxkbhSK3HYBVnNPhoJFUc2j5iKy\nXLgkapu1xRnEJhw05kr4LCbud0NTvfecqSqa+59kuVc+zWmfTnGTYc0PXZ6Oa3rK\n44UOmE6eAT5zd/ToleDO0VesN+EO7CXfRsm7HWGpABF5wNK3vIEF2uRr2VJMvgqS\n9eNwhJyOzoca4xFSwCkc6dACGGkV+CqhufdFBhmcAsUotSxe3zmrBjqA0B/nxIvH\nDVgOAMnVCe+Lmv8T0mFgqZSJdIUdKjnOLu/GRFhjDKIak4jeMBMTYpVnU+HhMHLq\nuDiZkNEvEEGhBQmZuI8J55F/a6UURnxUwT3piyi3Pmr2IFD7ahBxPzOBCQARAQAB\ntCdGZWRvcmEgKGVwZWw5KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAk4EEwEI\nADgWIQT/itE0RZcQbs6BO5GKOHK/MihGfAUCYTeY6wIbDwULCQgHAgYVCgkICwIE\nFgIDAQIeAQIXgAAKCRCKOHK/MihGfFX/EACBPWv20+ttYu1A5WvtHJPzwbj0U4yF\n3zTQpBglQ2UfkRpYdipTlT3Ih6j5h2VmgRPtINCc/ZE28adrWpBoeFIS2YAKOCLC\nnZYtHl2nCoLq1U7FSttUGsZ/t8uGCBgnugTfnIYcmlP1jKKA6RJAclK89evDQX5n\nR9ZD+Cq3CBMlttvSTCht0qQVlwycedH8iWyYgP/mF0W35BIn7NuuZwWhgR00n/VG\n4nbKPOzTWbsP45awcmivdrS74P6mL84WfkghipdmcoyVb1B8ZP4Y/Ke0RXOnLhNe\nCfrXXvuW+Pvg2RTfwRDtehGQPAgXbmLmz2ZkV69RGIr54HJv84NDbqZovRTMr7gL\n9k3ciCzXCiYQgM8yAyGHV0KEhFSQ1HV7gMnt9UmxbxBE2pGU7vu3CwjYga5DpwU7\nw5wu1TmM5KgZtZvuWOTDnqDLf0cKoIbW8FeeCOn24elcj32bnQDuF9DPey1mqcvT\n/yEo/Ushyz6CVYxN8DGgcy2M9JOsnmjDx02h6qgWGWDuKgb9jZrvRedpAQCeemEd\nfhEs6ihqVxRFl16HxC4EVijybhAL76SsM2nbtIqW1apBQJQpXWtQwwdvgTVpdEtE\nr4ArVJYX5LrswnWEQMOelugUG6S3ZjMfcyOa/O0364iY73vyVgaYK+2XtT2usMux\nVL469Kj5m13T6w==\n=Mjs/\n-----END PGP PUBLIC KEY BLOCK-----" > /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9 && echo -e "[epel]\nname=Extra Packages for Enterprise Linux 9 - \$basearch\nmetalink=https://mirrors.fedoraproject.org/metalink?repo=epel-9&arch=\$basearch&infra=\$infra&content=\$contentdir\nenabled=1\ngpgcheck=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9" > /etc/yum.repos.d/epel.repo; fi' # update the base image to allow forward-looking optimistic updates during the testing phase, with the added benefit of helping move closer to passing security scans. # -- excludes ansible so it remains at 2.9 tag as shipped with the base image # -- installs python3-passlib and python3-bcrypt for oauth-proxy interface # -- cleans up the cached data from dnf to keep the image as small as possible RUN dnf update -y --exclude=ansible* && dnf install -y python3-passlib python3-bcrypt && dnf clean all && rm -rf /var/cache/dnf COPY requirements.yml ${HOME}/requirements.yml RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \ && chmod -R ug+rwx ${HOME}/.ansible # switch back to user 1001 when running the base image (non-root) USER 1001 # copy in required artifacts for the operator COPY watches.yaml ${HOME}/watches.yaml COPY roles/ ${HOME}/roles/ type: Binary strategy: dockerStrategy: from: kind: DockerImage name: quay.io/operator-framework/ansible-operator@sha256:9895727b7f66bb88fa4c6afdefc7eecf86e6b7c1293920f866a035da9decc58e type: Docker status: cancelled: true completionTimestamp: "2026-02-19T00:18:43Z" conditions: - lastTransitionTime: "2026-02-19T00:18:35Z" lastUpdateTime: "2026-02-19T00:18:35Z" status: "False" type: New - lastTransitionTime: "2026-02-19T00:18:42Z" lastUpdateTime: "2026-02-19T00:18:42Z" status: "False" type: Pending - lastTransitionTime: "2026-02-19T00:18:43Z" lastUpdateTime: "2026-02-19T00:18:43Z" status: "False" type: Running - lastTransitionTime: "2026-02-19T00:18:43Z" lastUpdateTime: "2026-02-19T00:18:43Z" message: The build was cancelled by the user. reason: CancelledBuild status: "True" type: Cancelled config: kind: BuildConfig name: service-telemetry-operator namespace: service-telemetry duration: 8000000000 message: The build was cancelled by the user. output: {} outputDockerImageReference: image-registry.openshift-image-registry.svc:5000/service-telemetry/service-telemetry-operator:latest phase: Cancelled reason: CancelledBuild startTimestamp: "2026-02-19T00:18:35Z" - apiVersion: build.openshift.io/v1 kind: Build metadata: annotations: openshift.io/build-config.name: service-telemetry-operator openshift.io/build.number: "3" openshift.io/build.pod-name: service-telemetry-operator-3-build creationTimestamp: "2026-02-19T00:18:54Z" generation: 2 labels: build: service-telemetry-operator buildconfig: service-telemetry-operator openshift.io/build-config.name: service-telemetry-operator openshift.io/build.start-policy: Serial name: service-telemetry-operator-3 namespace: service-telemetry ownerReferences: - apiVersion: build.openshift.io/v1 controller: true kind: BuildConfig name: service-telemetry-operator uid: e0d7dc12-5875-4ac9-b0a3-3892a380c95f resourceVersion: "34718" uid: 390083ae-d85f-4153-8e7d-0b868700bfb2 spec: nodeSelector: null output: pushSecret: name: builder-dockercfg-9cxxm to: kind: ImageStreamTag name: service-telemetry-operator:latest postCommit: {} resources: {} revision: git: author: email: victoria@redhat.com name: Victoria Martinez de la Cruz commit: 52b6e47374323c8ae05a6bfbe1790b393fbcd8b6 committer: email: noreply@github.com name: GitHub message: |- STF 1.5.7 release ops (#697) * Update ansible-core in CI (#662) Updates the ansible-core version to 2.17.6 to fix several vulnerabilities existing in the current version (ansible-core==2.15.9). By default, Python3.9 is available in Centos 9 Stream. Unfortunately, newer versions of ansible-core are not available for Python3.9, so this change also updates our CI to install and consume Python 3.12. Also use kubernetes.core 5.0.0 in CI, we are already building STO with this version. Related commit a2ec3840033e8cdd327710b4751fddd3a930a394 * Fix CI readme Jobs now run on OCP 4.16 and OCP 4.18. And we were missing the nighly bundles + index deploy jobs index description * Fix Ansible-Core vulnerable to content protections bypass (#664) A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks. Affected versions >= 2.17.0b1, < 2.17.7rc1 Patched version 2.17.7rc1 * Use operator-sdk v1.39.2 (#666) Using a newer operator-sdk will make dependency management a lot easier for downstream hermetic build systems, like the ones used downstream. It also lets us do away with using different versions for bundle generation and deployment in our CI. * Close stdin on workflow operator-sdk generate bundle calls An open stdin makes operator-sdk assume it's supposed to take input from stdin, when we actually want it to look at the working directory. There is no way to avoid this using command-line flags, so we need to explicitly close the stdin pipe in all calls to it. * Bundle changes for Konflux support (#669) * Use full pullspecs for related images Renovate, used by Konflux for updating dependency references, works better with full container pullspecs rather than separate repository URLs and tags. This lets us inject pullspecs pinned by digest, which don't quite follow the repo:tag syntax. * Don't set update graph metadata in CSV This was originally added for the benefit of downstream builds, but those are moving to file-based catalog fragments which don't need update graph metadata to be embedded in the bundle. * Refactor pullspec building to make it more readable * Use /tmp instead of the base_dir to fetch CSV files * Update selector to get builder-dockercfg secret name (#674) Fix the step to properly gather the builder-dockercfg secret name. This is required to correctly set up the auth when building the index image * Use sto/sgo_bundle_image_path_internal for the index (#675) sto_bundle_image_path and sg_bundle_image_path variable names are used already by some parts of the automation and there is an overlap * Refactor steps for getting bundles info for local builds * Drop when clause for "Generate default package names" step We already check the condition holds for the entire block * Bump requests from 2.32.0 to 2.32.4 in /build/stf-run-ci (#672) Bumps [requests](https://github.com/psf/requests) from 2.32.0 to 2.32.4. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.32.0...v2.32.4) --- updated-dependencies: - dependency-name: requests dependency-version: 2.32.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Victoria Martinez de la Cruz * Set permissions explicitly to actions job (#676) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * bundle gen: allow passing in pre-generated bundle version (#678) This improves our support for generating bundles as part of multistage container builds, as a single pre-generated bundle version can be fed into the generated bundle and into the bundle container labels. RELDEL-7554 * Use crc-cloud image for OCP 4.18 jobs (#680) coreos-crc-extracted-2-48-0-3xl is deprecated, the replacement for it is crc-cloud-ocp-4-18-1-3xl Available images are in https://review.rdoproject.org/zuul/labels * Add support for deploy from catalog Add __deploy_from_catalog and __stf_catalog_index_image_path options to stf-run-ci. This new option allows to create a CatalogSource using a pre-built index image and deploy STF from it. This is particularly useful to test package metadata issues that would be invisible when testing bundles but very apparent when installing from the actual catalog. Closes: OSPRH-19028 * Update ansible-lint-ignore and fix linting issues We had some pre-existing linting