From 283e085c58c6ea78e54a38779de0bb2706b1ffe2 Mon Sep 17 00:00:00 2001 From: Jakub Hadvig Date: Mon, 15 Dec 2025 17:12:58 +0100 Subject: [PATCH] OCPBUGS-68367: Add missing console annotation to the quickstart --- quickstarts/trusted-artifact-signer.yaml | 9 +++++---- quickstarts/trusted-profile-analyzer.yaml | 9 +++++---- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/quickstarts/trusted-artifact-signer.yaml b/quickstarts/trusted-artifact-signer.yaml index a7b211cb8..f3b3a62ae 100644 --- a/quickstarts/trusted-artifact-signer.yaml +++ b/quickstarts/trusted-artifact-signer.yaml @@ -1,11 +1,12 @@ apiVersion: console.openshift.io/v1 kind: ConsoleQuickStart metadata: - annotations: - kubectl.kubernetes.io/last-applied-configuration: | - {"apiVersion":"console.openshift.io/v1","kind":"ConsoleQuickStart","metadata":{"annotations":{"openshift.io/display-name":"Getting started with Trusted Artifact Signer"},"name":"trusted-artifact-signer-getting-started"},"spec":{"conclusion":"You installed the TAS operator, created an instance, generated a demo keypair, and signed and verified an image. Continue by integrating TAS with your CI and enforcing signature policies.","description":"Install the operator, create an instance, and sign your first artifact with Red Hat Trusted Artifact Signer (TAS).","displayName":"Getting started with Trusted Artifact Signer","durationMinutes":15,"icon":"data:image/svg+xml;utf8,\u003csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24' fill='%231F4392'\u003e\u003cpath d='M19 3H5a2 2 0 00-2 2v14l4-2h12a2 2 0 002-2V5a2 2 0 00-2-2z'/\u003e\u003cpath fill='%23fff' d='M8 12l2 2 5-5 1.5 1.5-6.5 6.5L6.5 13z'/\u003e\u003c/svg\u003e","introduction":"Red Hat Trusted Artifact Signer enables you to sign and verify container images and other build artifacts to ensure integrity and provenance. In this quick start, you will install the operator, create an instance, and sign your first artifact.","nextSteps":[{"description":"Product documentation and integration patterns.","links":[{"href":"https://docs.redhat.com/en/documentation/red_hat_trusted_artifact_signer/","text":"Trusted Artifact Signer documentation"}],"title":"Learn more"},{"description":"Explore complementary tools for provenance and vulnerability management.","links":[{"href":"https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/","text":"Trusted Profile Analyzer"},{"href":"https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/","text":"Advanced Cluster Security"}],"title":"Related security capabilities"}],"prerequisites":["Administrator access to the OpenShift cluster","Access to Ecosystem → Software Catalog"],"tasks":[{"description":"Create or select a project (for example `tas-system`) to host the operator and the TAS instance.","title":"Choose or create a project for TAS"},{"description":"Go to Ecosystem → Software Catalog and search for \"Trusted Artifact Signer\". Open the tile and click Install. After installation, verify the operator shows Succeeded under Ecosystem → Installed Operators.","links":[{"href":"https://docs.redhat.com/en/documentation/red_hat_trusted_artifact_signer/","text":"Operator installation docs"}],"title":"Install the Trusted Artifact Signer operator"},{"description":"From Ecosystem → Installed Operators → Trusted Artifact Signer, click Create instance. Accept defaults for evaluation or configure storage, routes, and keys as required.","title":"Create a Trusted Artifact Signer instance"},{"description":"For evaluation, generate a test keypair using cosign and store it in a Kubernetes secret.\nmacOS (Homebrew):\n``` brew install sigstore/tap/cosign cosign generate-key-pair --kms \"\" ```{{copy}}\nCreate a secret:\n``` oc create secret generic tas-cosign-keys --from-file=cosign.key --from-file=cosign.pub -n $(oc project -q) ```{{copy}}","links":[{"href":"https://docs.sigstore.dev/cosign/overview/","text":"Cosign project"}],"title":"Generate a signing key (development)"},{"description":"Sign a small image and verify its signature.\n``` cosign sign --key cosign.key registry.access.redhat.com/ubi9/ubi:latest cosign verify --key cosign.pub registry.access.redhat.com/ubi9/ubi:latest ```{{copy}}","links":[{"href":"https://docs.redhat.com/en/documentation/red_hat_trusted_artifact_signer/","text":"TAS documentation"}],"title":"Sign a sample image and verify"}]}} - openshift.io/display-name: Getting started with Trusted Artifact Signer name: trusted-artifact-signer-getting-started + annotations: + include.release.openshift.io/ibm-cloud-managed: 'true' + include.release.openshift.io/self-managed-high-availability: 'true' + include.release.openshift.io/single-node-developer: 'true' + capability.openshift.io/name: Console spec: conclusion: 'You installed the TAS operator, created an instance, generated a demo keypair, and signed and verified an image. To learn more, read the [deployment guide](https://docs.redhat.com/en/documentation/red_hat_trusted_artifact_signer/1.2/html/deployment_guide/index) for additional information on how to properly configure and deploy Trusted Artifact Signer.' description: 'Install TAS, configure signing, and validate signatures and attestations. TAS verifies artifact integrity and provenance with Sigstore/cosign and policy checks.' diff --git a/quickstarts/trusted-profile-analyzer.yaml