diff --git a/tasks/push-snapshot/README.md b/tasks/push-snapshot/README.md index b57c41bb0..62e934c3e 100644 --- a/tasks/push-snapshot/README.md +++ b/tasks/push-snapshot/README.md @@ -13,6 +13,9 @@ Tekton task to push snapshot images to an image registry using `cosign copy`. | caTrustConfigMapName | The name of the ConfigMap to read CA bundle data from | Yes | trusted-ca | | caTrustConfigMapKey | The name of the key in the ConfigMap that contains the CA bundle data | Yes | ca-bundle.crt | +## Changes in 6.4.2 +* Fix checkton/shellcheck linting issues + ## Changes in 6.4.1 * Bump release-service-utils image * The updated image will fail if skopeo inspect fails diff --git a/tasks/push-snapshot/push-snapshot.yaml b/tasks/push-snapshot/push-snapshot.yaml index ee8f64f8c..95f02e786 100644 --- a/tasks/push-snapshot/push-snapshot.yaml +++ b/tasks/push-snapshot/push-snapshot.yaml @@ -4,7 +4,7 @@ kind: Task metadata: name: push-snapshot labels: - app.kubernetes.io/version: "6.4.1" + app.kubernetes.io/version: "6.4.2" annotations: tekton.dev/pipelines.minVersion: "0.12.1" tekton.dev/tags: release @@ -43,7 +43,7 @@ spec: #!/usr/bin/env bash set -eux - push_image () { # Expected arguments are [origin_digest, name, containerImage, repository, tag, arch, oras_args] + push_image () { # Expected arguments are [origin_digest, name, containerImage, repository, tag, platform] # note: Inspection might fail on empty repos, hence `|| true` # oras has very limited support for selecting the right auth entry, @@ -53,8 +53,12 @@ spec: select-oci-auth "$4" | jq -c \ '.auths."'"$4"'" = .auths."'"$registry"'" | del(.auths."'"$registry"'")' > "$DEST_AUTH_FILE" - # We need this default value for $7 when oras_args is equal to () - destination_digest=$(oras resolve --registry-config "$DEST_AUTH_FILE" ${7:-} "$4:$5" || true) + oras_args=() + if [ -n "$6" ]; then + oras_args=(--platform "$6") + fi + + destination_digest=$(oras resolve --registry-config "$DEST_AUTH_FILE" "${oras_args[@]}" "$4:$5" || true) if [[ "$destination_digest" != "$1" || -z "$destination_digest" ]]; then printf '* Pushing component: %s to %s:%s\n' "$2" "$4" "$5" @@ -96,28 +100,28 @@ spec: exit 1 fi - if [ $(jq '.components | map(select((has("tags")|not) or (.tags | IN([])))) | length' \ - "${SNAPSHOT_SPEC_FILE}") -ne 0 ] ; then + if [ "$(jq '.components | map(select((has("tags")|not) or (.tags | IN([])))) | length' \ + "${SNAPSHOT_SPEC_FILE}")" -ne 0 ] ; then echo "Found components in the snapshot file that do not contain tags. Failing" cat "${SNAPSHOT_SPEC_FILE}" exit 1 fi RESULTS_FILE="$(workspaces.data.path)/$(params.resultsDirPath)/push-snapshot-results.json" - RESULTS_JSON='{"images":[]}' + RESULTS_JSON="{\"images\":[]}" SOURCE_AUTH_FILE=$(mktemp) - defaultPushSourceContainer=$(jq -r '.mapping.defaults.pushSourceContainer' $DATA_FILE) + defaultPushSourceContainer=$(jq -r '.mapping.defaults.pushSourceContainer' "$DATA_FILE") application=$(jq -r '.application' "${SNAPSHOT_SPEC_FILE}") NUM_COMPONENTS=$(jq '.components | length' "${SNAPSHOT_SPEC_FILE}") printf 'Beginning "%s" for "%s"\n\n' "$(context.task.name)" "$application" - for ((i = 0; i < $NUM_COMPONENTS; i++)) + for ((i = 0; i < NUM_COMPONENTS; i++)) do component=$(jq -c --argjson i "$i" '.components[$i]' "${SNAPSHOT_SPEC_FILE}") - containerImage=$(jq -r '.containerImage' <<< $component) - repository=$(jq -r '.repository' <<< $component) - imageTags=$(jq '.tags' <<< $component) + containerImage=$(jq -r '.containerImage' <<< "$component") + repository=$(jq -r '.repository' <<< "$component") + imageTags=$(jq '.tags' <<< "$component") # oras has very limited support for selecting the right auth entry, # so create a custom auth file with just one entry. @@ -128,19 +132,20 @@ spec: '.auths."'"