Skip to content

Commit

Permalink
Merge branch 'main' into integration_quay_reorg
Browse files Browse the repository at this point in the history
  • Loading branch information
kasemAlem authored Dec 11, 2024
2 parents 5b0c77d + 3462d3e commit 2f7006c
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 2 deletions.
1 change: 1 addition & 0 deletions pipelines/fbc-builder/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,7 @@ This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/reposito
### validate-fbc:0.1 task results
|name|description|used in params (taskname:taskrefversion:taskparam)
|---|---|---|
|IMAGES_PROCESSED| Images processed in the task.| |
|RELATED_IMAGES_DIGEST| Digest for attached json file containing related images| |
|RELATED_IMAGE_ARTIFACT| The Trusted Artifact URI pointing to the artifact with the related images for the FBC fragment.| |
|TEST_OUTPUT| Tekton task test output.| |
Expand Down
1 change: 1 addition & 0 deletions task/validate-fbc/0.1/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,5 @@ Ensures file-based catalog (FBC) components are uniquely linted for proper const
|TEST_OUTPUT_ARTIFACT|The Trusted Artifact URI pointing to the artifact with the related images for the FBC fragment.|
|TEST_OUTPUT|Tekton task test output.|
|RELATED_IMAGES_DIGEST|Digest for attached json file containing related images|
|IMAGES_PROCESSED|Images processed in the task.|

24 changes: 22 additions & 2 deletions task/validate-fbc/0.1/validate-fbc.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
# TODO:
# make this task multi-arch aware (i.e. return IMAGES_PROCESSED result).
# make this task fail if a bundle is an image index reference
# change the related-image check to be done in EC with exported related images instead of
# including it in the TEST_OUTPUT result
Expand Down Expand Up @@ -35,6 +34,8 @@ spec:
description: Tekton task test output.
- name: RELATED_IMAGES_DIGEST
description: Digest for attached json file containing related images
- name: IMAGES_PROCESSED
description: Images processed in the task.
volumes:
- name: shared
emptyDir: {}
Expand Down Expand Up @@ -181,7 +182,26 @@ spec:
echo "Detected base image repository: $BASE_IMAGE_REPOSITORY"
echo -n "$BASE_IMAGE_REPOSITORY" > /shared/BASE_IMAGE_REPOSITORY
note="Step inspect-image completed: Check inspected JSON files under /var/workdir/inspect-image."
# FBC content should be identical across different architectures so the IMAGES_PROCESSED result
# is a no-op for now. We can come back later and enforce that the content is identical between
# all architectures if desired.
image_without_tag=$(echo -n "$IMAGE_URL" | cut -d@ -f1 | sed 's_/\(.*\):\(.*\)_/\1_g')
image_with_digest="${image_without_tag}@${IMAGE_DIGEST}"
images_processed_template='{"image": {"pullspec": "'"$IMAGE_URL"'", "digests": [%s]}}'
image_manifests=$(get_image_manifests -i "${image_with_digest}")
echo "$image_manifests"
if [ -n "$image_manifests" ]; then
while read -r _arch arch_sha; do
digests_processed+=("\"$arch_sha\"")
done < <(echo "$image_manifests" | jq -r 'to_entries[] | "\(.key) \(.value)"')
fi
# If the image is an Image Index, also add the Image Index digest to the list.
if [[ "${digests_processed[*]}" != *"$IMAGE_DIGEST"* ]]; then
digests_processed+=("\"$IMAGE_DIGEST\"")
fi
digests_processed_string=$(IFS=,; echo "${digests_processed[*]}")
echo "${images_processed_template/\[%s]/[$digests_processed_string]}" | tee "$(results.IMAGES_PROCESSED.path)"
- name: extract-and-validate
image: quay.io/konflux-ci/konflux-test:v1.4.5@sha256:801a105ba0f9c7f58f5ba5cde1a3b4404009fbebb1028779ca2c5de211e94940
# per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting
Expand Down

0 comments on commit 2f7006c

Please sign in to comment.