diff --git a/Makefile b/Makefile index c2170c44..68b56dc9 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,9 @@ +CURPATH=$(PWD) +BIN_PATH=$(CURPATH)/bin +YQ = $(BIN_PATH)/yq +YQ_VERSION = v4.47.1 +export PATH := $(BIN_PATH):$(PATH) + all: build .PHONY: all @@ -6,8 +12,22 @@ include $(addprefix ./vendor/github.com/openshift/build-machinery-go/make/, \ golang.mk \ targets/openshift/deps-gomod.mk \ targets/openshift/images.mk \ + targets/openshift/yq.mk \ ) +# Bump OCP version in CSV and OLM metadata +# Also updates the Makefile and README.md to the new version +# +# Example: +# make metadata VERSION=4.20.0 +metadata: ensure-yq +ifdef VERSION + ./hack/update-metadata.sh $(VERSION) +else + ./hack/update-metadata.sh +endif +.PHONY: metadata + # Check if GOEXPERIMENT=strictfipsruntime is supported GOEXPERIMENT_SUPPORTED := $(shell GOEXPERIMENT=strictfipsruntime go version >/dev/null 2>&1 && echo "true" || echo "false") @@ -38,9 +58,9 @@ IMAGE_REGISTRY?=registry.svc.ci.openshift.org # $3 - Dockerfile path # $4 - context directory for image build # It will generate target "image-$(1)" for building the image and binding it as a prerequisite to target "images". -$(call build-image,secrets-store-csi-driver-operator,$(IMAGE_REGISTRY)/ocp/4.20:secrets-store-csi-driver-operator,./Dockerfile.openshift,.) +$(call build-image,secrets-store-csi-driver-operator,$(IMAGE_REGISTRY)/ocp/4.21:secrets-store-csi-driver-operator,./Dockerfile.openshift,.) -clean: +clean: clean-yq $(RM) secrets-store-csi-driver-operator .PHONY: clean diff --git a/README.md b/README.md index 0128ce05..e46e2a55 100644 --- a/README.md +++ b/README.md @@ -32,13 +32,20 @@ export LIVENESS_PROBE_IMAGE=quay.io/openshift/origin-csi-livenessprobe:latest ./secrets-store-csi-driver-operator start --kubeconfig $KUBECONFIG --namespace openshift-cluster-csi-drivers ``` +## Bumping OCP version in CSV and OLM metadata + +This updates the package versions in `config/manifests/secrets-store-csi-driver-operator.package.yaml`, `config/manifests/stable/secrets-store-csi-driver-operator.clusterserviceversion.yaml`, `README.md` and `Makefile` to 4.20: +``` +./hack/update-metadata.sh 4.20 +``` + # OLM To build bundle and index images, use the `hack/create-bundle` script: ```shell cd hack -./create-bundle registry.ci.openshift.org/ocp/4.20:secrets-store-csi-driver registry.ci.openshift.org/ocp/4.20:secrets-store-csi-driver-operator quay.io//secrets-store-bundle quay.io//secrets-store-index +./create-bundle registry.ci.openshift.org/ocp/4.21:secrets-store-csi-driver registry.ci.openshift.org/ocp/4.21:secrets-store-csi-driver-operator quay.io//secrets-store-bundle quay.io//secrets-store-index ``` At the end it will print a command that creates `Subscription` for the newly created index image. diff --git a/config/manifests/secrets-store-csi-driver-operator.package.yaml b/config/manifests/secrets-store-csi-driver-operator.package.yaml index 0146d0f6..608079a8 100644 --- a/config/manifests/secrets-store-csi-driver-operator.package.yaml +++ b/config/manifests/secrets-store-csi-driver-operator.package.yaml @@ -1,4 +1,4 @@ packageName: secrets-store-csi-driver-operator channels: -- name: stable - currentCSV: secrets-store-csi-driver-operator.v4.20.0 + - name: stable + currentCSV: secrets-store-csi-driver-operator.v4.21.0 diff --git a/config/manifests/stable/secrets-store-csi-driver-operator.clusterserviceversion.yaml b/config/manifests/stable/secrets-store-csi-driver-operator.clusterserviceversion.yaml index 440e90bf..398a11c3 100644 --- a/config/manifests/stable/secrets-store-csi-driver-operator.clusterserviceversion.yaml +++ b/config/manifests/stable/secrets-store-csi-driver-operator.clusterserviceversion.yaml @@ -1,7 +1,7 @@ apiVersion: operators.coreos.com/v1alpha1 kind: ClusterServiceVersion metadata: - name: secrets-store-csi-driver-operator.v4.20.0 + name: secrets-store-csi-driver-operator.v4.21.0 namespace: placeholder annotations: categories: Storage @@ -13,7 +13,8 @@ metadata: repository: https://github.com/openshift/secrets-store-csi-driver-operator createdAt: "2023-06-12T00:00:00Z" description: Install and configure Secrets Store CSI driver. - olm.skipRange: ">=4.13.0-0 <4.20.0" + olm.properties: '[{"type":"olm.maxOpenShiftVersion","value":"4.22"}]' + olm.skipRange: ">=4.13.0-0 <4.21.0" features.operators.openshift.io/disconnected: "true" features.operators.openshift.io/fips-compliant: "true" features.operators.openshift.io/proxy-aware: "true" @@ -32,6 +33,7 @@ spec: displayName: Secrets Store CSI Driver Operator description: > Operator that installs and configures the CSI driver for Secrets Store. + icon: - base64data: PHN2ZyBpZD0iTGF5ZXJfMSIgZGF0YS1uYW1lPSJMYXllciAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAxOTIgMTQ1Ij48ZGVmcz48c3R5bGU+LmNscy0xe2ZpbGw6I2UwMDt9PC9zdHlsZT48L2RlZnM+PHRpdGxlPlJlZEhhdC1Mb2dvLUhhdC1Db2xvcjwvdGl0bGU+PHBhdGggZD0iTTE1Ny43Nyw2Mi42MWExNCwxNCwwLDAsMSwuMzEsMy40MmMwLDE0Ljg4LTE4LjEsMTcuNDYtMzAuNjEsMTcuNDZDNzguODMsODMuNDksNDIuNTMsNTMuMjYsNDIuNTMsNDRhNi40Myw2LjQzLDAsMCwxLC4yMi0xLjk0bC0zLjY2LDkuMDZhMTguNDUsMTguNDUsMCwwLDAtMS41MSw3LjMzYzAsMTguMTEsNDEsNDUuNDgsODcuNzQsNDUuNDgsMjAuNjksMCwzNi40My03Ljc2LDM2LjQzLTIxLjc3LDAtMS4wOCwwLTEuOTQtMS43My0xMC4xM1oiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0xMjcuNDcsODMuNDljMTIuNTEsMCwzMC42MS0yLjU4LDMwLjYxLTE3LjQ2YTE0LDE0LDAsMCwwLS4zMS0zLjQybC03LjQ1LTMyLjM2Yy0xLjcyLTcuMTItMy4yMy0xMC4zNS0xNS43My0xNi42QzEyNC44OSw4LjY5LDEwMy43Ni41LDk3LjUxLjUsOTEuNjkuNSw5MCw4LDgzLjA2LDhjLTYuNjgsMC0xMS42NC01LjYtMTcuODktNS42LTYsMC05LjkxLDQuMDktMTIuOTMsMTIuNSwwLDAtOC40MSwyMy43Mi05LjQ5LDI3LjE2QTYuNDMsNi40MywwLDAsMCw0Mi41Myw0NGMwLDkuMjIsMzYuMywzOS40NSw4NC45NCwzOS40NU0xNjAsNzIuMDdjMS43Myw4LjE5LDEuNzMsOS4wNSwxLjczLDEwLjEzLDAsMTQtMTUuNzQsMjEuNzctMzYuNDMsMjEuNzdDNzguNTQsMTA0LDM3LjU4LDc2LjYsMzcuNTgsNTguNDlhMTguNDUsMTguNDUsMCwwLDEsMS41MS03LjMzQzIyLjI3LDUyLC41LDU1LC41LDc0LjIyYzAsMzEuNDgsNzQuNTksNzAuMjgsMTMzLjY1LDcwLjI4LDQ1LjI4LDAsNTYuNy0yMC40OCw1Ni43LTM2LjY1LDAtMTIuNzItMTEtMjcuMTYtMzAuODMtMzUuNzgiLz48L3N2Zz4= mediatype: image/svg+xml @@ -42,7 +44,7 @@ spec: url: https://github.com/openshift/secrets-store-csi-driver-operator - name: Source Repository url: https://github.com/openshift/secrets-store-csi-driver-operator - version: 4.20.0 + version: 4.21.0 maturity: stable maintainers: - email: aos-storage-staff@redhat.com @@ -52,311 +54,311 @@ spec: name: Red Hat labels: alm-owner-metering: secrets-store-csi-driver-operator - alm-status-descriptors: secrets-store-csi-driver-operator.v4.20.0 + alm-status-descriptors: secrets-store-csi-driver-operator.v4.21.0 selector: matchLabels: alm-owner-metering: secrets-store-csi-driver-operator installModes: - - type: OwnNamespace - supported: false - - type: SingleNamespace - supported: false - - type: MultiNamespace - supported: false - - type: AllNamespaces - supported: true + - type: OwnNamespace + supported: false + - type: SingleNamespace + supported: false + - type: MultiNamespace + supported: false + - type: AllNamespaces + supported: true install: strategy: deployment spec: permissions: - rules: - - apiGroups: - - networking.k8s.io - resources: - - networkpolicies - verbs: - - watch - - list - - get - - create - - delete - - patch - - update - - apiGroups: - - '' - resources: - - pods - - services - - endpoints - - events - - configmaps - - secrets - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create - - update - - patch - - delete + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - watch + - list + - get + - create + - delete + - patch + - update + - apiGroups: + - '' + resources: + - pods + - services + - endpoints + - events + - configmaps + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - update + - patch + - delete serviceAccountName: secrets-store-csi-driver-operator clusterPermissions: - rules: - - apiGroups: - - security.openshift.io - resourceNames: - - privileged - resources: - - securitycontextconstraints - verbs: - - use - - apiGroups: - - operator.openshift.io - resources: - - clustercsidrivers - verbs: - - get - - list - - watch - # The Config Observer controller updates the CR's spec - - update - - patch - - apiGroups: - - operator.openshift.io - resources: - - clustercsidrivers/status - verbs: - - get - - list - - watch - - update - - patch - - apiGroups: - - '' - resourceNames: - - extension-apiserver-authentication - - secrets-store-csi-driver-operator-lock - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - - clusterrolebindings - - roles - - rolebindings - verbs: - - watch - - list - - get - - create - - delete - - patch - - update - - apiGroups: - - '' - resources: - - serviceaccounts - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - '' - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - get - - list - - watch - - update - - delete - - create - - patch - - apiGroups: - - storage.k8s.io - resources: - - volumeattachments/status - verbs: - - patch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - - csinodes - verbs: - - create - - get - - list - - watch - - update - - delete - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - create - - list - - watch - - delete - - apiGroups: - - '*' - resources: - - events - verbs: - - get - - patch - - create - - list - - watch - - update - - delete - - apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - create - - get - - list - - watch - - update - - delete - - apiGroups: - - config.openshift.io - resources: - - infrastructures - - proxies - - apiservers - verbs: - - get - - list - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: # for secret rotation and syncing - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: # for CSI driver token requests - - "" - resources: - - serviceaccounts/token - verbs: - - create - - apiGroups: - - secrets-store.csi.x-k8s.io - resources: - - secretproviderclasses - verbs: - - get - - list - - watch - - apiGroups: - - secrets-store.csi.x-k8s.io - resources: - - secretproviderclasspodstatuses - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - secrets-store.csi.x-k8s.io - resources: - - secretproviderclasspodstatuses/status - verbs: - - get - - patch - - update + - apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - operator.openshift.io + resources: + - clustercsidrivers + verbs: + - get + - list + - watch + # The Config Observer controller updates the CR's spec + - update + - patch + - apiGroups: + - operator.openshift.io + resources: + - clustercsidrivers/status + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - '' + resourceNames: + - extension-apiserver-authentication + - secrets-store-csi-driver-operator-lock + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - watch + - list + - get + - create + - delete + - patch + - update + - apiGroups: + - '' + resources: + - serviceaccounts + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - '' + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - delete + - create + - patch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - csinodes + verbs: + - create + - get + - list + - watch + - update + - delete + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - list + - watch + - delete + - apiGroups: + - '*' + resources: + - events + verbs: + - get + - patch + - create + - list + - watch + - update + - delete + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - create + - get + - list + - watch + - update + - delete + - apiGroups: + - config.openshift.io + resources: + - infrastructures + - proxies + - apiservers + verbs: + - get + - list + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: # for secret rotation and syncing + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: # for CSI driver token requests + - "" + resources: + - serviceaccounts/token + verbs: + - create + - apiGroups: + - secrets-store.csi.x-k8s.io + resources: + - secretproviderclasses + verbs: + - get + - list + - watch + - apiGroups: + - secrets-store.csi.x-k8s.io + resources: + - secretproviderclasspodstatuses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - secrets-store.csi.x-k8s.io + resources: + - secretproviderclasspodstatuses/status + verbs: + - get + - patch + - update serviceAccountName: secrets-store-csi-driver-operator deployments: - name: secrets-store-csi-driver-operator @@ -376,61 +378,61 @@ spec: spec: serviceAccountName: secrets-store-csi-driver-operator containers: - - name: secrets-store-csi-driver-operator - image: quay.io/openshift/origin-secrets-store-csi-driver-operator:latest - imagePullPolicy: IfNotPresent - args: - - "start" - - "-v=2" - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: DRIVER_IMAGE - value: quay.io/openshift/origin-secrets-store-csi-driver:latest - - name: NODE_DRIVER_REGISTRAR_IMAGE - value: quay.io/openshift/origin-csi-node-driver-registrar:latest - - name: LIVENESS_PROBE_IMAGE - value: quay.io/openshift/origin-csi-livenessprobe:latest - - name: OPERATOR_NAME - value: secrets-store-csi-driver-operator - resources: - requests: - memory: 50Mi - cpu: 10m - terminationMessagePolicy: FallbackToLogsOnError - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - volumeMounts: - - mountPath: /tmp - name: tmp + - name: secrets-store-csi-driver-operator + image: quay.io/openshift/origin-secrets-store-csi-driver-operator:latest + imagePullPolicy: IfNotPresent + args: + - "start" + - "-v=2" + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DRIVER_IMAGE + value: quay.io/openshift/origin-secrets-store-csi-driver:latest + - name: NODE_DRIVER_REGISTRAR_IMAGE + value: quay.io/openshift/origin-csi-node-driver-registrar:latest + - name: LIVENESS_PROBE_IMAGE + value: quay.io/openshift/origin-csi-livenessprobe:latest + - name: OPERATOR_NAME + value: secrets-store-csi-driver-operator + resources: + requests: + memory: 50Mi + cpu: 10m + terminationMessagePolicy: FallbackToLogsOnError + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + volumeMounts: + - mountPath: /tmp + name: tmp priorityClassName: system-cluster-critical securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault volumes: - - name: tmp - emptyDir: - medium: Memory + - name: tmp + emptyDir: + medium: Memory # Strongly prefer a master node, but don't require it. # We want the same Deployment to work on hypershift, # without any master nodes. affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - preference: - matchExpressions: - - key: node-role.kubernetes.io/master - operator: In - values: - - "" + - weight: 100 + preference: + matchExpressions: + - key: node-role.kubernetes.io/master + operator: In + values: + - "" tolerations: - key: CriticalAddonsOnly operator: Exists diff --git a/hack/update-metadata.sh b/hack/update-metadata.sh new file mode 100755 index 00000000..3e1db12f --- /dev/null +++ b/hack/update-metadata.sh @@ -0,0 +1,98 @@ +#!/bin/bash + +set -o errexit +set -o nounset +set -o pipefail + +# Usage: +# ./hack/update-metadata.sh [OCP_VERSION] +# +# OCP_VERSION is an optional argument. If no argument is provided, it defaults +# to the version found in .channels[0].currentCSV in PACKAGE_MANIFEST. +# This means you can run `./hack/update-metadata.sh` to update the manifests +# using the current package version, or you can for example run +# `./hack/update-metadata.sh 4.20` to set the package version to 4.20. +# Both PACKAGE_MANIFEST and CSV_MANIFEST will be updated by this script. + + +PACKAGE_MANIFEST=config/manifests/secrets-store-csi-driver-operator.package.yaml +CHANNEL=$(yq '.channels[0].name' ${PACKAGE_MANIFEST}) +CURRENT_CSV=$(yq '.channels[0].currentCSV' ${PACKAGE_MANIFEST}) +PACKAGE_NAME=$(echo ${CURRENT_CSV} | sed 's/\.v.*$//') +PACKAGE_VERSION=$(echo ${CURRENT_CSV} | sed 's/^.*\.v//') + +if [ -z "${CHANNEL}" ] || + [ -z "${PACKAGE_NAME}" ] || + [ -z "${PACKAGE_VERSION}" ]; then + echo "Failed to parse ${PACKAGE_MANIFEST}" + exit 1 +fi + +CSV_MANIFEST=config/manifests/${CHANNEL}/${PACKAGE_NAME}.clusterserviceversion.yaml +METADATA_NAME=$(yq ' "" + .metadata.name' ${CSV_MANIFEST}) +SKIP_RANGE=$(yq ' "" + .metadata.annotations["olm.skipRange"]' ${CSV_MANIFEST}) +OLM_PROPERTIES=$(yq ' "" + .metadata.annotations["olm.properties"]' ${CSV_MANIFEST}) # sets olm.maxOpenShiftVersion +SPEC_VERSION=$(yq ' "" + .spec.version' ${CSV_MANIFEST}) +ALM_STATUS_DESC=$(yq ' "" + .spec.labels.alm-status-descriptors' ${CSV_MANIFEST}) + +if [ -z "${METADATA_NAME}" ] || + [ -z "${SKIP_RANGE}" ] || + [ -z "${OLM_PROPERTIES}" ] || + [ -z "${SPEC_VERSION}" ] || + [ -z "${ALM_STATUS_DESC}" ]; then + echo "Failed to parse ${CSV_MANIFEST}" + exit 1 +fi + +OCP_VERSION=${1:-${PACKAGE_VERSION}} +IFS='.' read -r MAJOR_VERSION MINOR_VERSION PATCH_VERSION <<< "${OCP_VERSION}" +PATCH_VERSION=${PATCH_VERSION:-0} +if [ "${OCP_VERSION}" != "${PACKAGE_VERSION}" ]; then + PACKAGE_VERSION="${MAJOR_VERSION}.${MINOR_VERSION}.${PATCH_VERSION}" +fi + +export NEW_CURRENT_CSV="${PACKAGE_NAME}.v${PACKAGE_VERSION}" +export NEW_METADATA_NAME="${PACKAGE_NAME}.v${PACKAGE_VERSION}" +export NEW_SKIP_RANGE=$(echo ${SKIP_RANGE} | sed "s/ <.*$/ <${PACKAGE_VERSION}/") +export NEW_OLM_PROPERTIES=$(echo "${OLM_PROPERTIES}" | jq -c 'map(if .type=="olm.maxOpenShiftVersion" then .value="'${MAJOR_VERSION}.$((MINOR_VERSION + 1))'" else . end)') +export NEW_SPEC_VERSION="${PACKAGE_VERSION}" +export NEW_ALM_STATUS_DESC="${PACKAGE_NAME}.v${PACKAGE_VERSION}" + +if [ -z "${NEW_METADATA_NAME}" ] || + [ -z "${NEW_SKIP_RANGE}" ] || + [ -z "${NEW_OLM_PROPERTIES}" ] || + [ -z "${NEW_SPEC_VERSION}" ] || + [ -z "${NEW_ALM_STATUS_DESC}" ]; then + echo "Failed to generate new values for ${CSV_MANIFEST}" + exit 1 +fi + +echo "Updating package manifest to ${PACKAGE_VERSION}" +yq -i '.channels[0].currentCSV = strenv(NEW_CURRENT_CSV)' ${PACKAGE_MANIFEST} + +echo "Updating OLM metadata to ${PACKAGE_VERSION}" +yq -i ' + .metadata.name = strenv(NEW_METADATA_NAME) | + .metadata.annotations["olm.skipRange"] = strenv(NEW_SKIP_RANGE) | + .metadata.annotations["olm.properties"] = strenv(NEW_OLM_PROPERTIES) | + .spec.version = strenv(NEW_SPEC_VERSION) | + .spec.labels.alm-status-descriptors = strenv(NEW_ALM_STATUS_DESC) +' ${CSV_MANIFEST} + +MAKEFILE=Makefile +echo "Updating Makefile build-image version to ${MAJOR_VERSION}.${MINOR_VERSION}" +if grep -q "call build-image,secrets-store-csi-driver-operator" ${MAKEFILE}; then + sed -i.bak -E "s|ocp/[0-9]+\.[0-9]+:|ocp/${MAJOR_VERSION}.${MINOR_VERSION}:|g" ${MAKEFILE} + rm ${MAKEFILE}.bak +else + echo "build-image call for secrets-store-csi-driver-operator not found in ${MAKEFILE}" +fi + +README=README.md +echo "Updating README.md version references to ${MAJOR_VERSION}.${MINOR_VERSION}" +if grep -q "registry.ci.openshift.org/ocp/" ${README}; then + sed -i.bak -E "s|registry\.ci\.openshift\.org/ocp/[0-9]+\.[0-9]+:|registry.ci.openshift.org/ocp/${MAJOR_VERSION}.${MINOR_VERSION}:|g" ${README} + rm ${README}.bak +else + echo "registry.ci.openshift.org/ocp/ references not found in ${README}" +fi