Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

catlin-validate task to lint task yaml's or set of task yamls #1178

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

pratiktest
Copy link

Changes

Add a new tekton task that will run catlin validate command for a task yaml or set of tasks yamls

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

  • Follows the authoring recommendations
  • Includes docs (if user facing)
  • Includes tests (for new tasks or changed functionality)
  • Meets the Tekton contributor standards (including functionality, content, code)
  • Commit messages follow commit message best practices
  • [] Has a kind label. You can add one by adding a comment on this PR that
    contains /kind <type>. Valid types are bug, cleanup, design, documentation,
    feature, flake, misc, question, tep
  • Complies with Catalog Organization TEP, see example. Note An issue has been filed to automate this validation
    • File path follows <kind>/<name>/<version>/name.yaml

    • Has README.md at <kind>/<name>/<version>/README.md

    • Has mandatory metadata.labels - app.kubernetes.io/version the same as the <version> of the resource

    • Has mandatory metadata.annotations tekton.dev/pipelines.minVersion

    • mandatory spec.description follows the convention

        ```
      
        spec:
          description: >-
            one line summary of the resource
      
            Paragraph(s) to describe the resource.
        ```
      

See the contribution guide for more details.

@tekton-robot
Copy link

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign vinamra28 after the PR has been reviewed.
You can assign the PR to them by writing /assign @vinamra28 in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Jul 7, 2023

CLA Signed

The committers listed above are authorized under a signed CLA.

@tekton-robot tekton-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jul 7, 2023
@tekton-robot
Copy link

Hi @pratiktest. Thanks for your PR.

I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tekton-robot tekton-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jul 7, 2023
@tekton-robot
Copy link

Catlin Output
FILE: task/catlin-validate/0.1/catlin-validate.yaml
Catlin script lint Output
WARN : step: catlin-validate is not using #!/usr/bin/env 
ERROR: /usr/bin/shellcheck, [-s bash] failed:

In catlin-validate-catlin line 2:
rm -rf $(workspaces.catlin-output.path)/$OUTPUT_FILE
       ^-- SC2046: Quote this to prevent word splitting.
       ^-- SC2115: Use "${var:?}" to ensure this never expands to / .
                                        ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
rm -rf $(workspaces.catlin-output.path)/"$OUTPUT_FILE"


In catlin-validate-catlin line 5:
  catlin validate $(workspaces.source.path)/$p >> $(workspaces.catlin-output.path)/$OUTPUT_FILE
                  ^-----------------------^ SC2046: Quote this to prevent word splitting.
                                            ^-- SC2086: Double quote to prevent globbing and word splitting.
                                                  ^-- SC2046: Quote this to prevent word splitting.
                                                                                   ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  catlin validate $(workspaces.source.path)/"$p" >> $(workspaces.catlin-output.path)/"$OUTPUT_FILE"


In catlin-validate-catlin line 6:
  echo "" >> $(workspaces.catlin-output.path)/$OUTPUT_FILE
             ^-- SC2046: Quote this to prevent word splitting.
                                              ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  echo "" >> $(workspaces.catlin-output.path)/"$OUTPUT_FILE"


In catlin-validate-catlin line 7:
done < $INPUT_FILE
       ^---------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
done < "$INPUT_FILE"


In catlin-validate-catlin line 9:
cat $(workspaces.catlin-output.path)/$OUTPUT_FILE
    ^-- SC2046: Quote this to prevent word splitting.
                                     ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
cat $(workspaces.catlin-output.path)/"$OUTPUT_FILE"


In catlin-validate-catlin line 11:
STR=$(cat $(workspaces.catlin-output.path)/$OUTPUT_FILE)
          ^-- SC2046: Quote this to prevent word splitting.
                                           ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
STR=$(cat $(workspaces.catlin-output.path)/"$OUTPUT_FILE")


In catlin-validate-catlin line 15:
  echo "failure" | tr -d "\n" | tee $(results.catlin-status.path)
                                    ^---------------------------^ SC2046: Quote this to prevent word splitting.


In catlin-validate-catlin line 20:
  echo "warning" | tr -d "\n" | tee $(results.catlin-status.path)
                                    ^---------------------------^ SC2046: Quote this to prevent word splitting.


