Skip to content

Migrate MVO FBC to per-version component pattern#521

Merged
osmman merged 1 commit into
mainfrom
mvo-fbc-migration-SECURESIGN-4331
Jun 19, 2026
Merged

Migrate MVO FBC to per-version component pattern#521
osmman merged 1 commit into
mainfrom
mvo-fbc-migration-SECURESIGN-4331

Conversation

@osmman

@osmman osmman commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Add mvo-fbc project overlay with template and per-version components (v4.16-v4.22)
  • Add FBC release stream to model-validation overlay
  • Add FBC release-plan trait to project/base/release-plan and migrate all FBC release plans (rhtas-fbc, pco-fbc, mvo-fbc) from per-version promote-to-candidate overlays to the shared trait
  • Delete promote-to-candidate/ directory — all FBC release plans now use the trait

Post-merge manual steps

  1. Apply kustomize configs to create MVO FBC components in Konflux
  2. Ensure ImageRepository CRs are created and bound to Components
  3. Configure PaC on each Component via build.appstudio.openshift.io/request: configure-pac or configure-pac-no-mr
  4. Verify securesign-mvo-fbc-* credentials linked to service account

Resolves: SECURESIGN-4331

🤖 Generated with Claude Code

@osmman @claude
Migrate MVO FBC to per-version component pattern matching RHTAS FBC
525f834 
- Add mvo-fbc project overlay with template and per-version components (v4.16-v4.22)
- Add FBC release stream to model-validation overlay
- Add FBC release-plan trait to project/base/release-plan
- Migrate FBC release plans from promote-to-candidate overlays to release-plan trait for rhtas-fbc, pco-fbc and mvo-fbc
- Delete promote-to-candidate directory (all FBC release plans now use trait)
- Register mvo-fbc in project and stream kustomizations

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@github-actions

github-actions Bot commented Jun 19, 2026

Copy link
Copy Markdown

Configuration Diff

18 document(s) impacted:

+ 3 added
- 13 removed
! 2 modified
Diff 
@@ spec.resources @@
# projctl.konflux.dev/v1beta1/ProjectDevelopmentStreamTemplate/rhtas-tenant/pco-fbc-template
! + one list entry added:
+   - apiVersion: appstudio.redhat.com/v1alpha1
+     kind: ReleasePlan
+     metadata:
+       name: promote-to-candidate-{{.application}}{{.nameSuffix}}
+       labels:
+         release.appstudio.openshift.io/auto-release: "true"
+         release.appstudio.openshift.io/standing-attribution: "true"
+     spec:
+       application: {{.application}}{{.nameSuffix}}
+       tenantPipeline:
+         params:
+         - name: git-url
+           value: "https://github.com/securesign/releases"
+         - name: code-freeze
+           value: "false"
+         - name: type
+           value: fbc
+         - name: file-name
+           value: {{.operator}}-fbc.json
+         pipelineRef:
+           params:
+           - name: url
+             value: "https://github.com/securesign/pipelines"
+           - name: revision
+             value: main
+           - name: pathInRepo
+             value: pipelines/promote-to-candidate.yaml
+           resolver: git
+         serviceAccountName: rhtas-build-bot

@@ spec.resources @@
# projctl.konflux.dev/v1beta1/ProjectDevelopmentStreamTemplate/rhtas-tenant/rhtas-fbc-template
! + one list entry added:
+   - apiVersion: appstudio.redhat.com/v1alpha1
+     kind: ReleasePlan
+     metadata:
+       name: promote-to-candidate-{{.application}}{{.nameSuffix}}
+       labels:
+         release.appstudio.openshift.io/auto-release: "true"
+         release.appstudio.openshift.io/standing-attribution: "true"
+     spec:
+       application: {{.application}}{{.nameSuffix}}
+       tenantPipeline:
+         params:
+         - name: git-url
+           value: "https://github.com/securesign/releases"
+         - name: code-freeze
+           value: "false"
+         - name: type
+           value: fbc
+         - name: file-name
+           value: {{.operator}}-fbc.json
+         pipelineRef:
+           params:
+           - name: url
+             value: "https://github.com/securesign/pipelines"
+           - name: revision
+             value: main
+           - name: pathInRepo
+             value: pipelines/promote-to-candidate.yaml
+           resolver: git
+         serviceAccountName: rhtas-build-bot

@@ (root level) @@
# appstudio.redhat.com/v1alpha1/ReleasePlan/rhtas-tenant/promote-to-candidate-fbc-v4-16
! - one document removed:
- ---
- apiVersion: appstudio.redhat.com/v1alpha1
- kind: ReleasePlan
- metadata:
-   name: promote-to-candidate-fbc-v4-16
-   namespace: rhtas-tenant
-   labels:
-     release.appstudio.openshift.io/auto-release: "true"
-     release.appstudio.openshift.io/standing-attribution: "true"
- spec:
-   application: fbc-v4-16
-   tenantPipeline:
-     params:
-     - name: git-url
-       value: "https://github.com/securesign/releases"
-     - name: code-freeze
-       value: "false"
-     - name: type
-       value: fbc
-     pipelineRef:
-       params:
-       - name: url
-         value: "https://github.com/securesign/pipelines"
-       - name: revision
-         value: main
-       - name: pathInRepo
-         value: pipelines/promote-to-candidate.yaml
-       resolver: git
-     serviceAccountName: rhtas-build-bot

@@ (root level) @@
# appstudio.redhat.com/v1alpha1/ReleasePlan/rhtas-tenant/promote-to-candidate-fbc-v4-17
! - one document removed:
- ---
- apiVersion: appstudio.redhat.com/v1alpha1
- kind: ReleasePlan
- metadata:
-   name: promote-to-candidate-fbc-v4-17
-   namespace: rhtas-tenant
-   labels:
-     release.appstudio.openshift.io/auto-release: "true"
-     release.appstudio.openshift.io/standing-attribution: "true"
- spec:
-   application: fbc-v4-17
-   tenantPipeline:
-     params:
-     - name: git-url
-       value: "https://github.com/securesign/releases"
-     - name: code-freeze
-       value: "false"
-     - name: type
-       value: fbc
-     pipelineRef:
-       params:
-       - name: url
-         value: "https://github.com/securesign/pipelines"
-       - name: revision
-         value: main
-       - name: pathInRepo
-         value: pipelines/promote-to-candidate.yaml
-       resolver: git
-     serviceAccountName: rhtas-build-bot

@@ (root level) @@
# appstudio.redhat.com/v1alpha1/ReleasePlan/rhtas-tenant/promote-to-candidate-fbc-v4-18
! - one document removed:
- ---
- apiVersion: appstudio.redhat.com/v1alpha1
- kind: ReleasePlan
- metadata:
-   name: promote-to-candidate-fbc-v4-18
-   namespace: rhtas-tenant
-   labels:
-     release.appstudio.openshift.io/auto-release: "true"
-     release.appstudio.openshift.io/standing-attribution: "true"
- spec:
-   application: fbc-v4-18
-   tenantPipeline:
-     params:
-     - name: git-url
-       value: "https://github.com/securesign/releases"
-     - name: code-freeze
-       value: "false"
-     - name: type
-       value: fbc
-     pipelineRef:
-       params:
-       - name: url
-         value: "https://github.com/securesign/pipelines"
-       - name: revision
-         value: main
-       - name: pathInRepo
-         value: pipelines/promote-to-candidate.yaml
-       resolver: git
-     serviceAccountName: rhtas-build-bot

