Skip to content

Commit dbcc16e

Browse files
jwm4jwm4
authored
Merge pull request #103 from coleenquadros/coleenquadros-patch-1
Add ACM observability component repository mappings
2 parents d2ab1c9 + 7ccb676 commit dbcc16e

1 file changed

Lines changed: 318 additions & 0 deletions

File tree

workflows/cve-fixer/component-repository-mappings.json

Lines changed: 318 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -887,6 +887,324 @@
887887
}
888888
}
889889
}
890+
},
891+
"Observability": {
892+
"container_to_repo_mapping": {
893+
"rhacm2/multicluster-observability-rhel9-operator": "stolostron/multicluster-observability-operator",
894+
"rhacm2/acm-multicluster-observability-addon-rhel9": "stolostron/multicluster-observability-addon",
895+
"rhacm2/kube-state-metrics-rhel9": "stolostron/kube-state-metrics",
896+
"rhacm2/observatorium-rhel9": "stolostron/observatorium",
897+
"rhacm2/observatorium-operator-rhel9": "stolostron/observatorium-operator",
898+
"rhacm2/thanos-rhel9": "stolostron/thanos",
899+
"rhacm2/thanos-receive-controller-rhel9": "stolostron/thanos-receive-controller",
900+
"rhacm2/prometheus-alertmanager-rhel9": "stolostron/prometheus-alertmanager",
901+
"rhacm2/prometheus-rhel9": "stolostron/prometheus",
902+
"rhacm2/prometheus-operator-rhel9": "stolostron/prometheus-operator",
903+
"rhacm2/node-exporter-rhel9": "stolostron/node-exporter",
904+
"rhacm2/kube-rbac-proxy-rhel9": "stolostron/kube-rbac-proxy",
905+
"rhacm2/acm-grafana-rhel9": "stolostron/grafana",
906+
"rhacm2/memcached-exporter-rhel9": "stolostron/memcached-exporter"
907+
},
908+
"repositories": {
909+
"stolostron/multicluster-observability-operator": {
910+
"github_url": "https://github.com/stolostron/multicluster-observability-operator",
911+
"default_branch": "main",
912+
"active_release_branches": [
913+
"release-2.16",
914+
"release-2.15",
915+
"release-2.14",
916+
"release-2.13"
917+
],
918+
"branch_strategy": "Fix in main, backport to active release branches (release-2.13 through release-2.16)",
919+
"repo_type": "golang",
920+
"cve_fix_workflow": {
921+
"primary_target": "main",
922+
"backport_targets": "release-2.16, release-2.15, release-2.14, release-2.13"
923+
},
924+
"test_command": "make lint",
925+
"build_command": "make build",
926+
"notes": "Go project. Run 'go mod tidy' after dependency updates. CI config in .github/workflows/"
927+
},
928+
"stolostron/multicluster-observability-addon": {
929+
"github_url": "https://github.com/stolostron/multicluster-observability-addon",
930+
"default_branch": "main",
931+
"active_release_branches": [
932+
"release-2.16",
933+
"release-2.15",
934+
"release-2.14",
935+
"release-2.13"
936+
],
937+
"branch_strategy": "Fix in main, backport to active release branches (release-2.13 through release-2.16)",
938+
"repo_type": "golang",
939+
"cve_fix_workflow": {
940+
"primary_target": "main",
941+
"backport_targets": "release-2.16, release-2.15, release-2.14, release-2.13"
942+
},
943+
"test_command": "make lint",
944+
"build_command": "make addon",
945+
"special_requirements": [
946+
"Uses bingo for tool management (.bingo/Variables.mk)",
947+
"Different golangci-lint versions per branch (v2.0.2 on release-2.14, v2.5.0 on release-2.16+)",
948+
"May require 'replace' directives for transitive dependency issues (e.g., go.opentelemetry.io/contrib/otelconf)"
949+
],
950+
"notes": "Go project with OpenTelemetry dependencies. Run 'make deps' to verify go.mod/go.sum completeness."
951+
},
952+
"stolostron/kube-state-metrics": {
953+
