chore(RELEASE-1085): fix linting in rh-sign-image (#748)

- fix linting issues in rh-sign-image Signed-off-by: Scott Hebert <[email protected]>
konflux-ci · Dec 17, 2024 · b691c19 · b691c19
1 parent ba26696
commit b691c19
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 21 deletions.
diff --git a/tasks/rh-sign-image/README.md b/tasks/rh-sign-image/README.md
@@ -20,6 +20,9 @@ Task to create internalrequests or pipelineruns to sign snapshot components
 | signRegistryAccessPath   | The relative path in the workspace to a text file that contains a list of repositories that needs registry.access.redhat.com image references to be signed (i.e. requires_terms=true), one repository string per line, e.g. "rhtas/cosign-rhel9". | No       | -             |
 
 
+## Changes in 5.0.2
+* fix linting issues
+
 ## Changes in 5.0.1
 * The default for `sign.request` is now always `simple-signing-pipeline` instead of being `hacbs-signing-pipeline`
   if using InternalRequests

diff --git a/tasks/rh-sign-image/rh-sign-image.yaml b/tasks/rh-sign-image/rh-sign-image.yaml
@@ -4,7 +4,7 @@ kind: Task
 metadata:
   name: rh-sign-image
   labels:
-    app.kubernetes.io/version: "5.0.1"
+    app.kubernetes.io/version: "5.0.2"
   annotations:
     tekton.dev/pipelines.minVersion: "0.12.1"
     tekton.dev/tags: release
@@ -128,9 +128,9 @@ spec:
         default_pipeline_image="quay.io/redhat-isv/operator-pipelines-images:released"
 
         pipeline_image=$(jq -r --arg default_pipeline_image ${default_pipeline_image} \
-            '.sign.pipelineImage // $default_pipeline_image' ${DATA_FILE})
-        config_map_name=$(jq -r '.sign.configMapName // "signing-config-map"' ${DATA_FILE})
-        defaultPushSourceContainer=$(jq -r '.mapping.defaults.pushSourceContainer' ${DATA_FILE})
+            '.sign.pipelineImage // $default_pipeline_image' "${DATA_FILE}")
+        config_map_name=$(jq -r '.sign.configMapName // "signing-config-map"' "${DATA_FILE}")
+        defaultPushSourceContainer=$(jq -r '.mapping.defaults.pushSourceContainer' "${DATA_FILE}")
 
         if [[ "$(params.pyxisServer)" == "production" ]]
         then
@@ -158,21 +158,20 @@ spec:
         export PYXIS_CERT_PATH=/tmp/crt
         export PYXIS_KEY_PATH=/tmp/key
 
-        COMPONENTS_LENGTH=$(jq '.components |length' ${SNAPSHOT_PATH})
+        COMPONENTS_LENGTH=$(jq '.components |length' "${SNAPSHOT_PATH}")
         for (( COMPONENTS_INDEX=0; COMPONENTS_INDEX<COMPONENTS_LENGTH; COMPONENTS_INDEX++ )); do
 
-            referenceContainerImage=$(jq -r ".components[${COMPONENTS_INDEX}].containerImage" ${SNAPSHOT_PATH})
+            referenceContainerImage=$(jq -r ".components[${COMPONENTS_INDEX}].containerImage" "${SNAPSHOT_PATH}")
 
-            rh_registry_repo=$(jq -r ".components[${COMPONENTS_INDEX}][\"rh-registry-repo\"]" ${SNAPSHOT_PATH})
-            registry_access_repo=$(jq -r ".components[${COMPONENTS_INDEX}][\"registry-access-repo\"]" ${SNAPSHOT_PATH})
+            rh_registry_repo=$(jq -r ".components[${COMPONENTS_INDEX}][\"rh-registry-repo\"]" "${SNAPSHOT_PATH}")
+            registry_access_repo=$(jq -r ".components[${COMPONENTS_INDEX}][\"registry-access-repo\"]" \
+              "${SNAPSHOT_PATH}")
             repository="${rh_registry_repo#*/}"
 