@@ (root level) @@
# appstudio.redhat.com/v1alpha1/ReleasePlan/rhtas-tenant/promote-to-candidate-fbc-v4-19
! - one document removed:
- ---
- apiVersion: appstudio.redhat.com/v1alpha1
- kind: ReleasePlan
- metadata:
-   name: promote-to-candidate-fbc-v4-19
-   namespace: rhtas-tenant
-   labels:
-     release.appstudio.openshift.io/auto-release: "true"
-     release.appstudio.openshift.io/standing-attribution: "true"
- spec:
-   application: fbc-v4-19
-   tenantPipeline:
-     params:
-     - name: git-url
-       value: "https://github.com/securesign/releases"
-     - name: code-freeze
-       value: "false"
-     - name: type
-       value: fbc
-     pipelineRef:
-       params:
-       - name: url
-         value: "https://github.com/securesign/pipelines"
-       - name: revision
-         value: main
-       - name: pathInRepo
-         value: pipelines/promote-to-candidate.yaml
-       resolver: git
-     serviceAccountName: rhtas-build-bot

@@ (root level) @@
# appstudio.redhat.com/v1alpha1/ReleasePlan/rhtas-tenant/promote-to-candidate-fbc-v4-20
! - one document removed:
- ---
- apiVersion: appstudio.redhat.com/v1alpha1
- kind: ReleasePlan
- metadata:
-   name: promote-to-candidate-fbc-v4-20
-   namespace: rhtas-tenant
-   labels:
-     release.appstudio.openshift.io/auto-release: "true"
-     release.appstudio.openshift.io/standing-attribution: "true"
- spec:
-   application: fbc-v4-20
-   tenantPipeline:
-     params:
-     - name: git-url
-       value: "https://github.com/securesign/releases"
-     - name: code-freeze
-       value: "false"
-     - name: type
-       value: fbc
-     pipelineRef:
-       params:
-       - name: url
-         value: "https://github.com/securesign/pipelines"
-       - name: revision
-         value: main
-       - name: pathInRepo
-         value: pipelines/promote-to-candidate.yaml
-       resolver: git
-     serviceAccountName: rhtas-build-bot

@@ (root level) @@
# appstudio.redhat.com/v1alpha1/ReleasePlan/rhtas-tenant/promote-to-candidate-fbc-v4-21
! - one document removed:
- ---
- apiVersion: appstudio.redhat.com/v1alpha1
- kind: ReleasePlan
- metadata:
-   name: promote-to-candidate-fbc-v4-21
-   namespace: rhtas-tenant
-   labels:
-     release.appstudio.openshift.io/auto-release: "true"
-     release.appstudio.openshift.io/standing-attribution: "true"
- spec:
-   application: fbc-v4-21
-   tenantPipeline:
-     params:
-     - name: git-url
-       value: "https://github.com/securesign/releases"
-     - name: code-freeze
-       value: "false"
-     - name: type
-       value: fbc
-     pipelineRef:
-       params:
-       - name: url
-         value: "https://github.com/securesign/pipelines"
-       - name: revision
-         value: main
-       - name: pathInRepo
-         value: pipelines/promote-to-candidate.yaml
-       resolver: git
-     serviceAccountName: rhtas-build-bot

@@ (root level) @@
# appstudio.redhat.com/v1alpha1/ReleasePlan/rhtas-tenant/promote-to-candidate-pco-fbc-v4-16
! - one document removed:
- ---
- apiVersion: appstudio.redhat.com/v1alpha1
- kind: ReleasePlan
- metadata:
-   name: promote-to-candidate-pco-fbc-v4-16
-   namespace: rhtas-tenant
-   labels:
-     release.appstudio.openshift.io/auto-release: "true"
-     release.appstudio.openshift.io/standing-attribution: "true"
- spec:
-   application: pco-fbc-v4-16
-   tenantPipeline:
-     params:
-     - name: git-url
-       value: "https://github.com/securesign/releases"
-     - name: code-freeze
-       value: "false"
-     - name: type
-       value: fbc
-     - name: file-name
-       value: policy-controller-operator-fbc.json
-     pipelineRef:
-       params:
-       - name: url
-         value: "https://github.com/securesign/pipelines"
-       - name: revision
-         value: main
-       - name: pathInRepo
-         value: pipelines/promote-to-candidate.yaml
-       resolver: git
-     serviceAccountName: rhtas-build-bot

