Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
84 changes: 14 additions & 70 deletions .tekton/kartograph-agent-runtime-push.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -615,9 +615,9 @@ spec:
value: $(params.git-url)
workspaces:
- name: basic-auth
workspace: hp-fleet-gitops-auth
workspace: fleet-apps-auth
- name: netrc
workspace: hp-fleet-gitops-auth
workspace: fleet-apps-auth
taskSpec:
params:
- name: COMMIT_SHA
Expand Down Expand Up @@ -658,8 +658,8 @@ spec:
mkdir -p "$HOME"

if [ ! -f "${WORKSPACE_BASIC_AUTH_PATH}/.git-credentials" ] && [ ! -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then
echo "ERROR: Secret kartograph-hp-fleet-gitops-auth is missing or empty."
echo "Apply .tekton/kartograph-hp-fleet-gitops-auth.secret.example.yaml in kartograph-tenant."
echo "ERROR: Secret kartograph-fleet-apps-auth is missing or empty."
echo "Apply .tekton/kartograph-fleet-apps-auth.secret.example.yaml in kartograph-tenant."
exit 1
fi

Expand All @@ -677,8 +677,9 @@ spec:

SHORT_SHA="${COMMIT_SHA:0:12}"
BRANCH="konflux/deploy-tag-${DEPLOY_COMPONENT}-${SHORT_SHA}"
FLEET_APPS_REPO="https://gitlab.cee.redhat.com/hybrid-platforms-gitops/tenant-apps/fleet-apps.git"

git clone --depth 1 --branch main "https://github.com/openshift-online/hp-fleet-gitops" /tmp/repo
git clone --depth 1 --branch main "${FLEET_APPS_REPO}" /tmp/repo
cd /tmp/repo

FILE="apps/kartograph/overlays/stage/kustomization.yaml"
Expand Down Expand Up @@ -708,70 +709,13 @@ spec:

git checkout -b "$BRANCH"
git commit -m "chore(deploy): update ${DEPLOY_COMPONENT} stage image tag to ${SHORT_SHA}"
git push origin "$BRANCH"
git push -u origin "$BRANCH" \
-o merge_request.create \
-o merge_request.target=main \
-o "merge_request.title=chore(deploy): update ${DEPLOY_COMPONENT} stage image tag to ${SHORT_SHA}" \
-o "merge_request.description=Auto-generated by Konflux push pipeline. Updates newTag for ${IMAGE_SELECTOR} to ${COMMIT_SHA}."
echo "Merge request created for branch ${BRANCH}"

Comment on lines +712 to 718

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Make the deploy push idempotent on retries.

Line 712 pushes a deterministic branch name. If this PipelineRun is retried for the same commit while the prior deploy branch still exists, git push can fail and mark the build failed again. CWE/CVE: N/A.

Proposed retry-safe guard
+                if git ls-remote --exit-code --heads origin "$BRANCH" >/dev/null 2>&1; then
+                  echo "Deploy branch ${BRANCH} already exists; assuming merge request was already created"
+                  exit 0
+                fi
+
                 git checkout -b "$BRANCH"
                 git commit -m "chore(deploy): update ${DEPLOY_COMPONENT} stage image tag to ${SHORT_SHA}"
                 git push -u origin "$BRANCH" \
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.tekton/kartograph-agent-runtime-push.yaml around lines 712 - 718, The
deploy push in the branch creation step is not idempotent, because a retry can
fail when the same deterministic branch already exists on origin. Update the
push logic around the git push invocation in the deploy/MR creation flow so it
first checks whether $BRANCH already exists remotely and skips or safely reuses
it on retries, while keeping the existing merge request creation behavior in the
same script section. Ensure the guard is tied to the branch-handling logic near
the git push command so repeated PipelineRun executions for the same commit do
not fail.

mkdir -p /tekton/run
printf '%s\n' "$BRANCH" > /tekton/run/deploy-branch
printf '%s\n' "$COMMIT_SHA" > /tekton/run/commit-sha
printf '%s\n' "$DEPLOY_COMPONENT" > /tekton/run/deploy-component
printf '%s\n' "$SHORT_SHA" > /tekton/run/short-sha
- name: create-pull-request
image: docker.io/curlimages/curl:8.12.1@sha256:94e9e444bcba979c2ea12e27ae39bee4cd10bc7041a472c4727a558e213744e6
env:
- name: WORKSPACE_NETRC_PATH
value: /workspace/netrc
script: |
#!/bin/sh
set -eu

if [ ! -f /tekton/run/deploy-branch ]; then
echo "No deploy branch metadata, skipping PR creation"
exit 0
fi

BRANCH=$(cat /tekton/run/deploy-branch)
COMMIT_SHA=$(cat /tekton/run/commit-sha)
DEPLOY_COMPONENT=$(cat /tekton/run/deploy-component)
SHORT_SHA=$(cat /tekton/run/short-sha)
REPO="openshift-online/hp-fleet-gitops"

export HOME=/tekton/home
mkdir -p "$HOME"
if [ ! -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then
echo "WARNING: netrc not available, PR must be created manually"
echo "Branch pushed: $BRANCH"
exit 0
fi
cp "${WORKSPACE_NETRC_PATH}/.netrc" "$HOME/.netrc"
chmod 600 "$HOME/.netrc"

PAYLOAD=$(mktemp)
chmod 600 "$PAYLOAD"
printf '{"title":"chore(deploy): update %s stage image tag to %s","head":"%s","base":"main","body":"Auto-generated by Konflux push pipeline.\n\nUpdates `newTag` in stage kustomization to `%s`."}' \
"$DEPLOY_COMPONENT" "$SHORT_SHA" "$BRANCH" "$COMMIT_SHA" > "$PAYLOAD"

PR_RESPONSE=$(curl -sS --netrc \
-H "Content-Type: application/json" \
-d @"$PAYLOAD" \
"https://api.github.com/repos/${REPO}/pulls") || true
rm -f "$PAYLOAD"

PR_URL=$(echo "$PR_RESPONSE" | grep -o '"html_url":"[^"]*"' | head -1 | cut -d'"' -f4)
echo "PR created: ${PR_URL:-none}"

PR_NODE_ID=$(echo "$PR_RESPONSE" | grep -o '"node_id":"[^"]*"' | head -1 | cut -d'"' -f4)
if [ -n "$PR_NODE_ID" ]; then
GRAPHQL_PAYLOAD=$(mktemp)
chmod 600 "$GRAPHQL_PAYLOAD"
printf '{"query":"mutation { enablePullRequestAutoMerge(input: { pullRequestId: \\"%s\\", mergeMethod: SQUASH }) { pullRequest { autoMergeRequest { enabledAt } } } }"}' \
"$PR_NODE_ID" > "$GRAPHQL_PAYLOAD"
curl -sS --netrc \
-H "Content-Type: application/json" \
-d @"$GRAPHQL_PAYLOAD" \
"https://api.github.com/graphql" > /dev/null 2>&1 || true
rm -f "$GRAPHQL_PAYLOAD"
echo "Auto-merge enabled"
fi
workspaces:
- name: git-auth
optional: true
Expand All @@ -783,7 +727,7 @@ spec:
- name: git-auth
secret:
secretName: "{{ git_auth_secret }}"
- name: hp-fleet-gitops-auth
- name: fleet-apps-auth
secret:
secretName: kartograph-hp-fleet-gitops-auth
secretName: kartograph-fleet-apps-auth
status: {}
84 changes: 14 additions & 70 deletions .tekton/kartograph-api-push.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -615,9 +615,9 @@ spec:
value: $(params.git-url)
workspaces:
- name: basic-auth
workspace: hp-fleet-gitops-auth
workspace: fleet-apps-auth
- name: netrc
workspace: hp-fleet-gitops-auth
workspace: fleet-apps-auth
taskSpec:
params:
- name: COMMIT_SHA
Expand Down Expand Up @@ -658,8 +658,8 @@ spec:
mkdir -p "$HOME"

if [ ! -f "${WORKSPACE_BASIC_AUTH_PATH}/.git-credentials" ] && [ ! -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then
echo "ERROR: Secret kartograph-hp-fleet-gitops-auth is missing or empty."
echo "Apply .tekton/kartograph-hp-fleet-gitops-auth.secret.example.yaml in kartograph-tenant."
echo "ERROR: Secret kartograph-fleet-apps-auth is missing or empty."
echo "Apply .tekton/kartograph-fleet-apps-auth.secret.example.yaml in kartograph-tenant."
exit 1
fi

Expand All @@ -677,8 +677,9 @@ spec:

SHORT_SHA="${COMMIT_SHA:0:12}"
BRANCH="konflux/deploy-tag-${DEPLOY_COMPONENT}-${SHORT_SHA}"
FLEET_APPS_REPO="https://gitlab.cee.redhat.com/hybrid-platforms-gitops/tenant-apps/fleet-apps.git"

git clone --depth 1 --branch main "https://github.com/openshift-online/hp-fleet-gitops" /tmp/repo
git clone --depth 1 --branch main "${FLEET_APPS_REPO}" /tmp/repo
cd /tmp/repo

FILE="apps/kartograph/overlays/stage/kustomization.yaml"
Expand All @@ -700,70 +701,13 @@ spec:

git checkout -b "$BRANCH"
git commit -m "chore(deploy): update ${DEPLOY_COMPONENT} stage image tag to ${SHORT_SHA}"
git push origin "$BRANCH"
git push -u origin "$BRANCH" \
-o merge_request.create \
-o merge_request.target=main \
-o "merge_request.title=chore(deploy): update ${DEPLOY_COMPONENT} stage image tag to ${SHORT_SHA}" \
-o "merge_request.description=Auto-generated by Konflux push pipeline. Updates newTag for ${IMAGE_SELECTOR} to ${COMMIT_SHA}."
echo "Merge request created for branch ${BRANCH}"

Comment on lines +704 to 710

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Make the deploy push idempotent on retries.

Line 704 pushes a deterministic branch name. A rerun for the same commit can collide with an existing deploy branch and fail the final task. CWE/CVE: N/A.

Proposed retry-safe guard
+                if git ls-remote --exit-code --heads origin "$BRANCH" >/dev/null 2>&1; then
+                  echo "Deploy branch ${BRANCH} already exists; assuming merge request was already created"
+                  exit 0
+                fi
+
                 git checkout -b "$BRANCH"
                 git commit -m "chore(deploy): update ${DEPLOY_COMPONENT} stage image tag to ${SHORT_SHA}"
                 git push -u origin "$BRANCH" \
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.tekton/kartograph-api-push.yaml around lines 704 - 710, The deploy push in
the push step is not retry-safe because it always reuses the same deterministic
branch name and can fail if that branch already exists. Update the push flow
around the git push invocation and branch creation logic so retries become
idempotent: before pushing, detect whether the deploy branch already exists for
the same commit and reuse or refresh it instead of blindly creating a
conflicting branch. Keep the fix localized to the deploy push step that uses
BRANCH/SHORT_SHA/COMMIT_SHA and the merge_request options.

mkdir -p /tekton/run
printf '%s\n' "$BRANCH" > /tekton/run/deploy-branch
printf '%s\n' "$COMMIT_SHA" > /tekton/run/commit-sha
printf '%s\n' "$DEPLOY_COMPONENT" > /tekton/run/deploy-component
printf '%s\n' "$SHORT_SHA" > /tekton/run/short-sha
- name: create-pull-request
image: docker.io/curlimages/curl:8.12.1@sha256:94e9e444bcba979c2ea12e27ae39bee4cd10bc7041a472c4727a558e213744e6
env:
- name: WORKSPACE_NETRC_PATH
value: /workspace/netrc
script: |
#!/bin/sh
set -eu

if [ ! -f /tekton/run/deploy-branch ]; then
echo "No deploy branch metadata, skipping PR creation"
exit 0
fi

