Summit Lab 1090: Fix scripts (#7688)

* update

* update

* update

ansible/roles_ocp_workloads/ocp4_workload_tap_wks_sno_setup/files/acs-signature-policy.json

@@ -21,9 +21,9 @@
         "UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT"
     ],
     "notifiers": [],
-    "SORTName": "Trusted Signature Policy",
-    "SORTLifecycleStage": "BUILD,DEPLOY",
-    "SORTEnforcement": true,
+    "SORTName": "",
+    "SORTLifecycleStage": "",
+    "SORTEnforcement": false,
     "policyVersion": "1.1",
     "policySections": [
         {

ansible/roles_ocp_workloads/ocp4_workload_tap_wks_sno_setup/templates/deploy-insecured.sh.j2

@@ -1,40 +1,41 @@
 set -e
-echo '*** Deleting qa project... ***'
-oc delete project qa || echo '*** Project deleted... ***'
+echo "*** Deleting qa project... ***"
+oc delete project qa || echo "*** Project deleted... ***"
 
-echo '*** Logging into podman... ***'
+echo "*** Logging into podman... ***"
 podman login -u {{ ocp4_workload_tap_wks_sno_setup_docker_username }} -p {{ ocp4_workload_tap_wks_sno_setup_docker_password }} quay-{{ ocp4_workload_tap_wks_sno_setup_dev_guid }}.{{ ocp4_workload_tap_wks_sno_setup_dev_apps_domain }}
 
-echo '*** Pulling the secured image for latest SHA... ***'
+echo "*** Pulling the secured image for latest SHA... ***"
 podman pull quay-{{ ocp4_workload_tap_wks_sno_setup_dev_guid }}.{{ ocp4_workload_tap_wks_sno_setup_dev_apps_domain }}/quayadmin/insecured-app:latest
 IMAGE=$(podman inspect --format={{ "'{{index .RepoDigests 0}}'" }} quay-{{ ocp4_workload_tap_wks_sno_setup_dev_guid }}.{{ ocp4_workload_tap_wks_sno_setup_dev_apps_domain }}/quayadmin/insecured-app:latest)
 
-echo '*** Inspecting image $IMAGE ***'
+echo "*** Inspecting image $IMAGE ***"
 podman inspect $IMAGE
 
-echo '*** Recreating project qa... ***'
+echo "*** Recreating project qa... ***"
 oc new-project qa
 
-echo '*** Creating pull secret for quay... ***'
+echo "*** Creating pull secret for quay... ***"
 
-echo 'apiVersion: v1
+PULL_SECRET=$(cat $XDG_RUNTIME_DIR/containers/auth.json | tr -d "[:space:]\n\r" | base64 -w 0)
+echo "apiVersion: v1
 metadata:
   name: quay-pull
 data:
-  .dockerconfigjson: $(auth.json | tr -d "[:space:]\\n\\r" | base64 -w 0)
+  .dockerconfigjson: "$PULL_SECRET"
 type: kubernetes.io/dockerconfigjson
-kind: Secret' > secret.yaml
+kind: Secret" > secret.yaml
 oc apply -f secret.yaml -n qa
 
-echo '*** Linking secret to default service account... ***'
+echo "*** Linking secret to default service account... ***"
 oc secrets link default quay-pull --for=pull -n qa
 
-echo '*** Creating deployment... ***'
+echo "*** Creating deployment... ***"
 oc create deployment insecure --image $IMAGE --port 8080 -n qa
 
-echo '*** Exposing route... ***'
+echo "*** Exposing route... ***"
 oc expose deployment/insecure --type="NodePort" --port 8080 -n qa
 oc create route edge --service insecure -n qa
 ROUTE=https://$(oc get route insecure -n qa -o json | jq -r .spec.host)
 
-echo '*** Insecured app available at $ROUTE ***'
+echo "*** Insecured app available at $ROUTE ***"

ansible/roles_ocp_workloads/ocp4_workload_tap_wks_sno_setup/templates/deploy-secured.sh.j2

@@ -1,38 +1,39 @@
 set -e
-echo '*** Deleting qa project ***'
-oc delete project qa || echo '*** Project deleted... ***'
+echo "*** Deleting qa project ***"
+oc delete project qa || echo "*** Project deleted... ***"
 
-echo '*** Logging into podman... ***'
+echo "*** Logging into podman... ***"
 podman login -u {{ ocp4_workload_tap_wks_sno_setup_docker_username }} -p {{ ocp4_workload_tap_wks_sno_setup_docker_password }} quay-{{ ocp4_workload_tap_wks_sno_setup_dev_guid }}.{{ ocp4_workload_tap_wks_sno_setup_dev_apps_domain }}
 
-echo '*** Pulling the secured image for latest SHA... ***'
+echo "*** Pulling the secured image for latest SHA... ***"
 podman pull quay-{{ ocp4_workload_tap_wks_sno_setup_dev_guid }}.{{ ocp4_workload_tap_wks_sno_setup_dev_apps_domain }}/quayadmin/secured-app:latest
 IMAGE=$(podman inspect --format={{ "'{{index .RepoDigests 0}}'" }} quay-{{ ocp4_workload_tap_wks_sno_setup_dev_guid }}.{{ ocp4_workload_tap_wks_sno_setup_dev_apps_domain }}/quayadmin/secured-app:latest)
 
