From a1259245d85f3e28be8ea38dd0d38b90ef485148 Mon Sep 17 00:00:00 2001
From: Angel Misevski <amisevsk@redhat.com>
Date: Wed, 20 Oct 2021 15:24:52 -0400
Subject: [PATCH] Drop ServiceAccount from OLM bundle to avoid scorecard
 failure

Signed-off-by: Angel Misevski <amisevsk@redhat.com>
---
 deploy/generate-deployment.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/deploy/generate-deployment.sh b/deploy/generate-deployment.sh
index 0a76dc0a0..f91bc4c44 100755
--- a/deploy/generate-deployment.sh
+++ b/deploy/generate-deployment.sh
@@ -191,8 +191,13 @@ if $GEN_OLM; then
   echo "Generating base deployment files for OLM"
   export RBAC_PROXY_IMAGE="${OPENSHIFT_RBAC_PROXY_IMAGE:-registry.redhat.io/openshift4/ose-kube-rbac-proxy:v4.8}"
   export NAMESPACE=openshift-operators
+  # It's needed to filter out the ServiceAccount object for OLM, as having a serviceaccount that matches the serviceaccount
+  # in the CSV causes scorecard failures. The easiest way to do this is by filtering it out *here*, as kustomize makes it
+  # impossible to drop the serviceaccount without reworking the templates significantly (the manager.yaml deployment depends
+  # on the SERVICE_ACCOUNT_NAME variable pulled from the serviceaccount)
   ${KUSTOMIZE} build "${SCRIPT_DIR}/templates/olm" \
     | envsubst "$SUBST_VARS" \
+    | yq -Y 'select(.kind != "ServiceAccount")' \
     > "${OLM_DIR}/${COMBINED_FILENAME}"
   unset RBAC_PROXY_IMAGE
   echo "File saved to ${OLM_DIR}/${COMBINED_FILENAME}"