$source_repo"'" = .auths."'"$registry"'" | del(.auths."'"$registry"'")' > "$SOURCE_AUTH_FILE" arch_json=$(get-image-architectures "${containerImage}") - arches=$(jq -s 'map(.platform.architecture)' <<< $arch_json) - oses=$(jq -s 'map(.platform.os)' <<< $arch_json) + arches=$(jq -s 'map(.platform.architecture)' <<< "$arch_json") + oses=$(jq -s 'map(.platform.os)' <<< "$arch_json") # Just read the first from the list of architectures - os=$(jq -r '.[0]' <<< $oses) - arch=$(jq -r '.[0]' <<< $arches) - name=$(jq -r '.name' <<< $component) - git_sha=$(jq -r '.source.git.revision' <<< $component) # this sets the value to "null" if it doesn't exist + os=$(jq -r '.[0]' <<< "$oses") + arch=$(jq -r '.[0]' <<< "$arches") + name=$(jq -r '.name' <<< "$component") media_type=$(skopeo inspect --raw "docker://${containerImage}" | jq -r .mediaType) oras_args=() + platform= if [[ "$media_type" == "application/vnd.docker.distribution.manifest.list.v2+json" ]]\ || [[ "$media_type" == "application/vnd.oci.image.index.v1+json" ]]; then - oras_args+=("--platform $os/$arch") + platform=$os/$arch + oras_args=(--platform "$platform") fi # we do not use oras_args here since we want to get the manifest index image digest @@ -149,13 +154,13 @@ spec: RESULTS_JSON=$(jq --arg i "$i" --argjson arches "$arches" --argjson oses "$oses" --arg name "$name" \ --arg sha "$origin_digest" \ '.images[$i|tonumber] += {"arches": $arches, "oses": $oses, "name": $name, "shasum": $sha, "urls": []}' \ - <<< $RESULTS_JSON) + <<< "$RESULTS_JSON") # Push source container if the component has pushSourceContainer: true or if the # pushSourceContainer key is missing from the component and the defaults has # pushSourceContainer: true - if [[ $(jq -r '.pushSourceContainer' <<< $component) == "true" ]] \ - || [[ $(jq 'has("pushSourceContainer")' <<< $component) == "false" && \ + if [[ $(jq -r '.pushSourceContainer' <<< "$component") == "true" ]] \ + || [[ $(jq 'has("pushSourceContainer")' <<< "$component") == "false" && \ ${defaultPushSourceContainer} == "true" ]] ; then source_tag=${origin_digest/:/-}.src @@ -163,7 +168,7 @@ spec: sourceContainer="${source_repo}:${source_tag}" # Check if the source container exists source_container_digest=$(oras resolve --registry-config "$SOURCE_AUTH_FILE" \ - "${sourceContainer}" ${oras_args[@]}) + "${sourceContainer}" "${oras_args[@]}") if [ -z "$source_container_digest" ] ; then echo "Error: Source container ${sourceContainer} not found!" @@ -172,23 +177,23 @@ spec: # Push the source image with the source tag here. The source image will be # pushed with the provided tags below in the loop push_image "${source_container_digest}" "${name}" "${sourceContainer}" \ - "${repository}" "${source_tag}" "${oras_args[@]}" + "${repository}" "${source_tag}" "$platform" fi - for tag in $(jq -r '.[]' <<< $imageTags) ; do + for tag in $(jq -r '.[]' <<< "$imageTags") ; do # Push the container image push_image "${origin_digest}" "${name}" "${containerImage}" "${repository}" "${tag}" \ - "${arch}" "${oras_args[@]}" + "$platform" # This variable will only exist if the above logic determined the source container should # be pushed for this component if [ -n "${source_container_digest-}" ] ; then push_image "${source_container_digest}" "${name}" "${sourceContainer}" \ - "${repository}" "${tag}-source" "${arch}" "${oras_args[@]}" + "${repository}" "${tag}-source" "$platform" fi done done - echo -n "${RESULTS_JSON}" | tee $RESULTS_FILE + echo -n "${RESULTS_JSON}" | tee "$RESULTS_FILE" printf 'Completed "%s" for "%s"\n\n' "$(context.task.name)" "$application" volumeMounts: - name: trusted-ca diff --git a/tasks/push-snapshot/tests/mocks.sh b/tasks/push-snapshot/tests/mocks.sh index 3a43fefb6..386f72295 100644 --- a/tasks/push-snapshot/tests/mocks.sh +++ b/tasks/push-snapshot/tests/mocks.sh @@ -5,12 +5,12 @@ set -eux function cosign() { echo Mock cosign called with: $* - echo $* >> $(workspaces.data.path)/mock_cosign.txt + echo $* >> "$(workspaces.data.path)"/mock_cosign.txt # mock cosign failing the first 3x for the retry test if [[ "$*" == "copy -f registry.io/retry-image:tag "*":"* ]] then - if [[ $(cat $(workspaces.data.path)/mock_cosign.txt | wc -l) -le 3 ]] + if [[ "$(wc -l < "$(workspaces.data.path)/mock_cosign.txt")" -le 3 ]] then echo Expected cosign call failure for retry test return 1 @@ -35,7 +35,7 @@ function cosign() { function skopeo() { echo Mock skopeo called with: $* >&2 - echo $* >> $(workspaces.data.path)/mock_skopeo.txt + echo $* >> "$(workspaces.data.path)"/mock_skopeo.txt if [[ "$*" == "inspect --raw docker://"* ]] then @@ -54,11 +54,11 @@ function get-image-architectures() { } function select-oci-auth() { - echo $* >> $(workspaces.data.path)/mock_select-oci-auth.txt + echo $* >> "$(workspaces.data.path)"/mock_select-oci-auth.txt } function oras() { - echo $* >> $(workspaces.data.path)/mock_oras.txt + echo $* >> "$(workspaces.data.path)"/mock_oras.txt if [[ "$*" == "resolve --registry-config "*" "* ]] then if [[ "$4" == *skip-image*.src || "$4" == *skip-image*-source ]]; then diff --git a/tasks/push-snapshot/tests/test-push-snapshot-digests-match.yaml b/tasks/push-snapshot/tests/test-push-snapshot-digests-match.yaml index d80926071..690531c71 100644 --- a/tasks/push-snapshot/tests/test-push-snapshot-digests-match.yaml +++ b/tasks/push-snapshot/tests/test-push-snapshot-digests-match.yaml @@ -24,8 +24,8 @@ spec: #!/usr/bin/env sh set -eux - mkdir $(workspaces.data.path)/results - cat > $(workspaces.data.path)/mapped_snapshot.json << EOF + mkdir "$(workspaces.data.path)/results" + cat > "$(workspaces.data.path)/mapped_snapshot.json" << EOF { "application": "myapp", "components": [ @@ -41,7 +41,7 @@ spec: } EOF - echo '{}' > $(workspaces.data.path)/data.json + echo '{}' > "$(workspaces.data.path)"/data.json - name: run-task taskRef: name: push-snapshot @@ -71,31 +71,32 @@ spec: #!/usr/bin/env sh set -eux - if [ $(cat $(workspaces.data.path)/mock_cosign.txt | wc -l) != 0 ]; then - echo Error: cosign was expected to be called 0 times. Actual calls: - cat $(workspaces.data.path)/mock_cosign.txt + if [ -f "$(workspaces.data.path)/mock_cosign.txt" ]; then + echo Error: cosign was not expected to be called. Actual calls: + cat "$(workspaces.data.path)/mock_cosign.txt" exit 1 fi - if [ $(cat $(workspaces.data.path)/mock_skopeo.txt | wc -l) != 1 ]; then + if [ "$(wc -l < "$(workspaces.data.path)/mock_skopeo.txt")" != 1 ]; then echo Error: skopeo was expected to be called 1 time. Actual calls: - cat $(workspaces.data.path)/mock_skopeo.txt + cat "$(workspaces.data.path)/mock_skopeo.txt" exit 1 fi - if [ $(cat $(workspaces.data.path)/mock_oras.txt | wc -l) != 2 ]; then + if [ "$(wc -l < "$(workspaces.data.path)/mock_oras.txt")" != 