Red Hat Konflux update openperouter-operator-fbc-4-20

.gitmodules

@@ -4,3 +4,6 @@
 [submodule "website/themes/hugo-book"]
 	path = website/themes/hugo-book
 	url = https://github.com/alex-shpak/hugo-book
+[submodule "telco5g-konflux"]
+	path = telco5g-konflux
+	url = https://github.com/openshift-kni/telco5g-konflux

.konflux/Dockerfile.catalog

@@ -0,0 +1,54 @@
+ # The base image is expected to contain /bin/opm (with a serve subcommand) and /bin/grpc_health_probe
+#
+# CAVEAT
+#
+# For <= 4.14, use registry.redhat.io/openshift4/ose-operator-registry:v4.y
+# For >= 4.15, use registry.redhat.io/openshift4/ose-operator-registry-rhel9:v4.y
+#
+# TODO: once available, migrate to: registry.redhat.io/openshift4/ose-operator-registry-rhel9:v4.y
+ARG OPM_IMAGE=brew.registry.redhat.io/rh-osbs/openshift-ose-operator-registry-rhel9:v4.20
+
+# build the catalog
+FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_9_golang_1.24@sha256:b91431604c435f3cabec20ddb653c0537c8ba8097ada57960d54a1266f95a7c3 AS builder
+
+# create dir structure to generate the catalog
+RUN mkdir -p /app/hack /app/.konflux/catalog
+
+COPY .konflux/hack/ /app/hack/
+COPY .konflux/catalog/ /app/.konflux/catalog/
+COPY telco5g-konflux /app/telco5g-konflux
+COPY konflux.Makefile /app/Makefile
+
+
+# generate the catalog
+
+# debug
+RUN echo "root dir" && ls -lra $HOME
+
+WORKDIR /app
+RUN --mount=type=secret,id=telco-5g-redhat-pull-secret/.dockerconfigjson \
+    mkdir -p $HOME/.docker/ && \
+    cp /run/secrets/telco-5g-redhat-pull-secret/.dockerconfigjson $HOME/.docker/config.json
+
+# debug
+RUN echo "run secrets" && ls -lra /run/secrets/ && echo "docker dir" && ls -lra $HOME/.docker/ && cat $HOME/.docker/config.json
+
+ENV REGISTRY_AUTH_FILE=$HOME/.docker/config.json
+# The fbc build is not hermetic, so make will download yq and opm
+RUN make konflux-generate-catalog-production && \
+    rm -f $HOME/.docker/config.json
+
+# run the catalog
+FROM ${OPM_IMAGE}
+
+ENTRYPOINT ["/bin/opm"]
+CMD ["serve", "/configs", "--cache-dir=/tmp/cache"]
+
+# ensure this correponds to olm.package name
+ENV PACKAGE_NAME=openperouter-operator
+
+COPY --from=builder /app/.konflux/catalog/$PACKAGE_NAME/ /configs/$PACKAGE_NAME
+# RUN ["/bin/opm", "validate", "/configs/openperouter-operator"]
+RUN ["/bin/opm", "serve", "/configs", "--cache-dir=/tmp/cache", "--cache-only"]
+
+LABEL operators.operatorframework.io.index.configs.v1=/configs

.konflux/catalog/.gitignore

@@ -0,0 +1 @@
+openperouter-operator/catalog.yaml

.konflux/catalog/bundle.builds.in.yaml

@@ -0,0 +1,3 @@
+---
+quay: quay.io/redhat-user-workloads/telco-5g-tenant/openperouter-operator-bundle-4-20@sha256:6bd0360775343a5ae8238c5d53bbfac1838e0c57e6f30c9c5df51633e720cbaf
+

.konflux/catalog/catalog-template.in.yaml

@@ -0,0 +1,21 @@
+---
+entries:
+  - defaultChannel: alpha
+    name: openperouter-operator
+    schema: olm.package
+  # Add 'replaces' after we ship 4.20.0
+  - entries:
+      - name: openperouter-operator.v4.20.0
+        skipRange: '>=4.9.0 <4.20.0'
+    name: alpha
+    package: openperouter-operator
+    schema: olm.channel
+  - entries:
+      - name: openperouter-operator.v4.20.0
+        skipRange: '>=4.9.0 <4.20.0'
+    name: "4.20"
+    package: openperouter-operator
+    schema: olm.channel
+  - image: quay.io/redhat-user-workloads/telco-5g-tenant/openperouter-operator-bundle-4-20@sha256:bf6a076d5b7dea000a817eb9dc3155131ab1655657855719f6ca62d1e5794911
+    schema: olm.bundle
+schema: olm.template.basic