"github_url": "https://github.com/stolostron/kube-state-metrics",
954+
"default_branch": "release-2.17",
955+
"active_release_branches": [
956+
"release-2.16",
957+
"release-2.15",
958+
"release-2.14",
959+
"release-2.13"
960+
],
961+
"branch_strategy": "Release branches only (no main branch used for CVE fixes). Fix in latest release branch first.",
962+
"repo_type": "golang",
963+
"cve_fix_workflow": {
964+
"primary_target": "release-2.17",
965+
"backport_targets": "release-2.16, release-2.15, release-2.14, release-2.13"
966+
},
967+
"test_command": "make test",
968+
"build_command": "make build",
969+
"notes": "No main branch - work directly on release branches"
970+
},
971+
"stolostron/observatorium": {
972+
"github_url": "https://github.com/stolostron/observatorium",
973+
"default_branch": "main",
974+
"active_release_branches": [
975+
"release-2.16",
976+
"release-2.15",
977+
"release-2.14",
978+
"release-2.13"
979+
],
980+
"branch_strategy": "Fix in main, backport to active release branches (release-2.13 through release-2.16)",
981+
"repo_type": "golang",
982+
"cve_fix_workflow": {
983+
"primary_target": "main",
984+
"backport_targets": "release-2.16, release-2.15, release-2.14, release-2.13"
985+
},
986+
"test_command": "make test",
987+
"build_command": "make build",
988+
"special_requirements": [
989+
"Uses 'replace' directives in go.mod for dependency pinning",
990+
"API compatibility: prometheus/common version upgrades may require code changes (e.g., version.NewCollector removed in v0.63.0)",
991+
"Vendor directory excluded in .gitignore - CI runs 'go mod vendor' during build"
992+
],
993+
"notes": "Go project. Check main.go for API usage when upgrading prometheus/common or similar packages."
994+
},
995+
"stolostron/observatorium-operator": {
996+
"github_url": "https://github.com/stolostron/observatorium-operator",
997+
"default_branch": "main",
998+
"active_release_branches": [
999+
"release-2.16",
1000+
"release-2.15",
1001+
"release-2.14",
1002+
"release-2.13"
1003+
],
1004+
"branch_strategy": "Fix in main, backport to active release branches (release-2.13 through release-2.16)",
1005+
"repo_type": "golang",
1006+
"cve_fix_workflow": {
1007+
"primary_target": "main",
1008+
"backport_targets": "release-2.16, release-2.15, release-2.14, release-2.13"
1009+
},
1010+
"test_command": "make test",
1011+
"build_command": "make build",
1012+
"notes": "Go project. Verify dependency usage before applying CVE fixes."
1013+
},
1014+
"stolostron/thanos": {
1015+
"github_url": "https://github.com/stolostron/thanos",
1016+
"default_branch": "release-2.17",
1017+
"active_release_branches": [
1018+
"release-2.16",
1019+
"release-2.15",
1020+
"release-2.14",
1021+
"release-2.13"
1022+
],
1023+
"branch_strategy": "Release branches (release-2.13 through release-2.17). Fix in latest release branch first.",
1024+
"repo_type": "golang",
1025+
"cve_fix_workflow": {
1026+
"primary_target": "release-2.17",
1027+
"backport_targets": "release-2.16, release-2.15, release-2.14, release-2.13"
1028+
},
1029+
"test_command": "make test",
1030+
"build_command": "make build",
1031+
"notes": "Go project. Thanos fork."
1032+
},
1033+
"stolostron/thanos-receive-controller": {
1034+
"github_url": "https://github.com/stolostron/thanos-receive-controller",
1035+
"default_branch": "release-2.17",
1036+
"active_release_branches": [
1037+
"release-2.16",
1038+
"release-2.15",
1039+
"release-2.14",
1040+
"release-2.13"
1041+
],
1042+
"branch_strategy": "Release branches only. Fix in latest release branch first.",
