From 191ee349d80408aa56d047132fcce74c069a30ac Mon Sep 17 00:00:00 2001
From: Luca Comellini <luca.com@gmail.com>
Date: Fri, 14 Jan 2022 21:45:28 -0800
Subject: [PATCH 1/2] Add missing metadata in the bundle, helper script for
 certification

---
 Dockerfile                                    |  2 +-
 Makefile                                      | 10 ++++++-
 bundle.Dockerfile                             |  3 +-
 ...ngress-operator.clusterserviceversion.yaml |  5 ++++
 bundle/metadata/annotations.yaml              |  4 +++
 ...ngress-operator.clusterserviceversion.yaml |  5 ++++
 hack/get_image_info.sh                        | 29 +++++++++++++++++++
 7 files changed, 55 insertions(+), 3 deletions(-)
 create mode 100755 hack/get_image_info.sh

diff --git a/Dockerfile b/Dockerfile
index 2423de87..bc729c37 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -27,7 +27,7 @@ COPY LICENSE /licenses/
 LABEL name="NGINX Ingress Operator" \
       maintainer="kubernetes@nginx.com" \
       vendor="NGINX Inc" \
-      version="v${VERSION}" \
+      version="${VERSION}" \
       release="1" \
       summary="The NGINX Ingress Operator is a Kubernetes/OpenShift component which deploys and manages one or more NGINX/NGINX Plus Ingress Controllers" \
       description="The NGINX Ingress Operator is a Kubernetes/OpenShift component which deploys and manages one or more NGINX/NGINX Plus Ingress Controllers"
diff --git a/Makefile b/Makefile
index d969ec8a..2c4cc4b5 100644
--- a/Makefile
+++ b/Makefile
@@ -10,6 +10,7 @@ VERSION ?= 0.5.0
 # To re-generate a bundle for other specific channels without changing the standard setup, you can:
 # - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=preview,fast,stable)
 # - use environment variables to overwrite this value (e.g export CHANNELS="preview,fast,stable")
+CHANNELS = "alpha"
 ifneq ($(origin CHANNELS), undefined)
 BUNDLE_CHANNELS := --channels=$(CHANNELS)
 endif
@@ -19,6 +20,7 @@ endif
 # To re-generate a bundle for any other default channel without changing the default setup, you can:
 # - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable)
 # - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable")
+DEFAULT_CHANNEL = "alpha"
 ifneq ($(origin DEFAULT_CHANNEL), undefined)
 BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL)
 endif
@@ -159,7 +161,8 @@ bundle: manifests kustomize ## Generate bundle manifests and metadata, then vali
 	operator-sdk generate kustomize manifests -q
 	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
 	$(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
-	@printf "%s\n" '' 'LABEL com.redhat.openshift.versions="v4.5"' 'LABEL com.redhat.delivery.operator.bundle=true' 'LABEL com.redhat.delivery.backport=true' >> bundle.Dockerfile
+	@printf "%s\n" '' 'LABEL com.redhat.openshift.versions="v4.6"' 'LABEL com.redhat.delivery.operator.bundle=true' 'LABEL com.redhat.delivery.backport=true' >> bundle.Dockerfile
+	@printf "%s\n" '' '  # OpenShift annotations.' '  com.redhat.openshift.versions: v4.6' >> bundle/metadata/annotations.yaml
 	operator-sdk bundle validate ./bundle
 
 .PHONY: bundle-build
@@ -210,3 +213,8 @@ catalog-build: opm ## Build a catalog image.
 .PHONY: catalog-push
 catalog-push: ## Push a catalog image.
 	$(MAKE) docker-push IMG=$(CATALOG_IMG)
+
+# Get medatada to prepare the bundle to be submitted at https://github.com/redhat-openshift-ecosystem/certified-operators/
+.PHONY: get-metadata-certification
+get-metadata-certification:
+	@./hack/get_image_info.sh ${IMAGE_TAG_BASE} ${VERSION}
diff --git a/bundle.Dockerfile b/bundle.Dockerfile
index a9dbddfd..354c1802 100644
--- a/bundle.Dockerfile
+++ b/bundle.Dockerfile
@@ -6,6 +6,7 @@ LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
 LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
 LABEL operators.operatorframework.io.bundle.package.v1=nginx-ingress-operator
 LABEL operators.operatorframework.io.bundle.channels.v1=alpha
+LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha
 LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.15.0
 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
 LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3
@@ -19,6 +20,6 @@ COPY bundle/manifests /manifests/
 COPY bundle/metadata /metadata/
 COPY bundle/tests/scorecard /tests/scorecard/
 
-LABEL com.redhat.openshift.versions="v4.5"
+LABEL com.redhat.openshift.versions="v4.6"
 LABEL com.redhat.delivery.operator.bundle=true
 LABEL com.redhat.delivery.backport=true
diff --git a/bundle/manifests/nginx-ingress-operator.clusterserviceversion.yaml b/bundle/manifests/nginx-ingress-operator.clusterserviceversion.yaml
index 449e5b0f..542bcaf5 100644
--- a/bundle/manifests/nginx-ingress-operator.clusterserviceversion.yaml
+++ b/bundle/manifests/nginx-ingress-operator.clusterserviceversion.yaml
@@ -27,12 +27,17 @@ metadata:
     categories: Monitoring, Networking
     certified: "true"
     containerImage: nginx/nginx-ingress-operator:0.5.0
+    createdAt: placeholder
     description: The NGINX Ingress Operator is a Kubernetes/OpenShift component which
       deploys and manages one or more NGINX/NGINX Plus Ingress Controllers
     operators.operatorframework.io/builder: operator-sdk-v1.15.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
     repository: https://github.com/nginxinc/nginx-ingress-operator
     support: NGINX Inc.
+  labels:
+    operatorframework.io/arch.amd64: supported
+    operatorframework.io/arch.ppc64le: supported
+    operatorframework.io/arch.s390x: supported
   name: nginx-ingress-operator.v0.5.0
   namespace: placeholder
 spec:
diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml
index 6e11d630..f189bf52 100644
--- a/bundle/metadata/annotations.yaml
+++ b/bundle/metadata/annotations.yaml
@@ -5,6 +5,7 @@ annotations:
   operators.operatorframework.io.bundle.metadata.v1: metadata/
   operators.operatorframework.io.bundle.package.v1: nginx-ingress-operator
   operators.operatorframework.io.bundle.channels.v1: alpha
+  operators.operatorframework.io.bundle.channel.default.v1: alpha
   operators.operatorframework.io.metrics.builder: operator-sdk-v1.15.0
   operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
   operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3
@@ -12,3 +13,6 @@ annotations:
   # Annotations for testing.
   operators.operatorframework.io.test.mediatype.v1: scorecard+v1
   operators.operatorframework.io.test.config.v1: tests/scorecard/
+
+  # OpenShift annotations.
+  com.redhat.openshift.versions: v4.6
diff --git a/config/manifests/bases/nginx-ingress-operator.clusterserviceversion.yaml b/config/manifests/bases/nginx-ingress-operator.clusterserviceversion.yaml
index c30640a9..b9b9923a 100644
--- a/config/manifests/bases/nginx-ingress-operator.clusterserviceversion.yaml
+++ b/config/manifests/bases/nginx-ingress-operator.clusterserviceversion.yaml
@@ -7,10 +7,15 @@ metadata:
     categories: Monitoring, Networking
     certified: "true"
     containerImage: nginx/nginx-ingress-operator:0.5.0
+    createdAt: placeholder
     description: The NGINX Ingress Operator is a Kubernetes/OpenShift component which
       deploys and manages one or more NGINX/NGINX Plus Ingress Controllers
     repository: https://github.com/nginxinc/nginx-ingress-operator
     support: NGINX Inc.
+  labels:
+    operatorframework.io/arch.amd64: supported
+    operatorframework.io/arch.ppc64le: supported
+    operatorframework.io/arch.s390x: supported
   name: nginx-ingress-operator.v0.0.0
   namespace: placeholder
 spec:
diff --git a/hack/get_image_info.sh b/hack/get_image_info.sh
new file mode 100755
index 00000000..dafd832e
--- /dev/null
+++ b/hack/get_image_info.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+image=$1
+version=$2
+
+kube_image=kubebuilder/kube-rbac-proxy
+kube_image_version=v0.8.0
+
+token="$(curl 'https://auth.docker.io/token?service=registry.docker.io&scope=repository:'${image}':pull' 2>/dev/null | jq -r '.token')"
+
+image_digest=$(curl -sSfL -I -H "Authorization: Bearer ${token}" -H "Accept: application/vnd.docker.distribution.manifest.list.v2+json" "https://index.docker.io/v2/${image}/manifests/${version}" | awk 'BEGIN {FS=": "}/^docker-content-digest/{gsub(/"/, "", $2); print $2}')
+
+digest="$(curl -sSfL -H "Authorization: Bearer ${token}" -H "Accept: application/vnd.docker.distribution.manifest.v2+json" "https://index.docker.io/v2/${image}/manifests/${version}" | jq -r '.config.digest')"
+
+created=$(curl -sSfL -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -H "Authorization: Bearer ${token}" "https://index.docker.io/v2/${image}/blobs/${digest}" | jq -r '.config.Labels."org.opencontainers.image.created"')
+
+proxy="./config/default/manager_auth_proxy_patch.yaml"
+kube_proxy=$(yq e '.spec.template.spec.containers.[0].image' $proxy)
+full_image=${kube_proxy%:*}
+kube_image=${full_image#*/}
+kube_version=${kube_proxy#*:}
+
+kube_digest=$(curl -sSfL -I -H "Accept: application/vnd.docker.distribution.manifest.list.v2+json" "https://gcr.io/v2/${kube_image}/manifests/${kube_version}" | awk 'BEGIN {FS=": "}/^docker-content-digest/{gsub(/"/, "", $2); print $2}')
+
+printf "%s\n\n" "Manually repleace the following values in bundle/manifests/nginx-ingress-operator.clusterserviceversion.yaml"
+printf "%s\n" "metadata.annotations.createdAt: ${created}"
+printf "%s\n" "metadata.annotations.containerImage: docker.io/${image}@${image_digest}"
+printf "%s\n" ".spec.install.spec.deployments[0].spec.template.spec.containers[1].image (nginx-ingress-operator): docker.io/${image}@${image_digest}"
+printf "%s\n" ".spec.install.spec.deployments[0].spec.template.spec.containers[0].image (kube-rbac-proxy): ${full_image}@${kube_digest}"

From b7d121857e5c7f8cdd72af345b0bb3add4faa8d3 Mon Sep 17 00:00:00 2001
From: Luca Comellini <luca.com@gmail.com>
Date: Wed, 19 Jan 2022 08:51:45 -0800
Subject: [PATCH 2/2] Remove dots

---
 hack/get_image_info.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hack/get_image_info.sh b/hack/get_image_info.sh
index dafd832e..f13fcf68 100755
--- a/hack/get_image_info.sh
+++ b/hack/get_image_info.sh
@@ -25,5 +25,5 @@ kube_digest=$(curl -sSfL -I -H "Accept: application/vnd.docker.distribution.mani
 printf "%s\n\n" "Manually repleace the following values in bundle/manifests/nginx-ingress-operator.clusterserviceversion.yaml"
 printf "%s\n" "metadata.annotations.createdAt: ${created}"
 printf "%s\n" "metadata.annotations.containerImage: docker.io/${image}@${image_digest}"
-printf "%s\n" ".spec.install.spec.deployments[0].spec.template.spec.containers[1].image (nginx-ingress-operator): docker.io/${image}@${image_digest}"
-printf "%s\n" ".spec.install.spec.deployments[0].spec.template.spec.containers[0].image (kube-rbac-proxy): ${full_image}@${kube_digest}"
+printf "%s\n" "spec.install.spec.deployments[0].spec.template.spec.containers[1].image (nginx-ingress-operator): docker.io/${image}@${image_digest}"
+printf "%s\n" "spec.install.spec.deployments[0].spec.template.spec.containers[0].image (kube-rbac-proxy): ${full_image}@${kube_digest}"