fix(KONFLUX-8965): Add brief description for issues and CVEs fixed #1164
Conversation
|
@arewm: The following test has Failed, say /retest to rerun failed tests.
Inspecting Test ArtifactsTo inspect your test artifacts, follow these steps:
mkdir -p oras-artifacts
cd oras-artifacts
oras pull quay.io/konflux-test-storage/konflux-team/release-service-catalog:konflux-e2e-tests-catalog-pz8vfTest results analysis🚨 Error occurred while running the E2E tests, list of failed Spec(s): ➡️ [ Click to view logsTimed out after 3600.025s.
timed out when waiting for the release PipelineRun to be finished for the release snapshot-sample-fysn-5zckv/dev-release-team-tenant
Expected success, but got an error:
<*errors.errorString | 0xc00200dd50>:
PipelineRun has not been created yet for release dev-release-team-tenant/snapshot-sample-fysn-5zckv
{
s: "PipelineRun has not been created yet for release dev-release-team-tenant/snapshot-sample-fysn-5zckv",
}➡️ [ Click to view logsTimed out after 3600.092s.
timed out when waiting for the release PipelineRun to be finished for the release snapshot-sample-kmwv-wrcj4/dev-release-team-tenant
Expected success, but got an error:
<*errors.errorString | 0xc0016b4810>:
PipelineRun has not been created yet for release dev-release-team-tenant/snapshot-sample-kmwv-wrcj4
{
s: "PipelineRun has not been created yet for release dev-release-team-tenant/snapshot-sample-kmwv-wrcj4",
} |
arewm
force-pushed
the
konflux-8965
branch
3 times, most recently
from
08e8e3a to
d6ca7ad
Compare
We currently only provide links/references to CVEs and issues. This would result in anyone viewing an advisory to have to click through these in order to find out more information about them. We can provide additional context to the advisory consumers to reduce their need to click through. This change is not sufficient on its own, any rendering of the advisory metadata will need to also consume this same information when displaying. Assisted-by: Cursor Signed-off-by: arewm <[email protected]> rh-pre-commit.version: 2.3.2 rh-pre-commit.check-secrets: ENABLED
|
This should be a collector type |
Sounds good. Where can I find those as an example? I know that collectors exist but I am not familiar with their design. I am happy to close this PR if it is off base. |
There was a problem hiding this comment.
We talked about https://issues.redhat.com/browse/KONFLUX-8965 within the team during yesterday's backlog refinement session. See David's comment in the Jira. I am really not sure we should bake descriptions into the advisory yaml. Those are not meant for humans to read. Users should consume these via the customer portal and if we think the advisory page should have more details for the jiras and cves, we should ask the owners of that to add these when displaying the links.
There was a problem hiding this comment.
I agree with @mmalina here.
In the Konflux advisory we should verify attached to advisory Jira issues like checking if it's not related to the embargoed content and show state if the Jira issue is publicly available or not. The Jira short description should be Konflux advisory consumer problem, in the same way how consumer parse the information if the linked Jira is publicly available or not.
How list of Jira issues or list of CVEs is displayed is up to the service which work on this metadata.
| @@ -69,48 +69,6 @@ spec: | |||
| - name: "DEBUG" | |||
| value: "$(params.trustedArtifactsDebug)" | |||
| steps: | |||
| - name: skip-trusted-artifact-operations | |||
Describe your changes
We currently only provide links/references to CVEs and issues. This would result in anyone viewing an advisory to have to click through these in order to find out more information about them. We can provide additional context to the advisory consumers to reduce their need to click through.
This change is not sufficient on its own, any rendering of the advisory metadata will need to also consume this same information when displaying.
Assisted-by: Cursor
Relevant Jira
KONFLUX-8965
Checklist before requesting a review
do not mergelabel if there's a dependency PRrelease-service-maintainershandle if you are unsure who to tagSigned-off-by: My name <email>