1043+
"repo_type": "golang",
1044+
"cve_fix_workflow": {
1045+
"primary_target": "release-2.17",
1046+
"backport_targets": "release-2.16, release-2.15, release-2.14, release-2.13"
1047+
},
1048+
"test_command": "make test",
1049+
"build_command": "make build",
1050+
"special_requirements": [
1051+
"CI configuration in .github/env (golang-version setting)",
1052+
"Go version upgrades require updating both go.mod AND .github/env",
1053+
"golangci-lint must be built with Go version >= project's Go version"
1054+
],
1055+
"notes": "Update .github/env golang-version when upgrading Go version in go.mod"
1056+
},
1057+
"stolostron/prometheus-alertmanager": {
1058+
"github_url": "https://github.com/stolostron/prometheus-alertmanager",
1059+
"default_branch": "release-2.17",
1060+
"active_release_branches": [
1061+
"release-2.16",
1062+
"release-2.15",
1063+
"release-2.14",
1064+
"release-2.13"
1065+
],
1066+
"branch_strategy": "Release branches (release-2.13 through release-2.17). Fix in latest release branch first.",
1067+
"repo_type": "golang",
1068+
"cve_fix_workflow": {
1069+
"primary_target": "release-2.17",
1070+
"backport_targets": "release-2.16, release-2.15, release-2.14, release-2.13"
1071+
},
1072+
"test_command": "make test",
1073+
"build_command": "make build",
1074+
"special_requirements": [
1075+
"CI configuration in .github/workflows/golangci-lint.yml",
1076+
"Go version upgrades require updating both go.mod AND .github/workflows/.yml",
1077+
"golangci-lint version pinning: use 'version: latest' for Go 1.24+ compatibility",
1078+
"Workflow scope required on GitHub PAT to modify .github/workflows/.yml files"
1079+
],
1080+
"notes": "Update .github/workflows/golangci-lint.yml go-version when upgrading Go version. Use 'version: latest' for golangci-lint."
1081+
},
1082+
"stolostron/prometheus": {
1083+
"github_url": "https://github.com/stolostron/prometheus",
1084+
"default_branch": "release-2.17",
1085+
"active_release_branches": [
1086+
"release-2.16",
1087+
"release-2.15",
1088+
"release-2.14",
1089+
"release-2.13"
1090+
],
1091+
"branch_strategy": "Release branches (release-2.13 through release-2.17). Fix in latest release branch first.",
1092+
"repo_type": "golang",
1093+
"cve_fix_workflow": {
1094+
"primary_target": "release-2.17",
1095+
"backport_targets": "release-2.16, release-2.15, release-2.14, release-2.13"
1096+
},
1097+
"test_command": "make test",
1098+
"build_command": "make build",
1099+
"notes": "Go project. Standard prometheus fork."
1100+
},
1101+
"stolostron/prometheus-operator": {
1102+
"github_url": "https://github.com/stolostron/prometheus-operator",
1103+
"default_branch": "release-2.17",
1104+
"active_release_branches": [
1105+
"release-2.16",
1106+
"release-2.15",
1107+
"release-2.14",
1108+
"release-2.13"
1109+
],
1110+
"branch_strategy": "Release branches (release-2.13 through release-2.17). Fix in latest release branch first.",
1111+
"repo_type": "golang",
1112+
"cve_fix_workflow": {
1113+
"primary_target": "release-2.17",
1114+
"backport_targets": "release-2.16, release-2.15, release-2.14, release-2.13"
1115+
},
1116+
"test_command": "make test",
1117+
"build_command": "make build",
1118+
"notes": "Go project. Kubernetes operator for Prometheus."
1119+
},
1120+
"stolostron/node-exporter": {
1121+
"github_url": "https://github.com/stolostron/node-exporter",
1122+
"default_branch": "release-2.17",
1123+
"active_release_branches": [
1124+
"release-2.16",
1125+
"release-2.15",
1126+
"release-2.14",
1127+
"release-2.13"
1128+
