Correcting the digest form in the CSV (#861)

### Objective: To correct the digest form in the CSV ### Explanation: With the flag `--use-image-digests` we no longer need any further manual modification and this flag also add the relatedImages field in the digest form. ### Related PR: * [digest-pinning failure](redhat-openshift-ecosystem/certified-operators#2914) ### Next steps: * After this PR get merged, we need admin to push new images to proceed any further. ### Current Issue: * [Current Issue](https://github.com/redhat-openshift-ecosystem/certified-operators/pull/2914/files#diff-3c33b5813deded9fc262b5243b82d53983642310e3913e2d0d41da30815a8c06R277-R284) ```yaml relatedImages: - image: gcr.io/kubebuilder/kube-rbac-proxy@sha256:d4883d7c622683b3319b5e6b3a7edfbf2594c18060131a8bf64504805f875522 name: kube-rbac-proxy - image: |- quay.io/minio/directpv-operator@sha256:b74241c40d52e8967c85881e94b4fd760fbd8073052a5d1b45c9a61f84e62449 sha256:de8ab6152131ae84fd1f9e70874b263d0a4af45df9cd472d3247cacf0aeb6777 sha256:de8ab6152131ae84fd1f9e70874b263d0a4af45df9cd472d3247cacf0aeb6777 name: manager ``` > Manager image is wrong in sha form but all appended due to the podman command that is miscalculating the value, which in addition is of no use since --use-image-digests flag can do this for us in the correct way. ### Local Testing: * Performed in Ubuntu Machine, output is: ```yaml relatedImages: - image: gcr.io/kubebuilder/kube-rbac-proxy@sha256:d4883d7c622683b3319b5e6b3a7edfbf2594c18060131a8bf64504805f875522 name: kube-rbac-proxy - image: quay.io/cniackz4/directpv-operator@sha256:1a6a0cec860ec941c934989a0f0877d1955aa18e95fabb130bb5df19554ed862 name: manager ``` ### Documentation: * [digest-pinning](https://github.com/redhat-openshift-ecosystem/certification-releases/blob/main/4.9/ga/troubleshooting.md#digest-pinning) ### Related Case: * [RedHat Case](https://connect.redhat.com/support/technology-partner/#/case/03620644)
minio · Oct 3, 2023 · 2715edc · 2715edc
1 parent c9d41ed
commit 2715edc
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 25 deletions.
diff --git a/.gitignore b/.gitignore
@@ -8,3 +8,6 @@ kubectl-directpv
 vdb.xml
 drives.yaml
 dist/
+kustomize
+operator-sdk
+kubectl-directpv_*
diff --git a/release-operator.sh b/release-operator.sh
@@ -138,19 +138,17 @@ function make_release() {
 function subsequent_steps() {
     export IMAGE_TAG_BASE=quay.io/minio/directpv-operator
     # Package is intended for certified operators only not for rhmp anymore.
-    export BUNDLE_GEN_FLAGS="-q --overwrite --version ${BUILD_VERSION} --package minio-directpv-operator"
+    # --use-image-digests flag will create relatedImages section by digest
+    # there is no need for any further modification if using --use-image-digests flag to get the digest form.
+    export BUNDLE_GEN_FLAGS="-q --overwrite --version ${BUILD_VERSION} --package minio-directpv-operator --use-image-digests"
     export BUNDLE_IMG="${IMAGE_TAG_BASE}-bundle:v${BUILD_VERSION}"
-
-    "${PODMAN}" pull "${IMAGE_TAG_BASE}":"${BUILD_VERSION}"
-    OPERATOR_DIGEST=$("${PODMAN}" image list quay.io/minio/directpv-operator --digests | grep sha | awk -F ' ' '{print $3}')
-    export OPERATOR_DIGEST
-    export DIGEST="${IMAGE_TAG_BASE}@${OPERATOR_DIGEST}"
+    export CONTROLLER_IMAGE="${IMAGE_TAG_BASE}:${BUILD_VERSION}"
 
     # Controller image, should be in SHA Digest form for certification to pass test:
     # verify-pinned-digest where all your container images should use SHA digests instead of tags.
     # Example:
     # (cd config/manager && kustomize edit set image controller=quay.io/minio/directpv-operator@sha256:04fec2fbd0d17f449a17c0f509b359c18d6c662e0a22e84cd625b538ca2a1af2)
-    (cd config/manager && "${KUSTOMIZE}" edit set image controller="${DIGEST}")
+    (cd config/manager && "${KUSTOMIZE}" edit set image controller="${CONTROLLER_IMAGE}")
     # shellcheck disable=SC2086
     "${KUSTOMIZE}" build config/manifests | "${OPERATOR_SDK}" generate bundle ${BUNDLE_GEN_FLAGS}
     # Since above line overwrites our redhat annotation,
@@ -168,24 +166,6 @@ function subsequent_steps() {
 
     cd -
 
-    "${PODMAN}" pull gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
-    PROXY_DIGEST=$("${PODMAN}" image list gcr.io/kubebuilder/kube-rbac-proxy --digests | grep sha | awk -F ' ' '{print $3}')
-
-    ### relatedImages: Field needed by RedHat Certification.
-    # kind: ClusterServiceVersion
-    # spec:
-    #   relatedImages:
-    #     - image: gcr.io/kubebuilder/kube-rbac-proxy@sha256:<digest>
-    #       name: kube-rbac-proxy
-    #     - image: quay.io/minio/directpv-operator@sha256:<digest>
-    #       name: manager
-    #
-    # Add relatedImages to CSV
-    yq -i ".spec.relatedImages |= []" ./operator/bundle/manifests/minio-directpv-operator.clusterserviceversion.yaml
-    # Add kube-rbac-proxy image
-    yq -i ".spec.relatedImages[0] = {\"image\": \"gcr.io/kubebuilder/kube-rbac-proxy@${PROXY_DIGEST}\", \"name\": \"kube-rbac-proxy\"}" ./operator/bundle/manifests/minio-directpv-operator.clusterserviceversion.yaml
-    # Add manager image
-    yq -i ".spec.relatedImages[1] = {\"image\": \"quay.io/minio/directpv-operator@${OPERATOR_DIGEST}\", \"name\": \"manager\"}" ./operator/bundle/manifests/minio-directpv-operator.clusterserviceversion.yaml
 }
 
 function main() {