In catlin-validate-catlin line 24:
  echo "success" | tr -d "\n" | tee $(results.catlin-status.path)
                                    ^---------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2115 -- Use "${var:?}" to ensure this nev...
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Jul 7, 2023

CLA Missing ID CLA Not Signed

@tekton-robot
Copy link

Catlin Output
FILE: task/catlin-validate/0.1/catlin-validate.yaml
Catlin script lint Output
WARN : step: catlin-validate is not using #!/usr/bin/env 
ERROR: /usr/bin/shellcheck, [-s bash] failed:

In catlin-validate-catlin line 2:
rm -rf $(workspaces.catlin-output.path)/$OUTPUT_FILE
       ^-- SC2046: Quote this to prevent word splitting.
       ^-- SC2115: Use "${var:?}" to ensure this never expands to / .
                                        ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
rm -rf $(workspaces.catlin-output.path)/"$OUTPUT_FILE"


In catlin-validate-catlin line 5:
  catlin validate $(workspaces.source.path)/$p >> $(workspaces.catlin-output.path)/$OUTPUT_FILE
                  ^-----------------------^ SC2046: Quote this to prevent word splitting.
                                            ^-- SC2086: Double quote to prevent globbing and word splitting.
                                                  ^-- SC2046: Quote this to prevent word splitting.
                                                                                   ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  catlin validate $(workspaces.source.path)/"$p" >> $(workspaces.catlin-output.path)/"$OUTPUT_FILE"


In catlin-validate-catlin line 6:
  echo "" >> $(workspaces.catlin-output.path)/$OUTPUT_FILE
             ^-- SC2046: Quote this to prevent word splitting.
                                              ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  echo "" >> $(workspaces.catlin-output.path)/"$OUTPUT_FILE"


In catlin-validate-catlin line 7:
done < $INPUT_FILE
       ^---------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
done < "$INPUT_FILE"


In catlin-validate-catlin line 9:
cat $(workspaces.catlin-output.path)/$OUTPUT_FILE
    ^-- SC2046: Quote this to prevent word splitting.
                                     ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
cat $(workspaces.catlin-output.path)/"$OUTPUT_FILE"


In catlin-validate-catlin line 11:
STR=$(cat $(workspaces.catlin-output.path)/$OUTPUT_FILE)
          ^-- SC2046: Quote this to prevent word splitting.
                                           ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
STR=$(cat $(workspaces.catlin-output.path)/"$OUTPUT_FILE")


In catlin-validate-catlin line 15:
  echo "failure" | tr -d "\n" | tee $(results.catlin-status.path)
                                    ^---------------------------^ SC2046: Quote this to prevent word splitting.


In catlin-validate-catlin line 20:
  echo "warning" | tr -d "\n" | tee $(results.catlin-status.path)
                                    ^---------------------------^ SC2046: Quote this to prevent word splitting.


In catlin-validate-catlin line 24:
  echo "success" | tr -d "\n" | tee $(results.catlin-status.path)
                                    ^---------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2115 -- Use "${var:?}" to ensure this nev...
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...

@vinamra28
Copy link
Member

@pratiktest can you please sign the CLA?

description: This workspace is where catlin output will be stored
steps:
- name: catlin
image: docker.io/pratikkale/catlin:v1@sha256:794ae5b2e3a22ebd481572769b552d924c48dd411fa1cf82145abf6ad258aad5
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we do have image of catlin available at gcr gcr.io/tekton-releases/dogfooding/catlin, can we use that?

Copy link
Author

@pratiktest pratiktest Jul 21, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vinamra28 Changed task to use catlin image from gcr

@tekton-robot
Copy link

Catlin Output
FILE: task/catlin-validate/0.1/catlin-validate.yaml
ERROR: Step "catlin" uses image "gcr.io/tekton-releases/dogfooding/catlin:latest" which must be tagged with a specific version
Catlin script lint Output
WARN : step: catlin-validate is not using #!/usr/bin/env 
ERROR: /usr/bin/shellcheck, [-s bash] failed:

In catlin-validate-catlin line 2:
rm -rf $(workspaces.catlin-output.path)/$OUTPUT_FILE
       ^-- SC2046: Quote this to prevent word splitting.
       ^-- SC2115: Use "${var:?}" to ensure this never expands to / .
                                        ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
rm -rf $(workspaces.catlin-output.path)/"$OUTPUT_FILE"


In catlin-validate-catlin line 5:
  catlin validate $(workspaces.source.path)/$p >> $(workspaces.catlin-output.path)/$OUTPUT_FILE
                  ^-----------------------^ SC2046: Quote this to prevent word splitting.
                                            ^-- SC2086: Double quote to prevent globbing and word splitting.
                                                  ^-- SC2046: Quote this to prevent word splitting.
                                                                                   ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  catlin validate $(workspaces.source.path)/"$p" >> $(workspaces.catlin-output.path)/"$OUTPUT_FILE"


