feat: improve OLM support #851
Conversation
metacosm
commented
Mar 15, 2024
metacosm
commented
- feat: automatically add provider name and URL based on user and git repo
- feat(ci): validate all bundles except Joke that OLM v1 doesn't like
- feat: split name into bundle and csv names to avoid confusion
- fix: sanitize version
Signed-off-by: Chris Laprun <claprun@redhat.com>
Signed-off-by: Chris Laprun <claprun@redhat.com>
Fixes #738 Signed-off-by: Chris Laprun <claprun@redhat.com>
Signed-off-by: Chris Laprun <claprun@redhat.com>
Signed-off-by: Chris Laprun <claprun@redhat.com>
Signed-off-by: Chris Laprun <claprun@redhat.com>
Signed-off-by: Chris Laprun <claprun@redhat.com>
|
Fixes #738 |
metacosm
force-pushed
the
add-provider-name
branch
from
e17932e
to
4e95096
Compare
| @@ -127,6 +139,37 @@ CSVMetadataBuildItem gatherCSVMetadata(KubernetesConfig kubernetesConfig, | |||
| return new CSVMetadataBuildItem(csvGroups); | |||
| } | |||
|
|
|||
| private static String getDefaultProviderURLFromSCMInfo(ApplicationInfoBuildItem appConfiguration, | |||
| JarBuildItem jarBuildItem) { | |||
| final var maybeProject = KubernetesCommonHelper.createProject(appConfiguration, Optional.empty(), | |||
There was a problem hiding this comment.
@metacosm need to be extremely careful here. This class uses Dekorate to get the URL info directly from local git config. Personally I consider this unexpected (compared to using VCS info from pom configuration) and it was also the source of the recent Quarkus CVE .
| return maybeProject.map(project -> { | ||
| final var scmInfo = project.getScmInfo(); | ||
| if (scmInfo != null) { | ||
| var origin = scmInfo.getRemote().get("origin"); |
There was a problem hiding this comment.
Again.. same as with that CVE. We should make sure that this can be explicitly overridable -- there are cases when origin might point actually be a fork which one doesn't want to publicly advertise (e.g. when builds are for whatever reason using a mirror URL or when you simply have manual steps in your workflow)
There was a problem hiding this comment.
I absolutely must echo @jcechace concern here. In almost all use cases, origin for me is my fork, and upstream refers to the public repository.
There was a problem hiding this comment.
Yes, it's very tricky so maybe I'll just remove this and let people deal with it using @CSVMetadata.Provider instead.
There was a problem hiding this comment.
Again.. same as with that CVE. We should make sure that this can be explicitly overridable -- there are cases when origin might point actually be a fork which one doesn't want to publicly advertise (e.g. when builds are for whatever reason using a mirror URL or when you simply have manual steps in your workflow)
Note that this is for the default value and is overridable using @CSVMetadata and its provider field. That said, this computed value might be faulty in many situations so it's best to remove it.
Signed-off-by: Chris Laprun <claprun@redhat.com>