BRANCH=$(cat /tekton/run/deploy-branch)
COMMIT_SHA=$(cat /tekton/run/commit-sha)
DEPLOY_COMPONENT=$(cat /tekton/run/deploy-component)
SHORT_SHA=$(cat /tekton/run/short-sha)
REPO="openshift-online/hp-fleet-gitops"

export HOME=/tekton/home
mkdir -p "$HOME"
if [ ! -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then
echo "WARNING: netrc not available, PR must be created manually"
echo "Branch pushed: $BRANCH"
exit 0
fi
cp "${WORKSPACE_NETRC_PATH}/.netrc" "$HOME/.netrc"
chmod 600 "$HOME/.netrc"

PAYLOAD=$(mktemp)
chmod 600 "$PAYLOAD"
printf '{"title":"chore(deploy): update %s stage image tag to %s","head":"%s","base":"main","body":"Auto-generated by Konflux push pipeline.\n\nUpdates `newTag` in stage kustomization to `%s`."}' \
"$DEPLOY_COMPONENT" "$SHORT_SHA" "$BRANCH" "$COMMIT_SHA" > "$PAYLOAD"

PR_RESPONSE=$(curl -sS --netrc \
-H "Content-Type: application/json" \
-d @"$PAYLOAD" \
"https://api.github.com/repos/${REPO}/pulls") || true
rm -f "$PAYLOAD"

PR_URL=$(echo "$PR_RESPONSE" | grep -o '"html_url":"[^"]*"' | head -1 | cut -d'"' -f4)
echo "PR created: ${PR_URL:-none}"

PR_NODE_ID=$(echo "$PR_RESPONSE" | grep -o '"node_id":"[^"]*"' | head -1 | cut -d'"' -f4)
if [ -n "$PR_NODE_ID" ]; then
GRAPHQL_PAYLOAD=$(mktemp)
chmod 600 "$GRAPHQL_PAYLOAD"
printf '{"query":"mutation { enablePullRequestAutoMerge(input: { pullRequestId: \\"%s\\", mergeMethod: SQUASH }) { pullRequest { autoMergeRequest { enabledAt } } } }"}' \
"$PR_NODE_ID" > "$GRAPHQL_PAYLOAD"
curl -sS --netrc \
-H "Content-Type: application/json" \
-d @"$GRAPHQL_PAYLOAD" \
"https://api.github.com/graphql" > /dev/null 2>&1 || true
rm -f "$GRAPHQL_PAYLOAD"
echo "Auto-merge enabled"
fi
workspaces:
- name: git-auth
optional: true
Expand All @@ -775,7 +719,7 @@ spec:
- name: git-auth
secret:
secretName: "{{ git_auth_secret }}"
- name: hp-fleet-gitops-auth
- name: fleet-apps-auth
secret:
secretName: kartograph-hp-fleet-gitops-auth
secretName: kartograph-fleet-apps-auth
status: {}
84 changes: 14 additions & 70 deletions .tekton/kartograph-dev-ui-push.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -615,9 +615,9 @@ spec:
value: $(params.git-url)
workspaces:
- name: basic-auth
workspace: hp-fleet-gitops-auth
workspace: fleet-apps-auth
- name: netrc
workspace: hp-fleet-gitops-auth
workspace: fleet-apps-auth
taskSpec:
params:
- name: COMMIT_SHA
Expand Down Expand Up @@ -658,8 +658,8 @@ spec:
mkdir -p "$HOME"

if [ ! -f "${WORKSPACE_BASIC_AUTH_PATH}/.git-credentials" ] && [ ! -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then
echo "ERROR: Secret kartograph-hp-fleet-gitops-auth is missing or empty."
echo "Apply .tekton/kartograph-hp-fleet-gitops-auth.secret.example.yaml in kartograph-tenant."
echo "ERROR: Secret kartograph-fleet-apps-auth is missing or empty."
echo "Apply .tekton/kartograph-fleet-apps-auth.secret.example.yaml in kartograph-tenant."
exit 1
fi

Expand All @@ -677,8 +677,9 @@ spec:

SHORT_SHA="${COMMIT_SHA:0:12}"
BRANCH="konflux/deploy-tag-${DEPLOY_COMPONENT}-${SHORT_SHA}"
FLEET_APPS_REPO="https://gitlab.cee.redhat.com/hybrid-platforms-gitops/tenant-apps/fleet-apps.git"

git clone --depth 1 --branch main "https://github.com/openshift-online/hp-fleet-gitops" /tmp/repo
git clone --depth 1 --branch main "${FLEET_APPS_REPO}" /tmp/repo
cd /tmp/repo

FILE="apps/kartograph/overlays/stage/kustomization.yaml"
Expand All @@ -700,70 +701,13 @@ spec:

git checkout -b "$BRANCH"
git commit -m "chore(deploy): update ${DEPLOY_COMPONENT} stage image tag to ${SHORT_SHA}"
git push origin "$BRANCH"
git push -u origin "$BRANCH" \
-o merge_request.create \
-o merge_request.target=main \
-o "merge_request.title=chore(deploy): update ${DEPLOY_COMPONENT} stage image tag to ${SHORT_SHA}" \
-o "merge_request.description=Auto-generated by Konflux push pipeline. Updates newTag for ${IMAGE_SELECTOR} to ${COMMIT_SHA}."
echo "Merge request created for branch ${BRANCH}"

Comment on lines +704 to 710

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Make the deploy push idempotent on retries.

Line 704 pushes a deterministic branch name. A rerun for the same commit can collide with an existing deploy branch and fail the final task. CWE/CVE: N/A.

Proposed retry-safe guard
+                if git ls-remote --exit-code --heads origin "$BRANCH" >/dev/null 2>&1; then
+                  echo "Deploy branch ${BRANCH} already exists; assuming merge request was already created"
+                  exit 0
+                fi
+
                 git checkout -b "$BRANCH"
                 git commit -m "chore(deploy): update ${DEPLOY_COMPONENT} stage image tag to ${SHORT_SHA}"
                 git push -u origin "$BRANCH" \
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.tekton/kartograph-dev-ui-push.yaml around lines 704 - 710, The deploy push
in the git push block is not retry-safe because the deterministic branch name
can already exist on reruns. Update the push logic around the existing git push
command to make it idempotent for the same commit, using the branch name and
commit SHA to detect an already-created deploy branch/MR and skip or safely
reuse it instead of failing. Keep the change local to this deploy push step so
retries in the pipeline complete successfully.

mkdir -p /tekton/run
printf '%s\n' "$BRANCH" > /tekton/run/deploy-branch
printf '%s\n' "$COMMIT_SHA" > /tekton/run/commit-sha
printf '%s\n' "$DEPLOY_COMPONENT" > /tekton/run/deploy-component
printf '%s\n' "$SHORT_SHA" > /tekton/run/short-sha
- name: create-pull-request
image: docker.io/curlimages/curl:8.12.1@sha256:94e9e444bcba979c2ea12e27ae39bee4cd10bc7041a472c4727a558e213744e6
env:
- name: WORKSPACE_NETRC_PATH
value: /workspace/netrc
script: |
#!/bin/sh
set -eu

if [ ! -f /tekton/run/deploy-branch ]; then
echo "No deploy branch metadata, skipping PR creation"
exit 0
fi

BRANCH=$(cat /tekton/run/deploy-branch)
COMMIT_SHA=$(cat /tekton/run/commit-sha)
DEPLOY_COMPONENT=$(cat /tekton/run/deploy-component)
SHORT_SHA=$(cat /tekton/run/short-sha)
REPO="openshift-online/hp-fleet-gitops"

export HOME=/tekton/home
mkdir -p "$HOME"
if [ ! -f "${WORKSPACE_NETRC_PATH}/.netrc" ]; then
echo "WARNING: netrc not available, PR must be created manually"
echo "Branch pushed: $BRANCH"
exit 0
fi
cp "${WORKSPACE_NETRC_PATH}/.netrc" "$HOME/.netrc"
chmod 600 "$HOME/.netrc"

PAYLOAD=$(mktemp)
chmod 600 "$PAYLOAD"
printf '{"title":"chore(deploy): update %s stage image tag to %s","head":"%s","base":"main","body":"Auto-generated by Konflux push pipeline.\n\nUpdates `newTag` in stage kustomization to `%s`."}' \
"$DEPLOY_COMPONENT" "$SHORT_SHA" "$BRANCH" "$COMMIT_SHA" > "$PAYLOAD"

PR_RESPONSE=$(curl -sS --netrc \
-H "Content-Type: application/json" \
-d @"$PAYLOAD" \
"https://api.github.com/repos/${REPO}/pulls") || true
rm -f "$PAYLOAD"

PR_URL=$(echo "$PR_RESPONSE" | grep -o '"html_url":"[^"]*"' | head -1 | cut -d'"' -f4)
echo "PR created: ${PR_URL:-none}"

PR_NODE_ID=$(echo "$PR_RESPONSE" | grep -o '"node_id":"[^"]*"' | head -1 | cut -d'"' -f4)
if [ -n "$PR_NODE_ID" ]; then
GRAPHQL_PAYLOAD=$(mktemp)
chmod 600 "$GRAPHQL_PAYLOAD"
printf '{"query":"mutation { enablePullRequestAutoMerge(input: { pullRequestId: \\"%s\\", mergeMethod: SQUASH }) { pullRequest { autoMergeRequest { enabledAt } } } }"}' \
"$PR_NODE_ID" > "$GRAPHQL_PAYLOAD"
curl -sS --netrc \
-H "Content-Type: application/json" \
-d @"$GRAPHQL_PAYLOAD" \
"https://api.github.com/graphql" > /dev/null 2>&1 || true
rm -f "$GRAPHQL_PAYLOAD"
echo "Auto-merge enabled"
fi
workspaces:
- name: git-auth
optional: true
Expand All @@ -775,7 +719,7 @@ spec:
- name: git-auth
secret:
secretName: "{{ git_auth_secret }}"
- name: hp-fleet-gitops-auth
- name: fleet-apps-auth
secret:
secretName: kartograph-hp-fleet-gitops-auth
secretName: kartograph-fleet-apps-auth
status: {}
24 changes: 24 additions & 0 deletions .tekton/kartograph-fleet-apps-auth.secret.example.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# Apply in Konflux tenant namespace (kartograph-tenant) after replacing placeholders.
#
# GitLab PAT needs api + write_repository on:
# hybrid-platforms-gitops/tenant-apps/fleet-apps
# Do not commit real tokens.
#
# oc project kartograph-tenant
# oc create -f kartograph-fleet-apps-auth.secret.yaml
#
apiVersion: v1
kind: Secret
metadata:
name: kartograph-fleet-apps-auth
namespace: kartograph-tenant
type: Opaque
stringData:
.gitconfig: |
[credential]
helper = store
.git-credentials: https://oauth2:REPLACE_WITH_GITLAB_PAT@gitlab.cee.redhat.com
.netrc: |
machine gitlab.cee.redhat.com
login oauth2
password REPLACE_WITH_GITLAB_PAT
3 changes: 3 additions & 0 deletions .tekton/kartograph-hp-fleet-gitops-auth.secret.example.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
# Deprecated: use kartograph-fleet-apps-auth.secret.example.yaml instead.
# ArgoCD deploys from fleet-apps (GitLab), not hp-fleet-gitops (GitHub).
#
# Apply in Konflux tenant namespace (kartograph-tenant) after replacing placeholders.
#
# PAT needs repo + pull_request scope on openshift-online/hp-fleet-gitops.
Expand Down
Loading
Loading