diff --git a/hack/operator-fetch-payload.sh b/hack/operator-fetch-payload.sh index c8ce818bb2..7cd2d64513 100755 --- a/hack/operator-fetch-payload.sh +++ b/hack/operator-fetch-payload.sh @@ -20,10 +20,45 @@ LATEST_OPENSHIFT_VERSION=$(yq e '.versions.openshift.latest' project.yaml) MIN_OPENSHIFT_VERSION=$(yq e '.versions.openshift.min' project.yaml) # Check for binaries required in the script -for binary in operator-sdk kustomize yq; do +for binary in operator-sdk kustomize yq curl; do command -v $binary > /dev/null 2>&1 || { echo >&2 "$binary not installed, aborting..."; exit 1; } done +# Determine the upstream operator release branch from the downstream release config. +# We use the downstream minor version (e.g. "1.23" from CURRENT_VERSION "1.23.0") to locate +# the release-specific config file in openshift-pipelines/hack and read the operator.upstream +# field. This avoids the cherry-pick edge case where a single commit appears on multiple +# upstream release branches. +UPSTREAM_RELEASE_BRANCH="" +UPSTREAM_VERSION_TAG="" +DOWNSTREAM_MINOR_VERSION=$(echo "${CURRENT_VERSION}" | sed -E 's/^([0-9]+\.[0-9]+)\..*/\1/') +HACK_RELEASE_CONFIG_URL="https://raw.githubusercontent.com/openshift-pipelines/hack/main/config/downstream/releases/${DOWNSTREAM_MINOR_VERSION}.yaml" + +echo "Fetching downstream release config from ${HACK_RELEASE_CONFIG_URL}..." +HACK_RELEASE_CONFIG=$(curl -fsSL "${HACK_RELEASE_CONFIG_URL}" || true) +if [[ -z "${HACK_RELEASE_CONFIG}" ]]; then + echo "WARN: Failed to fetch ${HACK_RELEASE_CONFIG_URL}, falling back to 'devel'" + UPSTREAM_VERSION_TAG="devel" +else + UPSTREAM_RELEASE_BRANCH=$(echo "${HACK_RELEASE_CONFIG}" | yq e '.branches.operator.upstream' -) + if [[ -z "${UPSTREAM_RELEASE_BRANCH}" || "${UPSTREAM_RELEASE_BRANCH}" == "null" ]]; then + echo "WARN: 'branches.operator.upstream' not found in ${HACK_RELEASE_CONFIG_URL}, falling back to 'devel'" + UPSTREAM_VERSION_TAG="devel" + else + UPSTREAM_MINOR_VERSION=$(echo "${UPSTREAM_RELEASE_BRANCH}" | sed -E 's/^release-v([0-9]+\.[0-9]+)\.x$/\1/') + # Look up the latest release tag for this minor version from tektoncd/operator GitHub releases. + UPSTREAM_VERSION_TAG=$(curl -fsSL "https://api.github.com/repos/tektoncd/operator/releases" \ + | yq e '.[] | select(.tag_name | test("^v?'"${UPSTREAM_MINOR_VERSION}"'\\.")) | .tag_name' - \ + | sort -V | tail -n1 || true) + if [[ -z "${UPSTREAM_VERSION_TAG}" ]]; then + echo "WARN: No upstream tag found for minor version ${UPSTREAM_MINOR_VERSION} in tektoncd/operator releases, falling back to 'devel'" + UPSTREAM_VERSION_TAG="devel" + fi + fi +fi + +echo "Using upstream branch '${UPSTREAM_RELEASE_BRANCH}' and latest tag '${UPSTREAM_VERSION_TAG}' for version rewrites" + echo "Fetch payloads…" # Use our own for now # TODO: replace with our own components.yaml @@ -64,6 +99,33 @@ for f in .konflux/olm-catalog/bundle/manifests/*.yaml; do yq e -i ".metadata.labels.version = \"${CURRENT_VERSION}\"" ${f} done +# Rewrite "devel" version placeholders introduced by upstream PR #3371. +# Upstream sources now use "devel" as a placeholder for version labels; the upstream +# build rewrites them at release time via sed in build-publish-images-manifests.yaml. +# The downstream must do the equivalent substitution here after bundle generation. + +# Step 1: rewrite operator.tekton.dev/release and app.kubernetes.io/version annotations/labels +# across both generated bundle manifests and copied kodata payload YAMLs. +while IFS= read -r -d '' f; do + sed -i -E \ + -e 's/(operator\.tekton\.dev\/release): "?devel"?/\1: "'"${UPSTREAM_VERSION_TAG}"'"/g' \ + -e 's/(app\.kubernetes\.io\/version): "?devel"?/\1: "'"${UPSTREAM_VERSION_TAG}"'"/g' \ + "${f}" +done < <(find .konflux/olm-catalog/bundle/manifests .konflux/olm-catalog/bundle/kodata -type f -name '*.yaml' -print0) + +# Step 2: rewrite structural version fields in the CSV and ConfigMap only. +# These paths (.spec.install.spec.deployments[].label.version, .data.version) are +# specific to CSV and ConfigMap resources; applying yq to CRDs would materialise +# null nodes for those non-existent paths, polluting the CRD files. +CSV=".konflux/olm-catalog/bundle/manifests/openshift-pipelines-operator-rh.clusterserviceversion.yaml" +OPERATOR_INFO_CM=".konflux/olm-catalog/bundle/manifests/tekton-operator-info_v1_configmap.yaml" +env UPSTREAM_VERSION_TAG="${UPSTREAM_VERSION_TAG}" yq e -i \ + '(.spec.install.spec.deployments[].label.version | select(. == "devel")) = strenv(UPSTREAM_VERSION_TAG)' \ + "${CSV}" +env UPSTREAM_VERSION_TAG="${UPSTREAM_VERSION_TAG}" yq e -i \ + '(.data.version | select(. == "devel")) = strenv(UPSTREAM_VERSION_TAG)' \ + "${OPERATOR_INFO_CM}" + # Remove label matchselector app yq e -i 'del(.spec.install.spec.deployments[0].spec.selector.matchLabels.app)' \ .konflux/olm-catalog/bundle/manifests/openshift-pipelines-operator-rh.clusterserviceversion.yaml @@ -75,8 +137,11 @@ yq e -i '.metadata.annotations["operators.openshift.io/valid-subscription"] = "[ .konflux/olm-catalog/bundle/manifests/openshift-pipelines-operator-rh.clusterserviceversion.yaml -# Update VERSION env variable to use ${VERSION=} -yq e -i "(.spec.install.spec.deployments[] | select (.name == \"openshift-pipelines-operator\") | .spec.template.spec.containers[0].env[] | select (.name == \"VERSION\") | .value) = \"${CURRENT_VERSION}\"" \ +# Update VERSION env variables in the generated CSV to the downstream OSP version. +# The upstream build may generate VERSION as "devel" (unreleased builds) or as the upstream +# tag (e.g. "0.79.1" for released tags). In both cases we unconditionally override it with +# CURRENT_VERSION so that the downstream bundle always reports the correct OSP version. +yq e -i "(.spec.install.spec.deployments[].spec.template.spec.containers[].env[] | select(.name == \"VERSION\") | .value) = \"${CURRENT_VERSION}\"" \ .konflux/olm-catalog/bundle/manifests/openshift-pipelines-operator-rh.clusterserviceversion.yaml # FIXME: we *may* need to clean some of those generated files