feat(KONFLUX-4158): add fbc-fips-check task to FBC pipeline (#1166)

* feat(KONFLUX-4158): add fbc-fips-check task to FBC pipeline

This commit adds the fbc-fips-check to the FBC pipeline.
It also adds a template file named images-mirror-set.yaml which is required by
the FIPS task itself and will be used by other tasks in the future.

Signed-off-by: yashvardhannanavati <22090997+yashvardhannanavati@users.noreply.github.com>

Update .tekton/images-mirror-set.yaml

* add related images

* update patch_catalog.py

* Keep related images

---------

Co-authored-by: yashvardhannanavati <22090997+yashvardhannanavati@users.noreply.github.com>

Author: jotak

.tekton/images-mirror-set.yaml

@@ -0,0 +1,25 @@
+---
+apiVersion: operator.openshift.io/v1alpha1
+kind: ImageDigestMirrorSet
+metadata:
+  name: example-mirror-set
+spec:
+  imageDigestMirrors:
+    - mirrors:
+      - quay.io/redhat-user-workloads/ocp-network-observab-tenant/netobserv-operator/network-observability-operator
+      source: registry.redhat.io/network-observability/network-observability-rhel9-operator
+    - mirrors:
+      - quay.io/redhat-user-workloads/ocp-network-observab-tenant/netobserv-operator/flowlogs-pipeline
+      source: registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9
+    - mirrors:
+      - quay.io/redhat-user-workloads/ocp-network-observab-tenant/netobserv-operator/netobserv-ebpf-agent
+      source: registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9
+    - mirrors:
+      - quay.io/redhat-user-workloads/ocp-network-observab-tenant/netobserv-operator/network-observability-console-plugin
+      source: registry.redhat.io/network-observability/network-observability-console-plugin-rhel9
+    - mirrors:
+      - quay.io/redhat-user-workloads/ocp-network-observab-tenant/netobserv-operator/network-observability-cli-container
+      source: registry.redhat.io/network-observability/network-observability-cli-rhel9
+    - mirrors:
+      - quay.io/redhat-user-workloads/ocp-network-observab-tenant/netobserv-operator/network-observability-operator-bundle
+      source: registry.redhat.io/network-observability/network-observability-operator-bundle

.tekton/pipeline-fbc-ref.yaml

@@ -252,6 +252,30 @@ spec:
       operator: in
       values:
       - "true"
+  - name: fbc-fips-check-oci-ta
+    params:
+    - name: image-digest
+      value: $(tasks.build-image-index.results.IMAGE_DIGEST)
+    - name: image-url
+      value: $(tasks.build-image-index.results.IMAGE_URL)
+    - name: SOURCE_ARTIFACT
+      value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
+    runAfter:
+    - build-image-index
+    taskRef:
+      params:
+      - name: name
+        value: fbc-fips-check-oci-ta
+      - name: bundle
+        value: quay.io/konflux-ci/tekton-catalog/task-fbc-fips-check-oci-ta:0.1@sha256:2e6900f5755fca70f8eebfcf004f39dd9adf6b488c8828f35a1b24862a9f81cf
+      - name: kind
+        value: task
+      resolver: bundles
+    when:
+    - input: $(params.skip-checks)
+      operator: in
+      values:
+      - "false"
   - name: deprecated-base-image-check
     params:
     - name: IMAGE_URL

catalog/rc.yaml

@@ -994,13 +994,14 @@ properties:
       name: Red Hat
       url: https://www.redhat.com
 relatedImages:
-- image:
-    registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:652c4315efe070dd4e3b91af036e9baa7bdeb9c6f1864b94b99f7795cfc5db88
-  name: ''
-- image:
-    registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:821f89fd102065ee8c1d14414b46ed332c2d22c6d0cf305386433245b4319c50
-  name: ''
-- image:
-    registry.redhat.io/openshift4/ose-kube-rbac-proxy-rhel9@sha256:3fa22124916523b958c67af8ad652e73a2c3d68bb5579da1cba1ade537f3b7ae
-  name: ''
+- image: registry.redhat.io/network-observability/network-observability-console-plugin-rhel9@sha256:625c61b35f6da4c363e97560562ea0483abbc9d656439a2a1a5e459f7c787d0c
+  name: console_plugin
+- image: registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9@sha256:4357c47a999973c65e16f8ac9ae418140de5a57826431f7c0dbd9cda597479ee
+  name: ebpf_agent
+- image: registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:df416b77ce2e24110e23c0d0478e916fcf249a889f4be855e1834d0dd5d51af1
+  name: flowlogs_pipeline
+- image: registry.redhat.io/network-observability/network-observability-operator-bundle@sha256:8c2066523686a9ccad39043686d67b6c63c3a835691ceec48180758e168ed181
+  name: ""
+- image: registry.redhat.io/network-observability/network-observability-rhel9-operator@sha256:17ed869827a412b801943cecc2b7be0e7f4dd8d0f84bcf4d4ebada0c9eec06a2
+  name: manager
 schema: olm.bundle

hack/patch_catalog.py

@@ -1,12 +1,15 @@
 import os
 from sys import exit as sys_exit
-from datetime import datetime
 from ruamel.yaml import YAML
 yaml = YAML()
 yaml.explicit_start = True
 
 version = os.getenv('VERSION')
 bundle_image = os.getenv('BUNDLE_IMAGE_PULLSPEC')
+operator_image = os.getenv('OPERATOR_IMAGE_PULLSPEC')
+ebpf_image = os.getenv('EBPF_IMAGE_PULLSPEC')
+flp_image = os.getenv('FLP_IMAGE_PULLSPEC')
+console_image = os.getenv('CONSOLE_IMAGE_PULLSPEC')
 package_name = "network-observability-operator"
 package_full_name = '{}.v{}'.format(package_name, version)
 
@@ -33,5 +36,13 @@ def dump_index(pathn, index):
 for relatedImage in index[0]["relatedImages"]:
    if relatedImage["image"][0:95] == "registry.redhat.io/network-observability/network-observability-operator-bundle":
       relatedImage["image"] = bundle_image
+   elif relatedImage["name"] == "manager":
+      relatedImage["image"] = operator_image
+   elif relatedImage["name"] == "ebpf_agent":
+      relatedImage["image"] = ebpf_image
+   elif relatedImage["name"] == "flowlogs_pipeline":
+      relatedImage["image"] = flp_image
+   elif relatedImage["name"] == "console_plugin":
+      relatedImage["image"] = console_image
 
 dump_index(os.getenv('TARGET_INDEX_FILE'), index)

hack/patch_csv.py

@@ -75,7 +75,7 @@ def dump_manifest(pathn, manifest):
 csv['spec']['maturity'] = 'stable'
 
 # remove relatedImages from spec as it is picked up from ENV instead (having them in both places generates a build error)
-csv['spec'].pop('relatedImages', None)
+# csv['spec'].pop('relatedImages', None)
 
 csv['spec']['version'] = version
 csv['spec']['replaces'] = 'network-observability-operator.v{}'.format(replaces)