From d43cbde9ecdd5efbad0b67acae70deed36aa1569 Mon Sep 17 00:00:00 2001 From: Tatiana Krishtop Date: Tue, 16 Apr 2024 15:46:32 +0200 Subject: [PATCH] Retrieve vulnarability status with Pyxis API --- ansible-collection-redhatci-ocp.spec | 1 + ...st_preflight_check_container_one_image.yml | 23 +++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/ansible-collection-redhatci-ocp.spec b/ansible-collection-redhatci-ocp.spec index cf6607051..b9d742021 100644 --- a/ansible-collection-redhatci-ocp.spec +++ b/ansible-collection-redhatci-ocp.spec @@ -4,6 +4,7 @@ Name: %{repo} Version: 0.15.EPOCH + Release: VERS%{?dist} Summary: Red Hat OCP CI Collection for Ansible diff --git a/roles/preflight/tasks/test_preflight_check_container_one_image.yml b/roles/preflight/tasks/test_preflight_check_container_one_image.yml index 433189ea1..d98a33711 100644 --- a/roles/preflight/tasks/test_preflight_check_container_one_image.yml +++ b/roles/preflight/tasks/test_preflight_check_container_one_image.yml @@ -94,6 +94,29 @@ {% if cert_project_id | default('') | length and preflight_dci_all_components_are_ga | default(True) %} --submit {% endif %} + + - name: Get image digest + ansible.builtin.shell: > + set -eo pipefail; + skopeo inspect + {% if partner_creds | length %} + --authfile {{ partner_creds }} + {% else %} + --no-creds + {% endif %} + docker://{{ current_operator_image }} | jq -r '.Digest' + register: sha + + - name: Use Pyxis API to check image vulnerability status + vars: + filter_params: "filter=image_id%3D%3D{{ sha.stdout }}" + ansible.builtin.uri: + url: > + {{ catalog_url }}/images?{{ filter_params }}&page_size=1&page=0 + method: GET + status_code: 200 + timeout: 120 + register: vulnerability_status rescue: - name: Do not fail when preflight check container throws an error ansible.builtin.debug: