Build temporary catalog for FBC operators

The temporary catalog is build in hosted pipeline and is used for
preflight testing. The catalog contains just one operator and it is
generated using basic template.

JIRA: ISV-4990

Signed-off-by: Ales Raszka <[email protected]>

Author: Allda

ansible/roles/operator-pipeline/templates/openshift/pipelines/operator-hosted-pipeline.yml

@@ -844,7 +844,14 @@ spec:
     - name: add-bundle-to-index
       runAfter:
         - add-fbc-fragments-to-index
-      when: *operatorOrBundleChange
+      when:
+        # Run only when a bundle is added and it doesn't use FBC
+        - input: "$(tasks.detect-changes.results.affected_catalogs)"
+          operator: in
+          values: [""]
+        - input: "$(tasks.read-config.results.fbc-enabled)"
+          operator: notin
+          values: ["true"]
       taskRef:
         name: add-bundle-to-index
       params:
@@ -875,9 +882,50 @@ spec:
           workspace: results
           subPath: paths
 
+    - name: build-fbc-scratch-catalog
+      runAfter:
+        - add-fbc-fragments-to-index
+      when:
+        # Run only when a bundle is added and it uses FBC
+        - input: "$(tasks.detect-changes.results.affected_catalogs)"
+          operator: in
+          values: [""]
+        - input: "$(tasks.read-config.results.fbc-enabled)"
+          operator: in
+          values: ["true"]
+      taskRef:
+        name: build-fbc-scratch-catalog
+      params:
+        - name: pipeline_image
+          value: "$(params.pipeline_image)"
+        - name: fbc_enabled
+          value: "$(tasks.read-config.results.fbc-enabled)"
+        - name: ocp_version
+          value: "$(tasks.get-supported-versions.results.max_supported_ocp_version)"
+        - name: bundle_pullspec
+          value: *bundleImage
+        - name: operator_name
+          value: "$(tasks.detect-changes.results.added_operator)"
+        - name: bundle_version
+          value: "$(tasks.detect-changes.results.added_bundle)"
+        - name: index_image_destination
+          value: *tempIndexRepo
+        - name: index_image_destination_tag_suffix
+          value: "-$(params.git_commit)"
+      workspaces:
+        - name: source
+          workspace: repository
+          subPath: src
+        - name: credentials
+          workspace: registry-credentials
+        - name: output
+          workspace: results
+          subPath: paths
+
     - name: make-index-repo-public
       runAfter:
         - add-bundle-to-index
+        - build-fbc-scratch-catalog
       when: *operatorOrBundleChange
       taskRef:
         name: set-quay-repo-visibility

ansible/roles/operator-pipeline/templates/openshift/tasks/build-fbc-scratch-catalog.yml

@@ -0,0 +1,77 @@
+---
+apiVersion: tekton.dev/v1
+kind: Task
+metadata:
+  name: build-fbc-scratch-catalog
+spec:
+  description: |
+    The purpose of this task is to build a new index/catalog image with a single
+    operator bundle. The catalog is used only for testing purposes to test if
+    a bundle can be installed. After the tests are executed the catalog is
+    no longer used.
+
+    The catalog is build using FBC mechanism:
+      - create an empty catalog
+      - create a basic FBC template and insert the bundle
+      - render a template to FBC
+      - build and push a catalog to registry given by arguments
+  params:
+    - name: pipeline_image
+
+    - name: catalog_repository
+      default: "."
+      description: A git repository where catalog is pushed
+
+    - name: ocp_version
+      description: A version of OCP that is going to be used as a target for a catalog
+
+    - name: bundle_pullspec
+      description: Bundle pullspec
+
+    - name: operator_name
+      description: A name of an operator given by the directory name in git repository.
+
+    - name: bundle_version
+      description: A version of a bundle that will be added to the catalog
+
+    - name: index_image_destination
+      default: ""
+      description: "The destination registry and repository where index images will be pushed"
+
+    - name: index_image_destination_tag_suffix
+      default: ""
+      description: "A tag suffix that is added to an image tag in destination registry"
+
+  workspaces:
+    - name: source
+    - name: output
+    - name: credentials
+      optional: true
+      description: A workspace with credentials for registry push
+  steps:
+    - name: build-fbc-catalog
+      image: "$(params.pipeline_image)"
+      workingDir: $(workspaces.source.path)
+      securityContext:
+        privileged: true
+      script: |
+        #! /usr/bin/env bash
+        set -xe
+
+        EXTRA_ARGS=""
+        if [[ "$(workspaces.credentials.bound)" == "true" ]]; then
+          EXTRA_ARGS+=" --authfile $(workspaces.credentials.path)/.dockerconfigjson"
+        fi
+
+        # The registry pull-spec is in following format:
+        # quay.io/{namespace}/{repository}:{ocp-version}{suffix}
+        # Example: quay.io/namespace/repo-name:v4.15-suffix
+        CATALOG_REPO="$(params.index_image_destination):v$(params.ocp_version)$(params.index_image_destination_tag_suffix)"
+
+        build-scratch-catalog \
+          --repo-path "$(params.catalog_repository)" \
+          --operator-name "$(params.operator_name)" \
+          --bundle-version "$(params.bundle_version)" \
+          --bundle-pullspec "$(params.bundle_pullspec)" \
+          --repository-destination $CATALOG_REPO \
+          --verbose $EXTRA_ARGS

