Retrieve vulnarability status with Pyxis API

ansible-collection-redhatci-ocp.spec

@@ -3,7 +3,7 @@
 %global forgeurl https://github.com/%{org}/%{repo}
 
 Name:           %{repo}
-Version:        0.8.EPOCH
+Version:        0.9.EPOCH
 Release:        VERS%{?dist}
 Summary:        Red Hat OCP CI Collection for Ansible
 

galaxy.yml

@@ -9,7 +9,7 @@ name: ocp
 # Always leave patch version as .0
 # Patch version is replaced from commit date in UNIX epoch format
 # example: 0.3.2147483647
-version: 0.8.0
+version: 0.9.0
 
 # The path to the Markdown (.md) readme file.
 readme: README.md

roles/preflight/tasks/test_preflight_check_container_one_image.yml

@@ -94,6 +94,29 @@
             {% if cert_project_id | default('') | length and preflight_dci_all_components_are_ga | default(True) %}
             --submit
             {% endif %}
+
+        - name: Get image digest
+          ansible.builtin.shell: >
+            set -eo pipefail;
+            skopeo inspect
+            {% if partner_creds | length %}
+            --authfile {{ partner_creds }}
+            {% else %}
+            --no-creds
+            {% endif %}
+            docker://{{ current_operator_image }} | jq -r '.Digest'
+          register: sha
+
+        - name: Use Pyxis API to check image vulnerability status
+          vars:
+            filter_params: "filter=image_id%3D%3D{{ sha.stdout }}"
+          ansible.builtin.uri:
+            url: >
+              {{ catalog_url }}/images?{{ filter_params }}&page_size=1&page=0
+            method: GET
+            status_code: 200
+            timeout: 120
+          register: vulnerability_status
       rescue:
         - name: Do not fail when preflight check container throws an error
           ansible.builtin.debug: