operator-framework · nunnatsa · May 15, 2023 · May 15, 2023 · May 15, 2023
diff --git a/.github/workflows/regenerate.yml b/.github/workflows/regenerate.yml
@@ -0,0 +1,58 @@
+name: Auto-Update Scorecard Image Digests
+on:
+  schedule:
+    - cron:  '0 4/4 * * *'
+  workflow_dispatch:
+jobs:
+  build:
+    name: operator-sdk Update Scorecard Image Digests Job
+    if: (github.repository == 'operator-framework/operator-sdk')
+    runs-on: ubuntu-latest
+    steps:
+      - name: check for existing PR
+        run: |-
+          if curl -s -L  https://api.github.com/repos/operator-framework/operator-sdk/pulls | jq .[].title | grep -q "Update Scorecard Image Digests"; then
+            echo "There is an existing PR with name 'Update Scorecard Image Digests'; skipping; To run again, close the existing PR"
+          else
+            echo "NEW_PR=true" >> $GITHUB_ENV
+          fi
+
+      - uses: actions/checkout@v3
+        if: ${{ env.NEW_PR }}
+        with:
+          ref: main
+
+      - uses: actions/setup-go@v4
+        if: ${{ env.NEW_PR }}
+        with:
+          go-version: '1.19' # The Go version to download (if necessary) and use.
+
+      - name: update the scorecard image digests
+        if: ${{ env.NEW_PR }}
+        run: |
+          make update-scorecard-images
+          if ! git diff --quiet --exit-code; then
+            echo "CHANGED=true" >> $GITHUB_ENV
+            echo "found new scorecard image digests. open a PR to update them"
+          fi
+
+      - name: Regenerate # to update the CLI docs, with the new digests
+        if: ${{ env.CHANGED }}
+        run: make generate
+
+      - uses: peter-evans/create-pull-request@v3
+        if: ${{ env.CHANGED }}
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: |
+            Update Scorecard Image Digests
+
+            Signed-off-by: operator-sdk Bump Bot <noreply@github.com>
+          committer: operator-sdk Bump Bot <noreply@github.com>
+          title: "Update Scorecard Image Digests"
+          body: |
+            Update Scorecard Image Digests
+            Executed by operator-sdk Update Image Digest Bot.
+          team-reviewers: reviewers, approvers
+          branch: update-scorecard-image-digests
+          delete-branch: true
diff --git a/Makefile b/Makefile
@@ -35,7 +35,7 @@ export PATH := $(PWD)/$(BUILD_DIR):$(PWD)/$(TOOLS_DIR):$(PATH)
 ##@ Development
 
 .PHONY: generate
-generate: build # Generate CLI docs and samples
+generate: build update-scorecard-images # Generate CLI docs and samples
 	rm -rf testdata
 	go run ./hack/generate/cncf-maintainers/main.go
 	go run ./hack/generate/cli-doc/gen-cli-doc.go
@@ -205,6 +205,16 @@ test-e2e-integration:: ## Run integration tests
 	go test ./test/integration -v -ginkgo.v
 	./hack/tests/subcommand-olm-install.sh
 
+.PHONY: build-digester
+build-digester:
+	cd tools/digester && \
+	go mod tidy && \
+	go build -o ../bin/digester .
+
+.PHONY: update-scorecard-images
+update-scorecard-images: build-digester
+	hack/generate/update-scorecard-images.sh
+
 .DEFAULT_GOAL := help
 .PHONY: help
 help: ## Show this help screen.

diff --git a/hack/generate/update-scorecard-images.sh b/hack/generate/update-scorecard-images.sh
@@ -0,0 +1,8 @@
+#!/bin/bash -ex
+
+IMAGES=(scorecard-storage scorecard-untar)
+
+for IMAGE in ${IMAGES[@]}; do
+  DIGEST=$(tools/bin/digester "quay.io/operator-framework/${IMAGE}:latest")
+  sed -i -E "s|(quay.io/operator-framework/${IMAGE}@)sha256:[0-9a-z]+|\1${DIGEST}|" internal/cmd/operator-sdk/scorecard/cmd.go internal/cmd/operator-sdk/scorecard/cmd_test.go
+done
diff --git a/internal/cmd/operator-sdk/scorecard/cmd.go b/internal/cmd/operator-sdk/scorecard/cmd.go
@@ -94,11 +94,11 @@ If the argument holds an image tag, it must be present remotely.`,
 	// it is necessary to refer to storage-image and untar-image using their digests instead of tags.
 	// If you need to make changes to these images, please ensure that you always use the digests.
 	scorecardCmd.Flags().StringVarP(&c.storageImage, "storage-image", "b",
-		"quay.io/operator-framework/scorecard-storage@sha256:f7bd62664a0b91034acb977a8bb4ebb76bc98a6e8bdb943eb84c8e364828f056",
+		"quay.io/operator-framework/scorecard-storage@sha256:5f9640f6eb6a6976676f2936b9eb4cd7170c5eebbc7536cc2891ec6cba74f0dd",
 		"Storage image to be used by the Scorecard pod")
 	// Use the digest of the latest scorecard-untar image
 	scorecardCmd.Flags().StringVarP(&c.untarImage, "untar-image", "u",
-		"quay.io/operator-framework/scorecard-untar@sha256:56c88afd4f20718dcd4d4384b8ff0b790f95aa4737f89f3b105b5dfc1bdb60c3",
+		"quay.io/operator-framework/scorecard-untar@sha256:e7b0222764d1d1c16614009f38e7fe9bc643ef9e2b88559712ec3fd439b796c8",
 		"Untar image to be used by the Scorecard pod")
 	scorecardCmd.Flags().StringVarP(&c.testOutput, "test-output", "t", "test-output",
 		"Test output directory.")

diff --git a/internal/cmd/operator-sdk/scorecard/cmd_test.go b/internal/cmd/operator-sdk/scorecard/cmd_test.go
@@ -70,13 +70,13 @@ var _ = Describe("Running the scorecard command", func() {
 			Expect(flag).NotTo(BeNil())
 			Expect(flag.Shorthand).To(Equal("b"))
 			// Use the digest of the latest scorecard-storage image
-			Expect(flag.DefValue).To(Equal("quay.io/operator-framework/scorecard-storage@sha256:f7bd62664a0b91034acb977a8bb4ebb76bc98a6e8bdb943eb84c8e364828f056"))
+			Expect(flag.DefValue).To(Equal("quay.io/operator-framework/scorecard-storage@sha256:5f9640f6eb6a6976676f2936b9eb4cd7170c5eebbc7536cc2891ec6cba74f0dd"))
 
 			flag = cmd.Flags().Lookup("untar-image")
 			Expect(flag).NotTo(BeNil())
 			Expect(flag.Shorthand).To(Equal("u"))
 			// Use the digest of the latest scorecard-untar image
-			Expect(flag.DefValue).To(Equal("quay.io/operator-framework/scorecard-untar@sha256:56c88afd4f20718dcd4d4384b8ff0b790f95aa4737f89f3b105b5dfc1bdb60c3"))
+			Expect(flag.DefValue).To(Equal("quay.io/operator-framework/scorecard-untar@sha256:e7b0222764d1d1c16614009f38e7fe9bc643ef9e2b88559712ec3fd439b796c8"))
 		})
 	})
 

diff --git a/tools/digester/go.mod b/tools/digester/go.mod
@@ -0,0 +1,38 @@
+module github.com/operator-framework/operator-sdk/tools/digester
+
+go 1.19
+
+require github.com/containers/image/v5 v5.25.0
+
+require (
+	github.com/BurntSushi/toml v1.2.1 // indirect
+	github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect
+	github.com/containers/ocicrypt v1.1.7 // indirect
+	github.com/containers/storage v1.46.0 // indirect
+	github.com/docker/distribution v2.8.1+incompatible // indirect
+	github.com/docker/docker v23.0.2+incompatible // indirect
+	github.com/docker/docker-credential-helpers v0.7.0 // indirect
+	github.com/docker/go-connections v0.4.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
+	github.com/gorilla/mux v1.8.0 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/compress v1.16.3 // indirect
+	github.com/klauspost/pgzip v1.2.6-0.20220930104621-17e8dac29df8 // indirect
+	github.com/moby/sys/mountinfo v0.6.2 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc2 // indirect
+	github.com/opencontainers/runc v1.1.5 // indirect
+	github.com/opencontainers/runtime-spec v1.1.0-rc.1 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/sirupsen/logrus v1.9.0 // indirect
+	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
+	github.com/ulikunitz/xz v0.5.11 // indirect
+	github.com/vbatts/tar-split v0.11.3 // indirect
+	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
+	golang.org/x/sys v0.7.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)