Draft: Move ci-files.py remote files from S3 to GitLab Artifacts (!1471) · Merge requests · Iron Bank / ironbank-pipeline

Matthew Scott requested to merge 963-remote-ci-files into master Dec 26, 2024

Description

Updates the clamav-scan and openscap-compliance jobs to retrieve the CVDs and OVAL definitions, respectively, from GitLab artifacts instead of S3. Leverages GitLab's needs:project CI/CD keyword to access artifacts from ci-files pipeline.

Dependencies

Requires the ci-files project to be in place first and has a successful pipeline run.
Container group/project needs to be added to "CI/CD job token allowist" in the ci-files project (Settings > CI/CD > Job Token Permissions)

Risk

The clamav-scan and openscap-compliance jobs can fail if they're unable to retrieve their needed CVDs and OVAL definitions.

Rollback Plan

Revert to previous method of retrieving the CVDs and OVAL definitions from S3.

Testing

Mario pipeline - ubi9
Mario pipeline - nodejs18
ci-files nightly pipeline

Closes #963

Edited Dec 27, 2024 by Matthew Scott

Admin message

Draft: Move ci-files.py remote files from S3 to GitLab Artifacts

Description

Dependencies

Risk

Rollback Plan

Testing

Merge request reports