Skip to content

Pin the policy bundle by modifying the ECP in tekton tasks#3268

Draft
simonbaird wants to merge 2 commits intoconforma:mainfrom
simonbaird:policy-with-bundle-pin
Draft

Pin the policy bundle by modifying the ECP in tekton tasks#3268
simonbaird wants to merge 2 commits intoconforma:mainfrom
simonbaird:policy-with-bundle-pin

Conversation

@simonbaird
Copy link
Copy Markdown
Member

@simonbaird simonbaird commented Apr 30, 2026

simonbaird and others added 2 commits April 30, 2026 17:45
@simonbaird @claude
Support pinning policy bundle in tekton tasks
0e5c880 
Add optional POLICY_BUNDLE_DIGEST parameter to both conforma Tekton
tasks. When provided, the policy configuration is resolved and the
oci::quay.io/conforma/release-policy:konflux tag reference is replaced
with a digest-pinned reference for reproducible policy evaluation.

The reason we want to do this is the same tekton task uses the same
policy always, to avoid unexpected cli/policy incompatibilities.

As mentioned elsewhere, this is quite Red Hat Konflux-specific, and
quite an unpleasant hack, but we're choosing an uncoupled,
easy-to-delete hack over alternative options.

Ref: https://redhat.atlassian.net/browse/EC-1790
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@simonbaird
Actually pin policy bundle in tekton tasks
d1cbab1 
Ref: https://redhat.atlassian.net/browse/EC-1790
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 30, 2026

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: 5cf135ea-14c6-46f0-abff-393d85db4f2a

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 30, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.

Flag Coverage Δ
acceptance 55.21% <ø> (+<0.01%) ⬆️
generative 17.90% <ø> (ø)
integration 26.65% <ø> (ø)
unit 69.01% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size: L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@simonbaird