From 1d6e9a7f9bfcbea18343dd1a9d9dfab8f3078523 Mon Sep 17 00:00:00 2001
From: "Randal S. Harisch" <randal@endofday.com>
Date: Wed, 12 Feb 2025 12:53:34 -0700
Subject: [PATCH] chore: updated rbac and added cabundle cm

---
 common/templates/_pipeline.yaml              | 12 +++++++++++-
 common/templates/_task-openshift-client.yaml |  2 +-
 common/templates/_task-s2i-go.yaml           |  2 +-
 custom-rbac.yaml                             |  9 ++++++++-
 4 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/common/templates/_pipeline.yaml b/common/templates/_pipeline.yaml
index f0e45bc..3480d07 100644
--- a/common/templates/_pipeline.yaml
+++ b/common/templates/_pipeline.yaml
@@ -136,7 +136,7 @@ spec:
   - name: ephemeral-namespace
     params:
     - name: VERSION
-      value: "4.11"
+      value: "4.17"
     - name: SCRIPT
       value: |
         echo "${SHELL}"
@@ -144,6 +144,16 @@ spec:
         oc new-project goghvideo-test-${RANDOMID} >/dev/null
         oc label namespace goghvideo-test-${RANDOMID} app=goghvideo-test
 
+        oc apply -f - <<EOF
+        apiVersion: v1
+        data: {}
+        kind: ConfigMap
+        metadata:
+          labels:
+            config.openshift.io/inject-trusted-cabundle: "true"
+          name: config-trusted-cabundle
+        EOF
+
         x=0; until [[ -n $(oc -n goghvideo-test-${RANDOMID} get secret/goghvideo-openshift-builder-pull-secret 2>/dev/null) || $x -eq 10 ]]; do echo "Waiting for secret replication" && sleep 10 && ((x++)); done
         if [[ "${x}" -eq 10 ]]; then exit 1; fi
 
diff --git a/common/templates/_task-openshift-client.yaml b/common/templates/_task-openshift-client.yaml
index b6da707..333fd26 100644
--- a/common/templates/_task-openshift-client.yaml
+++ b/common/templates/_task-openshift-client.yaml
@@ -18,7 +18,7 @@ spec:
     description: The OpenShift CLI arguments to run
     name: SCRIPT
     type: string
-  - default: "4.7"
+  - default: "4.17"
     description: The OpenShift Version to use
     name: VERSION
     type: string
diff --git a/common/templates/_task-s2i-go.yaml b/common/templates/_task-s2i-go.yaml
index 83b5320..dff5258 100644
--- a/common/templates/_task-s2i-go.yaml
+++ b/common/templates/_task-s2i-go.yaml
@@ -64,7 +64,7 @@ spec:
       cat /env-vars/env-file
 
       s2i build $(params.PATH_CONTEXT) quay01.ipa.endofday.com/goghvideo/golang:$(params.VERSION) \
-      --as-dockerfile /gen-source/Dockerfile.gen --environment-file /env-vars/env-file
+       --assemble-user 0 --as-dockerfile /gen-source/Dockerfile.gen --environment-file /env-vars/env-file
 
       echo "Outputting Generated /gen-source/Dockerfile.gen file"
       cat /gen-source/Dockerfile.gen
diff --git a/custom-rbac.yaml b/custom-rbac.yaml
index ff0b817..242efb0 100644
--- a/custom-rbac.yaml
+++ b/custom-rbac.yaml
@@ -27,6 +27,13 @@ rules:
       - tekton.dev
     resources: ["pipelineruns"]
     verbs: ["list", "get", "create", "update", "delete", "watch"]
-
+  - apiGroups:
+      - project.openshift.io
+    resources: ["*"]
+    verbs: ["*"]
+  - apiGroups: ["*"]
+    resources: ["namespaces"]
+    verbs: ["*"]
+      
   # Add any other resources you need access to (modify the apiGroups/resources as required)