feature: Use image digest in csv (#274)

* Use image digest in the released csvs. Use correct image for e2e tests. Use correct operator image for olm tests. Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
eclipse-che · Jul 8, 2020 · adfe698 · adfe698
1 parent 68bce46
commit adfe698
Show file tree

Hide file tree

Showing 29 changed files with 2,396 additions and 154 deletions.
diff --git a/.ci/cico_olm_prcheck.sh b/.ci/cico_olm_prcheck.sh
@@ -36,16 +36,26 @@ install_Dependencies() {
 }
 
 run_olm_tests() {
-  for platform in 'openshift' 'kubernetes'
+  for platform in 'kubernetes'
   do
+    # set up ImagePullPolicy for che-operator image
+    packageName=eclipse-che-preview-${platform}
+    packageFolderPath="${OPERATOR_REPO}/olm/eclipse-che-preview-${platform}/deploy/olm-catalog/${packageName}"
+    packageFilePath="${packageFolderPath}/${packageName}.package.yaml"
+    CSV=$(yq -r ".channels[] | select(.name == \"${CHANNEL}\") | .currentCSV" "${packageFilePath}")
+    PackageVersion=$(echo "${CSV}" | sed -e "s/${packageName}.v//")
+    CSVBundle="${packageFolderPath}/${PackageVersion}/${packageName}.v${PackageVersion}.clusterserviceversion.yaml"
+    yq -rY '.spec.install.spec.deployments[0].spec.template.spec.containers[0].imagePullPolicy |= "IfNotPresent"' "${CSVBundle}" >> "${CSVBundle}"
     if [[ ${platform} == 'kubernetes' ]]; then
+      buildCheOperatorImage "minikube"
       printInfo "Starting minikube VM to test kubernetes olm files..."
       source ${OPERATOR_REPO}/.ci/start-minikube.sh
-  
+
       sh "${OPERATOR_REPO}"/olm/testCatalogSource.sh ${platform} ${CHANNEL} ${NAMESPACE}
       printInfo "Successfully verified olm files on kubernetes platform."
       rm -rf ~/.kube && yes | minikube delete
     fi
+    # todo implement check on the openshift 4(crc). To delivery che-operator image we can try to use imageStream feature: https://medium.com/@adilsonbna/importing-an-external-docker-image-into-red-hat-openshift-repository-c25894cd3199
   done
 }
 

diff --git a/.ci/cico_operator_prcheck.sh b/.ci/cico_operator_prcheck.sh
@@ -53,8 +53,8 @@ run_tests() {
               sh -c "OOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o /operator/run-tests /opt/app-root/src/go/src/github.com/eclipse/che-operator/e2e/*.go"
 
   printInfo "Build operator docker image and load in to minishift VM..."
-  cd "$OPERATOR_REPO" && docker build -t che/operator -f Dockerfile . && docker save che/operator > operator.tar
-  eval $(minishift docker-env) && docker load -i operator.tar && rm operator.tar
+
+  buildCheOperatorImage "minishift"
 
   printInfo "Runing e2e tests..."
   ${OPERATOR_REPO}/tmp/run-tests

diff --git a/.ci/util/ci_common.sh b/.ci/util/ci_common.sh
@@ -82,6 +82,16 @@ github_token_set() {
   fi
 }
 
+buildCheOperatorImage() {
+  if [ -z "${1}" ]; then
+    printError "Platform is required to build che operator image."
+  fi
+  PLATFORM="${1}"
+  OPERATOR_IMAGE="quay.io/eclipse/che-operator:nightly"
+  cd "$OPERATOR_REPO" && docker build -t "${OPERATOR_IMAGE}" -f Dockerfile . && docker save "${OPERATOR_IMAGE}" > operator.tar
+  eval $(${PLATFORM} docker-env) && docker load -i operator.tar && rm operator.tar
+}
+
 minishift_installation() {
   MSFT_RELEASE="1.34.2"
   printInfo "Downloading Minishift binaries"

