fix: add-bundle-to-fbc uses registry credentials

In order to render a catalog from template a task needs a registy
credentials. The auth file was mounted as a workspace to the task and
default env variable is pointing to the auth config.

While testing the config I found out that pre-prod registry tokens lost
access to registry and needed to be rotated.

JIRA: ISV-5757

Signed-off-by: Ales Raszka <[email protected]>

Author: Allda

ansible/roles/operator-pipeline/templates/openshift/pipelines/operator-release-pipeline.yml

@@ -644,6 +644,8 @@ spec:
           subPath: summary
         - name: ssh-directory
           workspace: ssh-dir
+        - name: registry-credentials
+          workspace: registry-pull-credentials
 
   finally:
 

ansible/roles/operator-pipeline/templates/openshift/tasks/add-bundle-to-fbc.yml

@@ -57,11 +57,18 @@ spec:
       description: Scratch space and storage for the comment and related data
     - name: ssh-directory
       optional: true
+    - name: registry-credentials
+      description: A workspace with credentials for registry opm render catalog command
+      optional: true
 
   steps:
     - name: add-bundle-to-fbc
       image: "$(params.pipeline_image)"
       workingDir: $(workspaces.source.path)
+      env:
+        # The registry auth file for opm render catalog command
+        - name: REGISTRY_AUTH_FILE
+          value: "$(workspaces.registry-credentials.path)/.dockerconfigjson"
       script: |
         #! /usr/bin/env bash
         set -xe