Add devfile commands to build/push/replace the devfile registry image

[l0rd]

What does this PR do?

Add 3 new commands in the devfile to:

• Locally build the devfile registry container image ( ./build.sh --tag <tag> --registry <reg> --organization <org>)
• Push the locally built devfile registry container image (buildah push <reg>/<org>/che-devfile-registry:<tag>)
• Update the current Che registry to use the new locally built image (kubectl patch checluster eclipse-che --type merge --patch "$(cat patch-file.yaml)")

Note that these commands to work require:

• An UDI image that is able to run buildah (c.f. pull request)
• Files IMG_REG, IMG_ORG where the user specifies the image registry (quay.io) and organization (mloriedo)
• The user should have the privileges to edit the CheCluster (for the command to update the registry)

Screenshot/screencast of this PR

TODO

What issues does this PR fix or reference?

eclipse-che/che#19305

How to test this PR?

Preliminary steps on the OpenShift cluster (those have already been applied on Che dogfooding cluster)

Create a container-build SCC:

SCC="container-build"
kubectl apply -f https://gist.githubusercontent.com/l0rd/70eeb2bbef4b18f41e2d1e382e2be05f/raw/83ea62026cd1212bee693278a3b4a3271ed32a00/better-scc.yaml

Allow the DW controller Service Account to get and update the container-build SCC:

DW_SA="system:serviceaccount:openshift-operators:devworkspace-controller-serviceaccount"
DW_CLUSTER_ROLE="get-n-update-${SCC}-scc"

kubectl apply -f - <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: ${DW_CLUSTER_ROLE}
rules:
- apiGroups:
  - "security.openshift.io"
  resources:
  - "securitycontextconstraints"
  resourceNames:
  - "${SCC}"
  verbs:
  - "get"
  - "update"
EOF

oc adm policy add-cluster-role-to-user ${DW_CLUSTER_ROLE} ${DW_SA}

Allow the current user to use the container-build SCC:

OCP_USER=<your openshift user>
oc adm policy add-scc-to-user container-build ${OCP_USER}

Start a workspace using this PR branch

CHE_HOSTNAME=<your-che-hostname>
open "https://${CHE_HOSTNAME}#https://github.com/l0rd/che-devfile-registry/tree/commands-for-build-push-replace&df=.devfile-v2.yaml&che-editor=che-incubator/che-code/insiders

Build, Push, Replace

Once the workspaces is started, from the terminal, login to your container registry:

buildah login quay.io

Then run the commands from the palette

PR Checklist

As the author of this Pull Request I made sure that:

• The Eclipse Contributor Agreement is valid
• Code produced is complete
• Code builds without errors
• Tests are covering the bugfix
• The repository devfile is up to date and works
• Sections What issues does this PR fix or reference and How to test this PR completed
• Relevant user documentation updated
• Relevant contributing documentation updated
• CI/CD changes implemented, documented and communicated

Reviewers

Reviewers, please comment how you tested the PR when approving it.

[github-actions]

Click here to review and test in web IDE:

[github-actions]

Click here to review and test in web IDE:

[github-actions]

Click here to review and test in web IDE:

[github-actions]

Click here to review and test in web IDE:

[github-actions]

Click here to review and test in web IDE: