diff --git a/Makefile b/Makefile index c2797aa5..594fadcf 100644 --- a/Makefile +++ b/Makefile @@ -187,14 +187,15 @@ update-bindata: go-bindata ## Update bindata.go file. rm -rf ./$(GATEKEEPER_MANIFEST_DIR)-rendered $(MAKE) fmt -GATEKEEPER_IMAGE ?= quay.io/gatekeeper/gatekeeper +GATEKEEPER_IMG_BASE ?= quay.io/gatekeeper/gatekeeper +GATEKEEPER_IMG ?= $(GATEKEEPER_IMAGE_BASE):v$(GATEKEEPER_VERSION) .PHONY: update-gatekeeper-image update-gatekeeper-image: ## Update Gatekeeper image in manifests. yq 'select(.kind == "Deployment") \ |= .spec.template.spec.containers[] \ |= select(.name == "manager").env[] \ - |= select(.name == "RELATED_IMAGE_GATEKEEPER").value = "$(GATEKEEPER_IMAGE):v$(GATEKEEPER_VERSION)"' \ + |= select(.name == "RELATED_IMAGE_GATEKEEPER").value = "$(GATEKEEPER_IMG)"' \ -i config/manager/manager.yaml # Set version variables for LDFLAGS diff --git a/build/Dockerfile b/build/Dockerfile index 3d7a52c8..351c7e31 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -22,11 +22,12 @@ COPY pkg/ pkg/ # Build RUN CGO_ENABLED=1 GOOS=${GOOS} GOARCH=${GOARCH} go build -mod=readonly -a -ldflags "${LDFLAGS}" -o manager main.go -# Use distroless as minimal base image to package the manager binary -# Refer to https://github.com/GoogleContainerTools/distroless for more details +# Copy to base image FROM registry.access.redhat.com/ubi9/ubi-minimal:latest WORKDIR / COPY --from=builder /workspace/manager . +RUN mkdir licenses/ +COPY LICENSE licenses/ USER 65532:65532 ENTRYPOINT ["/manager"] diff --git a/build/Dockerfile.rhtap b/build/Dockerfile.rhtap index 19c54919..7e18ba82 100644 --- a/build/Dockerfile.rhtap +++ b/build/Dockerfile.rhtap @@ -22,11 +22,12 @@ COPY pkg/ pkg/ # Build RUN CGO_ENABLED=1 GOOS=${GOOS} GOARCH=${GOARCH} go build -mod=readonly -a -ldflags "${LDFLAGS}" -o manager main.go -# Use distroless as minimal base image to package the manager binary -# Refer to https://github.com/GoogleContainerTools/distroless for more details +# Copy to base image FROM registry.access.redhat.com/ubi9/ubi-minimal:latest WORKDIR / COPY --from=builder /workspace/manager . +RUN mkdir licenses/ +COPY LICENSE licenses/ USER 65532:65532 ENTRYPOINT ["/manager"] diff --git a/build/bundle.Dockerfile.rhtap b/build/bundle.Dockerfile.rhtap new file mode 100644 index 00000000..1141b129 --- /dev/null +++ b/build/bundle.Dockerfile.rhtap @@ -0,0 +1,38 @@ +FROM registry.redhat.io/openshift4/ose-cli-rhel9:v4.17 as builder + +WORKDIR /gatekeeper-operator +COPY . . +RUN /gatekeeper-operator/build/konflux-patch.sh + +FROM scratch + +# Copy files to locations specified by labels. +COPY --from=builder /gatekeeper-operator/bundle/manifests /manifests/ +COPY --from=builder /gatekeeper-operator/bundle/metadata /metadata/ + +# Core bundle annotations. +LABEL operators.operatorframework.io.bundle.channel.default.v1=stable +LABEL operators.operatorframework.io.bundle.channels.v1="stable,3.17" +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=gatekeeper-operator +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.34.1 +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3 +# Red Hat annotations. +LABEL com.redhat.component=gatekeeper-operator-bundle-container +LABEL com.redhat.delivery.backport=false +LABEL com.redhat.delivery.operator.bundle=true +LABEL com.redhat.openshift.versions=v4.12 +# Bundle metadata +LABEL name=gatekeeper/gatekeeper-operator-bundle +LABEL description="The Gatekeeper Operator installs and configures Open Policy Agent Gatekeeper." +LABEL io.k8s.description="The Gatekeeper Operator installs and configures Open Policy Agent Gatekeeper." +LABEL summary="Red Hat Gatekeeper Operator" +LABEL version=v3.17.0 +LABEL release="" +LABEL distribution-scope=public +LABEL maintainer="acm-component-maintainers@redhat.com" +LABEL url=https://github.com/stolostron/gatekeeper-operator +LABEL vendor="Red Hat, Inc." diff --git a/build/konflux-patch.sh b/build/konflux-patch.sh new file mode 100755 index 00000000..ccb06dc9 --- /dev/null +++ b/build/konflux-patch.sh @@ -0,0 +1,29 @@ +#! /bin/bash + +set -e + +# Gatekeeper Operator image +operator_img="registry.redhat.io/gatekeeper/gatekeeper-rhel9-operator@sha256:6e386be134d928bdb03b702e399c97e7aedecacaa3d0813183a8c5ecf13c7bc2" +# Gatekeeper image +gatekeeper_img="registry.redhat.io/gatekeeper/gatekeeper-rhel9@sha256:3095f68c12c5dc3b00ce84e1c37d516d96cbcb06d42eaef5372358786956bd62" + +build_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)" + +csv_file=${build_dir}/../bundle/manifests/gatekeeper-operator.clusterserviceversion.yaml + +csv_patch=$(printf '[{ + "op": "replace", + "path": "/spec/install/spec/deployments/0/spec/template/spec/containers/0/env/0/value", + "value": "%s", +},{ + "op": "replace", + "path": "/spec/install/spec/deployments/0/spec/template/spec/containers/0/image", + "value": "%s", +},{ + "op": "replace", + "path": "/spec/relatedImages/0/image", + "value": "%s", +}]' ${gatekeeper_img} ${operator_img} ${gatekeeper_img}) + +kubectl patch --local=true -f ${csv_file} --type=json --patch="${csv_patch}" --output=yaml >${csv_file}.bk +mv ${csv_file}.bk ${csv_file}