],
1129+
"branch_strategy": "Release branches (release-2.13 through release-2.17). Fix in latest release branch first.",
1130+
"repo_type": "golang",
1131+
"cve_fix_workflow": {
1132+
"primary_target": "release-2.17",
1133+
"backport_targets": "release-2.16, release-2.15, release-2.14, release-2.13"
1134+
},
1135+
"test_command": "make test",
1136+
"build_command": "make build",
1137+
"notes": "Go project. Prometheus node exporter."
1138+
},
1139+
"stolostron/kube-rbac-proxy": {
1140+
"github_url": "https://github.com/stolostron/kube-rbac-proxy",
1141+
"default_branch": "release-2.17",
1142+
"active_release_branches": [
1143+
"release-2.16",
1144+
"release-2.15",
1145+
"release-2.14",
1146+
"release-2.13",
1147+
"backplane-2.10",
1148+
"backplane-2.9",
1149+
"backplane-2.8",
1150+
"backplane-2.7",
1151+
"backplane-2.6"
1152+
],
1153+
"branch_strategy": "Release branches (release-2.13 through release-2.17). Fix in latest release branch first. Backplane branches (backplane-2.6 through backplane-2.10). Different branch naming pattern from other observability repos.",
1154+
"repo_type": "golang",
1155+
"cve_fix_workflow": {
1156+
"primary_target": "release-2.17",
1157+
"backport_targets": "release-2.16, release-2.15, release-2.14, release-2.13, backplane-2.10, backplane-2.9, backplane-2.8, backplane-2.7, backplane-2.6"
1158+
},
1159+
"test_command": "make test-unit",
1160+
"build_command": "make build",
1161+
"special_requirements": [
1162+
"Different branch naming: backplane-X.Y in addtion to release-X.Y",
1163+
"May require k8s.io/klog/v2 compatibility updates when upgrading grpc",
1164+
"Go version upgrades may be required (e.g., grpc v1.79.3 requires Go 1.24.0)",
1165+
"Some branches may need downgrading to consistent versions (e.g., backplane-2.9 and 2.10 had grpc v1.80.0, downgraded to v1.79.3 for consistency)"
1166+
],
1167+
"notes": "Older branches (backplane-2.6, 2.7) use Go 1.23-1.24 with grpc v1.56.3. Newer branches (2.9, 2.10) had newer versions but were standardized to v1.79.3."
1168+
},
1169+
"stolostron/grafana": {
1170+
"github_url": "https://github.com/stolostron/grafana",
1171+
"default_branch": "release-2.17",
1172+
"active_release_branches": [
1173+
"release-2.16",
1174+
"release-2.15",
1175+
"release-2.14",
1176+
"release-2.13"
1177+
],
1178+
"branch_strategy": "Release branches (release-2.13 through release-2.17). Fix in latest release branch first.",
1179+
"repo_type": "golang",
1180+
"cve_fix_workflow": {
1181+
"primary_target": "release-2.17",
1182+
"backport_targets": "release-2.16, release-2.15, release-2.14, release-2.13"
1183+
},
1184+
"test_command": "make test",
1185+
"build_command": "make build",
1186+
"notes": "Go project. Grafana fork."
1187+
},
1188+
"stolostron/memcached-exporter": {
1189+
"github_url": "https://github.com/stolostron/memcached-exporter",
1190+
"default_branch": "release-2.17",
1191+
"active_release_branches": [
1192+
"release-2.16",
1193+
"release-2.15",
1194+
"release-2.14",
1195+
"release-2.13"
1196+
],
1197+
"branch_strategy": "Release branches (release-2.13 through release-2.17). Fix in latest release branch first.",
1198+
"repo_type": "golang",
1199+
"cve_fix_workflow": {
1200+
"primary_target": "release-2.17",
1201+
"backport_targets": "release-2.16, release-2.15, release-2.14, release-2.13"
1202+
},
1203+
"test_command": "make test",
1204+
"build_command": "make build",
1205+
"notes": "Go project. Memcached exporter."
1206+
}
1207+
}
8901208
}
8911209
},
8921210
"metadata": {

0 commit comments

Comments
 (0)