fix: changes made while testing non-custom scc (#86)

* fix: changes made while testing non-custom scc

* fix(build-bundles.sh): use two channels stable and <major>.<minor>

* fix(build-manifests.py): add stable to the list of channels

* fix(build-manifests.sh): channels

* feat(csv): add olm.skipRange

* added not about repo branch

* fix(annotations.yaml): use the same name as the csv

* Revert "fix(annotations.yaml): use the same name as the csv"

This reverts commit 07e23f5.

---------

Co-authored-by: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>

Author: adwk67

olm/build-bundles.sh

@@ -11,6 +11,7 @@
 #
 # - There is a clone of the openshift-certified-operators repository in the folder passed as -c argument.
 #   This is the same as the build-manifests.sh script.
+#   Ensure the openshift-certified-operators repo is located on the correct branch (this is not supplied as an arguments).
 #
 # - The operator manifests for the given version have been generated with the build-manifests.sh script
 #   and are available in that repository under operators/<operator>/version/manifests.
@@ -77,7 +78,7 @@ bundle-clean() {
 }
 
 build-bundle() {
-	opm alpha bundle generate --directory manifests --package "${OPERATOR}-package" --output-dir bundle --channels stable --default stable
+	opm alpha bundle generate --directory manifests --package "${OPERATOR}-package" --output-dir bundle --channels "stable,$CHANNEL" --default "$CHANNEL"
 	cp metadata/*.yaml bundle/metadata/
 	docker build -t "docker.stackable.tech/sandbox/${OPERATOR}-bundle:${VERSION}" -f bundle.Dockerfile .
 	docker push "docker.stackable.tech/sandbox/${OPERATOR}-bundle:${VERSION}"
@@ -104,18 +105,25 @@ catalog() {
 
 	echo "Initiating package: ${OPERATOR}"
 	opm init "stackable-${OPERATOR}-operator" \
-		--default-channel=stable \
+		--default-channel="$CHANNEL" \
 		--output yaml >"catalog/stackable-${OPERATOR}-operator.yaml"
 	##--description="TODO: add description here" \
 
 	echo "Add operator to package: ${OPERATOR}"
 	{
+		echo "---"
+		echo "schema: olm.channel"
+		echo "package: stackable-${OPERATOR}-operator"
+		echo "name: \"$CHANNEL\""
+		echo "entries:"
+		echo "- name: ${OPERATOR}-operator.v${VERSION}"
 		echo "---"
 		echo "schema: olm.channel"
 		echo "package: stackable-${OPERATOR}-operator"
 		echo "name: stable"
 		echo "entries:"
 		echo "- name: ${OPERATOR}-operator.v${VERSION}"
+
 	} >>"catalog/stackable-${OPERATOR}-operator.yaml"
 	echo "Render operator: ${OPERATOR}"
 	opm render "docker.stackable.tech/sandbox/${OPERATOR}-bundle:${VERSION}" --output=yaml >>"catalog/stackable-${OPERATOR}-operator.yaml"
@@ -152,7 +160,7 @@ catalog() {
 		echo "metadata:"
 		echo "  name: stackable-${OPERATOR}-subscription"
 		echo "spec:"
-		echo "  channel: stable"
+		echo "  channel: '$CHANNEL'"
 		echo "  name: stackable-${OPERATOR}-operator" # this is the package name NOT the operator-name
 		echo "  source: stackable-${OPERATOR}-catalog"
 		echo "  sourceNamespace: stackable-operators"
@@ -194,6 +202,8 @@ main() {
 		exit 1
 	fi
 
+  CHANNEL="$(echo "$VERSION"|sed 's/\.[^.]*$//')"
+
 	if [ "$OPERATOR" == "spark-k8s" ]; then
 		echo "Renaming operator from spark-k8s to spark"
 		OPERATOR="spark"
@@ -206,10 +216,10 @@ main() {
 	bundle-clean
 	build-bundle
 
-	#catalog-clean
-	#catalog
+	catalog-clean
+	catalog
 
-	#deploy
+	deploy
 }
 
 main "$@"

olm/build-manifests.py

@@ -165,7 +165,7 @@ def parse_args(argv: list[str]) -> argparse.Namespace:
             f"Certification repository path not found: {args.repo_certified_operators} or it's not a certified operator repository"
         )
 
-    ### Set bundle channel
+    ### Set bundle default channel
     if not args.channel:
         if args.release == "0.0.0-dev":
             args.channel = "alpha"
@@ -333,11 +333,14 @@ def write_manifests(args: argparse.Namespace, manifests: list[dict]) -> None:
                 )
             # Only the product cluster role and the product configmap are dumped as individual files
             # The other objects are embedded in the CSV. These are:
-            # - the operator cluster role
+            # - the operator cluster role (N.B. some products have more than one cluster role e.g. HDFS)
             # - the operator deployment
             elif (
                 m["kind"] == "ClusterRole"
-                and m["metadata"]["name"] == f"{args.product}-clusterrole"
+                and (
+                    m["metadata"]["name"] == f"{args.product}-clusterrole"
+                    or m["metadata"]["name"] == f"{args.product}-clusterrole-nodes"
+                )
             ):
                 dest_file = (
                     args.dest_dir / "manifests" / f"{m['metadata']['name']}.yaml"
@@ -406,6 +409,8 @@ def generate_csv(
 
     result = load_resource("csv.yaml")
 
