From 6aeea52c4dbb09739812b7d236e077ad70a276e3 Mon Sep 17 00:00:00 2001 From: Chris Werner Rau Date: Mon, 19 Aug 2024 15:13:09 +0200 Subject: [PATCH] chore(ci): &2 is more portable than /dev/stderr (#1109) --- .github/scripts/create-values-diff.sh | 4 +- .github/scripts/enforce-trusted-registries.sh | 10 +- .github/scripts/extract-artifacthub-images.sh | 12 +-- .github/scripts/prepare-values.sh | 4 +- .github/scripts/splitYamlIntoDir | 2 +- .github/scripts/templateHelmChart.sh | 16 ++-- .../templateHelmChartRecursivelyToFolder.sh | 2 +- .github/scripts/trusted_images_regex.jq | 2 +- .github/trusted_registries.yaml | 95 +++++++++---------- .github/workflows/linter.yaml | 2 +- .../workflows/release-update-metadata.yaml | 2 +- 11 files changed, 75 insertions(+), 76 deletions(-) diff --git a/.github/scripts/create-values-diff.sh b/.github/scripts/create-values-diff.sh index c07cf1bf6..ca7d4649e 100755 --- a/.github/scripts/create-values-diff.sh +++ b/.github/scripts/create-values-diff.sh @@ -14,7 +14,7 @@ if [[ -v 3 ]]; then dryRun=true ;; *) - echo "Option '$3' not supported" >/dev/stderr + echo "Option '$3' not supported" >&2 exit 1 ;; esac @@ -23,7 +23,7 @@ else fi if yq -e '.type == "library"' "$chart/Chart.yaml" >/dev/null; then - echo "Skipping library chart '$chart'" >/dev/stderr + echo "Skipping library chart '$chart'" >&2 exit 0 fi diff --git a/.github/scripts/enforce-trusted-registries.sh b/.github/scripts/enforce-trusted-registries.sh index c98deacc6..9f31604d2 100755 --- a/.github/scripts/enforce-trusted-registries.sh +++ b/.github/scripts/enforce-trusted-registries.sh @@ -10,7 +10,7 @@ function getUntrustedImages() { local chart="${1?}" local trustedImagesRegex - trustedImagesRegex="$(yq -r -f .github/scripts/trusted_images_regex.jq <.github/trusted_registries.yaml)" + trustedImagesRegex="$(yq -r -f .github/scripts/trusted_images_regex.jq .github/trusted_registries.yaml)" yq -r '.annotations["artifacthub.io/images"]' "$chart/Chart.yaml" | yq -r '.[] | .image' | @@ -22,18 +22,18 @@ function enforceTrustedImages() { local chart="${1?}" local untrustedImages=() if yq -e '.type == "library"' "$chart/Chart.yaml" >/dev/null; then - echo "Skipping library chart '$chart'" >/dev/stderr + echo "Skipping library chart '$chart'" >&2 return 0 fi mapfile -t untrustedImages < <(getUntrustedImages "$chart") if [[ "${#untrustedImages[@]}" -gt 0 ]]; then - echo "found ${#untrustedImages[@]} untrusted images in '$chart', please fix;" >/dev/stderr + echo "found ${#untrustedImages[@]} untrusted images in '$chart', please fix;" >&2 for untrustedImage in "${untrustedImages[@]}"; do - echo " > $untrustedImage, found in the following resources:" >/dev/stderr + echo " > $untrustedImage, found in the following resources:" >&2 # shellcheck disable=SC2016 yq --arg image "$untrustedImage" -r '.annotations["artifacthub.io/images"] | split("\n")[] | select(contains($image))' "$chart/Chart.yaml" | - awk '{print " - " $NF}' >/dev/stderr + awk '{print " - " $NF}' >&2 done return 1 fi diff --git a/.github/scripts/extract-artifacthub-images.sh b/.github/scripts/extract-artifacthub-images.sh index 4db57af7f..66d943c7f 100755 --- a/.github/scripts/extract-artifacthub-images.sh +++ b/.github/scripts/extract-artifacthub-images.sh @@ -45,7 +45,7 @@ function updateChartYaml() { ( echo "artifacthub.io/images: |" getImages "$chart" "$existingDir" | awk '{print " " $0}' - ) | tee "$tmpDir/images.yaml" >/dev/stderr + ) | tee "$tmpDir/images.yaml" >&2 if yq -e .annotations "$chart/Chart.yaml" >/dev/null; then yq -y '.annotations | del(.["artifacthub.io/images"])' "$chart/Chart.yaml" >"$tmpDir/annotations.yaml" @@ -66,19 +66,19 @@ function updateChartYaml() { if [[ "$#" -ge 1 ]]; then if ! [[ -d "$1" ]]; then - echo "Invalid chart directory '$1', exiting" >/dev/stderr + echo "Invalid chart directory '$1', exiting" >&2 exit 1 fi if yq -e '.type == "library"' "$1/Chart.yaml" >/dev/null; then - echo "Skipping library chart '$1'" >/dev/stderr + echo "Skipping library chart '$1'" >&2 exit 0 fi if ! [[ -f "$1/ci/artifacthub-values.yaml" ]]; then - echo "There is no 'artifacthub-values.yaml' in 'charts/$1/ci', exiting" >/dev/stderr + echo "There is no 'artifacthub-values.yaml' in 'charts/$1/ci', exiting" >&2 exit 1 fi if [[ -v 2 ]] && ! [[ -d "$2/artifacthub-values" ]]; then - echo "Missing artifacthub-values directory '$2', exiting" >/dev/stderr + echo "Missing artifacthub-values directory '$2', exiting" >&2 exit 1 fi updateChartYaml "$1" "${2:-}" @@ -88,7 +88,7 @@ else [[ -f "$chart/ci/artifacthub-values.yaml" ]] || continue if yq -e '.type == "library"' "$chart/Chart.yaml" >/dev/null; then - echo "Skipping library chart '$chart'" >/dev/stderr + echo "Skipping library chart '$chart'" >&2 exit 0 fi updateChartYaml "$chart" diff --git a/.github/scripts/prepare-values.sh b/.github/scripts/prepare-values.sh index 75fbc189d..56f2c0f26 100755 --- a/.github/scripts/prepare-values.sh +++ b/.github/scripts/prepare-values.sh @@ -22,7 +22,7 @@ function prepare-values() { values="$chart/values.yaml" mergeYaml "$values" "$commonValues" | sponge "$values" if [[ "$RUNNER_DEBUG" == 1 ]]; then - cat "$values" >/dev/stderr + cat "$values" >&2 fi fi for valuesScript in "$chart/ci/"*-gen-values.sh; do @@ -30,7 +30,7 @@ function prepare-values() { values="${valuesScript/.sh/.yaml}" "$valuesScript" | yq -y | sponge "$values" if [[ "$RUNNER_DEBUG" == 1 ]]; then - cat "$values" >/dev/stderr + cat "$values" >&2 fi done } diff --git a/.github/scripts/splitYamlIntoDir b/.github/scripts/splitYamlIntoDir index 1ff4ca532..90cb6acde 100755 --- a/.github/scripts/splitYamlIntoDir +++ b/.github/scripts/splitYamlIntoDir @@ -23,7 +23,7 @@ function splitYamlIntoDir() { resourceName="$dir/$namespace/$kind/$name.yaml" if [[ -f "$resourceName" ]]; then - echo "'$resourceName' shouldn't already exist" >/dev/stderr + echo "'$resourceName' shouldn't already exist" >&2 return 1 fi mkdir -p "$(dirname "$resourceName")" diff --git a/.github/scripts/templateHelmChart.sh b/.github/scripts/templateHelmChart.sh index c3c94effc..f1e9219c7 100755 --- a/.github/scripts/templateHelmChart.sh +++ b/.github/scripts/templateHelmChart.sh @@ -50,7 +50,7 @@ function templateHelmRelease() { namespace=$(yq <<<"$helmReleaseYaml" -er '.spec.targetNamespace // .metadata.namespace') releaseName=$(yq <<<"$helmReleaseYaml" -er '.spec.releaseName // .metadata.name') values=$(yq <<<"$helmReleaseYaml" -y -r .spec.values) - echo "Templating '$namespace/$releaseName'" >/dev/stderr + echo "Templating '$namespace/$releaseName'" >&2 sourceNamespace=$(yq <<<"$helmReleaseYaml" -er ".spec.chart.spec.sourceRef.namespace // \"$namespace\"") sourceName=$(yq <<<"$helmReleaseYaml" -er .spec.chart.spec.sourceRef.name) @@ -58,7 +58,7 @@ function templateHelmRelease() { sourceYaml=$(yq <<<"$yaml" -rys '[.[] | select(.kind == "'"$sourceKind"'")][]') sourceResource=$(yq <<<"$sourceYaml" -rys "[.[] | select( (.metadata.namespace == \"$sourceNamespace\") and (.metadata.name == \"$sourceName\") )][0]") if [[ "$sourceResource" =~ .*"null".* ]]; then - echo "Failed to get source '$sourceNamespace/$sourceKind/$sourceName'" >/dev/stderr + echo "Failed to get source '$sourceNamespace/$sourceKind/$sourceName'" >&2 return 0 fi chartName="$(yq <<<"$helmReleaseYaml" -er .spec.chart.spec.chart)" @@ -83,7 +83,7 @@ function templateHelmRelease() { args+=("$helmRepositoryUrl/$chartName") ;; *) - echo "'$helmRepositoryUrl' is not supported" >/dev/stderr + echo "'$helmRepositoryUrl' is not supported" >&2 return 1 ;; esac @@ -91,7 +91,7 @@ function templateHelmRelease() { helm <<<"$values" template --namespace "$namespace" "${args[@]}" --version "$chartVersion" --values - ;; *) - echo "'$sourceKind' is not implemented" >/dev/stderr + echo "'$sourceKind' is not implemented" >&2 ;; esac } @@ -103,7 +103,7 @@ function templateLocalHelmChart() { chart="$(basename "$chartPath")" local tmpDir tmpDir=$(mktemp -d -p "$TMP_DIR") - echo "Templating '$chart' with '$values'" >/dev/stderr + echo "Templating '$chart' with '$values'" >&2 cp -r "$chartPath" "$tmpDir/$chart" helm dependency update "$tmpDir/$chart" >/dev/null helm template "$chart" "$tmpDir/$chart" --values "$values" @@ -133,7 +133,7 @@ function templateRemoteHelmChart() { local chart="${2?}" local values="${3:-charts/$chart/ci/artifacthub-values.yaml}" - echo "Templating '$repo/$chart' with '$values'" >/dev/stderr + echo "Templating '$repo/$chart' with '$values'" >&2 helm template --repo "$repo" "$chart" "$chart" --values "$values" } @@ -144,7 +144,7 @@ function templateGitHelmChart() { local branch="${3?}" local values="${4:-charts/$path/ci/artifacthub-values.yaml}" - echo "Templating '$repo/$path' with '$values'" >/dev/stderr + echo "Templating '$repo/$path' with '$values'" >&2 templateGitHelmRelease "$repo" "$branch" "$path" "" "$(basename "$path")" "$values" } @@ -171,7 +171,7 @@ case "$script" in templateHelmRelease "$@" ;; *) - echo "Wrong script: '$0'" >/dev/stderr + echo "Wrong script: '$0'" >&2 exit 1 ;; esac | (if [[ "$recursive" == true ]]; then templateSubHelmCharts; else cat -; fi) diff --git a/.github/scripts/templateHelmChartRecursivelyToFolder.sh b/.github/scripts/templateHelmChartRecursivelyToFolder.sh index 5843b5eb8..9b36a67e4 100755 --- a/.github/scripts/templateHelmChartRecursivelyToFolder.sh +++ b/.github/scripts/templateHelmChartRecursivelyToFolder.sh @@ -10,7 +10,7 @@ chart=${1?You need to provide the chart name} targetDir=${2?You need to provide the target directory} if yq -e '.type == "library"' "$chart/Chart.yaml" >/dev/null; then - echo "Skipping library chart '$chart'" >/dev/stderr + echo "Skipping library chart '$chart'" >&2 [[ -v GITHUB_OUTPUT ]] && [[ -f "$GITHUB_OUTPUT" ]] && echo "skipped=true" | tee -a "$GITHUB_OUTPUT" exit 0 else diff --git a/.github/scripts/trusted_images_regex.jq b/.github/scripts/trusted_images_regex.jq index 0e13708bf..23299105f 100644 --- a/.github/scripts/trusted_images_regex.jq +++ b/.github/scripts/trusted_images_regex.jq @@ -1,5 +1,5 @@ [ - .registries | paths(scalars) as $p | $p + [getpath($p)] | + paths(scalars) as $p | $p + [getpath($p)] | .[-1] as $type | if $type == "ALL_IMAGES" then "\(.[0:-1] | join("/"))/.*" diff --git a/.github/trusted_registries.yaml b/.github/trusted_registries.yaml index 5e4c7f79e..c5aa6b235 100644 --- a/.github/trusted_registries.yaml +++ b/.github/trusted_registries.yaml @@ -1,48 +1,47 @@ -registries: - docker.io: - aelbakry: - kdave-server: ALL_TAGS - bats: - bats: ALL_TAGS - bitnami: ALL_IMAGES - busybox: ALL_TAGS - confluentinc: - cp-kafka: ALL_TAGS - curlimages: - curl: ALL_TAGS - emberstack: - kubernetes-reflector: ALL_TAGS - fluxcd: ALL_IMAGES - grafana: ALL_IMAGES - hjacobs: - kube-janitor: ALL_TAGS - stellio: ALL_IMAGES - velero: ALL_IMAGES - vladgh: - gpg: ALL_TAGS - otel: - opentelemetry-collector-contrib: ALL_TAGS - ckan: - ckan-base-datapusher: ALL_TAGS - ghcr.io: - aquasecurity: ALL_IMAGES - kyverno: ALL_IMAGES - teutonet: ALL_IMAGES - quay.io: - cilium: ALL_IMAGES - jetstack: ALL_IMAGES - kiwigrid: - k8s-sidecar: ALL_TAGS - prometheus: ALL_IMAGES - prometheus-operator: ALL_IMAGES - registry.k8s.io: - descheduler: ALL_IMAGES - ingress-nginx: ALL_IMAGES - kube-state-metrics: ALL_IMAGES - sig-storage: - nfs-provisioner: ALL_TAGS - etcd: ALL_TAGS - provider-os: ALL_IMAGES - k8s.gcr.io: - sig-storage: ALL_IMAGES - registry-gitlab.teuto.net: ALL_IMAGES +docker.io: + aelbakry: + kdave-server: ALL_TAGS + bats: + bats: ALL_TAGS + bitnami: ALL_IMAGES + busybox: ALL_TAGS + confluentinc: + cp-kafka: ALL_TAGS + curlimages: + curl: ALL_TAGS + emberstack: + kubernetes-reflector: ALL_TAGS + fluxcd: ALL_IMAGES + grafana: ALL_IMAGES + hjacobs: + kube-janitor: ALL_TAGS + stellio: ALL_IMAGES + velero: ALL_IMAGES + vladgh: + gpg: ALL_TAGS + otel: + opentelemetry-collector-contrib: ALL_TAGS + ckan: + ckan-base-datapusher: ALL_TAGS +ghcr.io: + aquasecurity: ALL_IMAGES + kyverno: ALL_IMAGES + teutonet: ALL_IMAGES +quay.io: + cilium: ALL_IMAGES + jetstack: ALL_IMAGES + kiwigrid: + k8s-sidecar: ALL_TAGS + prometheus: ALL_IMAGES + prometheus-operator: ALL_IMAGES +registry.k8s.io: + descheduler: ALL_IMAGES + ingress-nginx: ALL_IMAGES + kube-state-metrics: ALL_IMAGES + sig-storage: + nfs-provisioner: ALL_TAGS + etcd: ALL_TAGS + provider-os: ALL_IMAGES +k8s.gcr.io: + sig-storage: ALL_IMAGES +registry-gitlab.teuto.net: ALL_IMAGES diff --git a/.github/workflows/linter.yaml b/.github/workflows/linter.yaml index 847832a01..d9bb9b8fd 100644 --- a/.github/workflows/linter.yaml +++ b/.github/workflows/linter.yaml @@ -48,7 +48,7 @@ jobs: - name: Lint chart run: | if ! [[ -f "charts/$CHART/values.yaml" ]]; then - echo "No values.yaml found for $CHART, skipping 'ct lint'" >/dev/stderr + echo "No values.yaml found for $CHART, skipping 'ct lint'" >&2 helm lint "charts/$CHART" else ct lint --check-version-increment=false diff --git a/.github/workflows/release-update-metadata.yaml b/.github/workflows/release-update-metadata.yaml index c91437b00..08946c847 100644 --- a/.github/workflows/release-update-metadata.yaml +++ b/.github/workflows/release-update-metadata.yaml @@ -58,7 +58,7 @@ jobs: run: | set -ex if ! [[ -f "charts/$CHART/values.schema.json" ]]; then - echo "No values.schema.json found for $CHART" >/dev/stderr + echo "No values.schema.json found for $CHART" >&2 exit 0 fi generate-schema-doc --config-file .github/json-schema-to-md.yaml "charts/$CHART/values.schema.json" "charts/$CHART/values.md"