From c09169eac34badc73c323d348c79e674106abdc0 Mon Sep 17 00:00:00 2001
From: Hector Martinez <87312991+rh-hemartin@users.noreply.github.com>
Date: Thu, 24 Oct 2024 18:44:50 +0200
Subject: [PATCH 1/3] Update KubeArchive to v0.3.0 (#4765)

Signed-off-by: Hector Martinez <hemartin@redhat.com>
---
 .../kubearchive/kubearchive.yaml              |  2 +-
 .../kubearchive/base/alternative-service.yaml | 13 +++++++
 .../kubearchive/base/kustomization.yaml       | 38 +++++++++++++++++--
 .../development/kustomization.yaml            | 11 ++++--
 .../kubearchive/staging/database-secret.yaml  | 11 +++---
 5 files changed, 62 insertions(+), 13 deletions(-)
 create mode 100644 components/kubearchive/base/alternative-service.yaml

diff --git a/argo-cd-apps/base/member/infra-deployments/kubearchive/kubearchive.yaml b/argo-cd-apps/base/member/infra-deployments/kubearchive/kubearchive.yaml
index 255cbce86ef..08f12dfbf31 100644
--- a/argo-cd-apps/base/member/infra-deployments/kubearchive/kubearchive.yaml
+++ b/argo-cd-apps/base/member/infra-deployments/kubearchive/kubearchive.yaml
@@ -35,7 +35,7 @@ spec:
           prune: true
           selfHeal: true
         syncOptions:
-        - CreateNamespace=true
+          - CreateNamespace=true
         retry:
           limit: 50
           backoff:
diff --git a/components/kubearchive/base/alternative-service.yaml b/components/kubearchive/base/alternative-service.yaml
new file mode 100644
index 00000000000..508debe0bf7
--- /dev/null
+++ b/components/kubearchive/base/alternative-service.yaml
@@ -0,0 +1,13 @@
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: product-kubearchive-sink
+  namespace: kubearchive
+spec:
+  selector:
+    app: kubearchive-sink
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080
diff --git a/components/kubearchive/base/kustomization.yaml b/components/kubearchive/base/kustomization.yaml
index 4afc6c6a25e..25eb4d0e3bd 100644
--- a/components/kubearchive/base/kustomization.yaml
+++ b/components/kubearchive/base/kustomization.yaml
@@ -2,13 +2,21 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- https://github.com/kubearchive/kubearchive/releases/download/v0.1.0/kubearchive.yaml?timeout=90
+- https://github.com/kubearchive/kubearchive/releases/download/v0.3.0/kubearchive.yaml?timeout=90
 - rbac.yaml
+# This alternative service is needed because the operator creates the
+# ApiServerSource pointing to <namespace>-sink, and here namespace is
+# product-kubearchive, so product-kubearchive-sink. However the service
+# is created as kubearchive-sink and the ApiServerSource does not find it.
+# The symptom is the following event:
+# Failed to update status for "product-kubearchive-a13e": ApiServerSource.sources.knative.dev
+#   "product-kubearchive-a13e" is invalid: namespaces: Invalid value: "null": namespaces in body
+#    must be of type array: "null"
+- alternative-service.yaml
 
 # ROSA does not support namespaces starting with `kube`
 namespace: product-kubearchive
 
-
 patches:
 # These patches changes some resources that point directly to
 # the 'kubearchive' namespace in their function.
@@ -17,6 +25,7 @@ patches:
     kind: RoleBinding
     metadata:
       name: kubearchive-operator-leader-election
+      namespace: kubearchive
     subjects:
     - kind: ServiceAccount
       name: kubearchive-operator
@@ -78,6 +87,7 @@ patches:
     kind: Service
     metadata:
       name: kubearchive-api-server
+      namespace: kubearchive
       annotations:
         service.beta.openshift.io/serving-cert-secret-name: kubearchive-api-server-tls
 - patch: |-
@@ -85,15 +95,30 @@ patches:
     kind: Service
     metadata:
       name: kubearchive-operator-webhooks
+      namespace: kubearchive
       annotations:
         service.beta.openshift.io/serving-cert-secret-name: kubearchive-operator-tls
-
+- patch: |-
+    apiVersion: admissionregistration.k8s.io/v1
+    kind: MutatingWebhookConfiguration
+    metadata:
+      name: kubearchive-mutating-webhook-configuration
+      annotations:
+        service.beta.openshift.io/inject-cabundle: "true"
+- patch: |-
+    apiVersion: admissionregistration.k8s.io/v1
+    kind: ValidatingWebhookConfiguration
+    metadata:
+      name: kubearchive-validating-webhook-configuration
+      annotations:
+        service.beta.openshift.io/inject-cabundle: "true"
 # These patches solve Kube Linter problems
 - patch: |-
     apiVersion: apps/v1
     kind: Deployment
     metadata:
       name: kubearchive-api-server
+      namespace: kubearchive
     spec:
       template:
         spec:
@@ -114,6 +139,7 @@ patches:
     kind: Deployment
     metadata:
       name: kubearchive-operator
+      namespace: kubearchive
     spec:
       template:
         spec:
@@ -133,6 +159,7 @@ patches:
     kind: Deployment
     metadata:
       name: kubearchive-sink
+      namespace: kubearchive
     spec:
       template:
         spec:
@@ -156,27 +183,32 @@ patches:
     kind: Certificate
     metadata:
       name: "kubearchive-api-server-certificate"
+      namespace: kubearchive
 - patch: |-
     $patch: delete
     apiVersion: cert-manager.io/v1
     kind: Certificate
     metadata:
       name: "kubearchive-ca"
+      namespace: kubearchive
 - patch: |-
     $patch: delete
     apiVersion: cert-manager.io/v1
     kind: Issuer
     metadata:
       name: "kubearchive-ca"
+      namespace: kubearchive
 - patch: |-
     $patch: delete
     apiVersion: cert-manager.io/v1
     kind: Issuer
     metadata:
       name: "kubearchive"
+      namespace: kubearchive
 - patch: |-
     $patch: delete
     apiVersion: cert-manager.io/v1
     kind: Certificate
     metadata:
       name: "kubearchive-operator-certificate"
+      namespace: kubearchive
diff --git a/components/kubearchive/development/kustomization.yaml b/components/kubearchive/development/kustomization.yaml
index 6526d863a84..90927bb3801 100644
--- a/components/kubearchive/development/kustomization.yaml
+++ b/components/kubearchive/development/kustomization.yaml
@@ -7,11 +7,14 @@ resources:
 secretGenerator:
 - behavior: merge
   literals:
-  - POSTGRES_DB=kubearchive
-  - POSTGRES_USER=kubearchive
-  - POSTGRES_URL=postgresql.kubearchive.svc.cluster.local
-  - POSTGRES_PASSWORD=password  # notsecret
+  - DATABASE_KIND=postgresql
+  - DATABASE_PORT=5432
+  - DATABASE_DB=kubearchive
+  - DATABASE_USER=kubearchive
+  - DATABASE_URL=postgresql.product-kubearchive.svc.cluster.local
+  - DATABASE_PASSWORD=password  # notsecret
   name: kubearchive-database-credentials
+  namespace: kubearchive
   type: Opaque
 