diff --git a/.gitignore b/.gitignore
@@ -109,5 +109,6 @@ tags
 
 build/
 bin/
+olm/generated
 
 # End of https://www.gitignore.io/api/go,vim,emacs,visualstudiocode
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -1,7 +1,22 @@
 {
   "version": "0.2.0",
   "configurations": [
-
+    {
+      "type": "bashdb",
+      "request": "launch",
+      "name": "Bash-Debug (release-olm-files.sh)",
+      "cwd": "${workspaceFolder}",
+      "program": "${workspaceFolder}/olm/release-olm-files.sh",
+      "args": [
+        "7.13.2"
+      ]
+    },
+    {
+      "type": "bashdb",
+      "request": "launch",
+      "name": "Bash-Debug (simplest configuration)",
+      "program": "${file}"
+    },
     {
       "name": "Launch Current File",
       "type": "go",

diff --git a/deploy/crds/org_v1_che_cr.yaml b/deploy/crds/org_v1_che_cr.yaml
@@ -70,7 +70,7 @@ spec:
     chePostgresPassword: ''
     # Postgres database name that Che server uses to connect to. Defaults to dbche
     chePostgresDb: ''
-    # Postgres deployment in format image:tag. Default in https://github.com/eclipse/che-operator/blob/master/deploy/operator.yaml#L57-L58 or operator metadata CSV environment variable IMAGE_default_postgres)
+    # Postgres deployment in format image:tag. Default in https://github.com/eclipse/che-operator/blob/master/deploy/operator.yaml#L57-L58 or operator metadata CSV environment variable RELATED_IMAGE_postgres)
     postgresImage: ''
   storage:
     # persistent volume claim strategy for Che server. Can be common (all workspaces PVCs in one volume),

diff --git a/deploy/operator-local.yaml b/deploy/operator-local.yaml
@@ -45,25 +45,25 @@ spec:
               value: che-operator
             - name: CHE_VERSION
               value: nightly
-            - name: IMAGE_default_che_server
+            - name: RELATED_IMAGE_che_server
               value: quay.io/eclipse/che-server:nightly
-            - name: IMAGE_default_plugin_registry
+            - name: RELATED_IMAGE_plugin_registry
               value: quay.io/eclipse/che-plugin-registry:nightly
-            - name: IMAGE_default_devfile_registry
+            - name: RELATED_IMAGE_devfile_registry
               value: quay.io/eclipse/che-devfile-registry:nightly
-            - name: IMAGE_default_che_tls_secrets_creation_job
+            - name: RELATED_IMAGE_che_tls_secrets_creation_job
               value: quay.io/eclipse/che-tls-secret-creator:alpine-3029769
-            - name: IMAGE_default_pvc_jobs
+            - name: RELATED_IMAGE_pvc_jobs
               value: registry.access.redhat.com/ubi8-minimal:8.2-301.1592810506
-            - name: IMAGE_default_postgres
+            - name: RELATED_IMAGE_postgres
               value: centos/postgresql-96-centos7:9.6
-            - name: IMAGE_default_keycloak
+            - name: RELATED_IMAGE_keycloak
               value: quay.io/eclipse/che-keycloak:nightly
-            - name: IMAGE_default_che_workspace_plugin_broker_metadata
+            - name: RELATED_IMAGE_che_workspace_plugin_broker_metadata
               value: quay.io/eclipse/che-plugin-metadata-broker:v3.2.0
-            - name: IMAGE_default_che_workspace_plugin_broker_artifacts
+            - name: RELATED_IMAGE_che_workspace_plugin_broker_artifacts
               value: quay.io/eclipse/che-plugin-artifacts-broker:v3.2.0
-            - name: IMAGE_default_che_server_secure_exposer_jwt_proxy_image
+            - name: RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image
               value: quay.io/eclipse/che-jwtproxy:fd94e60
             - name: CHE_FLAVOR
               value: che