.konflux/catalog/fbc-images-resolvable-integration-test-idms.yaml

@@ -0,0 +1,14 @@
+# We use this IDMS to check if the images in the FBC are resolvable using the staging or production catalog.
+# https://github.com/konflux-ci/community-catalog/tree/development/pipelines/validate-fbc-images-resolvable
+apiVersion: operator.openshift.io/v1
+kind: ImageDigestMirrorSet
+metadata:
+  name: fbc-images-resolvable-integration-test-idms
+spec:
+  imageDigestMirrors:
+    - mirrors:
+        - registry.stage.redhat.io/openshift4-dev-preview-beta/openperouter-rhel9-operator
+      source: registry.redhat.io/openshift4-dev-preview-beta/openperouter-rhel9-operator
+    - mirrors:
+        - registry.stage.redhat.io/openshift4-dev-preview-beta/openperouter-operator-bundle
+      source: registry.redhat.io/openshift4-dev-preview-beta/openperouter-operator-bundle

.konflux/hack/Dockerfile.markdownlint

@@ -0,0 +1,7 @@
+# Following example of: https://github.com/openshift/enhancements/blob/master/hack/Dockerfile.markdownlint
+FROM registry.access.redhat.com/ubi9/ubi:latest
+WORKDIR /workdir
+RUN dnf install -y git golang
+COPY install-markdownlint.sh /tmp
+RUN /tmp/install-markdownlint.sh
+ENTRYPOINT /workdir/hack/markdownlint.sh

.konflux/hack/boilerplate.go.txt

@@ -0,0 +1,5 @@
+/*
+SPDX-FileCopyrightText: Red Hat
+
+SPDX-License-Identifier: Apache-2.0
+*/

.konflux/hack/catalog-undeploy.sh

@@ -0,0 +1,83 @@
+#!/bin/bash
+#
+# SPDX-FileCopyrightText: Red Hat
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+function usage {
+    cat <<EOF >&2
+Paramaters:
+    --namespace <namespace>
+    --package <package name>
+    --crd-search <crd search grep pattern>
+EOF
+    exit 1
+}
+
+function cleanSubscription {
+    oc delete subscriptions.operators.coreos.com -n "${NAMESPACE}" "${PACKAGE}"
+    oc get csv -n "${NAMESPACE}" | grep "${PACKAGE}" | awk '{print $1}' \
+        | xargs --no-run-if-empty oc delete csv -n "${NAMESPACE}"
+    oc get crd | grep "${CRD_SEARCH}" | awk '{print $1}' \
+        | xargs --no-run-if-empty oc delete crd
+    oc delete ns "${NAMESPACE}"
+    oc get clusterrole.rbac.authorization.k8s.io | grep "${PACKAGE}" | awk '{print $1}' \
+        | xargs --no-run-if-empty oc delete clusterrole.rbac.authorization.k8s.io
+    oc get clusterrolebinding.rbac.authorization.k8s.io | grep "${PACKAGE}" | awk '{print $1}' \
+        | xargs --no-run-if-empty oc delete clusterrolebinding.rbac.authorization.k8s.io
+
+    oc delete catalogsources.operators.coreos.com -n openshift-marketplace "${PACKAGE}"
+}
+
+#
+# Command-line processing
+#
+declare PACKAGE=
+declare NAMESPACE=
+declare CRD_SEARCH=
+
+longopts=(
+    "help"
+    "namespace:"
+    "package:"
+    "crd-search:"
+)
+
+longopts_str=$(IFS=,; echo "${longopts[*]}")
+
+if ! OPTS=$(getopt -o "ho:" --long "${longopts_str}" --name "$0" -- "$@"); then
+    usage
+fi
+
+eval set -- "${OPTS}"
+
+while :; do
+    case "$1" in
+        --namespace)
+            NAMESPACE="$2"
+            shift 2
+            ;;
+        --package)
+            PACKAGE="$2"
+            shift 2
+            ;;
+        --crd-search)
+            CRD_SEARCH="$2"
+            shift 2
+            ;;
+        --)
+            shift
+            break
+            ;;
+        *)
+            usage
+            ;;
+    esac
+done
+
+if [ -z "${NAMESPACE}" ] || [ -z "${PACKAGE}" ] || [ -z "${CRD_SEARCH}" ]; then
+    usage
+fi
+
+cleanSubscription