 commonAnnotations:
diff --git a/components/kubearchive/staging/database-secret.yaml b/components/kubearchive/staging/database-secret.yaml
index 8d0ff86f77f..354471edc5b 100644
--- a/components/kubearchive/staging/database-secret.yaml
+++ b/components/kubearchive/staging/database-secret.yaml
@@ -19,8 +19,9 @@ spec:
     name: kubearchive-database-credentials
     template:
       data:
-        POSTGRES_PORT: "5432"
-        POSTGRES_URL: '{{ index . "db.host" }}'
-        POSTGRES_PASSWORD: '{{ index . "db.password" }}'
-        POSTGRES_USER: '{{ index . "db.user" }}'
-        POSTGRES_DB: '{{ index . "db.name" }}'
+        DATABASE_KIND: postgresql
+        DATABASE_PORT: "5432"
+        DATABASE_URL: '{{ index . "db.host" }}'
+        DATABASE_PASSWORD: '{{ index . "db.password" }}'
+        DATABASE_USER: '{{ index . "db.user" }}'
+        DATABASE_DB: '{{ index . "db.name" }}'

From 10312b7d850290e363c7b3fe05ad61f2d1a19a28 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A1rio=20Foganholi=20Fernandes?=
 <50834670+FernandesMF@users.noreply.github.com>
Date: Thu, 24 Oct 2024 16:47:33 +0000
Subject: [PATCH 2/3] Include myself in MintMaker code owners (#4785)

---
 components/mintmaker/OWNERS | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/components/mintmaker/OWNERS b/components/mintmaker/OWNERS
index e05446f3c39..df2055cde44 100644
--- a/components/mintmaker/OWNERS
+++ b/components/mintmaker/OWNERS
@@ -6,6 +6,7 @@ approvers:
 - scoheb
 - staticf0x
 - querti
+- FernandesMF
 
 reviewers:
 - gnaponie
@@ -13,3 +14,4 @@ reviewers:
 - scoheb
 - staticf0x
 - querti
+- FernandesMF

From f248608dfae44adcf54c3b823d6e42dc50958644 Mon Sep 17 00:00:00 2001
From: Qixiang Wan <qwan@redhat.com>
Date: Fri, 25 Oct 2024 00:53:05 +0800
Subject: [PATCH 3/3] Promote mintmaker from stage to prod (#4784)

---
 components/mintmaker/production/base/kustomization.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/components/mintmaker/production/base/kustomization.yaml b/components/mintmaker/production/base/kustomization.yaml
index 00734e4612b..ba67403b759 100644
--- a/components/mintmaker/production/base/kustomization.yaml
+++ b/components/mintmaker/production/base/kustomization.yaml
@@ -3,15 +3,15 @@ kind: Kustomization
 resources:
   - ../../base
   - ../../base/external-secrets
-  - https://github.com/konflux-ci/mintmaker/config/default?ref=1d8bfa6981ee3ab0f11f4f433ea7a5bc63c958f9
-  - https://github.com/konflux-ci/mintmaker/config/renovate?ref=1d8bfa6981ee3ab0f11f4f433ea7a5bc63c958f9
+  - https://github.com/konflux-ci/mintmaker/config/default?ref=74cbd1816e7a6e333c3d0f1088bc1af1eb8b5844
+  - https://github.com/konflux-ci/mintmaker/config/renovate?ref=74cbd1816e7a6e333c3d0f1088bc1af1eb8b5844
 
 namespace: mintmaker
 
 images:
   - name: quay.io/konflux-ci/mintmaker
     newName: quay.io/konflux-ci/mintmaker
-    newTag: 834533c353e170c5ab13e4e1634f33a9837042b1
+    newTag: 74cbd1816e7a6e333c3d0f1088bc1af1eb8b5844
 
 commonAnnotations:
   argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true