issues that reappeared when renaming create_catalog.yml to create_index_image.yml. Update ansible-lint-ignore to supress these warnings. Also fixes create_catalog.yml linting issue (missing empty line at EOF) * Update olm.maxOpenShiftVersion to 4.18 olm.maxOpenShiftVersion in STO should be 4.18 instead of 4.16 This wrongly set config is preventing STF users to easily perform upgrades to the latest OCP supported version Closes-Bug: OSPRH-18670 * [zuul] Add PR jobs to the periodic lines Since there is less development in STF now, we don't run the PR jobs as often. Running the jobs reqularly helps to find issues that crop up due to changing deps, etc and make sure the jobs still work. This change adds the jobs from the github-check pipeline into the periodic line, ensuring that they run regularly. * Use include_tasks instead of include_role * Drop name from include_tasks * Use catalogSource name and namespace for subscriptions Update setup_stf to use infrawatch_operators and namespace variables instead of hardwiring them. We have some logic that could go away now that we can select to deploy from a specific catalogsource. Precisely, infrawatch_catalog_source_manifest param. This was being used to pass a catalogsource manifest and deploy from it. * Drop "Set default InfraWatch OperatorSource manifest" This step is not longer useful since we can deploy from catalog by passing a pre-built index image or by using the default (which corresponds to the default in use here) * Clean up setup and deploy logic * Fix typo in catalog name for infrawatch_operators * Add jobs for deploy_from_catalog (#685) Add two jobs to test the deploy_from_catalog option By default, it will use the index image in https://quay.io/repository/infrawatch-operators/infrawatch-catalog Test deploying from the two latest supported OCP versions Closes: https://issues.redhat.com/browse/OSPRH-19031 * Enable all check jobs * Update ansible-lint pinned version (#688) Bump ansible-lint to 25.2.0 * Update ansible-lint-ignore with new linting issues ansible-lint 25.2.0 introduces new linting rules that we are not following. Add them to the ignore list. * Pin to ansible 12.0.0 * Fix stf-run-ci mutually exclusive deployment flags (#686) Fail when two or more of the non compatible deployment options are set. To make the check simpler, convert them to integers (where true becomes 1 and false becomes 0) and check if their sum is greater than 1. Closes-Bug: OSPRH-20165 * Use openshift-ansible-operator 4.20 in STO (#695) Partially-Closes: OSPRH-21875 * Bump the major supported OCP version for STO to OCP 4.20 (#693) * Bump the major supported OCP version for STO to OCP 4.20 * Drop OCP 4.16 from Dockerfile * Add OCP 4.20 jobs (#694) Add job definitions using crc-cloud-ocp-4-20-1-3xl as base image * Update nodesets name to stf-crc_cloud-ocpX.Y We no longer use crc extracted images, we now use crc cloud images Update the naming accordingly * Drop OCP 4.16 jobs Closes: OSPRH-21881 Closes: OSPRH-21882 * Fix typo in build/stf-run-ci/README.md (#698) --------- Signed-off-by: dependabot[bot] Co-authored-by: migarcia Co-authored-by: Emma Foley Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Emma Foley Co-authored-by: Alex Yefimov <126113326+ayefimov-1@users.noreply.github.com> type: Git serviceAccount: builder source: binary: {} dockerfile: | FROM quay.io/operator-framework/ansible-operator:v1.38.1 # temporarily switch to root user to adjust image layers USER 0 # Upstream CI builds need the additional EPEL sources for python3-passlib and python3-bcrypt but have no working repos to install epel-release # NO_PROXY is undefined in upstream CI builds, but defined (usually blank) during openshift builds (a possibly brittle hack) RUN bash -c -- 'if [ "${NO_PROXY:-__ZZZZZ}" == "__ZZZZZ" ]; then echo "Applying upstream EPEL hacks" && echo -e "-----BEGIN PGP PUBLIC KEY