CLOUDP-154873: Fix Openshift image certification (#867)

* fix action to certify container images

Author: helderjs

.github/actions/certify-openshift-images/Dockerfile

@@ -1,7 +1,21 @@
-FROM docker:23.0-rc-cli
+FROM registry.access.redhat.com/ubi8/ubi:latest
 
-RUN apk update && \
-  apk add --no-cache curl jq
+RUN yum install -y \
+      bzip2 \
+      gzip \
+      tar \
+      iptables \
+      yum-utils \
+      jq
+
+RUN yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo && \
+    yum list docker-ce --showduplicates | sort -r && \
+    yum install -y \
+      docker-ce \
+      docker-ce-cli \
+      containerd.io
+
+RUN yum clean all
 
 RUN curl -LO https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/1.4.3/preflight-linux-amd64  && \
   chmod +x ./preflight-linux-amd64 && \

.github/actions/certify-openshift-images/action.yaml

@@ -16,6 +16,10 @@ inputs:
   rhcc_project:
     description: The Redhat certification central project id
     required: true
+  submit:
+    description: Submit result to RedHat Connect
+    required: false
+    default: "false"
 runs:
   using: 'docker'
   image: 'Dockerfile'
@@ -25,3 +29,4 @@ runs:
     QUAY_PASSWORD: ${{ inputs.quay_password }}
     RHCC_TOKEN: ${{ inputs.rhcc_token }}
     RHCC_PROJECT: ${{ inputs.rhcc_project }}
+    SUBMIT: ${{ inputs.submit }}

.github/actions/certify-openshift-images/entrypoint.sh

@@ -2,19 +2,24 @@
 
 set -eou pipefail
 
-docker login -u unused -p "${QUAY_PASSWORD}" quay.io
+docker login -u mongodb+mongodb_atlas_kubernetes -p "${QUAY_PASSWORD}" quay.io
 
 DIGESTS=$(docker manifest inspect "${REPOSITORY}:${VERSION}" | jq -r .manifests[].digest)
 
 for DIGEST in $DIGESTS; do
   echo "Checking image $DIGEST"
   # Do the preflight check first
-  preflight check container "${DIGEST}" --docker-config="${HOME}/.docker/config.json"
+  preflight check container "${REPOSITORY}:${VERSION}@${DIGEST}" --artifacts "${DIGEST}" --docker-config="${HOME}/.docker/config.json"
 
-  # Send results to RedHat if preflight finished without errors
-  preflight check container "${DIGEST}" \
-    --submit \
-    --pyxis-api-token="${RHCC_TOKEN}" \
-    --certification-project-id="${RHCC_PROJECT}" \
-    --docker-config="${HOME}/.docker/config.json"
+  if [ "$SUBMIT" = "true" ]; then
+    rm -rf "${DIGEST}"
+    echo "Submitting result to RedHat Connect"
+    # Send results to RedHat if preflight finished wthout errors
+    preflight check container "${REPOSITORY}@${DIGEST}" \
+      --artifacts "${DIGEST}" \
+      --pyxis-api-token="${RHCC_TOKEN}" \
+      --certification-project-id="${RHCC_PROJECT}" \
+      --docker-config="${HOME}/.docker/config.json" \
+      --submit
+  fi
 done

.github/workflows/release-openshift.yaml

@@ -62,6 +62,7 @@ jobs:
           quay_password: ${{ secrets.QUAY_PASSWORD }}
           rhcc_token: ${{ secrets.RH_CERTIFICATION_PYXIS_API_TOKEN }}
           rhcc_project: ${{ secrets.RH_CERTIFICATION_OSPID }}
+          submit: "true"
       - name: Configure certified release
         if: ${{ matrix.certified }}
         env: