HYPBLD-847: Add acm-2.16 branch content: group.yml, streams.yml, images/*.yml

DECISIONS.md

@@ -0,0 +1,82 @@
+# DECISIONS.md — ACM 2.16 ocp-build-data Branch
+
+Product decisions and rationale for the `acm-2.16` branch configuration.
+Created as part of JIRA ticket [HYPBLD-847](https://redhat.atlassian.net/browse/HYPBLD-847).
+
+## Product Identity
+
+- **Decision**: `product: acm`, `name: acm-2.16`, `csv_namespace: open-cluster-management`
+- **Rationale**: Matches ART naming conventions (short lowercase names like `mta`, `aap`). Requires a corresponding entry in `PRODUCT_NAMESPACE_MAP` in art-tools (PR pending).
+- **Revisit**: When the art-tools PR is submitted and merged.
+
+## OCP Version Alignment
+
+- **Decision**: `MAJOR: 4`, `MINOR: 21` (OCP 4.21 infrastructure)
+- **Rationale**: ACM 2.16 aligns with OCP 4.21 per the product version alignment table. The distgit branch `rhaos-4.21-rhel-9` is shared Brew infrastructure tied to OCP releases. All layered products use OCP version numbers for MAJOR.MINOR.
+- **Source**: `acm-redhat-operators-config.yaml`, ART OLM Bundle docs.
+
+## OCP Target Versions
+
+- **Decision**: `OCP_TARGET_VERSIONS: ["4.18", "4.19", "4.20", "4.21", "4.22"]`
+- **Rationale**: Derived from `acm-mce-operator-catalogs/config/acm-redhat-operators-config.yaml` which defines ACM 2.16 catalogs.
+- **Revisit**: If catalog targets change before GA.
+
+## RHEL Version and Repos Configuration
+
+- **Decision**: RHEL 9.6 E4S, old-style inline repos in `group.yml`
+- **Rationale**: E4S matches OCP 4.21 infrastructure. Old-style inline repos used because no layered product has adopted new-style `repos/` folder yet (logging-6.5, mta-8.1, oadp-1.5 all use inline). ART ai-helper tooling does not mandate a specific style.
+- **Revisit**: If ART requests migration to `repos/` folder pattern.
+
+## Network Mode
+
+- **Decision**: `network_mode: open` (non-hermetic)
+- **Rationale**: Per ART guidance (May 12 meeting): "Get images building non-hermetic first, then hermetic, then tackle bundles."
+- **Revisit**: After initial builds succeed, migrate to `network_mode: hermetic`.
+
+## Git Source URLs
+
+- **Decision**: Use `git@github.com:stolostron/<repo>.git` directly (no openshift-priv mirrors)
+- **Rationale**: ACM repos are already public under `github.com/stolostron/`. No private mirrors exist. Verified: `grep -r "openshift-priv"` in KRD ACM tenant returns zero hits.
+- **Consequence**: `public_upstreams` section omitted from `group.yml`.
+
+## Distgit Component Naming
+
+- **Decision**: `acm-<component>-container` pattern for all ACM components
+- **Rationale**: Consistent with other layered products (`mta-*-container`, `ose-*-container`). Internal build infrastructure naming decided by HCM Build team.
+
+## Delivery Repo Names
+
+- **Decision**: `rhacm2/<component>-rhel9` pattern
+- **Rationale**: Matches existing ACM images in `registry.redhat.io/rhacm2/` namespace. Confirmed from ACM CSV OPERAND_IMAGE values and KRD ReleasePlanAdmission configs.
+
+## RHEL 8 Builders
+
+- **Decision**: `acm-cli` and `multicluster-operators-subscription` include both `rhel-9-golang` and `rhel-8-golang` builders
+- **Rationale**: Product requirement — ACM customers run on both RHEL 8 and RHEL 9 clusters. These components ship binaries for both platforms. ART supports this pattern (see OCP's `egress-router-cni.yml`).
+
+## Console Node.js Version
+
+- **Decision**: `rhel-9-nodejs-20` stream (Node.js 20)
+- **Rationale**: The `release-2.16` branch `Containerfile.acm.konflux` uses `nodejs-20-minimal`. Version-specific answers use the release-2.16 branch as the source of truth.
+
+## Bundle Component
+
+- **Decision**: `acm-operator-bundle` excluded from `images/*.yml`
+- **Rationale**: Per ART guidance (May 12 meeting): "Don't try to solve bundle complexity upfront." ACM's bundle architecture (separate repos) is incompatible with ART's standard `update-csv` flow.
+- **Revisit**: After images are building successfully.
+
+## Dependents (MCE→ACM ordering)
+
+- **Decision**: No `dependents:` field in any image config
+- **Rationale**: The `dependents` field only resolves within the same ocp-build-data branch. MCE and ACM are separate branches (`mce-2.11`, `acm-2.16`), so this field cannot express cross-product dependencies. OLM handles install-time ordering via `spec.dependencies` in the bundle CSV.
+
+## Owners
+
+- **Decision**: `acm-cicd@redhat.com` as temporary owner for all images
+- **Rationale**: HCM Build team DL used during bootstrap. ACM org should designate permanent owners.
+- **Revisit**: When ACM team provides long-term ownership contacts.
+
+## MR Approvers
+
+- **Decision**: Omitted from `group.yml`
+- **Rationale**: Optional field. Many products (OCP, AAP, Serverless) don't use it. Can be added later if ACM wants QE/DOCS sign-off on FBC release MRs.

group.yml

@@ -0,0 +1,81 @@
+freeze_automation: false
+name: acm-2.16
+csv_namespace: open-cluster-management
+product: acm
+version: 2.16.0
+
+vars:
+  GO_LATEST: "1.25"
+  GO_EXTRA: "1.25"
+  MAJOR: 4
+  MINOR: 21
+
+OCP_TARGET_VERSIONS: [
+  "4.18",
+  "4.19",
+  "4.20",
+  "4.21",
+  "4.22",
+]
+
+arches:
+- x86_64
+- aarch64
+- ppc64le
+- s390x
+
+operator_image_ref_mode: manifest-list
+
+konflux:
+  arches:
+  - x86_64
+  - aarch64
+  - ppc64le
+  - s390x
+  cachi2:
+    enabled: true
+  sast:
+    enabled: true
+  network_mode: hermetic
+  build_attempts: 1
+
+assemblies:
+  enabled: true
+
+branch: rhaos-{MAJOR}.{MINOR}-rhel-9
+
+urls:
+  brewhub: https://brewhub.engineering.redhat.com/brewhub
+  brew_image_host: registry-proxy.engineering.redhat.com
+  brew_image_namespace: rh-osbs
+
+repos:
+  rhel-9-baseos-rpms:
+    conf:
+      baseurl:
+        x86_64: https://rhsm-pulp.corp.redhat.com/content/e4s/rhel9/9.6/x86_64/baseos/os/
+        aarch64: https://rhsm-pulp.corp.redhat.com/content/e4s/rhel9/9.6/aarch64/baseos/os/
+        ppc64le: https://rhsm-pulp.corp.redhat.com/content/e4s/rhel9/9.6/ppc64le/baseos/os/
+        s390x: https://rhsm-pulp.corp.redhat.com/content/e4s/rhel9/9.6/s390x/baseos/os/
+    content_set:
+      default: rhel-9-for-x86_64-baseos-e4s-rpms__9_DOT_6
+      aarch64: rhel-9-for-aarch64-baseos-e4s-rpms__9_DOT_6
+      ppc64le: rhel-9-for-ppc64le-baseos-e4s-rpms__9_DOT_6
+      s390x: rhel-9-for-s390x-baseos-e4s-rpms__9_DOT_6
+    reposync:
+      enabled: false
+
+  rhel-9-appstream-rpms:
+    conf:
+      baseurl:
+        x86_64: https://rhsm-pulp.corp.redhat.com/content/e4s/rhel9/9.6/x86_64/appstream/os/
+        aarch64: https://rhsm-pulp.corp.redhat.com/content/e4s/rhel9/9.6/aarch64/appstream/os/
+        ppc64le: https://rhsm-pulp.corp.redhat.com/content/e4s/rhel9/9.6/ppc64le/appstream/os/
+        s390x: https://rhsm-pulp.corp.redhat.com/content/e4s/rhel9/9.6/s390x/appstream/os/
+    content_set:
+      default: rhel-9-for-x86_64-appstream-e4s-rpms__9_DOT_6
+      aarch64: rhel-9-for-aarch64-appstream-e4s-rpms__9_DOT_6
+      ppc64le: rhel-9-for-ppc64le-appstream-e4s-rpms__9_DOT_6
+      s390x: rhel-9-for-s390x-appstream-e4s-rpms__9_DOT_6
+    reposync:
+      enabled: false

images/acm-cli.yml

@@ -0,0 +1,38 @@
+cachito:
+  enabled: true
+  packages:
+    gomod:
+    - path: .
+    - path: external/policy-cli
+    - path: external/policy-generator-plugin
+    - path: external/allowlist-migration-mcoa
+content:
+  source:
+    dockerfile: Dockerfile.rhtap
+    git:
+      branch:
+        target: release-2.16
+      url: git@github.com:openshift-priv/stolostron-acm-cli.git
+      web: https://github.com/stolostron/acm-cli
+    modifications:
+      - action: replace
+        match: "make sync-build-package"
+        replacement: "make build-and-package"
+distgit:
+  component: acm-cli-container
+  branch: rhaos-{MAJOR}.{MINOR}-rhel-9
+delivery:
+  delivery_repo_names:
+  - rhacm2/acm-cli-rhel9
+for_payload: false
+from:
+  builder:
+    - stream: rhel-9-golang
+    - stream: rhel-8-golang
+  stream: rhel9
+name: rhacm2/acm-cli-rhel9
+owners:
+- acm-cicd@redhat.com
+jira:
+  project: ACM
+  component: acm-cli-container

images/cert-policy-controller.yml

@@ -0,0 +1,28 @@
+content:
+  source:
+    dockerfile: build/Dockerfile.rhtap
+    git:
+      branch:
+        target: release-2.16
+      url: git@github.com:openshift-priv/stolostron-cert-policy-controller.git
+      web: https://github.com/stolostron/cert-policy-controller
+distgit:
+  component: acm-cert-policy-controller-container
+  branch: rhaos-{MAJOR}.{MINOR}-rhel-9
+delivery:
+  delivery_repo_names:
+  - rhacm2/cert-policy-controller-rhel9
+for_payload: false
+enabled_repos:
+- rhel-9-baseos-rpms
+- rhel-9-appstream-rpms
+from:
+  builder:
+    - stream: rhel-9-golang
+  stream: rhel9
+name: rhacm2/cert-policy-controller-rhel9
+owners:
+- acm-cicd@redhat.com
+jira:
+  project: ACM
+  component: acm-cert-policy-controller-container

images/cluster-backup-controller.yml

@@ -0,0 +1,25 @@
+content:
+  source:
+    dockerfile: Dockerfile.rhtap
+    git:
+      branch:
+        target: release-2.16
+      url: git@github.com:openshift-priv/stolostron-cluster-backup-operator.git
+      web: https://github.com/stolostron/cluster-backup-operator
+distgit:
+  component: acm-cluster-backup-controller-container
+  branch: rhaos-{MAJOR}.{MINOR}-rhel-9
+delivery:
+  delivery_repo_names:
+  - rhacm2/cluster-backup-controller-rhel9
+for_payload: false
+from:
+  builder:
+    - stream: rhel-9-golang
+  stream: rhel9
+name: rhacm2/cluster-backup-controller-rhel9
+owners:
+- acm-cicd@redhat.com
+jira:
+  project: ACM
+  component: acm-cluster-backup-controller-container

