From 05c294f6f7e669996576eff1b39dc7632d64d3ba Mon Sep 17 00:00:00 2001 From: Stuart Douglas Date: Wed, 29 May 2024 12:46:32 +1000 Subject: [PATCH] Fix non-hermetic OCI TA builds With OCI artifacts the directory is now always there, this now checks for specific files. --- task/buildah-oci-ta/0.1/buildah-oci-ta.yaml | 6 +++--- task/buildah-remote/0.1/buildah-remote.yaml | 6 +++--- task/buildah/0.1/buildah.yaml | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml b/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml index 65578381f3..1c61de7488 100644 --- a/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml +++ b/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml @@ -211,7 +211,7 @@ spec: BUILDAH_ARGS+=("--build-arg=$build_arg") done - if [ -d "/var/workdir/cachi2" ]; then + if [ -f "/var/workdir/cachi2/cachi2.env" ]; then cp -r "/var/workdir/cachi2" /tmp/ chmod -R go+rwX /tmp/cachi2 VOLUME_MOUNTS="--volume /tmp/cachi2:/cachi2" @@ -267,7 +267,7 @@ spec: echo $container > /var/workdir/container_name # Save the SBOM produced by Cachi2 so it can be merged into the final SBOM later - if [ -d "/var/workdir/cachi2" ]; then + if [ -f "/tmp/cachi2/output/bom.json" ]; then cp /tmp/cachi2/output/bom.json ./sbom-cachi2.json fi @@ -359,7 +359,7 @@ spec: - name: merge-cachi2-sbom image: quay.io/redhat-appstudio/cachi2:0.7.0@sha256:1fc772aa3636fd0b43d62120d832e5913843e028e8cac42814b487c3a0a32bd8 script: | - if [ -d "/var/workdir/cachi2" ]; then + if [ -f "/var/workdir/sbom-cachi2.json" ]; then echo "Merging contents of sbom-cachi2.json into sbom-cyclonedx.json" /src/utils/merge_syft_sbom.py sbom-cachi2.json sbom-cyclonedx.json > sbom-temp.json mv sbom-temp.json sbom-cyclonedx.json diff --git a/task/buildah-remote/0.1/buildah-remote.yaml b/task/buildah-remote/0.1/buildah-remote.yaml index 55350c90e1..eeb1c2a872 100644 --- a/task/buildah-remote/0.1/buildah-remote.yaml +++ b/task/buildah-remote/0.1/buildah-remote.yaml @@ -268,7 +268,7 @@ spec: BUILDAH_ARGS+=("--build-arg=$build_arg") done - if [ -d "$(workspaces.source.path)/cachi2" ]; then + if [ -f "$(workspaces.source.path)/cachi2/cachi2.env" ]; then cp -r "$(workspaces.source.path)/cachi2" /tmp/ chmod -R go+rwX /tmp/cachi2 VOLUME_MOUNTS="--volume /tmp/cachi2:/cachi2" @@ -324,7 +324,7 @@ spec: echo $container > /workspace/container_name # Save the SBOM produced by Cachi2 so it can be merged into the final SBOM later - if [ -d "$(workspaces.source.path)/cachi2" ]; then + if [ -f "/tmp/cachi2/output/bom.json" ]; then cp /tmp/cachi2/output/bom.json ./sbom-cachi2.json fi @@ -455,7 +455,7 @@ spec: image: quay.io/redhat-appstudio/cachi2:0.7.0@sha256:1fc772aa3636fd0b43d62120d832e5913843e028e8cac42814b487c3a0a32bd8 name: merge-cachi2-sbom script: | - if [ -d "$(workspaces.source.path)/cachi2" ]; then + if [ -f "sbom-cachi2.json" ]; then echo "Merging contents of sbom-cachi2.json into sbom-cyclonedx.json" /src/utils/merge_syft_sbom.py sbom-cachi2.json sbom-cyclonedx.json > sbom-temp.json mv sbom-temp.json sbom-cyclonedx.json diff --git a/task/buildah/0.1/buildah.yaml b/task/buildah/0.1/buildah.yaml index 40298c1316..1edb649f5e 100644 --- a/task/buildah/0.1/buildah.yaml +++ b/task/buildah/0.1/buildah.yaml @@ -220,7 +220,7 @@ spec: BUILDAH_ARGS+=("--build-arg=$build_arg") done - if [ -d "$(workspaces.source.path)/cachi2" ]; then + if [ -f "$(workspaces.source.path)/cachi2/cachi2.env" ]; then cp -r "$(workspaces.source.path)/cachi2" /tmp/ chmod -R go+rwX /tmp/cachi2 VOLUME_MOUNTS="--volume /tmp/cachi2:/cachi2" @@ -276,7 +276,7 @@ spec: echo $container > /workspace/container_name # Save the SBOM produced by Cachi2 so it can be merged into the final SBOM later - if [ -d "$(workspaces.source.path)/cachi2" ]; then + if [ -f "/tmp/cachi2/output/bom.json" ]; then cp /tmp/cachi2/output/bom.json ./sbom-cachi2.json fi @@ -371,7 +371,7 @@ spec: - name: merge-cachi2-sbom image: quay.io/redhat-appstudio/cachi2:0.7.0@sha256:1fc772aa3636fd0b43d62120d832e5913843e028e8cac42814b487c3a0a32bd8 script: | - if [ -d "$(workspaces.source.path)/cachi2" ]; then + if [ -f "sbom-cachi2.json" ]; then echo "Merging contents of sbom-cachi2.json into sbom-cyclonedx.json" /src/utils/merge_syft_sbom.py sbom-cachi2.json sbom-cyclonedx.json > sbom-temp.json mv sbom-temp.json sbom-cyclonedx.json