BLOCK-----\nmQINBGE3mOsBEACsU+XwJWDJVkItBaugXhXIIkb9oe+7aadELuVo0kBmc3HXt/Yp\nCJW9hHEiGZ6z2jwgPqyJjZhCvcAWvgzKcvqE+9i0NItV1rzfxrBe2BtUtZmVcuE6\n2b+SPfxQ2Hr8llaawRjt8BCFX/ZzM4/1Qk+EzlfTcEcpkMf6wdO7kD6ulBk/tbsW\nDHX2lNcxszTf+XP9HXHWJlA2xBfP+Dk4gl4DnO2Y1xR0OSywE/QtvEbN5cY94ieu\nn7CBy29AleMhmbnx9pw3NyxcFIAsEZHJoU4ZW9ulAJ/ogttSyAWeacW7eJGW31/Z\n39cS+I4KXJgeGRI20RmpqfH0tuT+X5Da59YpjYxkbhSK3HYBVnNPhoJFUc2j5iKy\nXLgkapu1xRnEJhw05kr4LCbud0NTvfecqSqa+59kuVc+zWmfTnGTYc0PXZ6Oa3rK\n44UOmE6eAT5zd/ToleDO0VesN+EO7CXfRsm7HWGpABF5wNK3vIEF2uRr2VJMvgqS\n9eNwhJyOzoca4xFSwCkc6dACGGkV+CqhufdFBhmcAsUotSxe3zmrBjqA0B/nxIvH\nDVgOAMnVCe+Lmv8T0mFgqZSJdIUdKjnOLu/GRFhjDKIak4jeMBMTYpVnU+HhMHLq\nuDiZkNEvEEGhBQmZuI8J55F/a6UURnxUwT3piyi3Pmr2IFD7ahBxPzOBCQARAQAB\ntCdGZWRvcmEgKGVwZWw5KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAk4EEwEI\nADgWIQT/itE0RZcQbs6BO5GKOHK/MihGfAUCYTeY6wIbDwULCQgHAgYVCgkICwIE\nFgIDAQIeAQIXgAAKCRCKOHK/MihGfFX/EACBPWv20+ttYu1A5WvtHJPzwbj0U4yF\n3zTQpBglQ2UfkRpYdipTlT3Ih6j5h2VmgRPtINCc/ZE28adrWpBoeFIS2YAKOCLC\nnZYtHl2nCoLq1U7FSttUGsZ/t8uGCBgnugTfnIYcmlP1jKKA6RJAclK89evDQX5n\nR9ZD+Cq3CBMlttvSTCht0qQVlwycedH8iWyYgP/mF0W35BIn7NuuZwWhgR00n/VG\n4nbKPOzTWbsP45awcmivdrS74P6mL84WfkghipdmcoyVb1B8ZP4Y/Ke0RXOnLhNe\nCfrXXvuW+Pvg2RTfwRDtehGQPAgXbmLmz2ZkV69RGIr54HJv84NDbqZovRTMr7gL\n9k3ciCzXCiYQgM8yAyGHV0KEhFSQ1HV7gMnt9UmxbxBE2pGU7vu3CwjYga5DpwU7\nw5wu1TmM5KgZtZvuWOTDnqDLf0cKoIbW8FeeCOn24elcj32bnQDuF9DPey1mqcvT\n/yEo/Ushyz6CVYxN8DGgcy2M9JOsnmjDx02h6qgWGWDuKgb9jZrvRedpAQCeemEd\nfhEs6ihqVxRFl16HxC4EVijybhAL76SsM2nbtIqW1apBQJQpXWtQwwdvgTVpdEtE\nr4ArVJYX5LrswnWEQMOelugUG6S3ZjMfcyOa/O0364iY73vyVgaYK+2XtT2usMux\nVL469Kj5m13T6w==\n=Mjs/\n-----END PGP PUBLIC KEY BLOCK-----" > /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9 && echo -e "[epel]\nname=Extra Packages for Enterprise Linux 9 - \$basearch\nmetalink=https://mirrors.fedoraproject.org/metalink?repo=epel-9&arch=\$basearch&infra=\$infra&content=\$contentdir\nenabled=1\ngpgcheck=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9" > /etc/yum.repos.d/epel.repo; fi' # update the base image to allow forward-looking optimistic updates during the testing phase, with the added benefit of helping move closer to passing security scans. # -- excludes ansible so it remains at 2.9 tag as shipped with the base image # -- installs python3-passlib and python3-bcrypt for oauth-proxy interface # -- cleans up the cached data from dnf to keep the image as small as possible RUN dnf update -y --exclude=ansible* && dnf install -y python3-passlib python3-bcrypt && dnf clean all && rm -rf /var/cache/dnf COPY requirements.yml ${HOME}/requirements.yml RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \ && chmod -R ug+rwx ${HOME}/.ansible # switch back to user 1001 when running the base image (non-root) USER 1001 # copy in required artifacts for the operator COPY watches.yaml ${HOME}/watches.yaml COPY roles/ ${HOME}/roles/ type: Binary strategy: dockerStrategy: from: kind: DockerImage name: quay.io/operator-framework/ansible-operator@sha256:9895727b7f66bb88fa4c6afdefc7eecf86e6b7c1293920f866a035da9decc58e type: Docker status: completionTimestamp: "2026-02-19T00:20:51Z" conditions: - lastTransitionTime: "2026-02-19T00:18:54Z" lastUpdateTime: "2026-02-19T00:18:54Z" status: "False" type: New - lastTransitionTime: "2026-02-19T00:18:56Z" lastUpdateTime: "2026-02-19T00:18:56Z" status: "False" type: Pending - lastTransitionTime: "2026-02-19T00:20:51Z" lastUpdateTime: "2026-02-19T00:20:51Z" status: "False" type: Running - lastTransitionTime: "2026-02-19T00:20:51Z" lastUpdateTime: "2026-02-19T00:20:51Z" status: "True" type: Complete config: kind: BuildConfig name: service-telemetry-operator namespace: service-telemetry duration: 117000000000 output: to: imageDigest: sha256:3c9bb24ca303ec1502ce4b0e1c503266f72e0b6c6bc7764bac304df24441bbb3 outputDockerImageReference: image-registry.openshift-image-registry.svc:5000/service-telemetry/service-telemetry-operator:latest phase: Complete stages: - durationMilliseconds: 20977 name: PullImages startTime: "2026-02-19T00:19:08Z" steps: - durationMilliseconds: 20977 name: PullBaseImage startTime: "2026-02-19T00:19:08Z" - durationMilliseconds: 76036 name: Build startTime: "2026-02-19T00:19:28Z" steps: - durationMilliseconds: 76036 name: DockerBuild startTime: "2026-02-19T00:19:28Z" - durationMilliseconds: 3837 name: PushImage startTime: "2026-02-19T00:20:45Z" steps: - durationMilliseconds: 3837 name: PushDockerImage startTime: "2026-02-19T00:20:45Z" startTimestamp: "2026-02-19T00:18:54Z" - apiVersion: build.openshift.io/v1 kind: Build metadata: annotations: openshift.io/build-config.name: sg-bridge openshift.io/build.number: "2" openshift.io/build.pod-name: sg-bridge-2-build creationTimestamp: "2026-02-19T00:26:31Z" generation: 2 labels: build: sg-bridge buildconfig: sg-bridge openshift.io/build-config.name: sg-bridge openshift.io/build.start-policy: Serial name: sg-bridge-2 namespace: service-telemetry ownerReferences: - apiVersion: build.openshift.io/v1 controller: true kind: BuildConfig name: sg-bridge uid: c8e23e3f-05bd-4d81-b58a-a993f0004793 resourceVersion: "35889" uid: ffbd09c3-4593-48b5-9caa-94685d530604 spec: nodeSelector: null output: pushSecret: name: builder-dockercfg-9cxxm to: kind: ImageStreamTag name: sg-bridge:latest postCommit: {} resources: {} revision: git: author: email: victoria@redhat.com name: Victoria Martinez de la Cruz commit: 20b3380bd52b66cdee3439de8f7718369da4e931 committer: email: noreply@github.com name: GitHub message: |- STF 1.5.6 release - sg-bridge is now built on ubi9 - Update to Golang to 1.21.13 - Github Actions now run on ubuntu-latest - Add IPv6 support. sg-bridge now accepts IPv6 addresses as amqp_url value. type: Git serviceAccount: builder source: binary: {} dockerfile: | # --- Build the bridge FROM registry.access.redhat.com/ubi9 AS builder # dependencies for qpid-proton-c COPY build/repos/opstools.repo /etc/yum.repos.d/opstools.repo # redhat-rpm-config is required to provide hardening compiling instructions # (such as /usr/lib/rpm/redhat/redhat-hardened-cc1) even though we're not # building RPMs here RUN dnf install qpid-proton-c-devel --setopt=tsflags=nodocs -y && \ dnf install gcc make redhat-rpm-config -y && \ dnf clean all ENV SGBRIDGE_DIR=/home/bridge WORKDIR $SGBRIDGE_DIR COPY . $SGBRIDGE_DIR/ RUN make && \ mv bridge /tmp/ # --- end build, create bridge runtime layer --- FROM registry.access.redhat.com/ubi9 # dependencies for qpid-proton-c COPY build/repos/opstools.repo /etc/yum.repos.d/opstools.repo RUN dnf install qpid-proton-c --setopt=tsflags=nodocs -y && \ dnf clean all && \ rm -rf /var/cache/yum COPY --from=builder /tmp/bridge / ENTRYPOINT ["/bridge"] LABEL io.k8s.display-name="SmartGateway AMQP Bridge" \ io.k8s.description="Reads data from AMQP via proton and writes to a unix or UDP socket" type: Binary strategy: dockerStrategy: from: kind: DockerImage name: registry.access.redhat.com/ubi9@sha256:0d37bd2384f10881a2b0fdf695af99816fdf468a499fe3ace43da84c3cb566aa type: Docker status: completionTimestamp: "2026-02-19T00:27:23Z" conditions: - lastTransitionTime: "2026-02-19T00:26:31Z" lastUpdateTime: "2026-02-19T00:26:31Z" status: "False" type: New - lastTransitionTime: "2026-02-19T00:26:32Z" lastUpdateTime: "2026-02-19T00:26:32Z" status: "False" type: Pending - lastTransitionTime: "2026-02-19T00:27:23Z" lastUpdateTime: "2026-02-19T00:27:23Z" status: "False" type: Running - lastTransitionTime: "2026-02-19T00:27:23Z" lastUpdateTime: "2026-02-19T00:27:23Z" status: "True" type: Complete config: kind: BuildConfig name: sg-bridge namespace: service-telemetry duration: 52000000000 output: to: imageDigest: sha256:6a0444b4c4bb45514f13b674a8970c697a6222ec3dae2aa774d75fea489399da outputDockerImageReference: image-registry.openshift-image-registry.svc:5000/service-telemetry/sg-bridge:latest phase: Complete stages: - durationMilliseconds: 5948 name: PullImages startTime: "2026-02-19T00:26:35Z" steps: - durationMilliseconds: 5948 name: PullBaseImage startTime: "2026-02-19T00:26:35Z" - durationMilliseconds: 39249 name: Build startTime: "2026-02-19T00:26:41Z" steps: - durationMilliseconds: 39249 name: DockerBuild startTime: "2026-02-19T00:26:41Z" - durationMilliseconds: 878 name: PushImage startTime: "2026-02-19T00:27:20Z" steps: - durationMilliseconds: 878 name: PushDockerImage startTime: "2026-02-19T00:27:20Z" startTimestamp: "2026-02-19T00:26:31Z" - apiVersion: build.openshift.io/v1 kind: Build metadata: annotations: openshift.io/build-config.name: sg-core openshift.io/build.number: "2" openshift.io/build.pod-name: sg-core-2-build creationTimestamp: "2026-02-19T00:22:40Z" generation: 2 labels: build: sg-core buildconfig: sg-core openshift.io/build-config.name: sg-core openshift.io/build.start-policy: Serial name: sg-core-2 namespace: service-telemetry ownerReferences: - apiVersion: build.openshift.io/v1 controller: true kind: BuildConfig name: sg-core uid: ba41bcd7-f21d-462e-be42-c6249ba19230 resourceVersion: "35627" uid: 7f544192-9679-4cb4-98ef-1e6fc435656c spec: nodeSelector: null output: pushSecret: name: builder-dockercfg-9cxxm to: kind: ImageStreamTag name: sg-core:latest postCommit: {} resources: {} revision: git: author: email: victoria@redhat.com name: Victoria Martinez de la Cruz commit: 3b4e5c4a427d60f8907be80e3503e7f4d4864669 committer: email: noreply@github.com name: GitHub message: |- STF 1.5.7 release ops (#162) * Pin Ceilometer to stable/2024.2 (#154) Even though we are pinning to the stable/2024.2 when cloning Devstack, we are pulling Ceilometer requirements from the master branch and this is generating dependencies conflict. Explicitily set stable/2024.2 branch when cloning Ceilometer to fix this. Closes-Bug: OSPRH-19908 * Bump gopkg.in/yaml.v3 from 3.0.0 to 3.0.1 (#153) --- updated-dependencies: - dependency-name: gopkg.in/yaml.v3 dependency-version: 3.0.