Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[2024a] [CI] Enhance params env check script #575

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/workflows/params-env.yaml
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
---
name: Validation of image references (image SHAs) in params.env and runtime images
on: # yamllint disable-line rule:truthy
push:
pull_request:
paths:
- 'manifests/base/commit.env'
- 'manifests/base/params.env'
- 'ci/check-params-env.sh'
workflow_dispatch:

permissions:
contents: read
Expand Down
34 changes: 31 additions & 3 deletions ci/check-params-env.sh
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ EXPECTED_NUM_RECORDS=20

function check_variables_uniq() {
local env_file_path="${1}"
local allow_value_duplicity="${2:=false}"
local ret_code=0

echo "Checking that all variables in the file '${env_file_path}' are unique and expected"
Expand All @@ -45,10 +46,31 @@ function check_variables_uniq() {
num_uniq_records=$(echo "${content}" | uniq | wc -l)

test "${num_records}" -eq "${num_uniq_records}" || {
echo "Some of the records in the file aren't unique!"
echo "Some of the variables in the file aren't unique!"
ret_code=1
}

# ----
if test "${allow_value_duplicity}" = "false"; then
echo "Checking that all values assigned to variables in the file '${env_file_path}' are unique and expected"

content=$(sed 's#.*=\(.*\)#\1#' "${env_file_path}" | sort)

local num_values
num_values=$(echo "${content}" | wc -l)

local num_uniq_values
num_uniq_values=$(echo "${content}" | uniq | wc -l)

test "${num_values}" -eq "${num_uniq_values}" || {
echo "Some of the values in the file aren't unique!"
ret_code=1
}
fi

# ----
echo "Checking that there are expected number of records in the file '${env_file_path}'"

test "${num_records}" -eq "${EXPECTED_NUM_RECORDS}" || {
echo "Number of records in the file is incorrect - expected '${EXPECTED_NUM_RECORDS}' but got '${num_records}'!"
ret_code=1
Expand Down Expand Up @@ -226,6 +248,7 @@ function check_image() {
local image_name
local image_commit_id
local image_commitref
local image_created

image_metadata="$(skopeo inspect --config "docker://${image_url}")" || {
echo "Couldn't download image metadata with skopeo tool!"
Expand All @@ -243,6 +266,10 @@ function check_image() {
echo "Couldn't parse '.config.Labels."io.openshift.build.commit.ref"' from image metadata!"
return 1
}
image_created=$(echo "${image_metadata}" | jq --raw-output '.created') || {
echo "Couldn't parse '.created' from image metadata!"
return 1
}

local config_env
local build_name_raw
Expand All @@ -267,6 +294,7 @@ function check_image() {
}

echo "Image name retrieved: '${image_name}'"
echo "Image created: '${image_created}'"

check_image_variable_matches_name_and_commitref "${image_variable}" "${image_name}" "${image_commitref}" "${openshift_build_name}" || return 1

Expand All @@ -282,13 +310,13 @@ ret_code=0
echo "Starting check of image references in files: '${COMMIT_ENV_PATH}' and '${PARAMS_ENV_PATH}'"
echo "---------------------------------------------"

check_variables_uniq "${COMMIT_ENV_PATH}" || {
check_variables_uniq "${COMMIT_ENV_PATH}" "true" || {
echo "ERROR: Variable names in the '${COMMIT_ENV_PATH}' file failed validation!"
echo "----------------------------------------------------"
ret_code=1
}

check_variables_uniq "${PARAMS_ENV_PATH}" || {
check_variables_uniq "${PARAMS_ENV_PATH}" "false" || {
echo "ERROR: Variable names in the '${PARAMS_ENV_PATH}' file failed validation!"
echo "----------------------------------------------------"
ret_code=1
Expand Down
8 changes: 8 additions & 0 deletions ci/check-runtime-images.sh
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ function check_image() {
local img_tag
local img_url
local img_metadata
local img_created

img_tag=$(jq -r '.metadata.tags[0]' "${runtime_image_file}") || {
echo "ERROR: Couldn't parse image tags metadata for '${runtime_image_file}' runtime image file!"
Expand All @@ -42,13 +43,20 @@ function check_image() {
return 1
}

img_created=$(echo "${img_metadata}" | jq --raw-output '.created') || {
echo "Couldn't parse '.created' from image metadata!"
return 1
}

local expected_string="runtime-${img_tag}-ubi"
echo "Checking that '${expected_string}' is present in the image metadata"
echo "${img_metadata}" | grep --quiet "${expected_string}" || {
echo "ERROR: The string '${expected_string}' isn't present in the image metadata at all. Please check that the referenced image '${img_url}' is the correct one!"
return 1
}

echo "Image created: '${img_created}'"

# TODO: we shall extend this check to check also Label "io.openshift.build.commit.ref" value (e.g. '2024a') or something similar
}

Expand Down
Loading