diff --git a/deploy/operator.yaml b/deploy/operator.yaml
@@ -44,25 +44,25 @@ spec:
               value: che-operator
             - name: CHE_VERSION
               value: nightly
-            - name: IMAGE_default_che_server
+            - name: RELATED_IMAGE_che_server
               value: quay.io/eclipse/che-server:nightly
-            - name: IMAGE_default_plugin_registry
+            - name: RELATED_IMAGE_plugin_registry
               value: quay.io/eclipse/che-plugin-registry:nightly
-            - name: IMAGE_default_devfile_registry
+            - name: RELATED_IMAGE_devfile_registry
               value: quay.io/eclipse/che-devfile-registry:nightly
-            - name: IMAGE_default_che_tls_secrets_creation_job
+            - name: RELATED_IMAGE_che_tls_secrets_creation_job
               value: quay.io/eclipse/che-tls-secret-creator:alpine-3029769
-            - name: IMAGE_default_pvc_jobs
+            - name: RELATED_IMAGE_pvc_jobs
               value: registry.access.redhat.com/ubi8-minimal:8.2-301.1592810506
-            - name: IMAGE_default_postgres
+            - name: RELATED_IMAGE_postgres
               value: centos/postgresql-96-centos7:9.6
-            - name: IMAGE_default_keycloak
+            - name: RELATED_IMAGE_keycloak
               value: quay.io/eclipse/che-keycloak:nightly
-            - name: IMAGE_default_che_workspace_plugin_broker_metadata
+            - name: RELATED_IMAGE_che_workspace_plugin_broker_metadata
               value: quay.io/eclipse/che-plugin-metadata-broker:v3.2.0
-            - name: IMAGE_default_che_workspace_plugin_broker_artifacts
+            - name: RELATED_IMAGE_che_workspace_plugin_broker_artifacts
               value: quay.io/eclipse/che-plugin-artifacts-broker:v3.2.0
-            - name: IMAGE_default_che_server_secure_exposer_jwt_proxy_image
+            - name: RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image
               value: quay.io/eclipse/che-jwtproxy:fd94e60
             - name: CHE_FLAVOR
               value: che

diff --git a/make-release.sh b/make-release.sh
@@ -119,7 +119,7 @@ checkImageReferences() {
     echo "[ERROR] Unable to find che-keycloak image with version ${RELEASE} in the $filename"; exit 1
   fi
 
-  if ! grep -q "value: $IMAGE_default_pvc_jobs" $filename; then
+  if ! grep -q "value: $RELATED_IMAGE_pvc_jobs" $filename; then
     echo "[ERROR] Unable to find ubi8_minimal image in the $filename"; exit 1
   fi
 

diff --git a/olm/addDigests.sh b/olm/addDigests.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright (c) 2019 Red Hat, Inc.
+# Copyright (c) 2019-2020 Red Hat, Inc.
 # This program and the accompanying materials are made
 # available under the terms of the Eclipse Public License 2.0
 # which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -10,6 +10,9 @@
 # Contributors:
 #   Red Hat, Inc. - initial API and implementation
 
+set +x
+set -e
+
 SCRIPTS_DIR=$(cd "$(dirname "$0")"; pwd)
 BASE_DIR="$(pwd)"
 QUIET=""
@@ -25,9 +28,8 @@ fi
 command -v yq >/dev/null 2>&1 || { echo "yq is not installed. Aborting."; exit 1; }
 
 usage () {
-	echo "Usage:   $0 [-w WORKDIR] -s [SOURCE_PATH] -n [csv name] -v [VERSION] "
-	echo "Example: $0 -w $(pwd) -s eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift -n eclipse-che-preview-openshift -v 7.9.0"
-	echo "Example: $0 -w $(pwd) -s controller-manifests -n codeready-workspaces -v 2.1.0"
+	echo "Usage:   $0 [-w WORKDIR] [-s SOURCE_PATH] -r [CSV_FILE_PATH_REGEXP] -t [IMAGE_TAG] "
+	echo "Example: $0 -w $(pwd) -r \"eclipse-che-preview-.*/eclipse-che-preview-.*\.v7.15.0.*yaml\" -t 7.15.0"
 }
 
 if [[ $# -lt 1 ]]; then usage; exit; fi
@@ -36,53 +38,98 @@ while [[ "$#" -gt 0 ]]; do
   case $1 in
     '-w') BASE_DIR="$2"; shift 1;;
     '-s') SRC_DIR="$2"; shift 1;;
-    '-n') CSV_NAME="$2"; shift 1;;
-    '-v') VERSION="$2"; shift 1;;
+    '-t') IMAGE_TAG="$2"; shift 1;;
+    '-r') CSV_FILE_PATH_REGEXP="$2"; shift 1;;
     '-q') QUIET="-q"; shift 0;;
 	'--help'|'-h') usage; exit;;
   esac
   shift 1
 done
 
