Include tash in the Task bundle build

This includes the tool to generate the Trusted Artifacts Task variants in the `hack/build-and-push.sh` script, now if the task has a `recipe.yaml` file within its directory the tool will be used to regenerate the Trusted Artifact Task from the base Task.
konflux-ci · May 23, 2024 · 7add24b · 7add24b
1 parent 18295e5
commit 7add24b
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 3 deletions.
diff --git a/appstudio-utils/Dockerfile b/appstudio-utils/Dockerfile
@@ -8,6 +8,7 @@ RUN curl -L https://github.com/tektoncd/cli/releases/download/v0.32.2/tkn_0.32.2
 RUN curl -L https://github.com/sigstore/rekor/releases/download/v0.5.0/rekor-cli-linux-amd64 -o /usr/bin/rekor-cli && chmod +x /usr/bin/rekor-cli
 RUN curl -L https://github.com/open-policy-agent/conftest/releases/download/v0.32.0/conftest_0.32.0_Linux_x86_64.tar.gz | tar -xz --no-same-owner -C /usr/bin
 RUN curl -L https://github.com/enterprise-contract/ec-cli/releases/download/snapshot/ec_linux_amd64 -o /usr/bin/ec && chmod +x /usr/bin/ec && ec version
+ADD --chmod=755 --chown=0:0 https://github.com/enterprise-contract/hacks/releases/download/latest/tash /usr/local/bin
 
 RUN dnf -y --setopt=tsflags=nodocs install \
     git \

diff --git a/hack/build-and-push.sh b/hack/build-and-push.sh
@@ -7,6 +7,20 @@ QUAY_ORG=redhat-appstudio-tekton-catalog
 SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
 WORKDIR=$(mktemp -d --suffix "-$(basename "${BASH_SOURCE[0]}" .sh)")
 
+if ! command -v tash &> /dev/null; then
+  echo INFO: tash command is not available will download and use the latest version
+  tash() {
+    tash_dir="$(mktemp -d)"
+    trap 'rm -rf ${tash_dir}' EXIT
+    curl --silent --location --output "${tash_dir}/tash" https://github.com/enterprise-contract/hacks/releases/download/latest/tash
+    chmod +x "${tash_dir}/tash"
+    tash() {
+      "${tash_dir}/tash" "$@"
+    }
+    tash "$@"
+  }
+fi
+
 tkn_bundle_push() {
     local status
     local retry=0
@@ -89,12 +103,26 @@ oc kustomize --output "$core_services_pipelines_dir" pipelines/core-services/
 
 # Build tasks
 (
+declare -i errors=0
+error() {
+  echo "ERROR: $1"
+  errors=$((errors + 1))
+}
+
 cd "$SCRIPTDIR/.."
-find task/*/*/ -maxdepth 0 -type d | awk -F '/' '{ print $0, $2, $3 }' | \
 while read -r task_dir task_name task_version
 do
     prepared_task_file="${WORKDIR}/$task_name-${task_version}.yaml"
-    if [ -f "$task_dir/$task_name.yaml" ]; then
+    if [ -f "$task_dir/recipe.yaml" ]; then
+        task_path="${task_dir}/$(basename "${task_dir%/*/*}").yaml"
+        tash "${task_dir}/recipe.yaml" > "${task_path}"
+        "${SCRIPTDIR}/generate-readme.sh" "${task_path}" > "${task_dir}/README.md"
+        if ! git diff --quiet HEAD "${task_path}"; then
+          error "The task in ${task_path} is out of date and has been updated"
+        fi
+        cp "${task_path}" "${prepared_task_file}"
+        task_file_sha=$(git log -n 1 --pretty=format:%H -- "${task_path}")
+    elif [ -f "$task_dir/$task_name.yaml" ]; then
         cp "$task_dir/$task_name.yaml" "$prepared_task_file"
         task_file_sha=$(git log -n 1 --pretty=format:%H -- "$task_dir/$task_name.yaml")
     elif [ -f "$task_dir/kustomization.yaml" ]; then
@@ -134,7 +162,12 @@ do
         yq e "$sub_expr_1" -i "${filename}"
         yq e "$sub_expr_2" -i "${filename}"
     done
-done
+done < <(find task/*/*/ -maxdepth 0 -type d | awk -F '/' '{ print $0, $2, $3 }')
+
+if [[ ${errors} -gt 0 ]]; then
+  echo "ERROR: Found differences between base and OCI-TA Task variants, run hack/build-and-push.sh locally and include the regenerated files in your changeset"
+  exit 1
+fi
 )
 
 # Used for build-definitions pull request CI only