Skip to content

Commit 4ccbcf9

Browse files
jstouracjstourac
committed
Extend CI check for the commit IDs of the referenced images
1 parent 6ac55af commit 4ccbcf9

File tree

2 files changed

+44
-5
lines changed

2 files changed

+44
-5
lines changed

.github/workflows/params-env.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ name: Validation of image references (image SHAs) in params.env and runtime imag
33
on: # yamllint disable-line rule:truthy
44
pull_request:
55
paths:
6+
- 'manifests/base/commit.env'
67
- 'manifests/base/params.env'
78
- 'ci/check-params-env.sh'
89

ci/check-params-env.sh

Lines changed: 43 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020

2121
# ----------------------------- GLOBAL VARIABLES ----------------------------- #
2222

23+
COMMIT_ENV_PATH="manifests/base/commit.env"
2324
PARAMS_ENV_PATH="manifests/base/params.env"
2425

2526
# This value needs to be updated everytime we deliberately change number of the
@@ -29,13 +30,13 @@ EXPECTED_NUM_RECORDS=20
2930
# ---------------------------- DEFINED FUNCTIONS ----------------------------- #
3031

3132
function check_variables_uniq() {
32-
local params_env_path="${1}"
33+
local env_file_path="${1}"
3334
local ret_code=0
3435

35-
echo "Checking that all variables in the file '${params_env_path}' are unique and expected"
36+
echo "Checking that all variables in the file '${env_file_path}' are unique and expected"
3637

3738
local content
38-
content=$(sed 's#\(.*\)=.*#\1#' "${params_env_path}" | sort)
39+
content=$(sed 's#\(.*\)=.*#\1#' "${env_file_path}" | sort)
3940

4041
local num_records
4142
num_records=$(echo "${content}" | wc -l)
@@ -191,6 +192,30 @@ function check_image_variable_matches_name_and_commitref() {
191192
}
192193
}
193194

195+
function check_image_commit_id_matches_metadata() {
196+
local image_variable="${1}"
197+
local image_commit_id="${2}"
198+
199+
local short_image_commit_id
200+
# We're interested only in the first 7 characters of the commit ID
201+
short_image_commit_id=${image_commit_id:0:7}
202+
203+
local file_image_commit_id
204+
205+
file_image_commit_id=$(sed 's#-commit##' "${COMMIT_ENV_PATH}" | grep "${image_variable}=" | cut --delimiter "=" --field 2)
206+
test -n "${file_image_commit_id}" || {
207+
echo "Couldn't retrieve commit id for image variable '${image_variable}' in '${COMMIT_ENV_PATH}'!"
208+
return 1
209+
}
210+
211+
test "${short_image_commit_id}" = "${file_image_commit_id}" || {
212+
echo "Image commit IDs for image variable '${image_variable}' don't equal!"
213+
echo "Image commit ID gathered from image: '${short_image_commit_id}'"
214+
echo "Image commit ID in '${COMMIT_ENV_PATH}': '${file_image_commit_id}'"
215+
return 1
216+
}
217+
}
218+
194219
function check_image() {
195220
local image_variable="${1}"
196221
local image_url="${2}"
@@ -199,6 +224,7 @@ function check_image() {
199224

200225
local image_metadata
201226
local image_name
227+
local image_commit_id
202228
local image_commitref
203229

204230
image_metadata="$(skopeo inspect --config "docker://${image_url}")" || {
@@ -209,6 +235,10 @@ function check_image() {
209235
echo "Couldn't parse '.config.Labels.name' from image metadata!"
210236
return 1
211237
}
238+
image_commit_id=$(echo "${image_metadata}" | jq --raw-output '.config.Labels."io.openshift.build.commit.id"') || {
239+
echo "Couldn't parse '.config.Labels."io.openshift.build.commit.id"' from image metadata!"
240+
return 1
241+
}
212242
image_commitref=$(echo "${image_metadata}" | jq --raw-output '.config.Labels."io.openshift.build.commit.ref"') || {
213243
echo "Couldn't parse '.config.Labels."io.openshift.build.commit.ref"' from image metadata!"
214244
return 1
@@ -240,18 +270,26 @@ function check_image() {
240270

241271
check_image_variable_matches_name_and_commitref "${image_variable}" "${image_name}" "${image_commitref}" "${openshift_build_name}" || return 1
242272

273+
check_image_commit_id_matches_metadata "${image_variable}" "${image_commit_id}" || return 1
274+
243275
echo "---------------------------------------------"
244276
}
245277

246278
# ------------------------------ MAIN SCRIPT --------------------------------- #
247279

248280
ret_code=0
249281

250-
echo "Starting check for file: '${PARAMS_ENV_PATH}'"
282+
echo "Starting check of image references in files: '${COMMIT_ENV_PATH}' and '${PARAMS_ENV_PATH}'"
251283
echo "---------------------------------------------"
252284

285+
check_variables_uniq "${COMMIT_ENV_PATH}" || {
286+
echo "ERROR: Variable names in the '${COMMIT_ENV_PATH}' file failed validation!"
287+
echo "----------------------------------------------------"
288+
ret_code=1
289+
}
290+
253291
check_variables_uniq "${PARAMS_ENV_PATH}" || {
254-
echo "ERROR: Variable names in the file failed validation!"
292+
echo "ERROR: Variable names in the '${PARAMS_ENV_PATH}' file failed validation!"
255293
echo "----------------------------------------------------"
256294
ret_code=1
257295
}

0 commit comments

Comments
 (0)