Disable index signing

This is meant to be temporary until we fix the signing process to request signatures for the correct manifests.
redhat-openshift-ecosystem · Apr 6, 2022 · 04d6bc5 · 04d6bc5
1 parent 017eec2
commit 04d6bc5
Showing 1 changed file with 61 additions and 61 deletions.
diff --git a/ansible/roles/operator-pipeline/templates/openshift/pipelines/operator-release-pipeline.yml b/ansible/roles/operator-pipeline/templates/openshift/pipelines/operator-release-pipeline.yml
@@ -424,72 +424,72 @@ spec:
           value: "$(params.kerberos_keytab_secret_key)"
 
     # send UMB message for RADAS to sign the container image
-    - name: request-signature
-      runAfter:
-        - publish-bundle
-      taskRef:
-        name: request-signature
-      params:
-        - name: pipeline_image
-          value: "$(params.pipeline_image)"
-        - name: manifest_digest
-          value: "$(tasks.publish-bundle.results.manifest_digests)"
-        - name: reference
-          value: "$(tasks.publish-bundle.results.docker_references)"
-        - name: requester
-          value: "amisstea"
-        - name: sig_key_id
-          value: "$(tasks.set-env.results.sig_key_id)"
-        - name: sig_key_name
-          value: "$(tasks.set-env.results.sig_key_name)"
-        - name: umb_ssl_secret_name
-          value: "$(params.pyxis_ssl_secret_name)"
-        - name: umb_ssl_cert_secret_key
-          value: "$(params.pyxis_ssl_cert_secret_key)"
-        - name: umb_ssl_key_secret_key
-          value: "$(params.pyxis_ssl_key_secret_key)"
-        - name: umb_client_name
-          value: "$(tasks.set-env.results.umb_client_name)"
-        - name: umb_url
-          value: "$(tasks.set-env.results.umb_url)"
-      workspaces:
-        - name: source
-          workspace: repository
-          subPath: signing
+    # - name: request-signature
+    #   runAfter:
+    #     - publish-bundle
+    #   taskRef:
+    #     name: request-signature
+    #   params:
+    #     - name: pipeline_image
+    #       value: "$(params.pipeline_image)"
+    #     - name: manifest_digest
+    #       value: "$(tasks.publish-bundle.results.manifest_digests)"
+    #     - name: reference
+    #       value: "$(tasks.publish-bundle.results.docker_references)"
+    #     - name: requester
+    #       value: "amisstea"
+    #     - name: sig_key_id
+    #       value: "$(tasks.set-env.results.sig_key_id)"
+    #     - name: sig_key_name
+    #       value: "$(tasks.set-env.results.sig_key_name)"
+    #     - name: umb_ssl_secret_name
+    #       value: "$(params.pyxis_ssl_secret_name)"
+    #     - name: umb_ssl_cert_secret_key
+    #       value: "$(params.pyxis_ssl_cert_secret_key)"
+    #     - name: umb_ssl_key_secret_key
+    #       value: "$(params.pyxis_ssl_key_secret_key)"
+    #     - name: umb_client_name
+    #       value: "$(tasks.set-env.results.umb_client_name)"
+    #     - name: umb_url
+    #       value: "$(tasks.set-env.results.umb_url)"
+    #   workspaces:
+    #     - name: source
+    #       workspace: repository
+    #       subPath: signing
 
-    - name: upload-signature
-      runAfter:
-        - request-signature
-      taskRef:
-        name: upload-signature
-      params:
-        - name: pipeline_image
-          value: "$(params.pipeline_image)"
-        - name: signature_data_file
-          value: "$(tasks.request-signature.results.signature_data_file)"
-        - name: pyxis_ssl_secret_name
-          value: "$(params.pyxis_ssl_secret_name)"
-        - name: pyxis_ssl_cert_secret_key
-          value: "$(params.pyxis_ssl_cert_secret_key)"
-        - name: pyxis_ssl_key_secret_key
-          value: "$(params.pyxis_ssl_key_secret_key)"
-        - name: pyxis_url
-          value: "$(tasks.set-env.results.pyxis_url)"
-        - name: signing_pub_secret_name
-          value: "$(params.signing_pub_secret_name)"
-        - name: signing_pub_secret_key
-          value: "$(params.signing_pub_secret_key)"
-        - name: verify_signature
-          value: "true"
-      workspaces:
-        - name: source
-          workspace: repository
-          subPath: signing
+    # - name: upload-signature
+    #   runAfter:
+    #     - request-signature
+    #   taskRef:
+    #     name: upload-signature
+    #   params:
+    #     - name: pipeline_image
+    #       value: "$(params.pipeline_image)"
+    #     - name: signature_data_file
+    #       value: "$(tasks.request-signature.results.signature_data_file)"
+    #     - name: pyxis_ssl_secret_name
+    #       value: "$(params.pyxis_ssl_secret_name)"
+    #     - name: pyxis_ssl_cert_secret_key
+    #       value: "$(params.pyxis_ssl_cert_secret_key)"
+    #     - name: pyxis_ssl_key_secret_key
+    #       value: "$(params.pyxis_ssl_key_secret_key)"
+    #     - name: pyxis_url
+    #       value: "$(tasks.set-env.results.pyxis_url)"
+    #     - name: signing_pub_secret_name
+    #       value: "$(params.signing_pub_secret_name)"
+    #     - name: signing_pub_secret_key
+    #       value: "$(params.signing_pub_secret_key)"
+    #     - name: verify_signature
+    #       value: "true"
+    #   workspaces:
+    #     - name: source
+    #       workspace: repository
+    #       subPath: signing
 
     # Publish Vendor, Repository
     - name: publish-resources
       runAfter:
-        - upload-signature
+        - publish-bundle
       taskRef:
         name: publish-resources
       params: