chore(ci): &2 is more portable than /dev/stderr (#1109)

.github/scripts/create-values-diff.sh

@@ -14,7 +14,7 @@ if [[ -v 3 ]]; then
       dryRun=true
       ;;
     *)
-      echo "Option '$3' not supported" >/dev/stderr
+      echo "Option '$3' not supported" >&2
       exit 1
       ;;
   esac
@@ -23,7 +23,7 @@ else
 fi
 
 if yq -e '.type == "library"' "$chart/Chart.yaml" >/dev/null; then
-  echo "Skipping library chart '$chart'" >/dev/stderr
+  echo "Skipping library chart '$chart'" >&2
   exit 0
 fi
 

.github/scripts/enforce-trusted-registries.sh

@@ -10,7 +10,7 @@ function getUntrustedImages() {
   local chart="${1?}"
   local trustedImagesRegex
 
-  trustedImagesRegex="$(yq -r -f .github/scripts/trusted_images_regex.jq <.github/trusted_registries.yaml)"
+  trustedImagesRegex="$(yq -r -f .github/scripts/trusted_images_regex.jq .github/trusted_registries.yaml)"
 
   yq -r '.annotations["artifacthub.io/images"]' "$chart/Chart.yaml" |
     yq -r '.[] | .image' |
@@ -22,18 +22,18 @@ function enforceTrustedImages() {
   local chart="${1?}"
   local untrustedImages=()
   if yq -e '.type == "library"' "$chart/Chart.yaml" >/dev/null; then
-    echo "Skipping library chart '$chart'" >/dev/stderr
+    echo "Skipping library chart '$chart'" >&2
     return 0
   fi
 
   mapfile -t untrustedImages < <(getUntrustedImages "$chart")
   if [[ "${#untrustedImages[@]}" -gt 0 ]]; then
-    echo "found ${#untrustedImages[@]} untrusted images in '$chart', please fix;" >/dev/stderr
+    echo "found ${#untrustedImages[@]} untrusted images in '$chart', please fix;" >&2
     for untrustedImage in "${untrustedImages[@]}"; do
-      echo "  > $untrustedImage, found in the following resources:" >/dev/stderr
+      echo "  > $untrustedImage, found in the following resources:" >&2
       # shellcheck disable=SC2016
       yq --arg image "$untrustedImage" -r '.annotations["artifacthub.io/images"] | split("\n")[] | select(contains($image))' "$chart/Chart.yaml" |
-        awk '{print "      - " $NF}' >/dev/stderr
+        awk '{print "      - " $NF}' >&2
     done
     return 1
   fi

.github/scripts/extract-artifacthub-images.sh

@@ -45,7 +45,7 @@ function updateChartYaml() {
   (
     echo "artifacthub.io/images: |"
     getImages "$chart" "$existingDir" | awk '{print "  " $0}'
-  ) | tee "$tmpDir/images.yaml" >/dev/stderr
+  ) | tee "$tmpDir/images.yaml" >&2
 
   if yq -e .annotations "$chart/Chart.yaml" >/dev/null; then
     yq -y '.annotations | del(.["artifacthub.io/images"])' "$chart/Chart.yaml" >"$tmpDir/annotations.yaml"
@@ -66,19 +66,19 @@ function updateChartYaml() {
 
 if [[ "$#" -ge 1 ]]; then
   if ! [[ -d "$1" ]]; then
-    echo "Invalid chart directory '$1', exiting" >/dev/stderr
+    echo "Invalid chart directory '$1', exiting" >&2
     exit 1
   fi
   if yq -e '.type == "library"' "$1/Chart.yaml" >/dev/null; then
-    echo "Skipping library chart '$1'" >/dev/stderr
+    echo "Skipping library chart '$1'" >&2
     exit 0
   fi
   if ! [[ -f "$1/ci/artifacthub-values.yaml" ]]; then
-    echo "There is no 'artifacthub-values.yaml' in 'charts/$1/ci', exiting" >/dev/stderr
+    echo "There is no 'artifacthub-values.yaml' in 'charts/$1/ci', exiting" >&2
     exit 1
   fi
   if [[ -v 2 ]] && ! [[ -d "$2/artifacthub-values" ]]; then
-    echo "Missing artifacthub-values directory '$2', exiting" >/dev/stderr
+    echo "Missing artifacthub-values directory '$2', exiting" >&2
     exit 1
   fi
   updateChartYaml "$1" "${2:-}"
@@ -88,7 +88,7 @@ else
     [[ -f "$chart/ci/artifacthub-values.yaml" ]] || continue
 
     if yq -e '.type == "library"' "$chart/Chart.yaml" >/dev/null; then
-      echo "Skipping library chart '$chart'" >/dev/stderr
+      echo "Skipping library chart '$chart'" >&2
       exit 0
     fi
     updateChartYaml "$chart"

.github/scripts/prepare-values.sh

@@ -22,15 +22,15 @@ function prepare-values() {
     values="$chart/values.yaml"
     mergeYaml "$values" "$commonValues" | sponge "$values"
     if [[ "$RUNNER_DEBUG" == 1 ]]; then
-      cat "$values" >/dev/stderr
+      cat "$values" >&2
     fi
   fi
   for valuesScript in "$chart/ci/"*-gen-values.sh; do
     [[ -f "$valuesScript" ]] || continue
     values="${valuesScript/.sh/.yaml}"
     "$valuesScript" | yq -y | sponge "$values"
     if [[ "$RUNNER_DEBUG" == 1 ]]; then
-      cat "$values" >/dev/stderr
+      cat "$values" >&2
     fi
   done
 }

.github/scripts/splitYamlIntoDir

@@ -23,7 +23,7 @@ function splitYamlIntoDir() {
 
     resourceName="$dir/$namespace/$kind/$name.yaml"
     if [[ -f "$resourceName" ]]; then
-      echo "'$resourceName' shouldn't already exist" >/dev/stderr
+      echo "'$resourceName' shouldn't already exist" >&2
       return 1
     fi
     mkdir -p "$(dirname "$resourceName")"

.github/scripts/templateHelmChart.sh

@@ -50,15 +50,15 @@ function templateHelmRelease() {
   namespace=$(yq <<<"$helmReleaseYaml" -er '.spec.targetNamespace // .metadata.namespace')
   releaseName=$(yq <<<"$helmReleaseYaml" -er '.spec.releaseName // .metadata.name')
   values=$(yq <<<"$helmReleaseYaml" -y -r .spec.values)
-  echo "Templating '$namespace/$releaseName'" >/dev/stderr
+  echo "Templating '$namespace/$releaseName'" >&2
 
   sourceNamespace=$(yq <<<"$helmReleaseYaml" -er ".spec.chart.spec.sourceRef.namespace // \"$namespace\"")
   sourceName=$(yq <<<"$helmReleaseYaml" -er .spec.chart.spec.sourceRef.name)
   sourceKind=$(yq <<<"$helmReleaseYaml" -er .spec.chart.spec.sourceRef.kind)
   sourceYaml=$(yq <<<"$yaml" -rys '[.[] | select(.kind == "'"$sourceKind"'")][]')
   sourceResource=$(yq <<<"$sourceYaml" -rys "[.[] | select( (.metadata.namespace == \"$sourceNamespace\") and (.metadata.name == \"$sourceName\") )][0]")
   if [[ "$sourceResource" =~ .*"null".* ]]; then
-    echo "Failed to get source '$sourceNamespace/$sourceKind/$sourceName'" >/dev/stderr
+    echo "Failed to get source '$sourceNamespace/$sourceKind/$sourceName'" >&2
     return 0
   fi
   chartName="$(yq <<<"$helmReleaseYaml" -er .spec.chart.spec.chart)"
@@ -83,15 +83,15 @@ function templateHelmRelease() {
           args+=("$helmRepositoryUrl/$chartName")
           ;;
         *)
-          echo "'$helmRepositoryUrl' is not supported" >/dev/stderr
+          echo "'$helmRepositoryUrl' is not supported" >&2
           return 1
           ;;
       esac
       chartVersion="$(yq <<<"$helmReleaseYaml" -er .spec.chart.spec.version)"
       helm <<<"$values" template --namespace "$namespace" "${args[@]}" --version "$chartVersion" --values -
       ;;
     *)
-      echo "'$sourceKind' is not implemented" >/dev/stderr
+      echo "'$sourceKind' is not implemented" >&2
       ;;
   esac
 }
@@ -103,7 +103,7 @@ function templateLocalHelmChart() {
   chart="$(basename "$chartPath")"
   local tmpDir
   tmpDir=$(mktemp -d -p "$TMP_DIR")
-  echo "Templating '$chart' with '$values'" >/dev/stderr
+  echo "Templating '$chart' with '$values'" >&2
   cp -r "$chartPath" "$tmpDir/$chart"
   helm dependency update "$tmpDir/$chart" >/dev/null
   helm template "$chart" "$tmpDir/$chart" --values "$values"
@@ -133,7 +133,7 @@ function templateRemoteHelmChart() {
   local chart="${2?}"
   local values="${3:-charts/$chart/ci/artifacthub-values.yaml}"
 
-  echo "Templating '$repo/$chart' with '$values'" >/dev/stderr
+  echo "Templating '$repo/$chart' with '$values'" >&2
 
   helm template --repo "$repo" "$chart" "$chart" --values "$values"
 }
@@ -144,7 +144,7 @@ function templateGitHelmChart() {
   local branch="${3?}"
   local values="${4:-charts/$path/ci/artifacthub-values.yaml}"
 
-  echo "Templating '$repo/$path' with '$values'" >/dev/stderr
+  echo "Templating '$repo/$path' with '$values'" >&2
 
   templateGitHelmRelease "$repo" "$branch" "$path" "" "$(basename "$path")" "$values"
 }
@@ -171,7 +171,7 @@ case "$script" in
     templateHelmRelease "$@"
     ;;
   *)
-    echo "Wrong script: '$0'" >/dev/stderr
+    echo "Wrong script: '$0'" >&2
     exit 1
     ;;
 esac | (if [[ "$recursive" == true ]]; then templateSubHelmCharts; else cat -; fi)

.github/scripts/templateHelmChartRecursivelyToFolder.sh

@@ -10,7 +10,7 @@ chart=${1?You need to provide the chart name}
 targetDir=${2?You need to provide the target directory}
 
 if yq -e '.type == "library"' "$chart/Chart.yaml" >/dev/null; then
-  echo "Skipping library chart '$chart'" >/dev/stderr
+  echo "Skipping library chart '$chart'" >&2
   [[ -v GITHUB_OUTPUT ]] && [[ -f "$GITHUB_OUTPUT" ]] && echo "skipped=true" | tee -a "$GITHUB_OUTPUT"
   exit 0
 else

.github/scripts/trusted_images_regex.jq

@@ -1,5 +1,5 @@
 [
-  .registries | paths(scalars) as $p | $p + [getpath($p)] |
+  paths(scalars) as $p | $p + [getpath($p)] |
     .[-1] as $type |
       if $type == "ALL_IMAGES" then
         "\(.[0:-1] | join("/"))/.*"

.github/trusted_registries.yaml

@@ -1,48 +1,47 @@
-registries:
-  docker.io:
-    aelbakry:
-      kdave-server: ALL_TAGS
-    bats:
-      bats: ALL_TAGS
-    bitnami: ALL_IMAGES
-    busybox: ALL_TAGS
-    confluentinc:
-      cp-kafka: ALL_TAGS
-    curlimages:
-      curl: ALL_TAGS
-    emberstack:
-      kubernetes-reflector: ALL_TAGS
-    fluxcd: ALL_IMAGES
-    grafana: ALL_IMAGES
-    hjacobs:
-      kube-janitor: ALL_TAGS
-    stellio: ALL_IMAGES
-    velero: ALL_IMAGES
-    vladgh:
-      gpg: ALL_TAGS
-    otel:
-      opentelemetry-collector-contrib: ALL_TAGS
-    ckan:
-      ckan-base-datapusher: ALL_TAGS
-  ghcr.io:
-    aquasecurity: ALL_IMAGES
-    kyverno: ALL_IMAGES
-    teutonet: ALL_IMAGES
-  quay.io:
-    cilium: ALL_IMAGES
-    jetstack: ALL_IMAGES
-    kiwigrid:
-      k8s-sidecar: ALL_TAGS
-    prometheus: ALL_IMAGES
-    prometheus-operator: ALL_IMAGES
-  registry.k8s.io:
-    descheduler: ALL_IMAGES
-    ingress-nginx: ALL_IMAGES
-    kube-state-metrics: ALL_IMAGES
-    sig-storage:
-      nfs-provisioner: ALL_TAGS
-    etcd: ALL_TAGS
-    provider-os: ALL_IMAGES
-  k8s.gcr.io:
-    sig-storage: ALL_IMAGES
-  registry-gitlab.teuto.net: ALL_IMAGES
+docker.io:
+  aelbakry:
+    kdave-server: ALL_TAGS
+  bats:
+    bats: ALL_TAGS
+  bitnami: ALL_IMAGES
+  busybox: ALL_TAGS
+  confluentinc:
+    cp-kafka: ALL_TAGS
+  curlimages:
+    curl: ALL_TAGS
+  emberstack:
+    kubernetes-reflector: ALL_TAGS
+  fluxcd: ALL_IMAGES
+  grafana: ALL_IMAGES
+  hjacobs:
+    kube-janitor: ALL_TAGS
+  stellio: ALL_IMAGES
+  velero: ALL_IMAGES
+  vladgh:
+    gpg: ALL_TAGS
+  otel:
+    opentelemetry-collector-contrib: ALL_TAGS
+  ckan:
+    ckan-base-datapusher: ALL_TAGS
+ghcr.io:
+  aquasecurity: ALL_IMAGES
+  kyverno: ALL_IMAGES
+  teutonet: ALL_IMAGES
+quay.io:
+  cilium: ALL_IMAGES
+  jetstack: ALL_IMAGES
+  kiwigrid:
+    k8s-sidecar: ALL_TAGS
+  prometheus: ALL_IMAGES
+  prometheus-operator: ALL_IMAGES
+registry.k8s.io:
+  descheduler: ALL_IMAGES
+  ingress-nginx: ALL_IMAGES
+  kube-state-metrics: ALL_IMAGES
+  sig-storage:
+    nfs-provisioner: ALL_TAGS
+  etcd: ALL_TAGS
+  provider-os: ALL_IMAGES
+k8s.gcr.io:
+  sig-storage: ALL_IMAGES
+registry-gitlab.teuto.net: ALL_IMAGES

.github/workflows/linter.yaml

@@ -48,7 +48,7 @@ jobs:
       - name: Lint chart
         run: |
           if ! [[ -f "charts/$CHART/values.yaml" ]]; then
-            echo "No values.yaml found for $CHART, skipping 'ct lint'" >/dev/stderr
+            echo "No values.yaml found for $CHART, skipping 'ct lint'" >&2
             helm lint "charts/$CHART"
           else
             ct lint --check-version-increment=false

.github/workflows/release-update-metadata.yaml

@@ -58,7 +58,7 @@ jobs:
         run: |
           set -ex
           if ! [[ -f "charts/$CHART/values.schema.json" ]]; then
-            echo "No values.schema.json found for $CHART" >/dev/stderr
+            echo "No values.schema.json found for $CHART" >&2
             exit 0
           fi
           generate-schema-doc --config-file .github/json-schema-to-md.yaml "charts/$CHART/values.schema.json" "charts/$CHART/values.md"