In catlin-validate-catlin line 6:
  echo "" >> $(workspaces.catlin-output.path)/$OUTPUT_FILE
             ^-- SC2046: Quote this to prevent word splitting.
                                              ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  echo "" >> $(workspaces.catlin-output.path)/"$OUTPUT_FILE"


In catlin-validate-catlin line 7:
done < $INPUT_FILE
       ^---------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
done < "$INPUT_FILE"


In catlin-validate-catlin line 9:
cat $(workspaces.catlin-output.path)/$OUTPUT_FILE
    ^-- SC2046: Quote this to prevent word splitting.
                                     ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
cat $(workspaces.catlin-output.path)/"$OUTPUT_FILE"


In catlin-validate-catlin line 11:
STR=$(cat $(workspaces.catlin-output.path)/$OUTPUT_FILE)
          ^-- SC2046: Quote this to prevent word splitting.
                                           ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
STR=$(cat $(workspaces.catlin-output.path)/"$OUTPUT_FILE")


In catlin-validate-catlin line 15:
  echo "failure" | tr -d "\n" | tee $(results.catlin-status.path)
                                    ^---------------------------^ SC2046: Quote this to prevent word splitting.


In catlin-validate-catlin line 20:
  echo "warning" | tr -d "\n" | tee $(results.catlin-status.path)
                                    ^---------------------------^ SC2046: Quote this to prevent word splitting.


In catlin-validate-catlin line 24:
  echo "success" | tr -d "\n" | tee $(results.catlin-status.path)
                                    ^---------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2115 -- Use "${var:?}" to ensure this nev...
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...

@tekton-robot
Copy link

Catlin Output
FILE: task/catlin-validate/0.1/catlin-validate.yaml
WARN : Step "catlin" uses image "gcr.io/tekton-releases/dogfooding/catlin@sha256:879cfd51c8e77c02a44509b8a67f9976d26a77f6b93dd7686993b8797ae3938a"; consider using a image tagged with specific version along with digest eg. abc.io/img:v1@sha256:abcde
FILE: task/gitlab-set-status/0.2/gitlab-set-status.yaml
WARN : Step "set-status" uses image "registry.access.redhat.com/ubi8/python-38@sha256:af6f93b81f9313de95966e8cd681edb9dbcb5fdbddc5a4cc365af8e4534096ef"; consider using a image tagged with specific version along with digest eg. abc.io/img:v1@sha256:abcde
FILE: task/grype/0.1/grype.yaml
WARN : Step "grype" uses image "$(params.GRYPE_IMAGE)" that contains variables; skipping validation
FILE: task/syft/0.1/syft.yaml
WARN : Step "syft" uses image "$(params.SYFT_IMAGE)" that contains variables; skipping validation
FILE: task/trivy-scanner/0.2/trivy-scanner.yaml
WARN : Step "trivy-scan" uses image "$(params.TRIVY_IMAGE)" that contains variables; skipping validation
Catlin script lint Output
WARN : step: catlin-validate is not using #!/usr/bin/env 
ERROR: /usr/bin/shellcheck, [-s bash] failed:

In catlin-validate-catlin line 2:
rm -rf $(workspaces.catlin-output.path)/$OUTPUT_FILE
       ^-- SC2046: Quote this to prevent word splitting.
       ^-- SC2115: Use "${var:?}" to ensure this never expands to / .
                                        ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
rm -rf $(workspaces.catlin-output.path)/"$OUTPUT_FILE"


In catlin-validate-catlin line 5:
  catlin validate $(workspaces.source.path)/$p >> $(workspaces.catlin-output.path)/$OUTPUT_FILE
                  ^-----------------------^ SC2046: Quote this to prevent word splitting.
                                            ^-- SC2086: Double quote to prevent globbing and word splitting.
                                                  ^-- SC2046: Quote this to prevent word splitting.
                                                                                   ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  catlin validate $(workspaces.source.path)/"$p" >> $(workspaces.catlin-output.path)/"$OUTPUT_FILE"


In catlin-validate-catlin line 6:
  echo "" >> $(workspaces.catlin-output.path)/$OUTPUT_FILE
             ^-- SC2046: Quote this to prevent word splitting.
                                              ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  echo "" >> $(workspaces.catlin-output.path)/"$OUTPUT_FILE"


In catlin-validate-catlin line 7:
done < $INPUT_FILE
       ^---------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
done < "$INPUT_FILE"


In catlin-validate-catlin line 9:
cat $(workspaces.catlin-output.path)/$OUTPUT_FILE
    ^-- SC2046: Quote this to prevent word splitting.
                                     ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
cat $(workspaces.catlin-output.path)/"$OUTPUT_FILE"


In catlin-validate-catlin line 11:
STR=$(cat $(workspaces.catlin-output.path)/$OUTPUT_FILE)
          ^-- SC2046: Quote this to prevent word splitting.
                                           ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
STR=$(cat $(workspaces.catlin-output.path)/"$OUTPUT_FILE")


In catlin-validate-catlin line 15:
  echo "failure" | tr -d "\n" | tee $(results.catlin-status.path)
                                    ^---------------------------^ SC2046: Quote this to prevent word splitting.


In catlin-validate-catlin line 20:
  echo "warning" | tr -d "\n" | tee $(results.catlin-status.path)
                                    ^---------------------------^ SC2046: Quote this to prevent word splitting.


In catlin-validate-catlin line 24:
  echo "success" | tr -d "\n" | tee $(results.catlin-status.path)
                                    ^---------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2115 -- Use "${var:?}" to ensure this nev...
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...

WARN : step: gitlab-set-status is not using #!/usr/bin/env 

@tekton-robot
Copy link

Catlin Output
FILE: task/catlin-validate/0.1/catlin-validate.yaml
WARN : Step "catlin" uses image "gcr.io/tekton-releases/dogfooding/catlin@sha256:879cfd51c8e77c02a44509b8a67f9976d26a77f6b93dd7686993b8797ae3938a"; consider using a image tagged with specific version along with digest eg. abc.io/img:v1@sha256:abcde
FILE: task/gitlab-set-status/0.2/gitlab-set-status.yaml
WARN : Step "set-status" uses image "registry.access.redhat.com/ubi8/python-38@sha256:af6f93b81f9313de95966e8cd681edb9dbcb5fdbddc5a4cc365af8e4534096ef"; consider using a image tagged with specific version along with digest eg. abc.io/img:v1@sha256:abcde
FILE: task/grype/0.1/grype.yaml
WARN : Step "grype" uses image "$(params.GRYPE_IMAGE)" that contains variables; skipping validation
FILE: task/maven/0.3/maven.yaml
HINT : Task: tekton.dev/v1beta1 - name: "maven" is missing a readable display name annotation("tekton.dev/displayName")
WARN : Step "mvn-settings" references "$(params.PROXY_HOST)" directly from its script block. For reliability and security, consider putting the param into an environment variable of the Step and accessing that environment variable in your script instead.
WARN : Step "mvn-goals" uses image "$(params.MAVEN_IMAGE)" that contains variables; skipping validation
FILE: task/syft/0.1/syft.yaml
WARN : Step "syft" uses image "$(params.SYFT_IMAGE)" that contains variables; skipping validation
FILE: task/trivy-scanner/0.2/trivy-scanner.yaml
WARN : Step "trivy-scan" uses image "$(params.TRIVY_IMAGE)" that contains variables; skipping validation
Catlin script lint Output
ERROR: /usr/bin/shellcheck, [-s bash] failed:

In catlin-validate-catlin line 2:
rm -rf "$(workspaces.catlin-output.path)"/"$OUTPUT_FILE"
       ^-- SC2115: Use "${var:?}" to ensure this never expands to / .


In catlin-validate-catlin line 15:
  echo "failure" | tr -d "\n" | tee $(results.catlin-status.path)
                                    ^---------------------------^ SC2046: Quote this to prevent word splitting.


In catlin-validate-catlin line 20:
  echo "warning" | tr -d "\n" | tee $(results.catlin-status.path)
                                    ^---------------------------^ SC2046: Quote this to prevent word splitting.


In catlin-validate-catlin line 24:
  echo "success" | tr -d "\n" | tee $(results.catlin-status.path)
                                    ^---------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2115 -- Use "${var:?}" to ensure this nev...