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Victoria Martinez de la Cruz * Protect the expiryProc list with a mutex (#155) The container/list data structure used in expiry.go is not safe for concurrent use. See https://github.com/golang/go/issues/25105 Serialize the access to the shared list to avoid having check() on empty lists. Closes-Bug: OSPRH-18979 * Fix long message handling with dynamic buffer growth (#158) The socket transport plugin used a fixed 64KB buffer size which caused messages surpassing that size to be truncated For UDP/Unix datagram sockets, this resulted in parsing errors like "unexpected end of input" This change allows the buffer to grow (up to a limit depending on the protocol) to accommodate larger messages. * Create helper functions for TCP connection handling * Add helper sendUDPSocketMessage * Update TestUnixSocketTransport large message test This test verifies the dynamic buffer growth by sending three messages In each iteration the buffer grows from the initial size of 65535 bytes to 3 times the initial size. Also verifies the content of the received message Closes: OSPRH-23826 * Update to golang 1.24.11 (#159) * Fix non-constant format string in call Go 1.24.11 has stricter checking for format strings in printf-style functions to prevent format string vulnerabilities. * Bump golangci-lint version to 1.64.2 * Replace exportloopref for copyloopvar The linter 'exportloopref' is deprecated (since v1.60.2) * Update coveralls-badge workflow to be non-blocking (#160) Added "continue-on-error: true" to prevent badge failures from blocking PRs. Explicitly defined pull-requests: write permissions for GITHUB_TOKEN. Added try-catch safety logic and async/await to the script. * Improve test coverage for expiry.go (#164) Add tests for check() edge cases, run() function, and concurrent access. Co-authored-by: Claude Sonnet 4.5 * Improve test coverage for prometheus application plugin (#166) Add tests for New, Config, PromCollector methods, metricExpiry, collectorExpiry, ReceiveMetric, UpdateMetrics, Describe, and Collect. Omit logging and HTTP server tests. * Fix golangci-lint empty-block error in prometheus tests Replace empty for-range loop with explicit assignment to satisfy revive linter. * Add timestamp verification assertions to prometheus collector tests Enhance test coverage by adding assertions that verify the presence or absence of timestamps in collected metrics. The "collect with timestamp" test now verifies that metrics include the expected timestamp value, while the "collect with zero timestamp" test confirms that metrics with zero timestamps are sent without timestamp metadata. Also fixes default port assertion and cleans up empty-block lint issue. * Fix golangci-lint empty-block error in channel drain loop Replace empty for-range loop with explicit variable usage to resolve the revive empty-block linting error. Co-authored-by: Claude Sonnet 4.5 * Improve test coverage for socket transport plugin (#165) Add tests for Config, New, Listen, init errors, dump messages, and TCP parsing edge cases. * Fix golangci-lint errors in socket transport tests - Check error returns from binary.Write calls - Reduce file permissions from 0644 to 0600 Co-Authored-By: Claude Sonnet 4.5 * Add comprehensive test coverage for parser libraries (#168) Ceilometer: - ParseInputJSON with various message formats - ParseInputMsgPack for msgpack parsing - sanitize function with escaped quotes and payload formatting - Error handling for invalid JSON and malformed data - Edge cases: empty payloads, multiple metrics, user metadata Collectd: - ParseInputByte for all metric variations - Multi-dimensional metrics with multiple values - Optional fields (plugin_instance, type_instance) - Error handling for invalid JSON and non-array data - Edge cases: empty arrays, zero values, negative values, large values - Real-world virt plugin data formats * Add comprehensive test coverage for sensu parser library Create test file for sensubility-metrics sensu parser library with complete coverage of all validation and error building functions. Co-Authored-By: Claude Sonnet 4.5 * Add test coverage for manager package (#167) Create manager_test.go test cases covering