[o/jetstack-cert-manager,cert-manager-istio-csr] Add periodic ci secu…

…rity scanner

Signed-off-by: Swarup Ghosh <[email protected]>

ci-operator/config/openshift/cert-manager-istio-csr/OWNERS

@@ -0,0 +1,15 @@
+# DO NOT EDIT; this file is auto-generated using https://github.com/openshift/ci-tools.
+# Fetched from https://github.com/openshift/cert-manager-istio-csr root OWNERS
+# If the repo had OWNERS_ALIASES then the aliases were expanded
+# Logins who are not members of 'openshift' organization were filtered out
+# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md
+
+approvers:
+- deads2k
+- swghosh
+- trilokgeer
+options: {}
+reviewers:
+- deads2k
+- swghosh
+- trilokgeer

ci-operator/config/openshift/cert-manager-istio-csr/openshift-cert-manager-istio-csr-release-1.15.yaml

@@ -0,0 +1,20 @@
+binary_build_commands: echo no-op
+resources:
+  '*':
+    limits:
+      memory: 1Gi
+    requests:
+      cpu: 100m
+      memory: 200Mi
+tests:
+- as: security
+  cron: 0 0 * * 0,2,4
+  steps:
+    env:
+      PROJECT_NAME: openshift/cert-manager-istio-csr
+      TARGET_REFERENCE: release-1.15
+    workflow: openshift-ci-security
+zz_generated_metadata:
+  branch: release-1.15
+  org: openshift
+  repo: cert-manager-istio-csr

ci-operator/config/openshift/jetstack-cert-manager/OWNERS

@@ -0,0 +1,15 @@
+# DO NOT EDIT; this file is auto-generated using https://github.com/openshift/ci-tools.
+# Fetched from https://github.com/openshift/jetstack-cert-manager root OWNERS
+# If the repo had OWNERS_ALIASES then the aliases were expanded
+# Logins who are not members of 'openshift' organization were filtered out
+# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md
+
+approvers:
+- deads2k
+- swghosh
+- trilokgeer
+options: {}
+reviewers:
+- deads2k
+- swghosh
+- trilokgeer

ci-operator/config/openshift/jetstack-cert-manager/openshift-jetstack-cert-manager-release-1.14.yaml

@@ -0,0 +1,20 @@
+binary_build_commands: echo no-op
+resources:
+  '*':
+    limits:
+      memory: 1Gi
+    requests:
+      cpu: 100m
+      memory: 200Mi
+tests:
+- as: security
+  cron: 0 0 * * 0,2,4
+  steps:
+    env:
+      PROJECT_NAME: openshift/cert-manager-operator
+      TARGET_REFERENCE: cert-manager-1.14
+    workflow: openshift-ci-security
+zz_generated_metadata:
+  branch: release-1.14
+  org: openshift
+  repo: jetstack-cert-manager

ci-operator/config/openshift/jetstack-cert-manager/openshift-jetstack-cert-manager-release-1.15.yaml

@@ -0,0 +1,20 @@
+binary_build_commands: echo no-op
+resources:
+  '*':
+    limits:
+      memory: 1Gi
+    requests:
+      cpu: 100m
+      memory: 200Mi
+tests:
+- as: security
+  cron: 0 0 * * 0,2,4
+  steps:
+    env:
+      PROJECT_NAME: openshift/jetstack-cert-manager
+      TARGET_REFERENCE: release-1.15
+    workflow: openshift-ci-security
+zz_generated_metadata:
+  branch: release-1.15
+  org: openshift
+  repo: jetstack-cert-manager

ci-operator/jobs/openshift/cert-manager-istio-csr/OWNERS

@@ -0,0 +1,15 @@
+# DO NOT EDIT; this file is auto-generated using https://github.com/openshift/ci-tools.
+# Fetched from https://github.com/openshift/cert-manager-istio-csr root OWNERS
+# If the repo had OWNERS_ALIASES then the aliases were expanded
+# Logins who are not members of 'openshift' organization were filtered out
+# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md
+
+approvers:
+- deads2k
+- swghosh
+- trilokgeer
+options: {}
+reviewers:
+- deads2k
+- swghosh
+- trilokgeer

ci-operator/jobs/openshift/cert-manager-istio-csr/openshift-cert-manager-istio-csr-release-1.15-periodics.yaml

