feat: add fips-operator-check task #648
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Block buildah-remote-oci-ta size increase | |
"on": | |
pull_request: | |
branches: [main] | |
jobs: | |
check: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Check that the size of buildah-remote-oci-ta doesn't increase | |
run: | | |
#!/bin/bash | |
set -euo pipefail | |
buildah_remote_oci_ta=task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml | |
# 34172 is the largest that the file has ever been *and worked*. | |
# 34200 is known to be too large (see b2f800cc603ec0907ad2b3962d46919a535e158e, | |
# which had to be reverted). The actual limit is somewhere in between. | |
safe_size=34172 | |
current_size=$(wc -c < "$buildah_remote_oci_ta") | |
if [[ "$current_size" -gt "$safe_size" ]]; then | |
cat << EOF >&2 | |
This PR increases the size of $buildah_remote_oci_ta beyond the known safe limit. | |
safe_size=$safe_size | |
current_size=$current_size | |
Due to https://github.com/tektoncd/pipeline/issues/8388, this is risky; | |
the resulting bundle may not be resolvable by Tekton. | |
Until the fix for the above issue is deployed in Konflux, your PR is blocked. | |
Sorry! | |
EOF | |
exit 1 | |
fi |