setter functions, plugin initialization error paths, and edge cases. Co-authored-by: Claude Sonnet 4.5 --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.5 type: Git serviceAccount: builder source: binary: {} dockerfile: | # --- build smart gateway --- FROM registry.access.redhat.com/ubi9:latest AS builder ENV GOPATH=/go ENV D=/go/src/github.com/infrawatch/sg-core WORKDIR $D COPY . $D/ # dependencies for qpid-proton-c COPY build/repos/opstools.repo /etc/yum.repos.d/CentOS-OpsTools.repo RUN dnf install golang git qpid-proton-c-devel -y --setopt=tsflags=nodocs RUN go install golang.org/dl/go1.24.11@latest && /go/bin/go1.24.11 download && PRODUCTION_BUILD=false CONTAINER_BUILD=true GOCMD=/go/bin/go1.24.11 ./build.sh # --- end build, create smart gateway layer --- FROM registry.access.redhat.com/ubi9-minimal:latest LABEL io.k8s.display-name="Smart Gateway" \ io.k8s.description="A component of the Service Telemetry Framework on the server side that ingests data from AMQP 1.x and provides a metrics scrape endpoint for Prometheus, and forwards events to ElasticSearch" \ maintainer="Leif Madsen " COPY --from=builder /tmp/sg-core / COPY --from=builder /tmp/plugins/*.so /usr/lib64/sg-core/ ENTRYPOINT ["/sg-core"] type: Binary strategy: dockerStrategy: from: kind: DockerImage name: registry.access.redhat.com/ubi9-minimal@sha256:2bd144364d2cb06b08953ce5764cdbf236bbcd63cea214583c4ed011b4685453 type: Docker status: completionTimestamp: "2026-02-19T00:26:14Z" conditions: - lastTransitionTime: "2026-02-19T00:22:40Z" lastUpdateTime: "2026-02-19T00:22:40Z" status: "False" type: New - lastTransitionTime: "2026-02-19T00:22:42Z" lastUpdateTime: "2026-02-19T00:22:42Z" status: "False" type: Pending - lastTransitionTime: "2026-02-19T00:26:14Z" lastUpdateTime: "2026-02-19T00:26:14Z" status: "False" type: Running - lastTransitionTime: "2026-02-19T00:26:14Z" lastUpdateTime: "2026-02-19T00:26:14Z" status: "True" type: Complete config: kind: BuildConfig name: sg-core namespace: service-telemetry duration: 214000000000 output: to: imageDigest: sha256:d965d8951e3c87934ed7b6604849845f43a9f248d6f8125b2d874960e08c0709 outputDockerImageReference: image-registry.openshift-image-registry.svc:5000/service-telemetry/sg-core:latest phase: Complete stages: - durationMilliseconds: 10975 name: PullImages startTime: "2026-02-19T00:22:47Z" steps: - durationMilliseconds: 4099 name: PullBaseImage startTime: "2026-02-19T00:22:47Z" - durationMilliseconds: 6876 name: PullBaseImage startTime: "2026-02-19T00:22:51Z" - durationMilliseconds: 192539 name: Build startTime: "2026-02-19T00:22:58Z" steps: - durationMilliseconds: 192539 name: DockerBuild startTime: "2026-02-19T00:22:58Z" - durationMilliseconds: 1509 name: PushImage startTime: "2026-02-19T00:26:10Z" steps: - durationMilliseconds: 1509 name: PushDockerImage startTime: "2026-02-19T00:26:10Z" startTimestamp: "2026-02-19T00:22:40Z" - apiVersion: build.openshift.io/v1 kind: Build metadata: annotations: openshift.io/build-config.name: smart-gateway-operator openshift.io/build.number: "2" openshift.io/build.pod-name: smart-gateway-operator-2-build creationTimestamp: "2026-02-19T00:21:07Z" generation: 2 labels: build: smart-gateway-operator buildconfig: smart-gateway-operator openshift.io/build-config.name: smart-gateway-operator openshift.io/build.start-policy: Serial name: smart-gateway-operator-2 namespace: service-telemetry ownerReferences: - apiVersion: build.openshift.io/v1 controller: true kind: BuildConfig name: smart-gateway-operator uid: 5f447e60-08c8-43e0-bf4e-fd7fe0a74d98 resourceVersion: "34971" uid: f0ce2776-aa81-4a25-947b-0128f25f187d spec: nodeSelector: null output: pushSecret: name: builder-dockercfg-9cxxm to: kind: ImageStreamTag name: smart-gateway-operator:latest postCommit: {} resources: {} revision: git: author: email: victoria@redhat.com name: Victoria Martinez de la Cruz commit: 05457beb6cf6711033dfcba54a9a2981296af1e3 committer: email: noreply@github.com name: GitHub message: |- STF 1.5.7 release ops (#185) * Use operator-sdk v1.39.2 (#170) Using a newer operator-sdk will make dependency management a lot easier for downstream hermetic build systems. * Close stdin on workflow operator-sdk generate bundle calls An open stdin makes operator-sdk assume it's supposed to take input from stdin, when we actually want it to look at the working directory. There is no way to avoid this using command-line flags, so we need to explicitly close the stdin pipe in all calls to it. * Bundle changes for Konflux support (#171) * Use full pullspecs for related images Renovate, used by Konflux for updating dependency references, works better with full container pullspecs rather than separate repository URLs and tags. This lets us inject pullspecs pinned by digest, which don't quite follow the repo:tag syntax. * Don't set update graph metadata in CSV This was originally added for the benefit of downstream builds, but those are moving to file-based catalog fragments which don't need update graph metadata to be embedded in the bundle. * Refactor pullspec building to make it more readable * fixup: add tag to oauth-proxy pullspec (#173) Fixes a mistake introduced in [1]. Noticed while backporting the change to branch stable-1.5. [1] https://github.com/infrawatch/smart-gateway-operator/pull/171 * bundle gen: allow passing in pre-generated bundle version (#174) This improves our support for generating bundles as part of multistage container builds, as a single pre-generated bundle version can be fed into the generated bundle and into the bundle container labels. RELDEL-7554 * Update olm.maxOpenShiftVersion to 4.18 olm.maxOpenShiftVersion in SGO should be 4.18 instead of 4.16 This wrongly set config is preventing STF users to easily perform upgrades to the latest OCP supported version Closes-Bug: OSPRH-18670 * Update ansible-lint pinned version (#179) The version of ansible-lint is not compatible with the version of ansible-core we get in ubuntu-latest. Bump the version of ansible-lint to the next available version that fixes the issue. https://github.com/ansible/ansible-lint/releases/tag/v25.2.0 fixes the issue. Related Bug: OSPRH-20316 * Pin to ansible 12.0.0 (#180) * Use openshift-ansible-operator 4.20 in SGO (#184) Partially-Closes: OSPRH-21875 * Bump the major supported OCP version for SGO to OCP 4.20 (#183) * Drop OCP 4.16 from Dockerfile --------- Co-authored-by: migarcia type: Git serviceAccount: builder source: binary: {} dockerfile: | FROM quay.io/operator-framework/ansible-operator:v1.38.1 # temporarily switch to root user to adjust image layers USER 0 # update the base image to allow forward-looking optimistic updates during the testing phase, with the added benefit of helping move closer to passing security scans. # -- excludes ansible so it remains at 2.9 tag as shipped with the base image # -- cleans up the cached data from dnf to keep the image as small as possible RUN dnf update -y --exclude=ansible* && dnf clean all && rm -rf /var/cache/dnf COPY requirements.yml ${HOME}/requirements.yml RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \ && chmod -R ug+rwx ${HOME}/.ansible # switch back to user 1001 when running the base image (non-root) USER 1001 # copy in required artifacts for the operator COPY roles/ ${HOME}/roles/ COPY watches.yaml ${HOME}/watches.yaml type: Binary strategy: dockerStrategy: from: kind: DockerImage name: quay.io/operator-framework/ansible-operator@sha256:9895727b7f66bb88fa4c6afdefc7eecf86e6b7c1293920f866a035da9decc58e type: Docker status: completionTimestamp: "2026-02-19T00:22:24Z" conditions: - lastTransitionTime: "2026-02-19T00:21:07Z" lastUpdateTime: "2026-02-19T00:21:07Z" status: "False" type: New - lastTransitionTime: "2026-02-19T00:21:09Z" lastUpdateTime: "2026-02-19T00:21:09Z" status: "False" type: Pending - lastTransitionTime: "2026-02-19T00:22:24Z" lastUpdateTime: "2026-02-19T00:22:24Z" status: "False" type: Running - lastTransitionTime: "2026-02-19T00:22:24Z" lastUpdateTime: "2026-02-19T00:22:24Z" status: "True" type: Complete config: kind: BuildConfig name: smart-gateway-operator namespace: service-telemetry duration: 77000000000 output: to: imageDigest: sha256:9a6ad60075b3e0a6a5da93310e6d7c792ec3f0cff7ba611d168b184a9a5faa50 outputDockerImageReference: image-registry.openshift-image-registry.svc:5000/service-telemetry/smart-gateway-operator:latest phase: Complete stages: - durationMilliseconds: 16475 name: PullImages startTime: "2026-02-19T00:21:12Z" steps: - durationMilliseconds: 16475 name: PullBaseImage startTime: "2026-02-19T00:21:12Z" - durationMilliseconds: 51090 name: Build startTime: "2026-02-19T00:21:29Z" steps: - durationMilliseconds: 51090 name: DockerBuild startTime: "2026-02-19T00:21:29Z" - durationMilliseconds: 2251 name: PushImage startTime: "2026-02-19T00:22:20Z" steps: - durationMilliseconds: 2251 name: PushDockerImage startTime: "2026-02-19T00:22:20Z" startTimestamp: "2026-02-19T00:21:07Z" kind: List metadata: resourceVersion: ""