From 23fb67c7c377c41522ae76fb34ecb2fa8a129155 Mon Sep 17 00:00:00 2001 From: Jan Stourac Date: Sat, 15 Jun 2024 20:09:00 +0200 Subject: [PATCH 1/3] [CI] let's run params-env workflow also on push Let's run the params-env workflow that checks values in params.env and commit.env files also on push event and also on dispatch_workflow. --- .github/workflows/params-env.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/params-env.yaml b/.github/workflows/params-env.yaml index 1d4da9402..e6ac1674a 100644 --- a/.github/workflows/params-env.yaml +++ b/.github/workflows/params-env.yaml @@ -1,11 +1,13 @@ --- name: Validation of image references (image SHAs) in params.env and runtime images on: # yamllint disable-line rule:truthy + push: pull_request: paths: - 'manifests/base/commit.env' - 'manifests/base/params.env' - 'ci/check-params-env.sh' + workflow_dispatch: permissions: contents: read From 7983f1a802f5ec65f1407515c16ddb12cb1190c7 Mon Sep 17 00:00:00 2001 From: Jan Stourac Date: Sat, 15 Jun 2024 20:11:50 +0200 Subject: [PATCH 2/3] [CI] enhance the check-params-env.sh to also check uniqueness of values Up to now, it only checked that variables used in params.env file are unique. This change checks also that the images referenced are unique as we don't expect any of the given variables to hold the same reference. --- ci/check-params-env.sh | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/ci/check-params-env.sh b/ci/check-params-env.sh index 686b1d344..ba480e7b9 100755 --- a/ci/check-params-env.sh +++ b/ci/check-params-env.sh @@ -31,6 +31,7 @@ EXPECTED_NUM_RECORDS=20 function check_variables_uniq() { local env_file_path="${1}" + local allow_value_duplicity="${2:=false}" local ret_code=0 echo "Checking that all variables in the file '${env_file_path}' are unique and expected" @@ -45,10 +46,31 @@ function check_variables_uniq() { num_uniq_records=$(echo "${content}" | uniq | wc -l) test "${num_records}" -eq "${num_uniq_records}" || { - echo "Some of the records in the file aren't unique!" + echo "Some of the variables in the file aren't unique!" ret_code=1 } + # ---- + if test "${allow_value_duplicity}" = "false"; then + echo "Checking that all values assigned to variables in the file '${env_file_path}' are unique and expected" + + content=$(sed 's#.*=\(.*\)#\1#' "${env_file_path}" | sort) + + local num_values + num_values=$(echo "${content}" | wc -l) + + local num_uniq_values + num_uniq_values=$(echo "${content}" | uniq | wc -l) + + test "${num_values}" -eq "${num_uniq_values}" || { + echo "Some of the values in the file aren't unique!" + ret_code=1 + } + fi + + # ---- + echo "Checking that there are expected number of records in the file '${env_file_path}'" + test "${num_records}" -eq "${EXPECTED_NUM_RECORDS}" || { echo "Number of records in the file is incorrect - expected '${EXPECTED_NUM_RECORDS}' but got '${num_records}'!" ret_code=1 @@ -282,13 +304,13 @@ ret_code=0 echo "Starting check of image references in files: '${COMMIT_ENV_PATH}' and '${PARAMS_ENV_PATH}'" echo "---------------------------------------------" -check_variables_uniq "${COMMIT_ENV_PATH}" || { +check_variables_uniq "${COMMIT_ENV_PATH}" "true" || { echo "ERROR: Variable names in the '${COMMIT_ENV_PATH}' file failed validation!" echo "----------------------------------------------------" ret_code=1 } -check_variables_uniq "${PARAMS_ENV_PATH}" || { +check_variables_uniq "${PARAMS_ENV_PATH}" "false" || { echo "ERROR: Variable names in the '${PARAMS_ENV_PATH}' file failed validation!" echo "----------------------------------------------------" ret_code=1 From 7ce69e6a1368f7992f2fde74434a4614f5326c99 Mon Sep 17 00:00:00 2001 From: Jan Stourac Date: Sat, 15 Jun 2024 20:13:33 +0200 Subject: [PATCH 3/3] [CI] check-params-env.sh prints also time of creation of the checked image --- ci/check-params-env.sh | 6 ++++++ ci/check-runtime-images.sh | 8 ++++++++ 2 files changed, 14 insertions(+) diff --git a/ci/check-params-env.sh b/ci/check-params-env.sh index ba480e7b9..52d40d0cd 100755 --- a/ci/check-params-env.sh +++ b/ci/check-params-env.sh @@ -248,6 +248,7 @@ function check_image() { local image_name local image_commit_id local image_commitref + local image_created image_metadata="$(skopeo inspect --config "docker://${image_url}")" || { echo "Couldn't download image metadata with skopeo tool!" @@ -265,6 +266,10 @@ function check_image() { echo "Couldn't parse '.config.Labels."io.openshift.build.commit.ref"' from image metadata!" return 1 } + image_created=$(echo "${image_metadata}" | jq --raw-output '.created') || { + echo "Couldn't parse '.created' from image metadata!" + return 1 + } local config_env local build_name_raw @@ -289,6 +294,7 @@ function check_image() { } echo "Image name retrieved: '${image_name}'" + echo "Image created: '${image_created}'" check_image_variable_matches_name_and_commitref "${image_variable}" "${image_name}" "${image_commitref}" "${openshift_build_name}" || return 1 diff --git a/ci/check-runtime-images.sh b/ci/check-runtime-images.sh index 8908a9b6c..826ea2197 100755 --- a/ci/check-runtime-images.sh +++ b/ci/check-runtime-images.sh @@ -27,6 +27,7 @@ function check_image() { local img_tag local img_url local img_metadata + local img_created img_tag=$(jq -r '.metadata.tags[0]' "${runtime_image_file}") || { echo "ERROR: Couldn't parse image tags metadata for '${runtime_image_file}' runtime image file!" @@ -42,6 +43,11 @@ function check_image() { return 1 } + img_created=$(echo "${img_metadata}" | jq --raw-output '.created') || { + echo "Couldn't parse '.created' from image metadata!" + return 1 + } + local expected_string="runtime-${img_tag}-ubi" echo "Checking that '${expected_string}' is present in the image metadata" echo "${img_metadata}" | grep --quiet "${expected_string}" || { @@ -49,6 +55,8 @@ function check_image() { return 1 } + echo "Image created: '${img_created}'" + # TODO: we shall extend this check to check also Label "io.openshift.build.commit.ref" value (e.g. '2024a') or something similar }