certify-operator-ocp.sh

#!/bin/bash
set -eo pipefail

function cleanup {
    if [ -v CONTAINER_TOOL ] && [ -v IMAGE_ID ]; then
        $CONTAINER_TOOL image rm -f $IMAGE_ID
    fi
    $CONTAINER_TOOL image rm -f quay.io/opdev/preflight:stable
    rm -rf $AUTH_FILE_DIR
}

trap cleanup EXIT

CONTAINER_TOOL=${CONTAINER_TOOL:-docker}
CONTAINER_REGISTRY=${CONTAINER_REGISTRY:-quay.io}
AUTH_FILE_DIR='/tmp/dockercfg'
mkdir -p $AUTH_FILE_DIR
AUTH_FILE="$AUTH_FILE_DIR/config.json"

if [ $CONTAINER_TOOL == 'podman' ]; then
    AUTH_FILE_SETTING="--authfile $AUTH_FILE"
else
    AUTH_FILE_SETTING="--config $AUTH_FILE_DIR"
fi

echo $REGISTRY_LOGIN_PASSWORD | $CONTAINER_TOOL  $AUTH_FILE_SETTING login -u $REGISTRY_LOGIN_USERNAME --password-stdin $CONTAINER_REGISTRY

$CONTAINER_TOOL pull antrea/antrea-operator:$VERSION
IMAGE_ID=$($CONTAINER_TOOL image ls | awk '/antrea-operator/{print $3}')

$CONTAINER_TOOL $AUTH_FILE_SETTING tag $IMAGE_ID $CONTAINER_REGISTRY/$OCP_PROJECT_NAMESPACE/$PFLT_CERTIFICATION_PROJECT_ID:$VERSION
$CONTAINER_TOOL $AUTH_FILE_SETTING push $CONTAINER_REGISTRY/$OCP_PROJECT_NAMESPACE/$PFLT_CERTIFICATION_PROJECT_ID:$VERSION

$CONTAINER_TOOL $AUTH_FILE_SETTING run \
  --rm \
  --security-opt=label=disable \
  --env PFLT_LOGLEVEL=trace \
  --env PFLT_CERTIFICATION_PROJECT_ID=$PFLT_CERTIFICATION_PROJECT_ID \
  --env PFLT_PYXIS_API_TOKEN=$PFLT_PYXIS_API_TOKEN \
  -v $AUTH_FILE_DIR:/docker \
  quay.io/opdev/preflight:stable check container -s --docker-config /docker/config.json $CONTAINER_REGISTRY/$OCP_PROJECT_NAMESPACE/$PFLT_CERTIFICATION_PROJECT_ID:$VERSION

# Tag latest if required
if [ "$IS_LATEST" == "true" ]; then
    $CONTAINER_TOOL $AUTH_FILE_SETTING tag $IMAGE_ID $CONTAINER_REGISTRY/$OCP_PROJECT_NAMESPACE/$PFLT_CERTIFICATION_PROJECT_ID:latest
    $CONTAINER_TOOL $AUTH_FILE_SETTING push $CONTAINER_REGISTRY/$OCP_PROJECT_NAMESPACE/$PFLT_CERTIFICATION_PROJECT_ID:latest
fi

exit 0