Merge pull request #567 from jstourac/enhanceParamsEnvCheck

openshift-merge-bot[bot] · web-flow · commit 8461fce65196 · 2024-06-19T10:30:52.000Z
[CI] Enhance params env check script
diff --git a/.github/workflows/params-env.yaml b/.github/workflows/params-env.yaml
@@ -1,11 +1,13 @@
 ---
 name: Validation of image references (image SHAs) in params.env and runtime images
 on:  # yamllint disable-line rule:truthy
+  push:
   pull_request:
     paths:
       - 'manifests/base/commit.env'
       - 'manifests/base/params.env'
       - 'ci/check-params-env.sh'
+  workflow_dispatch:
 
 permissions:
   contents: read
diff --git a/ci/check-params-env.sh b/ci/check-params-env.sh
@@ -31,6 +31,7 @@ EXPECTED_NUM_RECORDS=20
 
 function check_variables_uniq() {
     local env_file_path="${1}"
+    local allow_value_duplicity="${2:=false}"
     local ret_code=0
 
     echo "Checking that all variables in the file '${env_file_path}' are unique and expected"
@@ -45,10 +46,31 @@ function check_variables_uniq() {
     num_uniq_records=$(echo "${content}" | uniq | wc -l)
 
     test "${num_records}" -eq "${num_uniq_records}" || {
-        echo "Some of the records in the file aren't unique!"
+        echo "Some of the variables in the file aren't unique!"
         ret_code=1
     }
 
+    # ----
+    if test "${allow_value_duplicity}" = "false"; then
+        echo "Checking that all values assigned to variables in the file '${env_file_path}' are unique and expected"
+
+        content=$(sed 's#.*=\(.*\)#\1#' "${env_file_path}" | sort)
+
+        local num_values
+        num_values=$(echo "${content}" | wc -l)
+
+        local num_uniq_values
+        num_uniq_values=$(echo "${content}" | uniq | wc -l)
+
+        test "${num_values}" -eq "${num_uniq_values}" || {
+            echo "Some of the values in the file aren't unique!"
+            ret_code=1
+        }
+    fi
+
+    # ----
+    echo "Checking that there are expected number of records in the file '${env_file_path}'"
+
     test "${num_records}" -eq "${EXPECTED_NUM_RECORDS}" || {
         echo "Number of records in the file is incorrect - expected '${EXPECTED_NUM_RECORDS}' but got '${num_records}'!"
         ret_code=1
@@ -226,6 +248,7 @@ function check_image() {
     local image_name
     local image_commit_id
     local image_commitref
+    local image_created
 
     image_metadata="$(skopeo inspect --config "docker://${image_url}")" || {
         echo "Couldn't download image metadata with skopeo tool!"
@@ -243,6 +266,10 @@ function check_image() {
         echo "Couldn't parse '.config.Labels."io.openshift.build.commit.ref"' from image metadata!"
         return 1
     }
+    image_created=$(echo "${image_metadata}" | jq --raw-output '.created') ||  {
+        echo "Couldn't parse '.created' from image metadata!"
+        return 1
+    }
 
     local config_env
     local build_name_raw
@@ -267,6 +294,7 @@ function check_image() {
     }
 
     echo "Image name retrieved: '${image_name}'"
+    echo "Image created: '${image_created}'"
 
     check_image_variable_matches_name_and_commitref "${image_variable}" "${image_name}" "${image_commitref}" "${openshift_build_name}" || return 1
 
@@ -282,13 +310,13 @@ ret_code=0
 echo "Starting check of image references in files: '${COMMIT_ENV_PATH}' and '${PARAMS_ENV_PATH}'"
 echo "---------------------------------------------"
 
-check_variables_uniq "${COMMIT_ENV_PATH}" || {
+check_variables_uniq "${COMMIT_ENV_PATH}" "true" || {
     echo "ERROR: Variable names in the '${COMMIT_ENV_PATH}' file failed validation!"
     echo "----------------------------------------------------"
     ret_code=1
 }
 
-check_variables_uniq "${PARAMS_ENV_PATH}" || {
+check_variables_uniq "${PARAMS_ENV_PATH}" "false" || {
     echo "ERROR: Variable names in the '${PARAMS_ENV_PATH}' file failed validation!"
     echo "----------------------------------------------------"
     ret_code=1
diff --git a/ci/check-runtime-images.sh b/ci/check-runtime-images.sh
@@ -27,6 +27,7 @@ function check_image() {
     local img_tag
     local img_url
     local img_metadata
+    local img_created
 
     img_tag=$(jq -r '.metadata.tags[0]' "${runtime_image_file}") || {
         echo "ERROR: Couldn't parse image tags metadata for '${runtime_image_file}' runtime image file!"
@@ -42,13 +43,20 @@ function check_image() {
         return 1
     }
 
+    img_created=$(echo "${img_metadata}" | jq --raw-output '.created') ||  {
+        echo "Couldn't parse '.created' from image metadata!"
+        return 1
+    }
+
     local expected_string="runtime-${img_tag}-ubi"
     echo "Checking that '${expected_string}' is present in the image metadata"
     echo "${img_metadata}" | grep --quiet "${expected_string}" || {
         echo "ERROR: The string '${expected_string}' isn't present in the image metadata at all. Please check that the referenced image '${img_url}' is the correct one!"
         return 1
     }
 
+    echo "Image created: '${img_created}'"
+
     # TODO: we shall extend this check to check also Label "io.openshift.build.commit.ref" value (e.g. '2024a') or something similar
 }
 