-if [[ ! $SRC_DIR ]] || [[ ! $CSV_NAME ]] || [[ ! $VERSION ]]; then usage; exit 1; fi
+if [[ ! ${CSV_FILE_PATH_REGEXP} ]] || [[ ! $IMAGE_TAG ]]; then usage; exit 1; fi
 
-rm -Rf ${BASE_DIR}/generated/${CSV_NAME}/
-mkdir -p ${BASE_DIR}/generated/${CSV_NAME}/
-cp -R ${BASE_DIR}/${SRC_DIR}/* ${BASE_DIR}/generated/${CSV_NAME}/
+CSV_FILES_DIR=${BASE_DIR}
+if [ -n "${SRC_DIR}" ]; then
+  CSV_FILES_DIR="${BASE_DIR}/${SRC_DIR}"
+fi
+echo "Resolved CSV files dir: ${CSV_FILES_DIR}"
 
-CSV_FILE="$(find ${BASE_DIR}/generated/${CSV_NAME}/*${VERSION}/ -name "${CSV_NAME}.*${VERSION}.clusterserviceversion.yaml" | tail -1)"; # echo "[INFO] CSV = ${CSV_FILE}"
-${SCRIPTS_DIR}/buildDigestMap.sh -w ${BASE_DIR} -c ${CSV_FILE} -v ${VERSION} ${QUIET}
+echo "find ${CSV_FILES_DIR} -regextype posix-egrep -regex \"${CSV_FILES_DIR}/?${CSV_FILE_PATH_REGEXP}\""
+CSV_FILES=( $(find ${CSV_FILES_DIR} -regextype posix-egrep -regex "${CSV_FILES_DIR}/?${CSV_FILE_PATH_REGEXP}") )
+RELATED_IMAGE_PREFIX="RELATED_IMAGE_"
 
-# inject relatedImages block
-names=" "
-count=1
-RELATED_IMAGES='. * { spec : { relatedImages: [ '
-if [[ ! "${QUIET}" ]]; then cat ${BASE_DIR}/generated/digests-mapping.txt; fi
-for mapping in $(cat ${BASE_DIR}/generated/digests-mapping.txt)
+rm -Rf "${BASE_DIR}/generated/csv"
+mkdir -p "${BASE_DIR}/generated/csv"
+# Copy original csv files
+for CSV_FILE in "${CSV_FILES[@]}"
 do
-  source=$(echo "${mapping}" | sed -e 's/\(.*\)=.*/\1/')
-  dest=$(echo "${mapping}" | sed -e 's/.*=\(.*\)/\1/')
-  sed -i -e "s;${source};${dest};" ${CSV_FILE}
-  name=$(echo "${dest}" | sed -e 's;.*/\([^\/][^\/]*\)@.*;\1;')
-  nameWithSpaces=" ${name} "
-  if [[ "${names}" != *${nameWithSpaces}* ]]; then
-    if [ "${names}" != " " ]; then
-      RELATED_IMAGES="${RELATED_IMAGES},"
-    fi
-    RELATED_IMAGES="${RELATED_IMAGES} { name: \"${name}\", image: \"${dest}\", tag: \"${source}\"}"
-    names="${names} ${name} "
-  fi
+  echo "CSV file: ${CSV_FILE}"
+  cp -pR "${CSV_FILE}" "${BASE_DIR}/generated/csv"
+  csvs_args="${csvs_args} -c ${CSV_FILE}"
 done
-RELATED_IMAGES="${RELATED_IMAGES} ] } }"
-mv ${CSV_FILE} ${CSV_FILE}.old
-yq -Y "$RELATED_IMAGES" ${CSV_FILE}.old > ${CSV_FILE}
-sed -i ${CSV_FILE} -r -e "s|tag: |# tag: |" 
-rm -f ${CSV_FILE}.old
 
-# update original file with generated changes
-CSV_FILE_ORIG=$(find ${BASE_DIR} -name "${CSV_FILE##*/}" | grep -v generated | tail -1)
-mv "${CSV_FILE}" "${CSV_FILE_ORIG}"
-echo "[INFO] CSV updated: ${CSV_FILE_ORIG}"
+# shellcheck source=buildDigestMap.sh
+eval "${SCRIPTS_DIR}/buildDigestMap.sh" -w "${BASE_DIR}" -t "${IMAGE_TAG}" "${csvs_args}" ${QUIET}
+
+if [[ ! "${QUIET}" ]]; then cat "${BASE_DIR}"/generated/digests-mapping.txt; fi
+for CSV_FILE in "${CSV_FILES[@]}"
+do
+  CSV_FILE_COPY=${BASE_DIR}/generated/csv/$(basename ${CSV_FILE})
+
+  echo "[INFO] Generate digest update for CSV file ${CSV_FILE}"
+  RELATED_IMAGES=""
+  RELATED_IMAGES_ENV=""
+  for mapping in $(cat "${BASE_DIR}/generated/digests-mapping.txt")
+  do
+    source=$(echo "${mapping}" | sed -e 's;\(.*\)=.*=.*;\1;')
+    # Image with digest.
+    dest=$(echo "${mapping}" | sed -e 's;.*=.*=\(.*\);\1;')
+    # Image label to set image target. For example: 'devfile-registry-image'
+    imageLabel=$(echo "${mapping}" | sed -e 's;.*=\(.*\)=.*;\1;')
+    name=$(echo "${dest}" | sed -e 's;.*/\([^\/][^\/]*\)@.*;\1;')
+    tagOrDigest=""
+    if [[ ${source} == *"@"* ]]; then
+      tagOrDigest="@${source#*@}"
+    elif [[ ${source} == *":"* ]]; then
+      tagOrDigest="${source#*:}"
+    fi
+
+    if [[ ${imageLabel} == "plugin-registry-image" ]] || [[ ${imageLabel} == "devfile-registry-image" ]]; then
+      # Image tag could contains invalid for Env variable name characters, so let's encode it using base32.
+      # But alphabet of base32 uses one invalid for env variable name character '=' at the end of the line, so let's replace it by '_'. 
+      # To recovery original tag should be done opposite actions: replace '_' to '=', and decode string using 'base32 -d'.
+      encodedTag=$(echo "${tagOrDigest}" | base32 -w 0 | tr "=" "_")
+      relatedImageEnvName=$(echo "${RELATED_IMAGE_PREFIX}${name}_${imageLabel}_${encodedTag}" | sed -r 's/[-.]/_/g')
+      ENV="{ name: \"${relatedImageEnvName}\", value: \"${dest}\"}"
+      if [[ -z ${RELATED_IMAGES_ENV} ]]; then
+        RELATED_IMAGES_ENV="${ENV}"
+      else
+        RELATED_IMAGES_ENV="${RELATED_IMAGES_ENV}, ${ENV}"
+      fi
+    fi
+
+    RELATED_IMAGE="{ name: \"${name}-${tagOrDigest}\", image: \"${dest}\", tag: \"${source}\"}"
+    if [[ -z ${RELATED_IMAGES} ]]; then
+      RELATED_IMAGES="${RELATED_IMAGE}"
+    else
+      RELATED_IMAGES="${RELATED_IMAGES}, ${RELATED_IMAGE}"
+    fi
+
+    sed -i -e "s;${source};${dest};" "${CSV_FILE_COPY}"
+  done
+
+  mv "${CSV_FILE_COPY}" "${CSV_FILE_COPY}.old"
+  yq -ryY "
+  ( .spec.relatedImages ) += [${RELATED_IMAGES}] |
+  ( .spec.install.spec.deployments[0].spec.template.spec.containers[0].env ) += [${RELATED_IMAGES_ENV}]
+  " "${CSV_FILE_COPY}.old" > "${CSV_FILE_COPY}"
+  sed -i "${CSV_FILE_COPY}" -r -e "s|tag: |# tag: |"
+  rm -f "${CSV_FILE_COPY}.old"
+
+  # update original file with generated changes
+  mv "${CSV_FILE_COPY}" "${CSV_FILE}"
+  echo "[INFO] CSV updated: ${CSV_FILE}"
+done
 
 # cleanup
-rm -fr ${BASE_DIR}/generated
+rm -fr "${BASE_DIR}/generated"