fix(RELEASE-1089): linting issues in sign-base64-blob

Signed-off-by: Johnny Bieren <[email protected]>

.github/workflows/lint.yaml

@@ -59,10 +59,13 @@ jobs:
       - name: Run Checkton
         id: checkton
         uses: chmeliik/[email protected]
-        # Migrating to the konflux-ci org
         with:
           fail-on-findings: true
-          find-copies-harder: true
+          find-copies-harder: false
+          # Set to false to disable the differential check
+          differential: false 
+          # Add a regex to include only the files you want to check
+          include-regex: "tasks/sign-base64-blob/.*\\.yaml"
   check-jsonschema:
     name: Validate json schema file
     runs-on: ubuntu-latest

tasks/sign-base64-blob/README.md

@@ -25,6 +25,9 @@ data:
         configMapName: <configmap name>
 ```
 
+## Changes in 2.4.1
+* Fix shellcheck/checkton linting issues in the task and tests
+
 ## Changes in 2.4.0
 * No longer examine `.data.sign.request` to obtain the Signing pipeline name. Use the default - blob-signing-pipeline
 

tasks/sign-base64-blob/sign-base64-blob.yaml

@@ -4,7 +4,7 @@ kind: Task
 metadata:
   name: sign-base64-blob
   labels:
-    app.kubernetes.io/version: "2.4.0"
+    app.kubernetes.io/version: "2.4.1"
   annotations:
     tekton.dev/pipelines.minVersion: "0.12.1"
     tekton.dev/tags: release
@@ -40,7 +40,7 @@ spec:
       image:
         quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f
       script: |
-        #!/usr/bin/env sh
+        #!/usr/bin/env bash
         set -ex
         set -o pipefail
 

tasks/sign-base64-blob/tests/test-sign-base64-blob.yaml

@@ -19,19 +19,19 @@ spec:
           - name: setup-values
             image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f
             script: |
-              #!/usr/bin/env sh
+              #!/usr/bin/env bash
               set -eux
 
-              cat > $(workspaces.data.path)/data.json << EOF
+              cat > "$(workspaces.data.path)/data.json" << EOF
               {
                 "sign": {
                   "configMapName": "signing-config-map"
                 }
               }
               EOF
 
-              mkdir -p $(workspaces.data.path)/binaries
-              touch $(workspaces.data.path)/binaries/foo_SHA256SUMS
+              mkdir -p "$(workspaces.data.path)/binaries"
+              touch "$(workspaces.data.path)/binaries/foo_SHA256SUMS"
     - name: run-task
       taskRef:
         name: sign-base64-blob
@@ -60,46 +60,46 @@ spec:
           - name: check-result
             image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f
             script: |
-              #!/usr/bin/env sh
+              #!/usr/bin/env bash
               set -eux
 
-              internalRequest="$(kubectl get internalrequest --sort-by=.metadata.creationTimestamp --no-headers)"
-              params=$(kubectl get internalrequest ${internalRequest} -o jsonpath="{.spec.params}")
+              internalRequest=$(kubectl get internalrequest --sort-by=.metadata.creationTimestamp --no-headers)
+              params=$(kubectl get internalrequest "${internalRequest}" -o jsonpath="{.spec.params}")
 
-              if [ $(jq -r '.blob' <<< "${params}") != "test-blob" ]; then
+              if [ "$(jq -r '.blob' <<< "${params}")" != "test-blob" ]; then
                 echo "blob does not match"
                 exit 1
               fi
 
-              if [ $(jq -r '.config_map_name' <<< "${params}") != "signing-config-map" ]
+              if [ "$(jq -r '.config_map_name' <<< "${params}")" != "signing-config-map" ]
               then
                 echo "config_map_name does not match"
                 exit 1
               fi
 
-              if [ $(jq -r '.requester' <<< "${params}") != "testuser" ]
+              if [ "$(jq -r '.requester' <<< "${params}")" != "testuser" ]
               then
                 echo "requester does not match"
                 exit 1
               fi
 
-              if [ $(jq -r '.pipeline_image' <<< "${params}") != \
+              if [ "$(jq -r '.pipeline_image' <<< "${params}")" != \
                  "quay.io/redhat-isv/operator-pipelines-images:9ea90b42456fcdf66edf4b15c0c0487ba5fa3ee3" ]
               then
                 echo "pipeline_image does not match"
                 exit 1
               fi
 
-              binaries_path=$(workspaces.data.path)/binaries
+              binaries_path="$(workspaces.data.path)/binaries"
               created_file=$(ls $binaries_path | grep sig)
-              if [ $created_file != "foo_SHA256SUMS.sig" ]
+              if [ "$created_file" != "foo_SHA256SUMS.sig" ]
               then
                 echo "Unexpected filename for the signed file"
                 exit 1
               fi
 
-              file_content=$(cat $binaries_path/foo_SHA256SUMS.sig)
-              if [ $file_content != "dummy-payload" ]
+              file_content=$(cat "$binaries_path/foo_SHA256SUMS.sig")
+              if [ "$file_content" != "dummy-payload" ]
               then
                 echo "Payload is not correct"
                 exit 1
@@ -113,7 +113,7 @@ spec:
           - name: delete-crs
             image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f
             script: |
-              #!/usr/bin/env sh
+              #!/usr/bin/env bash
               set -eux
 
               kubectl delete internalrequests --all