2 ]; then echo Error: oras was expected to be called 2 times. Actual calls: - cat $(workspaces.data.path)/mock_oras.txt + cat "$(workspaces.data.path)/mock_oras.txt" exit 1 fi echo Make sure the results file was still written even though no push happened - test $(jq -r '.images[0].name' $(workspaces.data.path)/results/push-snapshot-results.json) == "comp" - test $(jq -r '.images[0].shasum' $(workspaces.data.path)/results/push-snapshot-results.json) == \ + test "$(jq -r '.images[0].name' "$(workspaces.data.path)/results/push-snapshot-results.json")" == "comp" + test "$(jq -r '.images[0].shasum' "$(workspaces.data.path)/results/push-snapshot-results.json")" == \ "sha256:0b770b6ec5414e841167266c96af42404e9f7049f72c21d0ab312e07c9403197" - test $(jq -r '.images[0].urls | length' $(workspaces.data.path)/results/push-snapshot-results.json) \ + test "$(jq -r '.images[0].urls | length' "$(workspaces.data.path)/results/push-snapshot-results.json")" \ == "1" - test $(jq -r '.images[0].arches | length' $(workspaces.data.path)/results/push-snapshot-results.json) \ + test "$(jq -r '.images[0].arches | length' \ + "$(workspaces.data.path)/results/push-snapshot-results.json")" \ == "2" runAfter: - run-task diff --git a/tasks/push-snapshot/tests/test-push-snapshot-fail-no-data-file.yaml b/tasks/push-snapshot/tests/test-push-snapshot-fail-no-data-file.yaml index 1e3dee9b9..c2854894a 100644 --- a/tasks/push-snapshot/tests/test-push-snapshot-fail-no-data-file.yaml +++ b/tasks/push-snapshot/tests/test-push-snapshot-fail-no-data-file.yaml @@ -26,8 +26,8 @@ spec: #!/usr/bin/env sh set -eux - mkdir $(workspaces.data.path)/results - cat > $(workspaces.data.path)/mapped_snapshot.json << EOF + mkdir "$(workspaces.data.path)/results" + cat > "$(workspaces.data.path)/mapped_snapshot.json" << EOF { "application": "myapp", "components": [ diff --git a/tasks/push-snapshot/tests/test-push-snapshot-fail-tagless-component.yaml b/tasks/push-snapshot/tests/test-push-snapshot-fail-tagless-component.yaml index 7fbb06df6..760639271 100644 --- a/tasks/push-snapshot/tests/test-push-snapshot-fail-tagless-component.yaml +++ b/tasks/push-snapshot/tests/test-push-snapshot-fail-tagless-component.yaml @@ -26,8 +26,8 @@ spec: #!/usr/bin/env sh set -eux - mkdir $(workspaces.data.path)/results - cat > $(workspaces.data.path)/snapshot.json << EOF + mkdir "$(workspaces.data.path)/results" + cat > "$(workspaces.data.path)"/snapshot.json << EOF { "application": "myapp", "components": [ @@ -50,7 +50,7 @@ spec: } EOF - cat > $(workspaces.data.path)/data.json << EOF + cat > "$(workspaces.data.path)"/data.json << EOF { "mapping": { "defaults": { diff --git a/tasks/push-snapshot/tests/test-push-snapshot-mount-certs.yaml b/tasks/push-snapshot/tests/test-push-snapshot-mount-certs.yaml index efff61082..bedc05e3d 100644 --- a/tasks/push-snapshot/tests/test-push-snapshot-mount-certs.yaml +++ b/tasks/push-snapshot/tests/test-push-snapshot-mount-certs.yaml @@ -23,8 +23,8 @@ spec: #!