From 71248ea4e6b560ab479784525e56eaec29646454 Mon Sep 17 00:00:00 2001 From: OpenShift Cherrypick Robot Date: Fri, 21 Jun 2024 17:58:02 +0200 Subject: [PATCH] [2024a] [CI] Enhance params env check script (#575) * let's run params-env workflow also on push Let's run the params-env workflow that checks values in params.env and commit.env files also on push event and also on dispatch_workflow. * enhance the check-params-env.sh to also check uniqueness of values Up to now, it only checked that variables used in params.env file are unique. This change checks also that the images referenced are unique as we don't expect any of the given variables to hold the same reference. * check-params-env.sh prints also time of creation of the checked image --------- Co-authored-by: Jan Stourac --- .github/workflows/params-env.yaml | 2 ++ ci/check-params-env.sh | 34 ++++++++++++++++++++++++++++--- ci/check-runtime-images.sh | 8 ++++++++ 3 files changed, 41 insertions(+), 3 deletions(-) diff --git a/.github/workflows/params-env.yaml b/.github/workflows/params-env.yaml index 1d4da9402..e6ac1674a 100644 --- a/.github/workflows/params-env.yaml +++ b/.github/workflows/params-env.yaml @@ -1,11 +1,13 @@ --- name: Validation of image references (image SHAs) in params.env and runtime images on: # yamllint disable-line rule:truthy + push: pull_request: paths: - 'manifests/base/commit.env' - 'manifests/base/params.env' - 'ci/check-params-env.sh' + workflow_dispatch: permissions: contents: read diff --git a/ci/check-params-env.sh b/ci/check-params-env.sh index 686b1d344..52d40d0cd 100755 --- a/ci/check-params-env.sh +++ b/ci/check-params-env.sh @@ -31,6 +31,7 @@ EXPECTED_NUM_RECORDS=20 function check_variables_uniq() { local env_file_path="${1}" + local allow_value_duplicity="${2:=false}" local ret_code=0 echo "Checking that all variables in the file '${env_file_path}' are unique and expected" @@ -45,10 +46,31 @@ function check_variables_uniq() { num_uniq_records=$(echo "${content}" | uniq | wc -l) test "${num_records}" -eq "${num_uniq_records}" || { - echo "Some of the records in the file aren't unique!" + echo "Some of the variables in the file aren't unique!" ret_code=1 } + # ---- + if test "${allow_value_duplicity}" = "false"; then + echo "Checking that all values assigned to variables in the file '${env_file_path}' are unique and expected" + + content=$(sed 's#.*=\(.*\)#\1#' "${env_file_path}" | sort) + + local num_values + num_values=$(echo "${content}" | wc -l) + + local num_uniq_values + num_uniq_values=$(echo "${content}" | uniq | wc -l) + + test "${num_values}" -eq "${num_uniq_values}" || { + echo "Some of the values in the file aren't unique!" + ret_code=1 + } + fi + + # ---- + echo "Checking that there are expected number of records in the file '${env_file_path}'" + test "${num_records}" -eq "${EXPECTED_NUM_RECORDS}" || { echo "Number of records in the file is incorrect - expected '${EXPECTED_NUM_RECORDS}' but got '${num_records}'!" ret_code=1 @@ -226,6 +248,7 @@ function check_image() { local image_name local image_commit_id local image_commitref + local image_created image_metadata="$(skopeo inspect --config "docker://${image_url}")" || { echo "Couldn't download image metadata with skopeo tool!" @@ -243,6 +266,10 @@ function check_image() { echo "Couldn't parse '.config.Labels."io.openshift.build.commit.ref"' from image metadata!" return 1 } + image_created=$(echo "${image_metadata}" | jq --raw-output '.created') || { + echo "Couldn't parse '.created' from image metadata!" + return 1 + } local config_env local build_name_raw @@ -267,6 +294,7 @@ function check_image() { } echo "Image name retrieved: '${image_name}'" + echo "Image created: '${image_created}'" check_image_variable_matches_name_and_commitref "${image_variable}" "${image_name}" "${image_commitref}" "${openshift_build_name}" || return 1 @@ -282,13 +310,13 @@ ret_code=0 echo "Starting check of image references in files: '${COMMIT_ENV_PATH}' and '${PARAMS_ENV_PATH}'" echo "---------------------------------------------" -check_variables_uniq "${COMMIT_ENV_PATH}" || { +check_variables_uniq "${COMMIT_ENV_PATH}" "true" || { echo "ERROR: Variable names in the '${COMMIT_ENV_PATH}' file failed validation!" echo "----------------------------------------------------" ret_code=1 } -check_variables_uniq "${PARAMS_ENV_PATH}" || { +check_variables_uniq "${PARAMS_ENV_PATH}" "false" || { echo "ERROR: Variable names in the '${PARAMS_ENV_PATH}' file failed validation!" echo "----------------------------------------------------" ret_code=1 diff --git a/ci/check-runtime-images.sh b/ci/check-runtime-images.sh index 8908a9b6c..826ea2197 100755 --- a/ci/check-runtime-images.sh +++ b/ci/check-runtime-images.sh @@ -27,6 +27,7 @@ function check_image() { local img_tag local img_url local img_metadata + local img_created img_tag=$(jq -r '.metadata.tags[0]' "${runtime_image_file}") || { echo "ERROR: Couldn't parse image tags metadata for '${runtime_image_file}' runtime image file!" @@ -42,6 +43,11 @@ function check_image() { return 1 } + img_created=$(echo "${img_metadata}" | jq --raw-output '.created') || { + echo "Couldn't parse '.created' from image metadata!" + return 1 + } + local expected_string="runtime-${img_tag}-ubi" echo "Checking that '${expected_string}' is present in the image metadata" echo "${img_metadata}" | grep --quiet "${expected_string}" || { @@ -49,6 +55,8 @@ function check_image() { return 1 } + echo "Image created: '${img_created}'" + # TODO: we shall extend this check to check also Label "io.openshift.build.commit.ref" value (e.g. '2024a') or something similar }