-            git_sha=$(jq -r ".components[${COMPONENTS_INDEX}].source.git.revision" ${SNAPSHOT_PATH})
-
-            TAGS=$(jq -r ".components[${COMPONENTS_INDEX}].tags | join(\" \")" ${SNAPSHOT_PATH})
+            TAGS=$(jq -r ".components[${COMPONENTS_INDEX}].tags | join(\" \")" "${SNAPSHOT_PATH}")
 
             # check if multi-arch
-            RAW_OUTPUT=$(skopeo inspect --no-tags --raw docker://${referenceContainerImage})
+            RAW_OUTPUT=$(skopeo inspect --no-tags --raw "docker://${referenceContainerImage}")
             # Always sign the top level sha
             manifest_digests="${referenceContainerImage#*@}"
             # For multi arch, also sign all the manifests inside
@@ -185,9 +184,9 @@ spec:
             # Push source container if the component has pushSourceContainer: true or if the
             # pushSourceContainer key is missing from the component and the defaults has
             # pushSourceContainer: true
-            if [[ $(jq -r ".components[$COMPONENTS_INDEX].pushSourceContainer" ${SNAPSHOT_PATH}) == "true" ]] || \
-               [[ $(jq ".components[$COMPONENTS_INDEX] | has(\"pushSourceContainer\")" ${SNAPSHOT_PATH}) == "false" && \
-                ${defaultPushSourceContainer} == "true" ]] ; then
+            if [[ $(jq -r ".components[$COMPONENTS_INDEX].pushSourceContainer" "${SNAPSHOT_PATH}") == "true" ]] || \
+               [[ $(jq ".components[$COMPONENTS_INDEX] | has(\"pushSourceContainer\")" "${SNAPSHOT_PATH}") == "false" \
+                && ${defaultPushSourceContainer} == "true" ]] ; then
               source_repo=${referenceContainerImage%%@sha256:*}
               source_reference_tag=sha256-${referenceContainerImage#*@sha256:}.src
               # Calculate the source container image based on the provided container image

diff --git a/tasks/rh-sign-image/tests/test-rh-sign-image-multiple-components.yaml b/tasks/rh-sign-image/tests/test-rh-sign-image-multiple-components.yaml
@@ -163,19 +163,19 @@ spec:
                 foundReferences+=("${refValue}")
                 foundDigests+=("${manifestDigest}")
 
-                if [ $(jq -r '.config_map_name' <<< "${params}") != "signing-config-map" ]
+                if [ "$(jq -r '.config_map_name' <<< "${params}")" != "signing-config-map" ]
                 then
                   echo "config_map_name does not match"
                   exit 1
                 fi
 
-                if [ $(jq -r '.requester' <<< "${params}") != "testuser-multiple" ]
+                if [ "$(jq -r '.requester' <<< "${params}")" != "testuser-multiple" ]
                 then
                   echo "requester does not match"
                   exit 1
                 fi
 
-                if [ $(jq -r '.pipeline_image' <<< "${params}") != \
+                if [ "$(jq -r '.pipeline_image' <<< "${params}")" != \
                   "quay.io/redhat-isv/operator-pipelines-images:released" ]
                 then
                   echo "pipeline_image does not match"

diff --git a/tasks/rh-sign-image/tests/test-rh-sign-image-single-component.yaml b/tasks/rh-sign-image/tests/test-rh-sign-image-single-component.yaml
@@ -159,17 +159,17 @@ spec:
                 foundReferences+=("${refValue}")
                 foundDigests+=("${manifestDigest}")
 
-                if [ $(jq -r '.config_map_name' <<< "${params}") != "signing-config-map" ]; then
+                if [ "$(jq -r '.config_map_name' <<< "${params}")" != "signing-config-map" ]; then
                   echo "config_map_name does not match"
                   exit 1
                 fi
 
-                if [ $(jq -r '.requester' <<< "${params}") != "testuser-single" ]; then
+                if [ "$(jq -r '.requester' <<< "${params}")" != "testuser-single" ]; then
                   echo "requester does not match"
                   exit 1
                 fi
 
-                if [ $(jq -r '.pipeline_image' <<< "${params}") != \
+                if [ "$(jq -r '.pipeline_image' <<< "${params}")" != \
                    "quay.io/redhat-isv/operator-pipelines-images:released" ]; then
                   echo "pipeline_image does not match"
                   exit 1