/usr/bin/env sh set -eux - mkdir $(workspaces.data.path)/results - cat > $(workspaces.data.path)/snapshot.json << EOF + mkdir "$(workspaces.data.path)/results" + cat > "$(workspaces.data.path)"/snapshot.json << EOF { "application": "myapp", "components": [ @@ -50,7 +50,7 @@ spec: } EOF - cat > $(workspaces.data.path)/data.json << EOF + cat > "$(workspaces.data.path)"/data.json << EOF { "mapping": { "defaults": { @@ -96,30 +96,31 @@ spec: # 2 for comp1 (the 2 provided tags) # 3 for comp2 (provided tag, once for image, once for source container, + once for source tag) - if [ $(cat $(workspaces.data.path)/mock_cosign.txt | wc -l) != 5 ]; then + if [ "$(wc -l < "$(workspaces.data.path)/mock_cosign.txt")" != 5 ]; then echo Error: cosign was expected to be called 5 times. Actual calls: - cat $(workspaces.data.path)/mock_cosign.txt + cat "$(workspaces.data.path)/mock_cosign.txt" exit 1 fi - if [ $(cat $(workspaces.data.path)/mock_skopeo.txt | wc -l) != 2 ]; then + if [ "$(wc -l < "$(workspaces.data.path)/mock_skopeo.txt")" != 2 ]; then echo Error: skopeo was expected to be called 2 times. Actual calls: - cat $(workspaces.data.path)/mock_skopeo.txt + cat "$(workspaces.data.path)/mock_skopeo.txt" exit 1 fi - if [ $(cat $(workspaces.data.path)/mock_oras.txt | wc -l) != 8 ]; then + if [ "$(wc -l < "$(workspaces.data.path)/mock_oras.txt")" != 8 ]; then echo Error: oras was expected to be called 8 times. Actual calls: - cat $(workspaces.data.path)/mock_oras.txt + cat "$(workspaces.data.path)/mock_oras.txt" exit 1 fi - test $(jq -r '.images[0].name' $(workspaces.data.path)/results/push-snapshot-results.json) == "comp1" - test $(jq -r '.images[0].shasum' $(workspaces.data.path)/results/push-snapshot-results.json) == \ + test "$(jq -r '.images[0].name' "$(workspaces.data.path)/results/push-snapshot-results.json")" == "comp1" + test "$(jq -r '.images[0].shasum' "$(workspaces.data.path)/results/push-snapshot-results.json")" == \ "sha256:6ff029b0b6cf82e3df2a2360dc88cd527c51132b557207d64634d9c245e0d15e" - test $(jq -r '.images[0].urls | length' $(workspaces.data.path)/results/push-snapshot-results.json) \ + test "$(jq -r '.images[0].urls | length' "$(workspaces.data.path)/results/push-snapshot-results.json")" \ == "2" - test $(jq -r '.images[0].arches | length' $(workspaces.data.path)/results/push-snapshot-results.json) \ + test "$(jq -r '.images[0].arches | length' \ + "$(workspaces.data.path)/results/push-snapshot-results.json")" \ == "2" runAfter: - run-task diff --git a/tasks/push-snapshot/tests/test-push-snapshot-pushsourcecontainer-component.yaml b/tasks/push-snapshot/tests/test-push-snapshot-pushsourcecontainer-component.yaml index 4264587fd..fc5d3e6f8 100644 --- a/tasks/push-snapshot/tests/test-push-snapshot-pushsourcecontainer-component.yaml +++ b/tasks/push-snapshot/tests/test-push-snapshot-pushsourcecontainer-component.yaml @@ -23,8 +23,8 @@ spec: #!/usr/bin/env sh set -eux - mkdir $(workspaces.data.path)/results - cat > $(workspaces.data.path)/snapshot.json << EOF + mkdir "$(workspaces.data.path)/results" + cat > "$(workspaces.data.path)"/snapshot.json << EOF { "application": "myapp", "components": [ @@ -47,7 +47,7 @@ spec: } EOF - cat > $(workspaces.data.path)/data.json << EOF + cat > "$(workspaces.data.path)"/data.json << EOF { "mapping": { } @@ -86,7 +86,7 @@ spec: # The sha 4c0020cf1fd28563704fb5f05396899faf8ae642b94950c72c6282a507df1a03 is calculated # from the origin image pull spec - see oras() in mocks.sh - cat > $(workspaces.data.path)/cosign_expected_calls.txt << EOF + cat > "$(workspaces.data.path)"/cosign_expected_calls.txt << EOF copy -f registry.io/image:sha256-4c0020cf1fd28563704fb5f05396899faf8ae642b94950c72c6282a507df1a03.src\ prod-registry.io/prod-location:sha256-4c0020cf1fd28563704fb5f05396899faf8ae642b94950c72c6282a507df1a03.src copy -f registry.io/image@sha256:abcdefg prod-registry.io/prod-location:testtag @@ -94,25 +94,25 @@ spec: prod-registry.io/prod-location:testtag-source EOF - if [ "$(cat $(workspaces.data.path)/cosign_expected_calls.txt | md5sum)" \ - != "$(cat $(workspaces.data.path)/mock_cosign.txt | md5sum)" ]; then - echo Error: Expected cosign calls do not match actual calls + if [ "$(md5sum < "$(workspaces.data.path)"/cosign_expected_calls.txt)" \ + != "$(md5sum < "$(workspaces.data.path)/mock_cosign.txt")" ]; then + echo "Error: Expected cosign calls do not match actual calls" echo Actual calls: - cat $(workspaces.data.path)/mock_cosign.txt + cat "$(workspaces.data.path)/mock_cosign.txt" echo Expected calls: - cat $(workspaces.data.path)/cosign_expected_calls.txt + cat "$(workspaces.data.path)"/cosign_expected_calls.txt exit 1 fi - if [ $(cat $(workspaces.data.path)/mock_skopeo.txt | wc -l) != 1 ]; then + if [ "$(wc -l < "$(workspaces.data.path)/mock_skopeo.txt")" != 1 ]; then echo Error: skopeo was expected to be called 1 time. Actual calls: - cat $(workspaces.data.path)/mock_skopeo.txt + cat "$(workspaces.data.path)/mock_skopeo.txt" exit 1 fi - if [ $(cat $(workspaces.data.path)/mock_oras.txt | wc -l) != 5 ]; then + if [ "$(wc -l < "$(workspaces.data.path)/mock_oras.txt")" != 5 ]; then echo Error: oras was expected to be called 5 times. Actual calls: - cat $(workspaces.data.path)/mock_oras.txt + cat "$(workspaces.data.path)/mock_oras.txt" exit 1 fi diff --git a/tasks/push-snapshot/tests/test-push-snapshot-pushsourcecontainer-defaults.yaml b/tasks/push-snapshot/tests/test-push-snapshot-pushsourcecontainer-defaults.yaml index 7fd0e343b..23468f9d2 100644 --- a/tasks/push-snapshot/tests/test-push-snapshot-pushsourcecontainer-defaults.yaml +++ b/tasks/push-snapshot/tests/test-push-snapshot-pushsourcecontainer-defaults.yaml @@ -23,8 +23,8 @@ spec: #!/usr/bin/env sh set -eux - mkdir $(workspaces.data.path)/results - cat > $(workspaces.data.path)/snapshot.json << EOF + mkdir "$(workspaces.data.path)/results" + cat > "$(workspaces.data.path)"/snapshot.json << EOF { "application": "myapp", "components": [ @@ -46,7 +46,7 @@ spec: } EOF - cat > $(workspaces.data.path)/data.json << EOF + cat > "$(workspaces.data.path)"/data.json << EOF { "mapping": { "defaults": { @@ -88,7 +88,7 @@ spec: # The sha 570fd5a1e41b5545a24828be5a3df2e85e4a5a67703385f39594837e77e2478e is calculated # from the origin image pull spec - see mocks.sh - cat > $(workspaces.data.path)/cosign_expected_calls.txt << EOF + cat > "$(workspaces.data.path)"/cosign_expected_calls.txt << EOF copy -f registry.io/image:sha256-4c0020cf1fd28563704fb5f05396899faf8ae642b94950c72c6282a507df1a03.src\ prod-registry.io/prod-location:sha256-4c0020cf1fd28563704fb5f05396899faf8ae642b94950c72c6282a507df1a03.src copy -f registry.io/image@sha256:abcdefg prod-registry.io/prod-location:testtag @@ -96,25 +96,25 @@ spec: prod-registry.io/prod-location:testtag-source EOF - if [ "$(cat $(workspaces.data.path)/cosign_expected_calls.txt | md5sum)" \ - != "$(cat $(workspaces.data.path)/mock_cosign.txt | md5sum)" ]; then - echo Error: Expected cosign calls do not match actual calls + if [ "$(md5sum < "$(workspaces.data.path)"/cosign_expected_calls.txt)" \ + != "$(md5sum < "$(workspaces.data.path)/mock_cosign.txt")" ]; then + echo "Error: Expected cosign calls do not match actual calls" echo Actual calls: - cat $(workspaces.data.path)/mock_cosign.txt + cat "$(workspaces.data.path)/mock_cosign.txt" echo Expected calls: - cat $(workspaces.data.path)/cosign_expected_calls.txt + cat "$(workspaces.data.path)"/cosign_expected_calls.txt exit 1 fi - if [ $(cat $(workspaces.data.path)/mock_skopeo.txt | wc -l) != 1 ]; then + if [ "$(wc -l < "$(workspaces.data.path)/mock_skopeo.txt")" != 1 ]; then echo Error: skopeo was expected to be called 1 time. Actual calls: - cat $(workspaces.data.path)/mock_skopeo.txt + cat "$(workspaces.data.path)/mock_skopeo.txt" exit 1 fi - if [ $(cat $(workspaces.data.path)/mock_oras.txt | wc -l) != 5 ]; then + if [ "$(wc -l < "$(workspaces.data.path)/mock_oras.txt")" != 5 ]; then echo Error: oras was expected to be called 5 times. Actual calls: - cat $(workspaces.data.path)/mock_oras.txt + cat "$(workspaces.data.path)/mock_oras.txt" exit 1 fi runAfter: diff --git a/tasks/push-snapshot/tests/test-push-snapshot-pushsourcecontainer-skip-existing.yaml b/tasks/push-snapshot/tests/test-push-snapshot-pushsourcecontainer-skip-existing.yaml index 9237f1d88..45ae534fd 100644 --- a/tasks/push-snapshot/tests/test-push-snapshot-pushsourcecontainer-skip-existing.yaml +++ b/tasks/push-snapshot/tests/test-push-snapshot-pushsourcecontainer-skip-existing.yaml @@ -24,8 +24,8 @@ spec: #!/usr/bin/env sh set -eux - mkdir $(workspaces.data.path)/results - cat > $(workspaces.data.path)/snapshot.json << EOF + mkdir "$(workspaces.data.path)/results" + cat > "$(workspaces.data.path)"/snapshot.json << EOF { "application": "myapp", "components": [ @@ -41,7 +41,7 @@ spec: } EOF - cat > $(workspaces.data.path)/data.json << EOF + cat > "$(workspaces.data.path)"/data.json << EOF { "mapping": { "defaults": { @@ -81,21 +81,21 @@ spec: #!/usr/bin/env sh set -eux - if [ -f $(workspaces.data.path)/mock_cosign.txt ]; then + if [ -f "$(workspaces.data.path)"/mock_cosign.txt ]; then echo Error: cosign was not expected to be called. Actual calls: - cat $(workspaces.data.path)/mock_cosign.txt + cat "$(workspaces.data.path)/mock_cosign.txt" exit 1 fi - if [ $(cat $(workspaces.data.path)/mock_skopeo.txt | wc -l) != 1 ]; then + if [ "$(wc -l < "$(workspaces.data.path)/mock_skopeo.txt")" != 1 ]; then echo Error: skopeo was expected to be called 1 time. Actual calls: - cat $(workspaces.data.path)/mock_skopeo.txt + cat "$(workspaces.data.path)/mock_skopeo.txt" exit 1 fi - if [ $(cat $(workspaces.data.path)/mock_oras.txt | wc -l) != 5 ]; then + if [ "$(wc -l < "$(workspaces.data.path)/mock_oras.txt")" != 5 ]; then echo Error: oras was expected to be called 5 times. Actual calls: - cat $(workspaces.data.path)/mock_oras.txt + cat "$(workspaces.data.path)/mock_oras.txt" exit 1 fi runAfter: diff --git a/tasks/push-snapshot/tests/test-push-snapshot-retries.yaml b/tasks/push-snapshot/tests/test-push-snapshot-retries.yaml index 23af568f7..7b2ad1fe3 100644 --- a/tasks/push-snapshot/tests/test-push-snapshot-retries.yaml +++ b/tasks/push-snapshot/tests/test-push-snapshot-retries.yaml @@ -23,8 +23,8 @@ spec: #!/usr/bin/env sh set -eux - mkdir $(workspaces.data.path)/results - cat > $(workspaces.data.path)/snapshot.json << EOF + mkdir "$(workspaces.data.path)/results" + cat > "$(workspaces.data.path)"/snapshot.json << EOF { "application": "myapp", "components": [ @@ -40,7 +40,7 @@ spec: } EOF - echo '{}' > $(workspaces.data.path)/mydata.json + echo '{}' > "$(workspaces.data.path)"/mydata.json - name: run-task taskRef: name: push-snapshot @@ -72,21 +72,21 @@ spec: #!