@@ (root level) @@
# appstudio.redhat.com/v1alpha1/ReleasePlan/rhtas-tenant/promote-to-candidate-pco-fbc-v4-17
! - one document removed:
- ---
- apiVersion: appstudio.redhat.com/v1alpha1
- kind: ReleasePlan
- metadata:
-   name: promote-to-candidate-pco-fbc-v4-17
-   namespace: rhtas-tenant
-   labels:
-     release.appstudio.openshift.io/auto-release: "true"
-     release.appstudio.openshift.io/standing-attribution: "true"
- spec:
-   application: pco-fbc-v4-17
-   tenantPipeline:
-     params:
-     - name: git-url
-       value: "https://github.com/securesign/releases"
-     - name: code-freeze
-       value: "false"
-     - name: type
-       value: fbc
-     - name: file-name
-       value: policy-controller-operator-fbc.json
-     pipelineRef:
-       params:
-       - name: url
-         value: "https://github.com/securesign/pipelines"
-       - name: revision
-         value: main
-       - name: pathInRepo
-         value: pipelines/promote-to-candidate.yaml
-       resolver: git
-     serviceAccountName: rhtas-build-bot

@@ (root level) @@
# appstudio.redhat.com/v1alpha1/ReleasePlan/rhtas-tenant/promote-to-candidate-pco-fbc-v4-18
! - one document removed:
- ---
- apiVersion: appstudio.redhat.com/v1alpha1
- kind: ReleasePlan
- metadata:
-   name: promote-to-candidate-pco-fbc-v4-18
-   namespace: rhtas-tenant
-   labels:
-     release.appstudio.openshift.io/auto-release: "true"
-     release.appstudio.openshift.io/standing-attribution: "true"
- spec:
-   application: pco-fbc-v4-18
-   tenantPipeline:
-     params:
-     - name: git-url
-       value: "https://github.com/securesign/releases"
-     - name: code-freeze
-       value: "false"
-     - name: type
-       value: fbc
-     - name: file-name
-       value: policy-controller-operator-fbc.json
-     pipelineRef:
-       params:
-       - name: url
-         value: "https://github.com/securesign/pipelines"
-       - name: revision
-         value: main
-       - name: pathInRepo
-         value: pipelines/promote-to-candidate.yaml
-       resolver: git
-     serviceAccountName: rhtas-build-bot

@@ (root level) @@
# appstudio.redhat.com/v1alpha1/ReleasePlan/rhtas-tenant/promote-to-candidate-pco-fbc-v4-19
! - one document removed:
- ---
- apiVersion: appstudio.redhat.com/v1alpha1
- kind: ReleasePlan
- metadata:
-   name: promote-to-candidate-pco-fbc-v4-19
-   namespace: rhtas-tenant
-   labels:
-     release.appstudio.openshift.io/auto-release: "true"
-     release.appstudio.openshift.io/standing-attribution: "true"
- spec:
-   application: pco-fbc-v4-19
-   tenantPipeline:
-     params:
-     - name: git-url
-       value: "https://github.com/securesign/releases"
-     - name: code-freeze
-       value: "false"
-     - name: type
-       value: fbc
-     - name: file-name
-       value: policy-controller-operator-fbc.json
-     pipelineRef:
-       params:
-       - name: url
-         value: "https://github.com/securesign/pipelines"
-       - name: revision
-         value: main
-       - name: pathInRepo
-         value: pipelines/promote-to-candidate.yaml
-       resolver: git
-     serviceAccountName: rhtas-build-bot