.konflux/hack/check-git-tree.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+#
+# SPDX-FileCopyrightText: Red Hat
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+RC=0
+if [ -n "$(git status --porcelain)" ]; then
+    echo "Unstaged or untracked changes exist:"
+    git status --porcelain
+    git diff
+    RC=1
+else
+    echo "git tree is clean"
+fi
+
+exit ${RC}

.konflux/hack/generate-catalog-deploy.sh

@@ -0,0 +1,159 @@
+#!/bin/bash
+#
+# SPDX-FileCopyrightText: Red Hat
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+function usage {
+    cat <<EOF >&2
+Paramaters:
+    --namespace <namespace>
+    --package <package name>
+    --channel <channel>
+    --catalog-image <image ref>
+    --install-mode <OwnNamespace | AllNamespaces>
+EOF
+    exit 1
+}
+
+function generateCatalogSource {
+    cat <<EOF
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: CatalogSource
+metadata:
+  annotations:
+    target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
+  name: ${PACKAGE}
+  namespace: openshift-marketplace
+spec:
+  displayName: ${PACKAGE}
+  image: ${CATALOG_IMG}
+  publisher: Red Hat
+  sourceType: grpc
+  updateStrategy:
+    registryPoll:
+      interval: 1h
+EOF
+}
+
+function generateNamespace {
+    cat <<EOF
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ${NAMESPACE}
+  annotations:
+    workload.openshift.io/allowed: management
+EOF
+}
+
+function generateOperatorGroup {
+    if [ "${INSTALL_MODE}" = "OwnNamespace" ]; then
+    cat <<EOF
+---
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: ${PACKAGE}
+  namespace: ${NAMESPACE}
+spec:
+  targetNamespaces:
+  - ${NAMESPACE}
+EOF
+    else
+    cat <<EOF
+---
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: ${PACKAGE}
+  namespace: ${NAMESPACE}
+EOF
+    fi
+}
+
+function generateSubscription {
+    cat <<EOF
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: ${PACKAGE}
+  namespace: ${NAMESPACE}
+spec:
+  channel: ${CHANNEL}
+  name: ${PACKAGE}
+  source: ${PACKAGE}
+  sourceNamespace: openshift-marketplace
+EOF
+}
+
+#
+# Command-line processing
+#
+declare PACKAGE=
+declare NAMESPACE=
+declare CHANNEL=
+declare CATALOG_IMG=
+declare INSTALL_MODE=
+
+longopts=(
+    "help"
+    "namespace:"
+    "package:"
+    "catalog-image:"
+    "channel:"
+    "install-mode:"
+)
+
+longopts_str=$(IFS=,; echo "${longopts[*]}")
+
+if ! OPTS=$(getopt -o "ho:" --long "${longopts_str}" --name "$0" -- "$@"); then
+    usage
+fi
+
+eval set -- "${OPTS}"
+
+while :; do
+    case "$1" in
+        --namespace)
+            NAMESPACE="$2"
+            shift 2
+            ;;
+        --package)
+            PACKAGE="$2"
+            shift 2
+            ;;
+        --catalog-image)
+            CATALOG_IMG="$2"
+            shift 2
+            ;;
+        --channel)
+            CHANNEL="$2"
+            shift 2
+            ;;
+        --install-mode)
+            INSTALL_MODE="$2"
+            shift 2
+            ;;
+        --)
+            shift
+            break
+            ;;
+        *)
+            usage
+            ;;
+    esac
+done
+
+if [ -z "${NAMESPACE}" ] || [ -z "${PACKAGE}" ] || [ -z "${CATALOG_IMG}" ] || [ -z "${CHANNEL}" ] || [ -z "${INSTALL_MODE}" ]; then
+    usage
+fi
+
+generateCatalogSource
+generateNamespace
+generateOperatorGroup
+generateSubscription