/usr/bin/env sh set -eux - if [ $(cat $(workspaces.data.path)/mock_cosign.txt | wc -l) != 4 ]; then + if [ "$(wc -l < "$(workspaces.data.path)/mock_cosign.txt")" != 4 ]; then echo Error: cosign was expected to be called 4 times. Actual calls: - cat $(workspaces.data.path)/mock_cosign.txt + cat "$(workspaces.data.path)/mock_cosign.txt" exit 1 fi - if [ $(cat $(workspaces.data.path)/mock_skopeo.txt | wc -l) != 1 ]; then + if [ "$(wc -l < "$(workspaces.data.path)/mock_skopeo.txt")" != 1 ]; then echo Error: skopeo was expected to be called 1 time. Actual calls: - cat $(workspaces.data.path)/mock_skopeo.txt + cat "$(workspaces.data.path)/mock_skopeo.txt" exit 1 fi - if [ $(cat $(workspaces.data.path)/mock_oras.txt | wc -l) != 2 ]; then + if [ "$(wc -l < "$(workspaces.data.path)/mock_oras.txt")" != 2 ]; then echo Error: oras was expected to be called 2 times. Actual calls: - cat $(workspaces.data.path)/mock_oras.txt + cat "$(workspaces.data.path)/mock_oras.txt" exit 1 fi runAfter: diff --git a/tasks/push-snapshot/tests/test-push-snapshot.yaml b/tasks/push-snapshot/tests/test-push-snapshot.yaml index 73a881bf2..c557f643b 100644 --- a/tasks/push-snapshot/tests/test-push-snapshot.yaml +++ b/tasks/push-snapshot/tests/test-push-snapshot.yaml @@ -23,8 +23,8 @@ spec: #!/usr/bin/env sh set -eux - mkdir $(workspaces.data.path)/results - cat > $(workspaces.data.path)/snapshot.json << EOF + mkdir "$(workspaces.data.path)/results" + cat > "$(workspaces.data.path)"/snapshot.json << EOF { "application": "myapp", "components": [ @@ -50,7 +50,7 @@ spec: } EOF - cat > $(workspaces.data.path)/data.json << EOF + cat > "$(workspaces.data.path)"/data.json << EOF { "mapping": { "defaults": { @@ -92,30 +92,31 @@ spec: # 2 for comp1 (the 2 provided tags) # 3 for comp2 (provided tag, once for image, once for source container, + once for source tag) - if [ $(cat $(workspaces.data.path)/mock_cosign.txt | wc -l) != 5 ]; then + if [ "$(wc -l < "$(workspaces.data.path)/mock_cosign.txt")" != 5 ]; then echo Error: cosign was expected to be called 5 times. Actual calls: - cat $(workspaces.data.path)/mock_cosign.txt + cat "$(workspaces.data.path)/mock_cosign.txt" exit 1 fi - if [ $(cat $(workspaces.data.path)/mock_skopeo.txt | wc -l) != 2 ]; then + if [ "$(wc -l < "$(workspaces.data.path)/mock_skopeo.txt")" != 2 ]; then echo Error: skopeo was expected to be called 2 times. Actual calls: - cat $(workspaces.data.path)/mock_skopeo.txt + cat "$(workspaces.data.path)/mock_skopeo.txt" exit 1 fi - if [ $(cat $(workspaces.data.path)/mock_oras.txt | wc -l) != 8 ]; then + if [ "$(wc -l < "$(workspaces.data.path)/mock_oras.txt")" != 8 ]; then echo Error: oras was expected to be called 8 times. Actual calls: - cat $(workspaces.data.path)/mock_oras.txt + cat "$(workspaces.data.path)/mock_oras.txt" exit 1 fi - test $(jq -r '.images[0].name' $(workspaces.data.path)/results/push-snapshot-results.json) == "comp1" - test $(jq -r '.images[0].shasum' $(workspaces.data.path)/results/push-snapshot-results.json) == \ + test "$(jq -r '.images[0].name' "$(workspaces.data.path)/results/push-snapshot-results.json")" == "comp1" + test "$(jq -r '.images[0].shasum' "$(workspaces.data.path)/results/push-snapshot-results.json")" == \ "sha256:6ff029b0b6cf82e3df2a2360dc88cd527c51132b557207d64634d9c245e0d15e" - test $(jq -r '.images[0].urls | length' $(workspaces.data.path)/results/push-snapshot-results.json) \ + test "$(jq -r '.images[0].urls | length' "$(workspaces.data.path)/results/push-snapshot-results.json")" \ == "2" - test $(jq -r '.images[0].arches | length' $(workspaces.data.path)/results/push-snapshot-results.json) \ + test "$(jq -r '.images[0].arches | length' \ + "$(workspaces.data.path)/results/push-snapshot-results.json")" \ == "2" runAfter: - run-task