@@ (root level) @@
# appstudio.redhat.com/v1alpha1/ReleasePlan/rhtas-tenant/promote-to-candidate-pco-fbc-v4-20
! - one document removed:
- ---
- apiVersion: appstudio.redhat.com/v1alpha1
- kind: ReleasePlan
- metadata:
-   name: promote-to-candidate-pco-fbc-v4-20
-   namespace: rhtas-tenant
-   labels:
-     release.appstudio.openshift.io/auto-release: "true"
-     release.appstudio.openshift.io/standing-attribution: "true"
- spec:
-   application: pco-fbc-v4-20
-   tenantPipeline:
-     params:
-     - name: git-url
-       value: "https://github.com/securesign/releases"
-     - name: code-freeze
-       value: "false"
-     - name: type
-       value: fbc
-     - name: file-name
-       value: policy-controller-operator-fbc.json
-     pipelineRef:
-       params:
-       - name: url
-         value: "https://github.com/securesign/pipelines"
-       - name: revision
-         value: main
-       - name: pathInRepo
-         value: pipelines/promote-to-candidate.yaml
-       resolver: git
-     serviceAccountName: rhtas-build-bot

@@ (root level) @@
# appstudio.redhat.com/v1alpha1/ReleasePlan/rhtas-tenant/promote-to-candidate-pco-fbc-v4-21
! - one document removed:
- ---
- apiVersion: appstudio.redhat.com/v1alpha1
- kind: ReleasePlan
- metadata:
-   name: promote-to-candidate-pco-fbc-v4-21
-   namespace: rhtas-tenant
-   labels:
-     release.appstudio.openshift.io/auto-release: "true"
-     release.appstudio.openshift.io/standing-attribution: "true"
- spec:
-   application: pco-fbc-v4-21
-   tenantPipeline:
-     params:
-     - name: git-url
-       value: "https://github.com/securesign/releases"
-     - name: code-freeze
-       value: "false"
-     - name: type
-       value: fbc
-     - name: file-name
-       value: policy-controller-operator-fbc.json
-     pipelineRef:
-       params:
-       - name: url
-         value: "https://github.com/securesign/pipelines"
-       - name: revision
-         value: main
-       - name: pathInRepo
-         value: pipelines/promote-to-candidate.yaml
-       resolver: git
-     serviceAccountName: rhtas-build-bot

@@ (root level) @@
# appstudio.redhat.com/v1alpha1/ReleasePlan/rhtas-tenant/promote-to-candidate-pco-fbc-v4-22
! - one document removed:
- ---
- apiVersion: appstudio.redhat.com/v1alpha1
- kind: ReleasePlan
- metadata:
-   name: promote-to-candidate-pco-fbc-v4-22
-   namespace: rhtas-tenant
-   labels:
-     release.appstudio.openshift.io/auto-release: "true"
-     release.appstudio.openshift.io/standing-attribution: "true"
- spec:
-   application: pco-fbc-v4-22
-   tenantPipeline:
-     params:
-     - name: git-url
-       value: "https://github.com/securesign/releases"
-     - name: code-freeze
-       value: "false"
-     - name: type
-       value: fbc
-     - name: file-name
-       value: policy-controller-operator-fbc.json
-     pipelineRef:
... (diff truncated, showing first 500 lines)

📦 Artifacts: base-output.yaml, head-output.yaml, dyff-output.txt

@qodo-for-securesign

qodo-for-securesign Bot commented Jun 19, 2026

Copy link
Copy Markdown

PR Summary by Qodo

Migrate MVO FBC to per-version components and shared release-plan trait
✨ Enhancement ⚙️ Configuration changes 🕐 20-40 Minutes

Grey Divider

Description 

• Add MVO FBC project overlay and per-OCP-version Component/ImageRepository patches (4.16–4.22).
• Introduce a shared FBC ReleasePlan patch in the base release-plan component.
• Wire model-validation stream overlay to create an MVO FBC release stream via the template.
Diagram 

graph TD
  A["model-validation stream overlay"] --> B["mvo-fbc-release stream"] --> C["mvo-fbc template"]
  D["mvo-fbc project overlay"] --> C --> E["Application per stream"]
  D --> F["OCP v4.16-4.22 components"] --> G["Component + ImageRepository"]
  D --> H["base release-plan trait"] --> I["FBC ReleasePlan"]
Loading
High-Level Assessment

The following are alternative approaches to this PR:

1. Keep per-app promote-to-candidate overlays
  • ➕ Clear separation between per-app configuration and shared base logic
  • ➕ Lower blast radius (no shared trait affecting all FBC templates)
  • ➖ High duplication across versions/apps
  • ➖ Harder to keep pipeline params consistent across FBC apps
2. Generate per-version patches via a templating tool (Jsonnet/Helm/Kustomize function)
  • ➕ Reduces repetitive per-version YAML and copy/paste drift
  • ➕ Makes adding future OCP versions less error-prone
  • ➖ Adds an additional build-time dependency/tooling to the repo
  • ➖ May not be accepted/available in current Konflux/Kustomize workflow constraints

Recommendation: The chosen approach (shared base release-plan trait + per-version component pattern) is the better long-term fit because it centralizes the FBC ReleasePlan semantics while keeping per-OCP-version build inputs explicit. The main tradeoff is verbosity across v4.16–v4.22; if version churn becomes frequent, consider introducing a generation step, but the current change aligns with existing FBC patterns and reduces duplication relative to the removed promote-to-candidate overlays.

Files changed (27) +529 / -3

Bug fix (1) +21 / -0
kustomizeconfig.yamlAdd nameReference rules for projctl Project and stream/template wiring +21/-0

Add nameReference rules for projctl Project and stream/template wiring

• Introduces Kustomize nameReference configuration so spec.project and spec.template.name fields are updated when names are transformed. Prevents broken references between ProjectDevelopmentStream and ProjectDevelopmentStreamTemplate/Project.

konflux-configs/base/stream/model-validation/overlay/fbc/kustomizeconfig.yaml

Refactor (1) +0 / -1
kustomization.yamlStop including legacy promote-to-candidate release-plan directory +0/-1

Stop including legacy promote-to-candidate release-plan directory

• Removes the promote-to-candidate/ resource from the base release-plan kustomization, completing the migration to the shared release-plan trait mechanism.

konflux-configs/base/release-plan/kustomization.yaml

Other (25) +508 / -2
kustomization.yamlAdd v4.16 MVO FBC Kustomize component hook +8/-0

Add v4.16 MVO FBC Kustomize component hook

• Introduces a Kustomize Component that applies a patch to FBC-type ProjectDevelopmentStreamTemplate resources. This enables injecting v4.16-specific resources into stamped streams.

konflux-configs/base/project/base/ocp/mvo/v4.16/kustomization.yaml

patch.yamlDefine v4.16 Component and ImageRepository for MVO FBC +47/-0

Define v4.16 Component and ImageRepository for MVO FBC

• Adds Konflux Component pointing at securesign/fbc (v4.16 context) and an ImageRepository configured for public visibility and SBOM webhook notifications. Names are templated to produce per-stream resources.

konflux-configs/base/project/base/ocp/mvo/v4.16/patch.yaml

kustomization.yamlAdd v4.17 MVO FBC Kustomize component hook +8/-0

Add v4.17 MVO FBC Kustomize component hook

• Adds a Kustomize Component that targets FBC-type templates and applies the v4.17 patch. Keeps the per-version wiring consistent across streams.

konflux-configs/base/project/base/ocp/mvo/v4.17/kustomization.yaml

patch.yamlDefine v4.17 Component and ImageRepository for MVO FBC +47/-0

Define v4.17 Component and ImageRepository for MVO FBC

• Adds a v4.17-specific Konflux Component source context and matching ImageRepository with update-component-image and SBOM webhook notification. Uses templated names to align with per-stream Applications.

konflux-configs/base/project/base/ocp/mvo/v4.17/patch.yaml

kustomization.yamlAdd v4.18 MVO FBC Kustomize component hook +8/-0

Add v4.18 MVO FBC Kustomize component hook

• Introduces the per-version Kustomize Component wrapper for applying the v4.18 patch to FBC templates.

konflux-configs/base/project/base/ocp/mvo/v4.18/kustomization.yaml

patch.yamlDefine v4.18 Component and ImageRepository for MVO FBC +47/-0

Define v4.18 Component and ImageRepository for MVO FBC

• Adds Konflux Component configuration for securesign/fbc v4.18 content and a corresponding ImageRepository for image publishing and notifications. Ensures consistent naming/labels for AppStudio association.

konflux-configs/base/project/base/ocp/mvo/v4.18/patch.yaml

kustomization.yamlAdd v4.19 MVO FBC Kustomize component hook +8/-0

Add v4.19 MVO FBC Kustomize component hook

• Adds the Kustomize Component layer to apply v4.19 resources to FBC templates.

konflux-configs/base/project/base/ocp/mvo/v4.19/kustomization.yaml

patch.yamlDefine v4.19 Component and ImageRepository for MVO FBC +47/-0

Define v4.19 Component and ImageRepository for MVO FBC

• Adds the v4.19 Component source context and an ImageRepository with public visibility and SBOM webhook configuration. Keeps Component/ImageRepository names aligned to the per-stream application.

konflux-configs/base/project/base/ocp/mvo/v4.19/patch.yaml

kustomization.yamlAdd v4.20 MVO FBC Kustomize component hook +8/-0

Add v4.20 MVO FBC Kustomize component hook

• Introduces the v4.20 Kustomize Component that patches FBC-type stream templates.

konflux-configs/base/project/base/ocp/mvo/v4.20/kustomization.yaml

patch.yamlDefine v4.20 Component and ImageRepository for MVO FBC +47/-0

Define v4.20 Component and ImageRepository for MVO FBC

• Adds Konflux Component for the v4.20 catalog build context and a matching ImageRepository with automated image updates and SBOM webhook notifications.

konflux-configs/base/project/base/ocp/mvo/v4.20/patch.yaml

kustomization.yamlAdd v4.21 MVO FBC Kustomize component hook +8/-0

Add v4.21 MVO FBC Kustomize component hook

• Adds a Kustomize Component that applies v4.21-specific resources to FBC templates via patching.

konflux-configs/base/project/base/ocp/mvo/v4.21/kustomization.yaml

patch.yamlDefine v4.21 Component and ImageRepository for MVO FBC +47/-0

Define v4.21 Component and ImageRepository for MVO FBC

• Adds a v4.21 Component build definition and an ImageRepository with AppStudio labels and SBOM webhook notifications. Uses template variables for application/name suffix handling.

konflux-configs/base/project/base/ocp/mvo/v4.21/patch.yaml

kustomization.yamlAdd v4.22 MVO FBC Kustomize component hook +8/-0

Add v4.22 MVO FBC Kustomize component hook

• Introduces the v4.22 Kustomize Component wrapper for patching FBC templates.

konflux-configs/base/project/base/ocp/mvo/v4.22/kustomization.yaml

patch.yamlDefine v4.22 Component and ImageRepository for MVO FBC +47/-0

Define v4.22 Component and ImageRepository for MVO FBC

• Adds Konflux Component configuration for v4.22 source context and an ImageRepository for publishing rhtas-tenant images with SBOM webhook notifications. Continues the per-version naming convention.

konflux-configs/base/project/base/ocp/mvo/v4.22/patch.yaml

kustomization.yamlApply shared FBC release-plan patch to FBC templates +6/-0

Apply shared FBC release-plan patch to FBC templates

• Extends the base release-plan component to also patch ProjectDevelopmentStreamTemplate resources labeled as FBC type. This centralizes ReleasePlan creation for rhtas-fbc, pco-fbc, and mvo-fbc.

konflux-configs/base/project/base/release-plan/kustomization.yaml

fbc.yamlAdd FBC ReleasePlan trait (promote-to-candidate) +32/-0

Add FBC ReleasePlan trait (promote-to-candidate)

• Defines a shared JSON6902 patch that injects an appstudio ReleasePlan into stamped resources. Sets tenant pipeline params including type=fbc and file-name based on the operator variable.

