Retool publishing of images to Red Hat

Recently it was discovered that Red Hat has changed their Connect portal and modified how container images are certified for external registries. This was revealed in the Red Hat support ticket #02995530.

No longer will the images be pushed to scan.connect.redhat.com, but will now be scanned from the external registry. The new API process is documented in Red Hat's Partner Guide for OpenShift and Container Certification.

This will require that a new Connect portal account be created so that an API key can be generated to be used in the CI pipelines. The Connect portal account will require a unique email address, so GitLab IT will need to be involved to setup an email address (which forwards to distribution@gitlab.com) so that the Connect portal account can be setup.

The existing push_to_redhat.rb script can be stripped of the pushing and pulling operations to handle calling the Red Hat API to trigger the scanning. This script already handles selecting the proper version of each image and filtering out the autodeploy builds so retooling should not require rebuilding from scratch.

Anticipated work/modifications

• Involve GitLab IT to create an email account forwarding to distribution@gitlab.com
• Involve Red Hat Alliances group to generate an invite to the Connect portal
• Remove the functions and code that refer to pulling and pushing to registries
• Including the requests GEM for handling API calls
• Remove the REDHAT_SECRETS_JSON CI variable
• Create new CI variable to contain the Red Hat API token
• Create new CI variable to associate CNG/Operator image names to Red Hat's OSP ID (project ID)
• Update script to modify core loop to make API calls for each image and handle errors appropriately

Closes gitlab-org/charts/gitlab#2846 (closed)