From 6fad20680cd8c5c20e0924e8450edfd7c9000e61 Mon Sep 17 00:00:00 2001
From: Kobi Samoray <ksamoray@vmware.com>
Date: Tue, 22 Nov 2022 09:48:27 +0200
Subject: [PATCH] Improvements to the image certification process

Signed-off-by: Kobi Samoray <ksamoray@vmware.com>
---
 .github/workflows/certification.yml |  7 ++++++-
 Makefile                            |  2 +-
 hack/certify-operator-ocp.sh        | 24 ++++++++++++++++++------
 hack/generate-antrea-samples.py     |  9 +++++++++
 4 files changed, 34 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/certification.yml b/.github/workflows/certification.yml
index 1ef32ed3..dd676d22 100644
--- a/.github/workflows/certification.yml
+++ b/.github/workflows/certification.yml
@@ -7,7 +7,11 @@ on:
         description: 'Version tag'
         required: true
         default: 'latest'
-
+      is_latest:
+        description: 'Set as latest'
+        required: true
+        default: true
+        type: boolean
 jobs:
   validate_image:
     runs-on: [ubuntu-latest]
@@ -16,6 +20,7 @@ jobs:
       - name: Run container certification
         env:
           VERSION: ${{ github.event.inputs.version_tag }}
+          IS_LATEST: ${{ github.event.inputs.is_latest }}
           OCP_PROJECT_NAMESPACE: ${{ secrets.OCP_PROJECT_NAMESPACE }}
           REGISTRY_LOGIN_USERNAME: ${{ secrets.REGISTRY_LOGIN_USERNAME }}
           REGISTRY_LOGIN_PASSWORD: ${{ secrets.REGISTRY_LOGIN_PASSWORD }}
diff --git a/Makefile b/Makefile
index f41a28f5..94cebcd7 100644
--- a/Makefile
+++ b/Makefile
@@ -163,7 +163,7 @@ bundle-build:
 	docker tag ${BUNDLE_IMG} antrea/antrea-operator-bundle
 
 antrea-resources:
-	./hack/generate-antrea-resources.sh --platform $(ANTREA_PLATFORM)
+	./hack/generate-antrea-resources.sh --platform $(ANTREA_PLATFORM) --version $(VERSION)
 	cp ./config/rbac/role.yaml ./deploy/$(ANTREA_PLATFORM)/role.yaml
 
 # Generate package manifests.
diff --git a/hack/certify-operator-ocp.sh b/hack/certify-operator-ocp.sh
index 3ef1fcb0..521e5f37 100755
--- a/hack/certify-operator-ocp.sh
+++ b/hack/certify-operator-ocp.sh
@@ -6,32 +6,44 @@ function cleanup {
         $CONTAINER_TOOL image rm -f $IMAGE_ID
     fi
     $CONTAINER_TOOL image rm -f quay.io/opdev/preflight:stable
+    rm -rf $AUTH_FILE_DIR
 }
 
 trap cleanup EXIT
 
 CONTAINER_TOOL=${CONTAINER_TOOL:-docker}
 CONTAINER_REGISTRY=${CONTAINER_REGISTRY:-quay.io}
-AUTH_FILE='$HOME/.docker/config.json'
+AUTH_FILE_DIR='/tmp/dockercfg'
+mkdir -p $AUTH_FILE_DIR
+AUTH_FILE="$AUTH_FILE_DIR/config.json"
 
 if [ $CONTAINER_TOOL == 'podman' ]; then
     AUTH_FILE_SETTING="--authfile $AUTH_FILE"
+else
+    AUTH_FILE_SETTING="--config $AUTH_FILE_DIR"
 fi
-$CONTAINER_TOOL login $AUTH_FILE_SETTING -u $REGISTRY_LOGIN_USERNAME -p $REGISTRY_LOGIN_PASSWORD $CONTAINER_REGISTRY
+
+echo $REGISTRY_LOGIN_PASSWORD | $CONTAINER_TOOL  $AUTH_FILE_SETTING login -u $REGISTRY_LOGIN_USERNAME --password-stdin $CONTAINER_REGISTRY
 
 $CONTAINER_TOOL pull antrea/antrea-operator:$VERSION
 IMAGE_ID=$($CONTAINER_TOOL image ls | awk '/antrea-operator/{print $3}')
 
-$CONTAINER_TOOL tag $IMAGE_ID $CONTAINER_REGISTRY/$OCP_PROJECT_NAMESPACE/$PFLT_CERTIFICATION_PROJECT_ID:$VERSION
-$CONTAINER_TOOL push $CONTAINER_REGISTRY/$OCP_PROJECT_NAMESPACE/$PFLT_CERTIFICATION_PROJECT_ID:$VERSION
+$CONTAINER_TOOL $AUTH_FILE_SETTING tag $IMAGE_ID $CONTAINER_REGISTRY/$OCP_PROJECT_NAMESPACE/$PFLT_CERTIFICATION_PROJECT_ID:$VERSION
+$CONTAINER_TOOL $AUTH_FILE_SETTING push $CONTAINER_REGISTRY/$OCP_PROJECT_NAMESPACE/$PFLT_CERTIFICATION_PROJECT_ID:$VERSION
 
-$CONTAINER_TOOL run \
+$CONTAINER_TOOL $AUTH_FILE_SETTING run \
   --rm \
   --security-opt=label=disable \
   --env PFLT_LOGLEVEL=trace \
   --env PFLT_CERTIFICATION_PROJECT_ID=$PFLT_CERTIFICATION_PROJECT_ID \
   --env PFLT_PYXIS_API_TOKEN=$PFLT_PYXIS_API_TOKEN \
-  -v $HOME/.docker:/docker \
+  -v $AUTH_FILE_DIR:/docker \
   quay.io/opdev/preflight:stable check container -s --docker-config /docker/config.json $CONTAINER_REGISTRY/$OCP_PROJECT_NAMESPACE/$PFLT_CERTIFICATION_PROJECT_ID:$VERSION
 
+# Tag latest if required
+if [ "$IS_LATEST" == "true" ]; then
+    $CONTAINER_TOOL $AUTH_FILE_SETTING tag $IMAGE_ID $CONTAINER_REGISTRY/$OCP_PROJECT_NAMESPACE/$PFLT_CERTIFICATION_PROJECT_ID:latest
+    $CONTAINER_TOOL $AUTH_FILE_SETTING push $CONTAINER_REGISTRY/$OCP_PROJECT_NAMESPACE/$PFLT_CERTIFICATION_PROJECT_ID:latest
+fi
+
 exit 0
diff --git a/hack/generate-antrea-samples.py b/hack/generate-antrea-samples.py
index 9401b7eb..d4405e07 100755
--- a/hack/generate-antrea-samples.py
+++ b/hack/generate-antrea-samples.py
@@ -3,6 +3,15 @@
 import argparse
 import yaml
 
+
+def str_presenter(dumper, data):
+    if len(data.splitlines()) > 1:  # check for multiline string
+        return dumper.represent_scalar('tag:yaml.org,2002:str', data, style='|')
+    return dumper.represent_scalar('tag:yaml.org,2002:str', data)
+
+
+yaml.add_representer(str, str_presenter)
+
 parser = argparse.ArgumentParser(description='Gather resources from Antrea repository')
 parser.add_argument('yaml_files', metavar='file', type=argparse.FileType('r'), nargs='+',
                     help='List of yaml files for processing')