konflux-configs/base/project/base/release-plan/patch/fbc.yaml

kustomization.yamlRegister mvo-fbc overlay in base project kustomization +1/-0

Register mvo-fbc overlay in base project kustomization

• Adds the new mvo-fbc overlay to the set of project overlays so it is included in builds/applies.

konflux-configs/base/project/kustomization.yaml

kustomization.yamlCreate MVO FBC project overlay wiring base components and per-version patches +18/-0

Create MVO FBC project overlay wiring base components and per-version patches

• Adds a new overlay that installs the MVO FBC Project and template, and composes base ec/branch-sync/release-plan plus per-OCP-version components (4.16–4.22). This aligns MVO with the established FBC per-version component pattern.

konflux-configs/base/project/overlay/mvo-fbc/kustomization.yaml

project.yamlDefine new Konflux Project: mvo-fbc +8/-0

Define new Konflux Project: mvo-fbc

• Introduces a projctl Project definition for Model Validation Operator FBC, including display name and description.

konflux-configs/base/project/overlay/mvo-fbc/project.yaml

template.yamlAdd ProjectDevelopmentStreamTemplate for mvo-fbc +36/-0

Add ProjectDevelopmentStreamTemplate for mvo-fbc

• Defines the template used to stamp per-stream Applications and resources for MVO FBC. Declares variables for version/branch/nameSuffix/operator and labels the template as build.rhtas.com/type=fbc.

konflux-configs/base/project/overlay/mvo-fbc/template.yaml

kustomization.yamlInclude shared release-plan base component in pco-fbc overlay +1/-0

Include shared release-plan base component in pco-fbc overlay

• Adds the base release-plan component to the pco-fbc overlay so FBC release plans come from the shared trait rather than per-version promote-to-candidate overlays.

konflux-configs/base/project/overlay/pco-fbc/kustomization.yaml

kustomization.yamlInclude shared release-plan base component in rhtas-fbc overlay +1/-0

Include shared release-plan base component in rhtas-fbc overlay

• Adds the base release-plan component to the rhtas-fbc overlay to use the shared FBC ReleasePlan patching behavior.

konflux-configs/base/project/overlay/rhtas-fbc/kustomization.yaml

kustomization.yamlAdd MVO FBC release stream resources and nameReference configuration +4/-2

Add MVO FBC release stream resources and nameReference configuration

• Replaces legacy references to prior fbc overlays with a concrete release stream resource and custom nameReference configuration. Ensures projctl resources correctly reference Project and template names after Kustomize transformations.

konflux-configs/base/stream/model-validation/overlay/fbc/kustomization.yaml

release-stream.yamlCreate mvo-fbc release development stream instance +15/-0

Create mvo-fbc release development stream instance

• Adds a ProjectDevelopmentStream named mvo-fbc-release that instantiates the mvo-fbc template with version=release and empty nameSuffix. This creates a canonical release stream tied to main.

konflux-configs/base/stream/model-validation/overlay/fbc/release-stream.yaml

kustomization.yamlRegister fbc overlay under model-validation stream overlays +1/-0

Register fbc overlay under model-validation stream overlays

• Adds the fbc overlay to the model-validation stream overlay kustomization resources so it is applied alongside main/tech-preview/v1-0.

konflux-configs/base/stream/model-validation/overlay/kustomization.yaml

@qodo-for-securesign

qodo-for-securesign Bot commented Jun 19, 2026

Copy link
Copy Markdown

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (0) 📎 Requirement gaps (0)

Grey Divider

Great, no issues found!

Qodo reviewed your code and found no material issues that require review

Grey Divider

Qodo Logo

@osmman osmman mentioned this pull request Jun 19, 2026
Merged
@osmman osmman merged commit c343c2b into main Jun 19, 2026
4 checks passed
@osmman osmman deleted the mvo-fbc-migration-SECURESIGN-4331 branch June 19, 2026 14:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sampras343 sampras343 sampras343 approved these changes
@tommyd450 tommyd450 Awaiting requested review from tommyd450
@JasonPowr JasonPowr Awaiting requested review from JasonPowr

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@osmman @sampras343