-echo '*** Inspecting $IMAGE ***'
+echo "*** Inspecting $IMAGE ***"
 podman inspect $IMAGE
-echo '*** Recreating project qa... ***'
+echo "*** Recreating project qa... ***"
 oc new-project qa
 
-echo '*** Creating pull secret for quay... ***'
-echo 'apiVersion: v1
+echo "*** Creating pull secret for quay... ***"
+PULL_SECRET=$(cat $XDG_RUNTIME_DIR/containers/auth.json | tr -d "[:space:]\n\r" | base64 -w 0)
+echo "apiVersion: v1
 metadata:
   name: quay-pull
 data:
-  .dockerconfigjson: $(auth.json | tr -d "[:space:]\\n\\r" | base64 -w 0)
+  .dockerconfigjson: "$PULL_SECRET"
 type: kubernetes.io/dockerconfigjson
-kind: Secret' > secret.yaml
+kind: Secret" > secret.yaml
 oc apply -f secret.yaml -n qa
 
-echo '*** Linking secret to default service account... ***'
+echo "*** Linking secret to default service account... ***"
 oc secrets link default quay-pull --for=pull -n qa
 
-echo '*** Creating deployment... ***'
+echo "*** Creating deployment for image $IMAGE ***"
 oc create deployment secure --image $IMAGE --port 8080 -n qa
 
-echo '*** Exposing route... ***'
+echo "*** Exposing route... ***"
 oc expose deployment/secure --type="NodePort" --port 8080 -n qa
 oc create route edge --service secure -n qa
 ROUTE=https://$(oc get route secure -n qa -o json | jq -r .spec.host)
 
-echo '*** Secured app available at $ROUTE ***'
+echo "*** Secured app available at $ROUTE ***"

ansible/roles_ocp_workloads/ocp4_workload_tap_wks_sno_setup/templates/validate-insecured.sh.j2

@@ -1,9 +1,9 @@
-echo '*** Logging into quay ***'
+echo "*** Logging into quay ***"
 podman login -u {{ ocp4_workload_tap_wks_sno_setup_docker_username }} -p {{ ocp4_workload_tap_wks_sno_setup_docker_password }} quay-{{ ocp4_workload_tap_wks_sno_setup_dev_guid }}.{{ ocp4_workload_tap_wks_sno_setup_dev_apps_domain }}
 
-echo '*** Pulling the insecured image for latest SHA... ***'
+echo "*** Pulling the insecured image for latest SHA... ***"
 podman pull quay-{{ ocp4_workload_tap_wks_sno_setup_dev_guid }}.{{ ocp4_workload_tap_wks_sno_setup_dev_apps_domain }}/quayadmin/insecured-app:latest
 IMAGE=$(podman inspect --format={{ "'{{index .RepoDigests 0}}'" }} quay-{{ ocp4_workload_tap_wks_sno_setup_dev_guid }}.{{ ocp4_workload_tap_wks_sno_setup_dev_apps_domain }}/quayadmin/insecured-app:latest)
 
-echo '*** Validating enterprise contract for $IMAGE ***'
+echo "*** Validating enterprise contract for $IMAGE ***"
 ec validate image --image $IMAGE --policy git::github.com/enterprise-contract/config//default --public-key ./cosign.pub --ignore-rekor=false --rekor-url=https://rekor.{{ ocp4_workload_tap_wks_sno_setup_dev_apps_domain }} --info=true --strict=false --show-successes=true | jq .

ansible/roles_ocp_workloads/ocp4_workload_tap_wks_sno_setup/templates/validate-secured.sh.j2

@@ -1,9 +1,9 @@
-echo '*** Logging into quay ***'
+echo "*** Logging into quay ***"
 podman login -u {{ ocp4_workload_tap_wks_sno_setup_docker_username }} -p {{ ocp4_workload_tap_wks_sno_setup_docker_password }} quay-{{ ocp4_workload_tap_wks_sno_setup_dev_guid }}.{{ ocp4_workload_tap_wks_sno_setup_dev_apps_domain }}
 
-echo '*** Pulling the secured image for latest SHA... ***'
+echo "*** Pulling the secured image for latest SHA... ***"
 podman pull quay-{{ ocp4_workload_tap_wks_sno_setup_dev_guid }}.{{ ocp4_workload_tap_wks_sno_setup_dev_apps_domain }}/quayadmin/secured-app:latest
 IMAGE=$(podman inspect --format={{ "'{{index .RepoDigests 0}}'" }} quay-{{ ocp4_workload_tap_wks_sno_setup_dev_guid }}.{{ ocp4_workload_tap_wks_sno_setup_dev_apps_domain }}/quayadmin/secured-app:latest)
 
-echo '*** Validating enterprise contract for $IMAGE ***'
+echo "*** Validating enterprise contract for $IMAGE ***"
 ec validate image --image $IMAGE --policy git::github.com/enterprise-contract/config//default --public-key ./cosign.pub --ignore-rekor=false --rekor-url=https://rekor.{{ ocp4_workload_tap_wks_sno_setup_dev_apps_domain }} --info=true --strict=false --show-successes=true | jq .