openshift-apps: overhaul coreos-cincinnati config

This commit makes the coreos-cincinnati setup look similar to the
other CoreOS/OSTree apps that we own. Notable changes:

- We are still building via commit, we only track a single commit
  and not a separate deploy/build one.
- We are now just outputting to a coreos-cincinnati-img:latest
  imagestream tag.
- We are now using a fedora:38 imagestream tag as the from: in our
  build and triggering new builds based on imagestream updates,
  which means we'll get security updates more regularly.
- A bunch of quoting (") in yaml files was removed as it clouded the
  diffs between this app and other apps.
- Some minor diffs between playbooks and other files were removed.

playbooks/openshift-apps/coreos-cincinnati.yml

@@ -27,9 +27,10 @@
     - siosm
     egress_policy_template: "{{ roles_path }}/openshift-apps/coreos-cincinnati/templates/egresspolicy.yml"
 
-  - role: openshift/imagestream
+  - role: openshift/object
     app: coreos-cincinnati
-    imagename: fedora-coreos-cincinnati
+    template: imagestream.yml
+    objectname: imagestream.yml
 
   - role: openshift/object
     app: coreos-cincinnati
@@ -38,8 +39,8 @@
 
   - role: openshift/start-build
     app: coreos-cincinnati
-    buildname: coreos-cincinnati
+    buildname: coreos-cincinnati-build
-    tags: [never, build]
+    objectname: coreos-cincinnati-build
 
   - role: openshift/object
     app: coreos-cincinnati

roles/openshift-apps/coreos-cincinnati/templates/buildconfig.yml

@@ -1,30 +1,34 @@
----
+apiVersion: build.openshift.io/v1
-apiVersion: v1
 kind: BuildConfig
 metadata:
-  name: "coreos-cincinnati"
+  name: coreos-cincinnati-build
   labels:
-    app: "coreos-cincinnati"
+    build: coreos-cincinnati
 spec:
   completionDeadlineSeconds: 1800
   resources:
     requests:
-      memory: "3Gi"
+      memory: 3Gi
     limits:
-      memory: "3Gi"
+      memory: 3Gi
-  runPolicy: "Parallel"
+  runPolicy: Parallel
+  source:
+    type: Git
+    git:
+      uri: https://github.com/coreos/fedora-coreos-cincinnati.git
+      ref: "{{ fcos_cincinnati_git_sha }}"
   strategy:
-    type: "Docker"
+    type: Docker
     dockerStrategy:
       dockerfilePath: "dist/fedora-infra/Dockerfile"
-  source:
+      from:
-    type: "Git"
+        kind: ImageStreamTag
-    git:
+        name: fedora:38
-      uri: "https://github.com/coreos/fedora-coreos-cincinnati.git"
-      ref: "{{fcos_cincinnati_build_git_sha}}"
-  triggers:
-    - type: "ConfigChange"
   output:
     to:
-      kind: "ImageStreamTag"
+      kind: ImageStreamTag
-      name: "fedora-coreos-cincinnati:gitref-{{fcos_cincinnati_build_git_sha}}"
+      name: coreos-cincinnati-img:latest
+  triggers:
+    - type: ImageChange
+      imageChange: {}
+    - type: ConfigChange

roles/openshift-apps/coreos-cincinnati/templates/deploymentconfig.yml

@@ -1,10 +1,9 @@
----
 apiVersion: apps.openshift.io/v1
 kind: DeploymentConfig
 metadata:
-  name: coreos-cincinnati
   labels:
     app: coreos-cincinnati
+  name: coreos-cincinnati
 spec:
   replicas: 1
   selector:
@@ -25,33 +24,43 @@ spec:
     metadata:
       labels:
         app: coreos-cincinnati
+    name: coreos-cincinnati
     spec:
       containers:
-        - name: "fcos-graph-builder"
+        - name: fcos-graph-builder
-          image: "image-registry.openshift-image-registry.svc:5000/coreos-cincinnati/fedora-coreos-cincinnati:gitref-{{fcos_cincinnati_deploy_git_sha}}"
+          image: ""
           args: [
             "/usr/local/bin/fcos-graph-builder",
             "-v",
             "-c", "/etc/cincinnati/graph-builder.toml",
           ]
           volumeMounts:
-            - name: "stub-config"
+            - name: stub-config
-              mountPath: "/etc/cincinnati/"
+              mountPath: /etc/cincinnati/
               readOnly: true
-        - name: "fcos-policy-engine"
+        - name: fcos-policy-engine
-          image: "image-registry.openshift-image-registry.svc:5000/coreos-cincinnati/fedora-coreos-cincinnati:gitref-{{fcos_cincinnati_deploy_git_sha}}"
+          image: ""
           args: [
             "/usr/local/bin/fcos-policy-engine",
             "-v",
             "-c", "/etc/cincinnati/policy-engine.toml",
           ]
           volumeMounts:
-            - name: "stub-config"
+            - name: stub-config
-              mountPath: "/etc/cincinnati/"
+              mountPath: /etc/cincinnati/
               readOnly: true
       volumes:
-        - name: "stub-config"
+        - name: stub-config
           configMap:
-            name: "coreos-cincinnati-config-stub"
+            name: coreos-cincinnati-config-stub
   triggers:
-    - type: "ConfigChange"
+    - type: ConfigChange
+    - type: ImageChange
+      imageChangeParams:
+        automatic: true
+        containerNames:
+          - fcos-graph-builder
+          - fcos-policy-engine
+        from:
+          kind: ImageStreamTag
+          name: coreos-cincinnati-img:latest

roles/openshift-apps/coreos-cincinnati/vars/production.yml

@@ -1,3 +1,2 @@
 ---
-fcos_cincinnati_build_git_sha: e1880e091425c263d64866fbbe9d91cbef49e123
+fcos_cincinnati_git_sha: 3b42a35a3c857a250d91ea7853faf1a97de5a2b5
-fcos_cincinnati_deploy_git_sha: e1880e091425c263d64866fbbe9d91cbef49e123

roles/openshift-apps/coreos-cincinnati/vars/staging.yml

@@ -1,3 +1,2 @@
 ---
-fcos_cincinnati_build_git_sha: e1880e091425c263d64866fbbe9d91cbef49e123
+fcos_cincinnati_git_sha: 3b42a35a3c857a250d91ea7853faf1a97de5a2b5
-fcos_cincinnati_deploy_git_sha: e1880e091425c263d64866fbbe9d91cbef49e123