+    # In case of spark, -k8s is still in the product name but the bundle name
+    # in the certification repository is without -k8s. See previous comment on this.
     csv_name = (
         "spark-operator" if args.op_name == "spark-k8s-operator" else args.op_name
     )
@@ -423,6 +428,7 @@ def generate_csv(
     result["metadata"]["annotations"]["repository"] = (
         f"https://github.com/stackabletech/{args.op_name}"
     )
+    result["metadata"]["annotations"]["olm.skipRange"] = f'< {args.release}'
 
     ### 1. Add list of owned crds
     result["spec"]["customresourcedefinitions"]["owned"] = owned_crds
@@ -488,7 +494,7 @@ def generate_helm_templates(args: argparse.Namespace) -> list[dict]:
                     {
                         "apiGroups": ["security.openshift.io"],
                         "resources": ["securitycontextconstraints"],
-                        "resourceNames": ["stackable-products-scc"],
+                        "resourceNames": ["nonroot-v2"],
                         "verbs": ["use"],
                     }
                 )
@@ -579,17 +585,19 @@ def write_metadata(args: argparse.Namespace) -> None:
 
         annos = load_resource("annotations.yaml")
 
+        bundle_package_name = (
+            "spark-operator" if args.op_name == "spark-k8s-operator" else args.op_name
+        )
+
         annos["annotations"]["operators.operatorframework.io.bundle.package.v1"] = (
-            f"stackable-{args.op_name}"
+            f"stackable-{bundle_package_name}"
         )
         annos["annotations"]["com.redhat.openshift.versions"] = args.openshift_versions
 
         annos["annotations"][
             "operators.operatorframework.io.bundle.channel.default.v1"
         ] = args.channel
-        annos["annotations"]["operators.operatorframework.io.bundle.channels.v1"] = (
-            args.channel
-        )
+        annos["annotations"]["operators.operatorframework.io.bundle.channels.v1"] = f"stable,{args.channel}"
 
         anno_file = metadata_dir / "annotations.yaml"
         logging.info(f"Writing {anno_file}")

olm/build-manifests.sh

@@ -50,14 +50,14 @@ generate_metadata() {
   cat >annotations.yaml <<-ANNOS
 ---
 annotations:
-  operators.operatorframework.io.bundle.channel.default.v1: stable
-  operators.operatorframework.io.bundle.channels.v1: stable
+  operators.operatorframework.io.bundle.channel.default.v1: "${RELEASE}"
+  operators.operatorframework.io.bundle.channels.v1: "stable,${RELEASE}"
   operators.operatorframework.io.bundle.manifests.v1: manifests/
   operators.operatorframework.io.bundle.mediatype.v1: registry+v1
   operators.operatorframework.io.bundle.metadata.v1: metadata/
   operators.operatorframework.io.bundle.package.v1: stackable-${OPERATOR}
 
-  com.redhat.openshift.versions: v4.11-v4.15
+  com.redhat.openshift.versions: v4.12-v4.15
 ANNOS
 
   cat >dependencies.yaml <<-DEPS
@@ -97,6 +97,7 @@ parse_inputs() {
     case $1 in
     -r)
       RELEASE_VERSION="$2"
+      RELEASE="$(cut -d'.' -f1,2 <<<"$RELEASE_VERSION")"
       shift
       ;;
     -o)
@@ -150,14 +151,14 @@ HELP
 patch_cluster_roles() {
   pushd "$MANIFESTS_DIR"
 
-  # Add product SCC to product cluster role
+  # Add nonroot-v2 SCC to product cluster role
   if [ -f "$PRODUCT-clusterrole.yml" ]; then
-    yq -i '.rules += { "apiGroups": [ "security.openshift.io" ], "resources": [ "securitycontextconstraints" ], "resourceNames": ["stackable-products-scc" ], "verbs": ["use"]}' "$PRODUCT-clusterrole.yml"
+    yq -i '.rules += { "apiGroups": [ "security.openshift.io" ], "resources": [ "securitycontextconstraints" ], "resourceNames": ["nonroot-v2" ], "verbs": ["use"]}' "$PRODUCT-clusterrole.yml"
   fi
 
-  # Add hostmount-anyuid SCC to operator cluster role
+  # Add nonroot-v2 SCC to operator cluster role
   if [ -f "$OPERATOR-clusterrole.yml" ]; then
-    yq -i '.rules += { "apiGroups": [ "security.openshift.io" ], "resources": [ "securitycontextconstraints" ], "resourceNames": ["hostmount-anyuid" ], "verbs": ["use"]}' "$OPERATOR-clusterrole.yml"
+    yq -i '.rules += { "apiGroups": [ "security.openshift.io" ], "resources": [ "securitycontextconstraints" ], "resourceNames": ["nonroot-v2" ], "verbs": ["use"]}' "$OPERATOR-clusterrole.yml"
   fi
 
   popd

olm/resources/csv.yaml

@@ -19,6 +19,7 @@ metadata:
         description: Stackable Operator for placeholder
         repository: https://github.com/stackabletech/placeholder
         containerImage: placeholder
+        olm.skipRange: placeholder
 spec:
     displayName: placeholder
     description: |