From d9318386df8ddb25f8ff1b9e057d349b55b5a02f Mon Sep 17 00:00:00 2001
From: Jonathan Knight <jk5766@outlook.com>
Date: Tue, 9 Sep 2025 14:59:54 +0300
Subject: [PATCH] Adding RedHat OpenShift container preflight testing

---
 Makefile                        |  1 -
 hack/openshift/operator-cert.sh | 13 ++++++--
 hack/openshift/run-preflight.sh | 58 +++++++++++++++++++++++++++++++++
 3 files changed, 69 insertions(+), 3 deletions(-)
 create mode 100644 hack/openshift/run-preflight.sh

diff --git a/Makefile b/Makefile
index 3b9d6987..0bf28d86 100644
--- a/Makefile
+++ b/Makefile
@@ -1242,7 +1242,6 @@ preflight: ## Run the OpenShift preflight tests against the Operator Image in a
 	  --env KUBECONFIG=/kubeconfig/config \
 	  --env PFLT_DOCKERCONFIG=/dockerconfig/$(PREFLIGHT_REGISTRY_AUTH_JSON) \
 	  --env PFLT_LOGLEVEL=trace \
-	  --env PFLT_CHANNEL=beta \
 	  --env PFLT_LOGFILE=/artifacts/preflight.log \
 	  -v $(BUILD_PREFLIGHT):/artifacts \
 	  -v $(HOME)/.kube/:/kubeconfig:ro \
diff --git a/hack/openshift/operator-cert.sh b/hack/openshift/operator-cert.sh
index d812c4ed..53224569 100644
--- a/hack/openshift/operator-cert.sh
+++ b/hack/openshift/operator-cert.sh
@@ -168,13 +168,21 @@ LATEST_RELEASE=""
 if [ "${USE_LATEST_OPERATOR_RELEASE}" = "true" ]; then
 # delete the old local repo to force a new one to be cloned
   rm -rf "${BUILD_DIR}/certified-operators"
-# Use a proper name for git branch
-  GIT_CERT_BRANCH="release-${OPERATOR_VERSION}"
 # Find the latest release of the Coherence Operator on GitHub
   LATEST_RELEASE=$(gh release list --repo oracle/coherence-operator --json name,isLatest --jq '.[] | select(.isLatest)|.name')
 # Strip the v from the front of the release to give the Operator version
   OPERATOR_VERSION=${LATEST_RELEASE#"v"}
   echo "Latest Operator version is ${OPERATOR_VERSION}"
+# Check the latest release image exists on OCR
+  COHERENCE_OPERATOR_IMAGE="container-registry.oracle.com/middleware/coherence-operator:${OPERATOR_VERSION}"
+  echo "Checking Oracle Container Registry for image ${OCR_COHERENCE_IMAGE}"
+  podman manifest inspect "${OCR_COHERENCE_IMAGE}" > /dev/null
+  if [ $? -ne 0 ]; then
+    echo "ERROR: Image ${OCR_COHERENCE_IMAGE} does not exist on OCR."
+    exit 1
+  fi
+# Use a proper name for the git branch
+  GIT_CERT_BRANCH="release-${OPERATOR_VERSION}"
 # Set the upstream repo for the pull request to be the official RedHat repo
   UPSTREAM_REPO_NAME=redhat-openshift-ecosystem/certified-operators
 # make sure the certified-operators repo in Coherence Community is sync'ed with the RedHat repo
@@ -184,6 +192,7 @@ else
   OPERATOR_VERSION=$(cat "${BUILD_DIR}/_output/version.txt")
 # We will not be submitting results
   SUBMIT_RESULTS=false
+  COHERENCE_OPERATOR_IMAGE="${REGISTRY_HOST}/${REGISTRY_NAMESPACE}/coherence-operator:${OPERATOR_VERSION}"
 fi
 
 if [ -z "${OPERATOR_VERSION:-}" ]; then
diff --git a/hack/openshift/run-preflight.sh b/hack/openshift/run-preflight.sh
new file mode 100644
index 00000000..c1d637b6
--- /dev/null
+++ b/hack/openshift/run-preflight.sh
@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2020, 2025, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at
+# http://oss.oracle.com/licenses/upl.
+#
+
+ROOT_DIR=$(pwd)
+BUILD_DIR="${ROOT_DIR}/build"
+OUTPUT_DIR="${BUILD_DIR}/_output"
+
+mkdir -p "${OUTPUT_DIR}" || true
+
+if [ -z "${SUBMIT_RESULTS:-}" ]; then
+  SUBMIT_RESULTS=false
+fi
+
+if [ "${SUBMIT_RESULTS}" = "true" ]; then
+  if [ -z "${OPENSHIFT_API_KEY:-}" ]; then
+    echo "Error: SUBMIT_RESULTS is set to 'true' but OPENSHIFT_API_KEY is not set"
+    exit 1
+  fi
+  if [ -z "${OPENSHIFT_IMAGE_COMPONENT_ID:-}" ]; then
+    OPENSHIFT_IMAGE_COMPONENT_ID="67bdf00eb9f79dcdb25aa8e2"
+  fi
+  EXTRA_ARGS="--pyxis-api-token=${OPENSHIFT_API_KEY} --certification-component-id=${OPENSHIFT_IMAGE_COMPONENT_ID}"
+else
+  EXTRA_ARGS=""
+fi
+
+if [ "${USE_LATEST_OPERATOR_RELEASE}" = "true" ]; then
+  echo "Run preflight on latest release"
+# Find the latest release of the Coherence Operator on GitHub
+  LATEST_RELEASE=$(gh release list --repo oracle/coherence-operator --json name,isLatest --jq '.[] | select(.isLatest)|.name')
+# Strip the v from the front of the release to give the Operator version
+  OPERATOR_VERSION=${LATEST_RELEASE#"v"}
+  echo "Latest Operator version is ${OPERATOR_VERSION}"
+# Check the latest release image exists on OCR
+  COHERENCE_OPERATOR_IMAGE="container-registry.oracle.com/middleware/coherence-operator:${OPERATOR_VERSION}"
+  echo "Checking Oracle Container Registry for image ${COHERENCE_OPERATOR_IMAGE}"
+  docker manifest inspect "${COHERENCE_OPERATOR_IMAGE}" > /dev/null
+  if [ $? -ne 0 ]; then
+    echo "ERROR: Image ${COHERENCE_OPERATOR_IMAGE} does not exist on OCR."
+    exit 1
+  fi
+else
+  echo "Run preflight on latest build"
+# We are just testing a local build, so use the current version
+  OPERATOR_VERSION=$(cat "${BUILD_DIR}/_output/version.txt")
+# We will not be submitting results
+  SUBMIT_RESULTS=false
+  COHERENCE_OPERATOR_IMAGE="${REGISTRY_HOST}/${REGISTRY_NAMESPACE}/coherence-operator:${OPERATOR_VERSION}"
+fi
+
+echo "Running preflight on ${COHERENCE_OPERATOR_IMAGE}"
+
+PREFLIGHT_LOG="${OUTPUT_DIR}/preflight.log"
+preflight check container --submit="${SUBMIT_RESULTS}" --logfile="${PREFLIGHT_LOG}" ${EXTRA_ARGS} ${COHERENCE_OPERATOR_IMAGE}