diff --git a/tasks/rh-sign-image-cosign/README.md b/tasks/rh-sign-image-cosign/README.md index cfe928578..f4bec3867 100644 --- a/tasks/rh-sign-image-cosign/README.md +++ b/tasks/rh-sign-image-cosign/README.md @@ -11,6 +11,9 @@ Tekton task to sign container images in snapshot by cosign. | signRegistryAccessPath | The relative path in the workspace to a text file that contains a list of repositories that needs registry.access.redhat.com image references to be signed (i.e. requires_terms=true), one repository string per line, e.g. "rhtas/cosign-rhel9". | No | - | | retries | Retry cosign N times | Yes | 3 | +## Changes in 1.2.1 +* fix linting issues + ## Changes in 1.2.0 * Retry failed cosign diff --git a/tasks/rh-sign-image-cosign/rh-sign-image-cosign.yaml b/tasks/rh-sign-image-cosign/rh-sign-image-cosign.yaml index 816635e45..8be88d667 100644 --- a/tasks/rh-sign-image-cosign/rh-sign-image-cosign.yaml +++ b/tasks/rh-sign-image-cosign/rh-sign-image-cosign.yaml @@ -4,7 +4,7 @@ kind: Task metadata: name: rh-sign-image-cosign labels: - app.kubernetes.io/version: "1.2.0" + app.kubernetes.io/version: "1.2.1" annotations: tekton.dev/pipelines.minVersion: "0.12.1" tekton.dev/tags: release @@ -77,15 +77,24 @@ spec: run_cosign () { # Expected arguments are [digest_reference, tag_reference] # Upload transparency log when rekor url is specified if [ -v REKOR_URL ]; then - COSIGN_COMMON_ARGS="-y --rekor-url=$REKOR_URL --key $SIGN_KEY" + COSIGN_COMMON_ARGS=( + -y + --rekor-url="$REKOR_URL" + --key + "$SIGN_KEY" + ) else - COSIGN_COMMON_ARGS="--tlog-upload=false --key $SIGN_KEY" + COSIGN_COMMON_ARGS=( + -tlog-upload=false + --key + "$SIGN_KEY" + ) fi echo "Signing manifest $1 ($2)" attempt=0 until [ "$attempt" -gt "$(params.retries)" ] ; do # 3 retries by default cosign -t 3m0s sign\ - ${COSIGN_COMMON_ARGS}\ + "${COSIGN_COMMON_ARGS[@]}" \ --sign-container-identity "$2"\ "$1" && break attempt=$((attempt+1)) diff --git a/tasks/rh-sign-image-cosign/tests/test-rh-sign-image-cosign-multiple-components.yaml b/tasks/rh-sign-image-cosign/tests/test-rh-sign-image-cosign-multiple-components.yaml index 2c8a01186..2ac51ff52 100644 --- a/tasks/rh-sign-image-cosign/tests/test-rh-sign-image-cosign-multiple-components.yaml +++ b/tasks/rh-sign-image-cosign/tests/test-rh-sign-image-cosign-multiple-components.yaml @@ -25,7 +25,7 @@ spec: _TEST_MANIFEST_LIST_OCI_REFERENCE="quay.io/redhat-pending/test-product----test-image0@sha256:0000" _TEST_REPO="quay.io/redhat-pending/test-product----test-image0" - cat > $(workspaces.data.path)/snapshot_spec.json << EOF + cat > "$(workspaces.data.path)/snapshot_spec.json" << EOF { "application": "myapp", "components": [ diff --git a/tasks/rh-sign-image-cosign/tests/test-rh-sign-image-cosign-retries.yaml b/tasks/rh-sign-image-cosign/tests/test-rh-sign-image-cosign-retries.yaml index c7d897862..9fa20a2d0 100644 --- a/tasks/rh-sign-image-cosign/tests/test-rh-sign-image-cosign-retries.yaml +++ b/tasks/rh-sign-image-cosign/tests/test-rh-sign-image-cosign-retries.yaml @@ -21,7 +21,7 @@ spec: script: | #!/usr/bin/env bash set -eux - cat > $(workspaces.data.path)/snapshot_spec.json << EOF + cat > "$(workspaces.data.path)/snapshot_spec.json" << EOF { "application": "myapp", "components": [ diff --git a/tasks/rh-sign-image-cosign/tests/test-rh-sign-image-cosign-single-component.yaml b/tasks/rh-sign-image-cosign/tests/test-rh-sign-image-cosign-single-component.yaml index 37d3b6cde..28e48235d 100644 --- a/tasks/rh-sign-image-cosign/tests/test-rh-sign-image-cosign-single-component.yaml +++ b/tasks/rh-sign-image-cosign/tests/test-rh-sign-image-cosign-single-component.yaml @@ -21,7 +21,7 @@ spec: script: | #!/usr/bin/env bash set -eux - cat > $(workspaces.data.path)/snapshot_spec.json << EOF + cat > "$(workspaces.data.path)/snapshot_spec.json" << EOF { "application": "myapp", "components": [