Quay expiration Package
Policies to prevent releasing an image to quay that has a quay expiration date. In Konflux images with an expiration date are produced by "on-pr" build pipelines, i.e. pre-merge CI builds, so this is intended to prevent accidentally releasing a CI build.
Rules Included
Expires label
Check the image metadata for the presence of a "quay.expires-after" label. If it’s present then produce a violation. This check is enforced only for a "release", "production", or "staging" pipeline, as determined by the value of the pipeline_intention rule data.
Solution: Make sure the image is built without setting the "quay.expires-after" label. This label is usually set if the container image was built by an "on-pr" pipeline during pre-merge CI.
-
Rule type: FAILURE
-
FAILURE message:
The image has a 'quay.expires-after' label set to '%s' -
Code:
quay_expiration.expires_label