Try fixing enterprise contracts (again...) (#154)

sarroutbi · web-flow · commit ca7bb7f483c0 · 2024-11-11T12:32:05.000+01:00
Signed-off-by: Sergio Arroutbi &lt;sarroutb@redhat.com&gt;
diff --git a/.tekton/fbc-4-18-bundle-pull-request.yaml b/.tekton/fbc-4-18-bundle-pull-request.yaml
@@ -28,6 +28,8 @@ spec:
     value: 5d
   - name: dockerfile
     value: bundle.konflux.Dockerfile
+  - name: hermetic
+    value: "true"
   pipelineSpec:
     description: |
       This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization.
diff --git a/.tekton/fbc-4-18-bundle-push.yaml b/.tekton/fbc-4-18-bundle-push.yaml
@@ -25,6 +25,8 @@ spec:
     value: quay.io/redhat-user-workloads/konflux-sec-eng-spec-tenant/fbc-4-18-bundle:{{revision}}
   - name: dockerfile
     value: bundle.konflux.Dockerfile
+  - name: hermetic
+    value: "true"
   pipelineSpec:
     description: |
       This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization.
diff --git a/.tekton/nbde-tang-server-multiarch-pull-request.yaml b/.tekton/nbde-tang-server-multiarch-pull-request.yaml
@@ -28,6 +28,8 @@ spec:
     value: 5d
   - name: dockerfile
     value: Dockerfile
+  - name: hermetic
+    value: "true"
   pipelineSpec:
     description: |
       This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization.
diff --git a/.tekton/nbde-tang-server-multiarch-push.yaml b/.tekton/nbde-tang-server-multiarch-push.yaml
@@ -25,6 +25,8 @@ spec:
     value: quay.io/redhat-user-workloads/konflux-sec-eng-spec-tenant/nbde-tang-server-multiarch:{{revision}}
   - name: dockerfile
     value: Dockerfile
+  - name: hermetic
+    value: "true"
   pipelineSpec:
     description: |
       This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization.
diff --git a/bundle.konflux.Dockerfile b/bundle.konflux.Dockerfile
@@ -1,22 +1,20 @@
 ##### UNCOMMENT NEXT BLOCK OF CODE ONCE IMAGE SUBSTITUTION IS CLARIFIED:
-# FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_9_1.22 as builder
+ FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_9_1.22 as builder
 #
 # TODO: Set image to correct version
-# ARG IMG=quay.io/sec-eng-special/nbde-tang-server:v1.1.0
-# ARG ORIGINAL_IMG=quay.io/sec-eng-special/nbde-tang-server:v1.1.0
-# WORKDIR /code
-# COPY ./ ./
+ARG IMG=registry.redhat.io/nbde-tang-server/tang-rhel9-operator@sha256:562e5f1677dbf5cd9feb00a7270e78c57b28f5177a7bf4bd2d39b2a5cd451da8
+ARG ORIGINAL_IMG=quay.io/sec-eng-special/nbde-tang-server:v1.1.0
+WORKDIR /code
+COPY ./ ./
 #
-# RUN echo "SNAPSHOT=${SNAPSHOT}"
-# RUN bash -c printenv
-# RUN echo "IMAGE_VERSION=$(echo '${SNAPSHOT}' | base64 -d | jq -r '.components[].containerImage')"
-#  Replace the bundle image in the repository with the one specified by the IMG build argument.
-#  TODO: Replace bundle appropriately once image is changed
-#  RUN chmod -R g+rwX ./ && find bundle/ && find bundle -type f -exec sed -i \
-#     "s|${ORIGINAL_IMG}|$(echo '${SNAPSHOT}' | base64 -d | jq -r '.components[].containerImage')|g" {} \+; \
-#     grep -rq "${ORIGINAL_IMG}" bundle/ && \
-#     { echo "Failed to replace image references"; exit 1; } || echo "Image references replaced" && \
-#     grep -r "${IMG}" bundle/
+RUN echo "SNAPSHOT=${SNAPSHOT}"
+RUN bash -c printenv
+# Replace the bundle image in the repository with the one specified by the IMG build argument.
+# TODO: Replace bundle appropriately once image is changed
+RUN chmod -R g+rwX ./ && find bundle/ && find bundle -type f -exec sed -i \
+   "s|${ORIGINAL_IMG}|${IMG})|g" {} \+; grep -rq "${ORIGINAL_IMG}" bundle/ && \
+   { echo "Failed to replace image references"; exit 1; } || echo "Image references replaced" && \
+   grep -r "${IMG}" bundle/
 
 FROM registry.access.redhat.com/ubi9/ubi-micro@sha256:7f376b75faf8ea546f28f8529c37d24adcde33dca4103f4897ae19a43d58192b
 
@@ -49,12 +47,12 @@ LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1
 LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/
 
 ### Copy files to locations specified by labels
-# COPY --from=builder /code/bundle/manifests /manifests/
-# COPY --from=builder /code/bundle/metadata /metadata/
-# COPY --from=builder /code/bundle/tests/scorecard /tests/scorecard/
-COPY bundle/manifests /manifests/
-COPY bundle/metadata /metadata/
-COPY bundle/tests/scorecard /tests/scorecard/
+COPY --from=builder /code/bundle/manifests /manifests/
+COPY --from=builder /code/bundle/metadata /metadata/
+COPY --from=builder /code/bundle/tests/scorecard /tests/scorecard/
+#COPY bundle/manifests /manifests/
+#COPY bundle/metadata /metadata/
+#COPY bundle/tests/scorecard /tests/scorecard/
 
 # Copy LICENSE to /licenses directory
 COPY LICENSE /licenses/
