From 64263bec618d08538ee0bc452a5e98f9918e8e36 Mon Sep 17 00:00:00 2001 From: davdhacs <105243888+davdhacs@users.noreply.github.com> Date: Tue, 19 May 2026 11:51:33 -0600 Subject: [PATCH 1/3] feat(osd): Add enable-wif parameter for OSD GCP clusters Add optional enable-wif parameter to OSD on GCP flavor, defaulting to false. Passes ENABLE_WIF env var to both create and destroy containers. Temporarily pins automation-flavors image to WIP build for testing. Co-Authored-By: Claude Opus 4.6 (1M context) --- chart/infra-server/static/flavors.yaml | 5 +++++ chart/infra-server/static/workflow-osd-gcp.yaml | 10 ++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/chart/infra-server/static/flavors.yaml b/chart/infra-server/static/flavors.yaml index f05661e96..d70b4d6c8 100644 --- a/chart/infra-server/static/flavors.yaml +++ b/chart/infra-server/static/flavors.yaml @@ -979,6 +979,11 @@ value: us-east1 kind: optional + - name: enable-wif + description: Use Workload Identity Federation instead of service account key + value: "false" + kind: optional + artifacts: - name: kubeconfig description: Kube config for connecting to this cluster diff --git a/chart/infra-server/static/workflow-osd-gcp.yaml b/chart/infra-server/static/workflow-osd-gcp.yaml index 0107bbfa3..634e5b10e 100644 --- a/chart/infra-server/static/workflow-osd-gcp.yaml +++ b/chart/infra-server/static/workflow-osd-gcp.yaml @@ -14,6 +14,8 @@ spec: value: "m5.xlarge" - name: gcp-region value: us-east1 + - name: enable-wif + value: "false" volumeClaimTemplates: - metadata: name: data @@ -42,7 +44,7 @@ spec: - name: create activeDeadlineSeconds: 7200 container: - image: quay.io/stackrox-io/ci:automation-flavors-osd-{{ .Chart.Annotations.automationFlavorsVersion }} + image: quay.io/stackrox-io/ci:automation-flavors-osd-0.12.12-44-g11e818615a-snapshot imagePullPolicy: Always command: - ./entrypoint.sh @@ -76,6 +78,8 @@ spec: value: "infra" - name: GCP_REGION value: '{{ "{{" }}workflow.parameters.gcp-region{{ "}}" }}' + - name: ENABLE_WIF + value: '{{ "{{" }}workflow.parameters.enable-wif{{ "}}" }}' volumeMounts: - name: data mountPath: /data @@ -126,7 +130,7 @@ spec: - name: destroy activeDeadlineSeconds: 3600 container: - image: quay.io/stackrox-io/ci:automation-flavors-osd-{{ .Chart.Annotations.automationFlavorsVersion }} + image: quay.io/stackrox-io/ci:automation-flavors-osd-0.12.12-44-g11e818615a-snapshot imagePullPolicy: Always command: - ./entrypoint.sh @@ -152,6 +156,8 @@ spec: key: GCP_SERVICE_ACCOUNT_KEY_BASE64 - name: GCP_PROJECT value: "acs-team-temp-dev" + - name: ENABLE_WIF + value: '{{ "{{" }}workflow.parameters.enable-wif{{ "}}" }}' volumeMounts: - name: data mountPath: /data From 040c5387e28cd441d8a53f59b7a37f8d595578a7 Mon Sep 17 00:00:00 2001 From: davdhacs <105243888+davdhacs@users.noreply.github.com> Date: Tue, 19 May 2026 13:27:29 -0600 Subject: [PATCH 2/3] feat(osd): Use released automation-flavors 0.13.0 with WIF support Update from WIP snapshot to the merged and released version. Co-Authored-By: Claude Opus 4.6 (1M context) --- chart/infra-server/static/workflow-osd-gcp.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chart/infra-server/static/workflow-osd-gcp.yaml b/chart/infra-server/static/workflow-osd-gcp.yaml index 634e5b10e..f6f994d7f 100644 --- a/chart/infra-server/static/workflow-osd-gcp.yaml +++ b/chart/infra-server/static/workflow-osd-gcp.yaml @@ -44,7 +44,7 @@ spec: - name: create activeDeadlineSeconds: 7200 container: - image: quay.io/stackrox-io/ci:automation-flavors-osd-0.12.12-44-g11e818615a-snapshot + image: quay.io/stackrox-io/ci:automation-flavors-osd-0.13.0 imagePullPolicy: Always command: - ./entrypoint.sh @@ -130,7 +130,7 @@ spec: - name: destroy activeDeadlineSeconds: 3600 container: - image: quay.io/stackrox-io/ci:automation-flavors-osd-0.12.12-44-g11e818615a-snapshot + image: quay.io/stackrox-io/ci:automation-flavors-osd-0.13.0 imagePullPolicy: Always command: - ./entrypoint.sh From abf9c4ae44a733de47a0861363839d9e73e48a2d Mon Sep 17 00:00:00 2001 From: davdhacs <105243888+davdhacs@users.noreply.github.com> Date: Tue, 19 May 2026 15:04:52 -0600 Subject: [PATCH 3/3] chore: Revert image tag to Helm template Restore automationFlavorsVersion template reference now that testing is complete. Depends on PR #1838 to bump the version. Co-Authored-By: Claude Opus 4.6 (1M context) --- chart/infra-server/static/workflow-osd-gcp.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chart/infra-server/static/workflow-osd-gcp.yaml b/chart/infra-server/static/workflow-osd-gcp.yaml index f6f994d7f..66ffa951c 100644 --- a/chart/infra-server/static/workflow-osd-gcp.yaml +++ b/chart/infra-server/static/workflow-osd-gcp.yaml @@ -44,7 +44,7 @@ spec: - name: create activeDeadlineSeconds: 7200 container: - image: quay.io/stackrox-io/ci:automation-flavors-osd-0.13.0 + image: quay.io/stackrox-io/ci:automation-flavors-osd-{{ .Chart.Annotations.automationFlavorsVersion }} imagePullPolicy: Always command: - ./entrypoint.sh @@ -130,7 +130,7 @@ spec: - name: destroy activeDeadlineSeconds: 3600 container: - image: quay.io/stackrox-io/ci:automation-flavors-osd-0.13.0 + image: quay.io/stackrox-io/ci:automation-flavors-osd-{{ .Chart.Annotations.automationFlavorsVersion }} imagePullPolicy: Always command: - ./entrypoint.sh