@@ -0,0 +1,54 @@
+periodics:
+- agent: kubernetes
+  cluster: build03
+  cron: 0 0 * * 0,2,4
+  decorate: true
+  decoration_config:
+    skip_cloning: true
+  extra_refs:
+  - base_ref: release-1.15
+    org: openshift
+    repo: cert-manager-istio-csr
+  labels:
+    ci.openshift.io/generator: prowgen
+    pj-rehearse.openshift.io/can-be-rehearsed: "true"
+  name: periodic-ci-openshift-cert-manager-istio-csr-release-1.15-security
+  spec:
+    containers:
+    - args:
+      - --gcs-upload-secret=/secrets/gcs/service-account.json
+      - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+      - --report-credentials-file=/etc/report/credentials
+      - --target=security
+      command:
+      - ci-operator
+      image: ci-operator:latest
+      imagePullPolicy: Always
+      name: ""
+      resources:
+        requests:
+          cpu: 10m
+      volumeMounts:
+      - mountPath: /secrets/gcs
+        name: gcs-credentials
+        readOnly: true
+      - mountPath: /secrets/manifest-tool
+        name: manifest-tool-local-pusher
+        readOnly: true
+      - mountPath: /etc/pull-secret
+        name: pull-secret
+        readOnly: true
+      - mountPath: /etc/report
+        name: result-aggregator
+        readOnly: true
+    serviceAccountName: ci-operator
+    volumes:
+    - name: manifest-tool-local-pusher
+      secret:
+        secretName: manifest-tool-local-pusher
+    - name: pull-secret
+      secret:
+        secretName: registry-pull-credentials
+    - name: result-aggregator
+      secret:
+        secretName: result-aggregator

ci-operator/jobs/openshift/jetstack-cert-manager/OWNERS

@@ -0,0 +1,15 @@
+# DO NOT EDIT; this file is auto-generated using https://github.com/openshift/ci-tools.
+# Fetched from https://github.com/openshift/jetstack-cert-manager root OWNERS
+# If the repo had OWNERS_ALIASES then the aliases were expanded
+# Logins who are not members of 'openshift' organization were filtered out
+# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md
+
+approvers:
+- deads2k
+- swghosh
+- trilokgeer
+options: {}
+reviewers:
+- deads2k
+- swghosh
+- trilokgeer

ci-operator/jobs/openshift/jetstack-cert-manager/openshift-jetstack-cert-manager-release-1.14-periodics.yaml

@@ -0,0 +1,54 @@
+periodics:
+- agent: kubernetes
+  cluster: build03
+  cron: 0 0 * * 0,2,4
+  decorate: true
+  decoration_config:
+    skip_cloning: true
+  extra_refs:
+  - base_ref: release-1.14
+    org: openshift
+    repo: jetstack-cert-manager
+  labels:
+    ci.openshift.io/generator: prowgen
+    pj-rehearse.openshift.io/can-be-rehearsed: "true"
+  name: periodic-ci-openshift-jetstack-cert-manager-release-1.14-security
+  spec:
+    containers:
+    - args:
+      - --gcs-upload-secret=/secrets/gcs/service-account.json
+      - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+      - --report-credentials-file=/etc/report/credentials
+      - --target=security
+      command:
+      - ci-operator
+      image: ci-operator:latest
+      imagePullPolicy: Always
+      name: ""
+      resources:
+        requests:
+          cpu: 10m
+      volumeMounts:
+      - mountPath: /secrets/gcs
+        name: gcs-credentials
+        readOnly: true
+      - mountPath: /secrets/manifest-tool
+        name: manifest-tool-local-pusher
+        readOnly: true
+      - mountPath: /etc/pull-secret
+        name: pull-secret
+        readOnly: true
+      - mountPath: /etc/report
+        name: result-aggregator
+        readOnly: true
+    serviceAccountName: ci-operator
+    volumes:
+    - name: manifest-tool-local-pusher
+      secret:
+        secretName: manifest-tool-local-pusher
+    - name: pull-secret
+      secret:
+        secretName: registry-pull-credentials
+    - name: result-aggregator
+      secret:
+        secretName: result-aggregator

ci-operator/jobs/openshift/jetstack-cert-manager/openshift-jetstack-cert-manager-release-1.15-periodics.yaml

