@@ -3,7 +3,7 @@ set -o pipefail -o errexit -o nounset
33
44# ./private/tools/diff.bash --head-ref test --base-ref test --query-bazel --registry-spawn --report ./report.log
55
6- STDERR= $( mktemp )
6+ REGISTRY_TMPDIR=
77
88# Upon exiting, stop the registry and print STDERR on non-zero exit code.
99on_exit () {
@@ -16,9 +16,12 @@ on_exit() {
1616 echo " "
1717 echo " Here's the STDERR:"
1818 echo " "
19- cat $ STDERR
19+ cat " ${ STDERR} "
2020 fi
2121 fi
22+ if [[ -n " ${REGISTRY_TMPDIR:- } " && -d " ${REGISTRY_TMPDIR} " ; then
23+ rm -rf " ${REGISTRY_TMPDIR} "
24+ fi
2225 pkill -P $$
2326}
2427trap " on_exit"
@@ -88,7 +91,7 @@ while (($# > 0)); do
8891 shift 2
8992 ;;
9093 --cd-into-workspace)
91- cd $ BUILD_WORKSPACE_DIRECTORY
94+ cd " ${ BUILD_WORKSPACE_DIRECTORY} "
9295 shift
9396 ;;
9497 --skip-image-index)
125128# Redirect stderr to the $STDERR temp file for the rest of the script.
126129exec 2>> " ${STDERR} "
127130
128- DISK_STORAGE=" /tmp/diff-storage"
129-
130131if [[ " ${QUERY_FILE} " == " bazel" ; then
131132 bazel build :sign_and_push.query
132133 QUERY_FILE=$( bazel cquery --output=files :sign_and_push.query)
133134fi
134135
135136if [[ " ${REGISTRY} " == " spawn_https" ; then
136137 # Make a self signed cert
137- rm -f /tmp/localhost.pem /tmp/localhost-key.pem
138- rm -rf $DISK_STORAGE
138+ umask 077
139+ REGISTRY_TMPDIR=" $( mktemp -d) "
140+ DISK_STORAGE=" ${REGISTRY_TMPDIR} /diff-storage"
141+ CFG_JSON=" ${REGISTRY_TMPDIR} /cfg.json"
142+ CERT_PATH=" ${REGISTRY_TMPDIR} /localhost.pem"
143+ KEY_PATH=" ${REGISTRY_TMPDIR} /localhost-key.pem"
144+ rm -rf " ${DISK_STORAGE} "
145+ mkdir -p " ${DISK_STORAGE} "
139146 mkcert -install
140- (cd /tmp && mkcert localhost)
141- echo ' {
142- "http":{
143- "address":"127.0.0.1", "port":"4564",
144- "tls": {
145- "cert":"/tmp/localhost.pem",
146- "key":"/tmp/localhost-key.pem"
147- }
148- },
149- "log": { "level": "info" },
150- "storage":{"rootDirectory":"/tmp/diff-storage"}
151- }' > /tmp/cfg.json
147+ mkcert -cert-file " ${CERT_PATH} " " ${KEY_PATH} "
148+ cat > " ${CFG_JSON} " << EOF
149+ {
150+ "http": {
151+ "address": "127.0.0.1",
152+ "port": "4564",
153+ "tls": {
154+ "cert": "${CERT_PATH} ",
155+ "key": "${KEY_PATH} "
156+ }
157+ },
158+ "log": { "level": "info" },
159+ "storage": { "rootDirectory": "${DISK_STORAGE} " }
160+ }
161+ EOF
152162 REGISTRY=" localhost:4564"
153- zot serve /tmp/cfg.json 1>&2 &
163+ zot serve " ${CFG_JSON} " 1>&2 &
154164 sleep 1
155165fi
156166
157167if [[ " ${REGISTRY} " == " spawn" ; then
158- rm -rf $DISK_STORAGE
159- mkdir $DISK_STORAGE
168+ umask 077
169+ REGISTRY_TMPDIR=" $( mktemp -d) "
170+ DISK_STORAGE=" ${REGISTRY_TMPDIR} /diff-storage"
171+ mkdir -p " ${DISK_STORAGE} "
160172 REGISTRY=" localhost:4564"
161173 crane registry serve --address " $REGISTRY " " $DISK_STORAGE " &
162174fi
@@ -165,14 +177,14 @@ stamp_stage() {
165177 local str=" $1 "
166178 str=${str/ " {COMMIT_SHA}" / " ${HEAD_REF} "
167179 str=${str/ " {REGISTRY}" / " ${REGISTRY} "
168- echo ${str/ " {PROJECT_ID}" / " stage"
180+ echo " ${str/ " {PROJECT_ID}" / " stage" "
169181}
170182
171183stamp_origin () {
172- local str=$1
184+ local str=" $1 "
173185 str=${str/ " {COMMIT_SHA}" / " ${BASE_REF} "
174186 str=${str/ " {REGISTRY}" / " gcr.io"
175- echo ${str/ " {PROJECT_ID}" / " distroless"
187+ echo " ${str/ " {PROJECT_ID}" / " distroless" "
176188}
177189
178190function test_image() {
@@ -205,7 +217,7 @@ function test_image() {
205217 echo " "
206218
207219 bazel build " $image_label "
208- crane push " $( bazel cquery --output=files $ image_label) " " $repo_stage "
220+ crane push " $( bazel cquery --output=files " ${ image_label} " ) " " $repo_stage "
209221 if ! diffoci diff --pull=always --all-platforms " $repo_origin " " $repo_stage " ; then
210222 echo " "
211223 echo " 🔬 To reproduce: bazel run //private/tools:diff -- --only $image_label "
@@ -222,7 +234,7 @@ function test_image() {
222234
223235if [[ -n " ${REPORT_FILE} " ; then
224236 echo " Report can be found in: $REPORT_FILE "
225- echo -n " " > $ REPORT_FILE
237+ echo -n " " > " ${ REPORT_FILE} "
226238 sleep 1
227239 # Redirect rest of the file into both report file and stdout
228240 exec 1> >( tee -a " ${REPORT_FILE} " )
0 commit comments