images/cluster-permission.yml

@@ -0,0 +1,25 @@
+content:
+  source:
+    dockerfile: Dockerfile.rhtap
+    git:
+      branch:
+        target: release-2.16
+      url: git@github.com:openshift-priv/stolostron-cluster-permission.git
+      web: https://github.com/stolostron/cluster-permission
+distgit:
+  component: acm-cluster-permission-container
+  branch: rhaos-{MAJOR}.{MINOR}-rhel-9
+delivery:
+  delivery_repo_names:
+  - rhacm2/cluster-permission-rhel9
+for_payload: false
+from:
+  builder:
+    - stream: rhel-9-golang
+  stream: rhel9
+name: rhacm2/cluster-permission-rhel9
+owners:
+- acm-cicd@redhat.com
+jira:
+  project: ACM
+  component: acm-cluster-permission-container

images/config-policy-controller.yml

@@ -0,0 +1,25 @@
+content:
+  source:
+    dockerfile: build/Dockerfile.rhtap
+    git:
+      branch:
+        target: release-2.16
+      url: git@github.com:openshift-priv/stolostron-config-policy-controller.git
+      web: https://github.com/stolostron/config-policy-controller
+distgit:
+  component: acm-config-policy-controller-container
+  branch: rhaos-{MAJOR}.{MINOR}-rhel-9
+delivery:
+  delivery_repo_names:
+  - rhacm2/config-policy-controller-rhel9
+for_payload: false
+from:
+  builder:
+    - stream: rhel-9-golang
+  stream: rhel9
+name: rhacm2/config-policy-controller-rhel9
+owners:
+- acm-cicd@redhat.com
+jira:
+  project: ACM
+  component: acm-config-policy-controller-container

images/console.yml

@@ -0,0 +1,26 @@
+mode: disabled
+content:
+  source:
+    dockerfile: Containerfile.acm.konflux
+    git:
+      branch:
+        target: release-2.16
+      url: git@github.com:openshift-priv/stolostron-console.git
+      web: https://github.com/stolostron/console
+distgit:
+  component: acm-console-container
+  branch: rhaos-{MAJOR}.{MINOR}-rhel-9
+delivery:
+  delivery_repo_names:
+  - rhacm2/console-rhel9
+for_payload: false
+from:
+  builder:
+    - stream: rhel-9-nodejs-20
+  stream: rhel9
+name: rhacm2/console-rhel9
+owners:
+- acm-cicd@redhat.com
+jira:
+  project: ACM
+  component: acm-console-container

images/endpoint-monitoring-operator.yml

@@ -0,0 +1,25 @@
+content:
+  source:
+    dockerfile: operators/endpointmetrics/Containerfile.operator
+    git:
+      branch:
+        target: release-2.16
+      url: git@github.com:openshift-priv/stolostron-multicluster-observability-operator.git
+      web: https://github.com/stolostron/multicluster-observability-operator
+distgit:
+  component: acm-endpoint-monitoring-operator-container
+  branch: rhaos-{MAJOR}.{MINOR}-rhel-9
+delivery:
+  delivery_repo_names:
+  - rhacm2/endpoint-monitoring-operator-rhel9
+for_payload: false
+from:
+  builder:
+    - stream: rhel-9-golang
+  stream: rhel9
+name: rhacm2/endpoint-monitoring-operator-rhel9
+owners:
+- acm-cicd@redhat.com
+jira:
+  project: ACM
+  component: acm-endpoint-monitoring-operator-container

images/governance-policy-addon-controller.yml

@@ -0,0 +1,25 @@
+content:
+  source:
+    dockerfile: build/Dockerfile.rhtap
+    git:
+      branch:
+        target: release-2.16
+      url: git@github.com:openshift-priv/stolostron-governance-policy-addon-controller.git
+      web: https://github.com/stolostron/governance-policy-addon-controller
+distgit:
+  component: acm-governance-policy-addon-controller-container
+  branch: rhaos-{MAJOR}.{MINOR}-rhel-9
+delivery:
+  delivery_repo_names:
+  - rhacm2/governance-policy-addon-controller-rhel9
+for_payload: false
+from:
+  builder:
+    - stream: rhel-9-golang
+  stream: rhel9
+name: rhacm2/governance-policy-addon-controller-rhel9
+owners:
+- acm-cicd@redhat.com
+jira:
+  project: ACM
+  component: acm-governance-policy-addon-controller-container