@@ -0,0 +1,54 @@
+periodics:
+- agent: kubernetes
+  cluster: build03
+  cron: 0 0 * * 0,2,4
+  decorate: true
+  decoration_config:
+    skip_cloning: true
+  extra_refs:
+  - base_ref: release-1.15
+    org: openshift
+    repo: jetstack-cert-manager
+  labels:
+    ci.openshift.io/generator: prowgen
+    pj-rehearse.openshift.io/can-be-rehearsed: "true"
+  name: periodic-ci-openshift-jetstack-cert-manager-release-1.15-security
+  spec:
+    containers:
+    - args:
+      - --gcs-upload-secret=/secrets/gcs/service-account.json
+      - --image-import-pull-secret=/etc/pull-secret/.dockerconfigjson
+      - --report-credentials-file=/etc/report/credentials
+      - --target=security
+      command:
+      - ci-operator
+      image: ci-operator:latest
+      imagePullPolicy: Always
+      name: ""
+      resources:
+        requests:
+          cpu: 10m
+      volumeMounts:
+      - mountPath: /secrets/gcs
+        name: gcs-credentials
+        readOnly: true
+      - mountPath: /secrets/manifest-tool
+        name: manifest-tool-local-pusher
+        readOnly: true
+      - mountPath: /etc/pull-secret
+        name: pull-secret
+        readOnly: true
+      - mountPath: /etc/report
+        name: result-aggregator
+        readOnly: true
+    serviceAccountName: ci-operator
+    volumes:
+    - name: manifest-tool-local-pusher
+      secret:
+        secretName: manifest-tool-local-pusher
+    - name: pull-secret
+      secret:
+        secretName: registry-pull-credentials
+    - name: result-aggregator
+      secret:
+        secretName: result-aggregator

core-services/prow/02_config/medik8s/_prowconfig.yaml

@@ -12,3 +12,15 @@ tide:
     - needs-rebase
     orgs:
     - medik8s
+  - labels:
+    - approved
+    - lgtm
+    missingLabels:
+    - backports/unvalidated-commits
+    - do-not-merge/hold
+    - do-not-merge/invalid-owners-file
+    - do-not-merge/work-in-progress
+    - jira/invalid-bug
+    - needs-rebase
+    orgs:
+    - medik8s

core-services/prow/02_config/openshift/cert-manager-istio-csr/OWNERS

@@ -0,0 +1,15 @@
+# DO NOT EDIT; this file is auto-generated using https://github.com/openshift/ci-tools.
+# Fetched from https://github.com/openshift/cert-manager-istio-csr root OWNERS
+# If the repo had OWNERS_ALIASES then the aliases were expanded
+# Logins who are not members of 'openshift' organization were filtered out
+# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md
+
+approvers:
+- deads2k
+- swghosh
+- trilokgeer
+options: {}
+reviewers:
+- deads2k
+- swghosh
+- trilokgeer

core-services/prow/02_config/openshift/cert-manager-istio-csr/_pluginconfig.yaml

@@ -0,0 +1,13 @@
+approve:
+- commandHelpLink: ""
+  repos:
+  - openshift/cert-manager-istio-csr
+  require_self_approval: false
+lgtm:
+- repos:
+  - openshift/cert-manager-istio-csr
+  review_acts_as_lgtm: true
+plugins:
+  openshift/cert-manager-istio-csr:
+    plugins:
+    - approve

core-services/prow/02_config/openshift/cert-manager-istio-csr/_prowconfig.yaml

@@ -0,0 +1,14 @@
+tide:
+  queries:
+  - labels:
+    - approved
+    - lgtm
+    missingLabels:
+    - backports/unvalidated-commits
+    - do-not-merge/hold
+    - do-not-merge/invalid-owners-file
+    - do-not-merge/work-in-progress
+    - jira/invalid-bug
+    - needs-rebase
+    repos:
+    - openshift/cert-manager-istio-csr

core-services/prow/02_config/openshift/jetstack-cert-manager/OWNERS

@@ -5,7 +5,11 @@
 # See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md
 
 approvers:
-- munnerz
+- deads2k
+- swghosh
+- trilokgeer
 options: {}
 reviewers:
-- munnerz
+- deads2k
+- swghosh
+- trilokgeer

core-services/prow/02_config/openshift/jetstack-cert-manager/_pluginconfig.yaml

@@ -1,3 +1,12 @@
+approve:
+- commandHelpLink: ""
+  repos:
+  - openshift/jetstack-cert-manager
+  require_self_approval: false
+lgtm:
+- repos:
+  - openshift/jetstack-cert-manager
+  review_acts_as_lgtm: true
 plugins:
   openshift/jetstack-cert-manager:
     plugins: