Skip to content

Commit

Permalink
buildah: address uncovered checkton warnings
Browse files Browse the repository at this point in the history
The '... -t $IMAGE' line changed, making checkton report the violations
on this line:

- $IMAGE needs quotes (valid)
- $IMAGE is a potential misspelling of $image (not valid, IMAGE is
  defined externally but checkton doesn't know that)

Signed-off-by: Adam Cmiel <[email protected]>
  • Loading branch information
chmeliik committed Sep 27, 2024
1 parent 23f8c36 commit ec7be1f
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 8 deletions.
7 changes: 5 additions & 2 deletions task/buildah-oci-ta/0.2/buildah-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -417,15 +417,18 @@ spec:
done < <(find $ADDITIONAL_SECRET_TMP -maxdepth 1 -type f -exec basename {} \;)
fi
# Prevent ShellCheck from giving a warning because 'image' is defined and 'IMAGE' is not.
declare IMAGE
unshare -Uf $UNSHARE_ARGS --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -w ${SOURCE_CODE_DIR}/$CONTEXT -- buildah build \
$VOLUME_MOUNTS \
"${BUILDAH_ARGS[@]}" \
"${LABELS[@]}" \
--tls-verify=$TLSVERIFY --no-cache \
--ulimit nofile=4096:4096 \
-f "$dockerfile_copy" -t $IMAGE .
-f "$dockerfile_copy" -t "$IMAGE" .
container=$(buildah from --pull-never $IMAGE)
container=$(buildah from --pull-never "$IMAGE")
buildah mount $container | tee /shared/container_path
# delete symlinks - they may point outside the container rootfs, messing with SBOM scanners
find $(cat /shared/container_path) -xtype l -delete
Expand Down
7 changes: 5 additions & 2 deletions task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -452,15 +452,18 @@ spec:
done < <(find $ADDITIONAL_SECRET_TMP -maxdepth 1 -type f -exec basename {} \;)
fi
# Prevent ShellCheck from giving a warning because 'image' is defined and 'IMAGE' is not.
declare IMAGE
unshare -Uf $UNSHARE_ARGS --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -w ${SOURCE_CODE_DIR}/$CONTEXT -- buildah build \
$VOLUME_MOUNTS \
"${BUILDAH_ARGS[@]}" \
"${LABELS[@]}" \
--tls-verify=$TLSVERIFY --no-cache \
--ulimit nofile=4096:4096 \
-f "$dockerfile_copy" -t $IMAGE .
-f "$dockerfile_copy" -t "$IMAGE" .
container=$(buildah from --pull-never $IMAGE)
container=$(buildah from --pull-never "$IMAGE")
buildah mount $container | tee /shared/container_path
# delete symlinks - they may point outside the container rootfs, messing with SBOM scanners
find $(cat /shared/container_path) -xtype l -delete
Expand Down
7 changes: 5 additions & 2 deletions task/buildah-remote/0.2/buildah-remote.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -434,15 +434,18 @@ spec:
done < <(find $ADDITIONAL_SECRET_TMP -maxdepth 1 -type f -exec basename {} \;)
fi
# Prevent ShellCheck from giving a warning because 'image' is defined and 'IMAGE' is not.
declare IMAGE
unshare -Uf $UNSHARE_ARGS --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -w ${SOURCE_CODE_DIR}/$CONTEXT -- buildah build \
$VOLUME_MOUNTS \
"${BUILDAH_ARGS[@]}" \
"${LABELS[@]}" \
--tls-verify=$TLSVERIFY --no-cache \
--ulimit nofile=4096:4096 \
-f "$dockerfile_copy" -t $IMAGE .
-f "$dockerfile_copy" -t "$IMAGE" .
container=$(buildah from --pull-never $IMAGE)
container=$(buildah from --pull-never "$IMAGE")
buildah mount $container | tee /shared/container_path
# delete symlinks - they may point outside the container rootfs, messing with SBOM scanners
find $(cat /shared/container_path) -xtype l -delete
Expand Down
7 changes: 5 additions & 2 deletions task/buildah/0.2/buildah.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -354,15 +354,18 @@ spec:
done < <(find $ADDITIONAL_SECRET_TMP -maxdepth 1 -type f -exec basename {} \;)
fi
# Prevent ShellCheck from giving a warning because 'image' is defined and 'IMAGE' is not.
declare IMAGE
unshare -Uf $UNSHARE_ARGS --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -w ${SOURCE_CODE_DIR}/$CONTEXT -- buildah build \
$VOLUME_MOUNTS \
"${BUILDAH_ARGS[@]}" \
"${LABELS[@]}" \
--tls-verify=$TLSVERIFY --no-cache \
--ulimit nofile=4096:4096 \
-f "$dockerfile_copy" -t $IMAGE .
-f "$dockerfile_copy" -t "$IMAGE" .
container=$(buildah from --pull-never $IMAGE)
container=$(buildah from --pull-never "$IMAGE")
buildah mount $container | tee /shared/container_path
# delete symlinks - they may point outside the container rootfs, messing with SBOM scanners
find $(cat /shared/container_path) -xtype l -delete
Expand Down

0 comments on commit ec7be1f

Please sign in to comment.