operator-pipeline-images/operatorcert/buildah.py

@@ -0,0 +1,61 @@
+"""Module for building and pushing images using buildah."""
+
+import logging
+import os
+from typing import Any
+
+from operatorcert.utils import run_command
+
+LOGGER = logging.getLogger("operator-cert")
+
+
+def build_image(dockerfile_path: str, context: str, output_image: str) -> Any:
+    """
+    Build an image using buildah using given dockerfile and context.
+
+    Args:
+        dockerfile_path (str): Path to a dockerfile
+        context (str): Build context directory
+        output_image (str): A name of the output image
+
+    Returns:
+        Any: Command output
+    """
+    cmd = [
+        "buildah",
+        "bud",
+        "--format",
+        "docker",
+        "-f",
+        dockerfile_path,
+        "-t",
+        output_image,
+        context,
+    ]
+    LOGGER.info("Building image: %s", output_image)
+    return run_command(cmd)
+
+
+def push_image(image: str, authfile: str) -> Any:
+    """
+    Push an image to a registry using buildah.
+
+    Args:
+        image (str): A name of the image to push
+        authfile (str): A path to the authentication file
+
+    Returns:
+        Any: Command output
+    """
+    authfile = os.path.expanduser(authfile)
+    cmd = [
+        "buildah",
+        "push",
+        "--authfile",
+        authfile,
+        image,
+        f"docker://{image}",
+    ]
+
+    LOGGER.info("Pushing image: %s", image)
+    return run_command(cmd)

operator-pipeline-images/operatorcert/entrypoints/build_fragment_images.py

@@ -3,11 +3,10 @@
 import argparse
 import json
 import logging
-import os
-from typing import Any
 
+from operatorcert import buildah, opm
 from operatorcert.logger import setup_logger
-from operatorcert.utils import SplitArgs, run_command
+from operatorcert.utils import SplitArgs
 
 LOGGER = logging.getLogger("operator-cert")
 
@@ -52,84 +51,6 @@ def setup_argparser() -> argparse.ArgumentParser:
     return parser
 
 
-def create_dockerfile(catalog_path: str, catalog_name: str) -> str:
-    """
-    Generate a Dockerfile using opm for a given catalog.
-
-    Args:
-        catalog_path (str): Path to a catalogs direcotory
-        catalog_name (str): Name of the catalog in the catalogs directory
-
-    Returns:
-        str: A Dockerfile path for the given catalog
-    """
-    dockerfile_path = f"{catalog_path}/{catalog_name}.Dockerfile"
-    if os.path.exists(dockerfile_path):
-        LOGGER.warning("Dockerfile already exists: %s. Removing...", dockerfile_path)
-        os.remove(dockerfile_path)
-    cmd = [
-        "opm",
-        "generate",
-        "dockerfile",
-        f"{catalog_path}/{catalog_name}",
-    ]
-    LOGGER.debug("Creating dockerfile: %s", catalog_name)
-    run_command(cmd)
-    return f"{catalog_path}/{catalog_name}.Dockerfile"
-
-
-def build_fragment_image(dockerfile_path: str, context: str, output_image: str) -> Any:
-    """
-    Build a fragment image using buildah using given dockerfile and context.
-
-    Args:
-        dockerfile_path (str): Path to a dockerfile
-        context (str): Build context directory
-        output_image (str): A name of the output image
-
-    Returns:
-        Any: Command output
-    """
-    cmd = [
-        "buildah",
-        "bud",
-        "--format",
-        "docker",
-        "-f",
-        dockerfile_path,
-        "-t",
-        output_image,
-        context,
-    ]
-    LOGGER.info("Building fragment image: %s", output_image)
-    return run_command(cmd)
-
-
-def push_fragment_image(image: str, authfile: str) -> Any:
-    """
-    Push a fragment image to a registry using buildah.
-
-    Args:
-        image (str): A name of the image to push
-        authfile (str): A path to the authentication file
-
-    Returns:
-        Any: Command output
-    """
-    authfile = os.path.expanduser(authfile)
-    cmd = [
-        "buildah",
-        "push",
-        "--authfile",
-        authfile,
-        image,
-        f"docker://{image}",
-    ]
-
-    LOGGER.info("Pushing fragment image: %s", image)
-    return run_command(cmd)
-
-
 def create_fragment_image(
     catalog_path: str, catalog_name: str, args: argparse.Namespace
 ) -> str:
@@ -145,19 +66,19 @@ def create_fragment_image(
     Returns:
         str: A pullspec of the pushed fragment image
     """
-    dockerfile_path = create_dockerfile(catalog_path, catalog_name)
+    dockerfile_path = opm.create_catalog_dockerfile(catalog_path, catalog_name)
 
     # Add '-<tag_suffix>' to the repository destination if tag_suffix is set
     suffix = f"-{args.tag_suffix}" if args.tag_suffix else ""
     repository_destination = f"{args.repository_destination}:{catalog_name}{suffix}"
 
     # Build and push the fragment image
-    build_fragment_image(
+    buildah.build_image(
         dockerfile_path,
         catalog_path,
         repository_destination,
     )
-    push_fragment_image(repository_destination, args.authfile)
+    buildah.push_image(repository_destination, args.authfile)
 
     return repository_destination