b/quickstarts/trusted-profile-analyzer.yaml index c10617f71..976ed4c40 100644 --- a/quickstarts/trusted-profile-analyzer.yaml +++ b/quickstarts/trusted-profile-analyzer.yaml @@ -1,11 +1,12 @@ apiVersion: console.openshift.io/v1 kind: ConsoleQuickStart metadata: - annotations: - kubectl.kubernetes.io/last-applied-configuration: | - {"apiVersion":"console.openshift.io/v1","kind":"ConsoleQuickStart","metadata":{"annotations":{"openshift.io/display-name":"Getting started with Trusted Profile Analyzer"},"name":"trusted-profile-analyzer-getting-started"},"spec":{"conclusion":"You installed the operator, created an instance, and analyzed a sample SBOM with TPA. Continue by connecting continuous SBOM sources and exploring queries and reports.","description":"Install the operator, create an instance, and upload a sample SBOM for analysis with Red Hat Trusted Profile Analyzer (TPA).","displayName":"Getting started with Trusted Profile Analyzer","durationMinutes":15,"icon":"data:image/svg+xml;utf8,\u003csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24' fill='%231F4392'\u003e\u003cpath d='M12 2l7 4v6c0 5-3.5 9.7-7 10-3.5-.3-7-5-7-10V6l7-4z'/\u003e\u003cpath fill='%23fff' d='M10 12l2 2 4-4 1.4 1.4-5.4 5.4L8.6 13.4z'/\u003e\u003c/svg\u003e","introduction":"Red Hat Trusted Profile Analyzer helps you understand software composition and risk by analyzing Software Bills of Materials (SBOMs) and related metadata. In this quick start, you will install the operator, create an instance, open the UI, and upload a sample SBOM to see results.","nextSteps":[{"description":"Product documentation and architecture overview.","links":[{"href":"https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/","text":"Trusted Profile Analyzer documentation"}],"title":"Learn more"},{"description":"Explore complementary tools for supply chain security.","links":[{"href":"https://docs.redhat.com/en/documentation/red_hat_trusted_artifact_signer/","text":"Trusted Artifact Signer"},{"href":"https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/","text":"Advanced Cluster Security"}],"title":"Related security capabilities"}],"prerequisites":["Administrator access to the OpenShift cluster","Access to Ecosystem → Software Catalog"],"tasks":[{"description":"In the Core platform perspective, open Projects and create a new project (for example `tpa-system`), or select an existing project where you want to run the operator and its instance.","title":"Choose or create a project for TPA"},{"description":"Go to Ecosystem → Software Catalog and search for \"Trusted Profile Analyzer\". Open the tile and click Install. Use the default channel and approve the install plan. Wait until the operator status shows Succeeded under Ecosystem → Installed Operators in your chosen project.","links":[{"href":"https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/","text":"Operator installation docs"}],"title":"Install the Trusted Profile Analyzer operator"},{"description":"From Ecosystem → Installed Operators → Trusted Profile Analyzer, click Create instance. Accept defaults for a trial environment. After the instance is created and Ready, a Route is exposed to access the TPA UI.","title":"Create a Trusted Profile Analyzer instance"},{"description":"On the instance page, find the Route and click it to open the TPA UI. Log in if prompted. You should land on the dashboard where you can upload or connect SBOM sources.","title":"Open the TPA UI from the Route"},{"description":"If you don't have an SBOM handy, you can quickly generate one using Syft in CycloneDX JSON format and upload it.\nOn macOS with Homebrew:\n``` brew install syft syft packages registry.access.redhat.com/ubi9/ubi:latest -o cyclonedx-json \u003e ubi9-sbom.json ```{{copy}}\nOn Linux (script installer):\n``` curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin syft packages registry.access.redhat.com/ubi9/ubi:latest -o cyclonedx-json \u003e ubi9-sbom.json ```{{copy}}","links":[{"href":"https://github.com/anchore/syft","text":"Syft (generate SBOMs)"}],"title":"Generate a sample SBOM locally (optional)"},{"description":"In the TPA UI, choose Upload SBOM and select the generated `ubi9-sbom.json` file. After processing, navigate through components, vulnerabilities, and relationships. Use filters to focus on critical issues and drill into affected packages.","title":"Upload the SBOM and review findings"}]}} - openshift.io/display-name: Getting started with Trusted Profile Analyzer name: trusted-profile-analyzer-getting-started + annotations: + include.release.openshift.io/ibm-cloud-managed: 'true' + include.release.openshift.io/self-managed-high-availability: 'true' + include.release.openshift.io/single-node-developer: 'true' + capability.openshift.io/name: Console spec: conclusion: 'You installed the operator, created an instance, and analyzed a sample SBOM with TPA. Continue by connecting continuous SBOM sources and exploring queries and reports. To learn more, read the [deployment guide](https://docs.redhat.com/en/documentation/red_hat_trusted_profile_analyzer/2.1/html/deployment_guide/index) for additional information on how to properly configure and deploy Trusted Profile Analyzer.' description: 'Install TPA, ingest a sample SBOM, and explore component risks and CVEs. TPA correlates components to vulnerabilities to surface risk earlier.'