From 582ee2c6b7c7ea87979532708db30d353bc5655d Mon Sep 17 00:00:00 2001
From: Stephen Kitt <skitt@redhat.com>
Date: Wed, 17 May 2023 17:45:37 +0200
Subject: [PATCH] Check deployed images against built images

After deployment, if any images were built, check that they were used
in the deployment.

Signed-off-by: Stephen Kitt <skitt@redhat.com>
---
 scripts/shared/deploy.sh | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/scripts/shared/deploy.sh b/scripts/shared/deploy.sh
index c37f84e4a..600f75ed5 100755
--- a/scripts/shared/deploy.sh
+++ b/scripts/shared/deploy.sh
@@ -130,6 +130,25 @@ fi
 
 run_if_defined post_deploy
 
+# Check that the deployed images match those we built (if any)
+image_mismatch=false
+for image in package/.image.*; do
+    expected="$(docker image inspect "$(cat "$image")" | jq -r '.[0].RepoDigests[0]')"
+    image="${image#package/.image.}"
+    for deployed in $(kubectl get pods -A -o json | jq -r '.items[].status.containerStatuses[].imageID' | grep "$image"); do
+        if [ "$deployed" != "$expected" ]; then
+            printf "Image %s is deployed with %s, expected %s\n" "$image" "$deployed" "$expected"
+            image_mismatch=true
+        else
+            printf "Successfully checked image %s, deployed with %s\n" "$image" "$deployed"
+        fi
+    done
+done
+if [ "$image_mismatch" = true ]; then
+    kubectl get pods -A -o json
+    exit 1
+fi
+
 # Print installed versions for manual validation of CI
 subctl show versions
 print_clusters_message