From 62b26e01b0bac7086d00c4798ad20dffaed731fa Mon Sep 17 00:00:00 2001 From: Helder Santana Date: Mon, 6 Feb 2023 15:15:04 -0300 Subject: [PATCH 1/2] fix action to certify container images --- .../certify-openshift-images/Dockerfile | 20 +++++++++++++++--- .../certify-openshift-images/action.yaml | 5 +++++ .../certify-openshift-images/entrypoint.sh | 21 ++++++++++++------- .github/workflows/release-openshift.yaml | 1 + 4 files changed, 36 insertions(+), 11 deletions(-) diff --git a/.github/actions/certify-openshift-images/Dockerfile b/.github/actions/certify-openshift-images/Dockerfile index 320acb443a..8e65cfecbb 100644 --- a/.github/actions/certify-openshift-images/Dockerfile +++ b/.github/actions/certify-openshift-images/Dockerfile @@ -1,7 +1,21 @@ -FROM docker:23.0-rc-cli +FROM registry.access.redhat.com/ubi8/ubi:latest -RUN apk update && \ - apk add --no-cache curl jq +RUN yum install -y \ + bzip2 \ + gzip \ + tar \ + iptables \ + yum-utils \ + jq + +RUN yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo && \ + yum list docker-ce --showduplicates | sort -r && \ + yum install -y \ + docker-ce \ + docker-ce-cli \ + containerd.io + +RUN yum clean all RUN curl -LO https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/1.4.3/preflight-linux-amd64 && \ chmod +x ./preflight-linux-amd64 && \ diff --git a/.github/actions/certify-openshift-images/action.yaml b/.github/actions/certify-openshift-images/action.yaml index ae55863eea..42119bbddf 100644 --- a/.github/actions/certify-openshift-images/action.yaml +++ b/.github/actions/certify-openshift-images/action.yaml @@ -16,6 +16,10 @@ inputs: rhcc_project: description: The Redhat certification central project id required: true + submit: + description: Submit result to RedHat Connect + required: false + default: "false" runs: using: 'docker' image: 'Dockerfile' @@ -25,3 +29,4 @@ runs: QUAY_PASSWORD: ${{ inputs.quay_password }} RHCC_TOKEN: ${{ inputs.rhcc_token }} RHCC_PROJECT: ${{ inputs.rhcc_project }} + SUBMIT: ${{ inputs.submit }} diff --git a/.github/actions/certify-openshift-images/entrypoint.sh b/.github/actions/certify-openshift-images/entrypoint.sh index 19c28571df..d8f335e034 100644 --- a/.github/actions/certify-openshift-images/entrypoint.sh +++ b/.github/actions/certify-openshift-images/entrypoint.sh @@ -2,19 +2,24 @@ set -eou pipefail -docker login -u unused -p "${QUAY_PASSWORD}" quay.io +docker login -u mongodb+mongodb_atlas_kubernetes -p "${QUAY_PASSWORD}" quay.io DIGESTS=$(docker manifest inspect "${REPOSITORY}:${VERSION}" | jq -r .manifests[].digest) for DIGEST in $DIGESTS; do echo "Checking image $DIGEST" # Do the preflight check first - preflight check container "${DIGEST}" --docker-config="${HOME}/.docker/config.json" + preflight check container "${REPOSITORY}@${DIGEST}" --artifacts "${DIGEST}" --docker-config="${HOME}/.docker/config.json" - # Send results to RedHat if preflight finished without errors - preflight check container "${DIGEST}" \ - --submit \ - --pyxis-api-token="${RHCC_TOKEN}" \ - --certification-project-id="${RHCC_PROJECT}" \ - --docker-config="${HOME}/.docker/config.json" + if [ "$SUBMIT" = "true" ]; then + rm -rf "${DIGEST}" + echo "Submitting result to RedHat Connect" + # Send results to RedHat if preflight finished wthout errors + preflight check container "${REPOSITORY}@${DIGEST}" \ + --artifacts "${DIGEST}" \ + --pyxis-api-token="${RHCC_TOKEN}" \ + --certification-project-id="${RHCC_PROJECT}" \ + --docker-config="${HOME}/.docker/config.json" \ + --submit + fi done diff --git a/.github/workflows/release-openshift.yaml b/.github/workflows/release-openshift.yaml index 9067f094b0..565ac0d85f 100644 --- a/.github/workflows/release-openshift.yaml +++ b/.github/workflows/release-openshift.yaml @@ -62,6 +62,7 @@ jobs: quay_password: ${{ secrets.QUAY_PASSWORD }} rhcc_token: ${{ secrets.RH_CERTIFICATION_PYXIS_API_TOKEN }} rhcc_project: ${{ secrets.RH_CERTIFICATION_OSPID }} + submit: "true" - name: Configure certified release if: ${{ matrix.certified }} env: From 3036baa2fca7d46a8bafe0ca4a1d34a695c15fe6 Mon Sep 17 00:00:00 2001 From: Helder Santana Date: Tue, 7 Feb 2023 16:08:55 -0300 Subject: [PATCH 2/2] add missing version to image path --- .github/actions/certify-openshift-images/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/certify-openshift-images/entrypoint.sh b/.github/actions/certify-openshift-images/entrypoint.sh index d8f335e034..dfdd0b2721 100644 --- a/.github/actions/certify-openshift-images/entrypoint.sh +++ b/.github/actions/certify-openshift-images/entrypoint.sh @@ -9,7 +9,7 @@ DIGESTS=$(docker manifest inspect "${REPOSITORY}:${VERSION}" | jq -r .manifests[ for DIGEST in $DIGESTS; do echo "Checking image $DIGEST" # Do the preflight check first - preflight check container "${REPOSITORY}@${DIGEST}" --artifacts "${DIGEST}" --docker-config="${HOME}/.docker/config.json" + preflight check container "${REPOSITORY}:${VERSION}@${DIGEST}" --artifacts "${DIGEST}" --docker-config="${HOME}/.docker/config.json" if [ "$SUBMIT" = "true" ]; then rm -rf "${DIGEST}"