WARN : step: gitlab-set-status is not using #!/usr/bin/env 

@tekton-robot
Copy link

Catlin Output
FILE: task/catlin-validate/0.1/catlin-validate.yaml
FILE: task/gitlab-set-status/0.2/gitlab-set-status.yaml
WARN : Step "set-status" uses image "registry.access.redhat.com/ubi8/python-38@sha256:af6f93b81f9313de95966e8cd681edb9dbcb5fdbddc5a4cc365af8e4534096ef"; consider using a image tagged with specific version along with digest eg. abc.io/img:v1@sha256:abcde
FILE: task/grype/0.1/grype.yaml
WARN : Step "grype" uses image "$(params.GRYPE_IMAGE)" that contains variables; skipping validation
FILE: task/jib-maven/0.5/jib-maven.yaml
WARN : Step "build-and-push" uses image "$(params.MAVEN_IMAGE)" that contains variables; skipping validation
WARN : Step "digest-to-results" uses image "$(params.MAVEN_IMAGE)" that contains variables; skipping validation
FILE: task/maven/0.3/maven.yaml
HINT : Task: tekton.dev/v1beta1 - name: "maven" is missing a readable display name annotation("tekton.dev/displayName")
WARN : Step "mvn-settings" references "$(params.PROXY_HOST)" directly from its script block. For reliability and security, consider putting the param into an environment variable of the Step and accessing that environment variable in your script instead.
WARN : Step "mvn-goals" uses image "$(params.MAVEN_IMAGE)" that contains variables; skipping validation
FILE: task/syft/0.1/syft.yaml
WARN : Step "syft" uses image "$(params.SYFT_IMAGE)" that contains variables; skipping validation
FILE: task/trivy-scanner/0.2/trivy-scanner.yaml
WARN : Step "trivy-scan" uses image "$(params.TRIVY_IMAGE)" that contains variables; skipping validation
Catlin script lint Output
ERROR: /usr/bin/shellcheck, [-s bash] failed:

In catlin-validate-catlin line 2:
rm -rf "$(workspaces.catlin-output.path)"/"$OUTPUT_FILE"
       ^-- SC2115: Use "${var:?}" to ensure this never expands to / .


In catlin-validate-catlin line 15:
  echo "failure" | tr -d "\n" | tee $(results.catlin-status.path)
                                    ^---------------------------^ SC2046: Quote this to prevent word splitting.


In catlin-validate-catlin line 20:
  echo "warning" | tr -d "\n" | tee $(results.catlin-status.path)
                                    ^---------------------------^ SC2046: Quote this to prevent word splitting.


In catlin-validate-catlin line 24:
  echo "success" | tr -d "\n" | tee $(results.catlin-status.path)
                                    ^---------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2115 -- Use "${var:?}" to ensure this nev...

WARN : step: gitlab-set-status is not using #!/usr/bin/env 
WARN : step: jib-maven is not using #!/usr/bin/env 
ERROR: /usr/bin/shellcheck, [-s bash] failed:

In jib-maven-build-and-push line 5:
  rm $(workspaces.source.path)/truststore.jks
     ^-----------------------^ SC2046: Quote this to prevent word splitting.


In jib-maven-build-and-push line 12:
  keytool -importkeystore -srckeystore $JAVA_HOME/lib/security/cacerts -srcstoretype JKS -destkeystore $(workspaces.source.path)/truststore.jks -storepass "changeit" -srcstorepass "changeit" > /tmp/logs 2>&1
                                       ^--------^ SC2086: Double quote to prevent globbing and word splitting.
                                                                                                       ^-----------------------^ SC2046: Quote this to prevent word splitting.

Did you mean: 
  keytool -importkeystore -srckeystore "$JAVA_HOME"/lib/security/cacerts -srcstoretype JKS -destkeystore $(workspaces.source.path)/truststore.jks -storepass "changeit" -srcstorepass "changeit" > /tmp/logs 2>&1


In jib-maven-build-and-push line 13:
  if [ $? -ne 0 ]; then
       ^-- SC2181: Check exit code directly with e.g. 'if mycmd;', not indirectly with $?.


In jib-maven-build-and-push line 18:
  keytool -import -keystore $(workspaces.source.path)/truststore.jks -storepass "changeit" -file /tekton-custom-certs/$(params.CACERTFILE) -noprompt
                            ^-----------------------^ SC2046: Quote this to prevent word splitting.
                                                                                                                      ^------------------^ SC2046: Quote this to prevent word splitting.


In jib-maven-build-and-push line 26:
  -Duser.home=$HOME \
              ^---^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  -Duser.home="$HOME" \


In jib-maven-build-and-push line 27:
  -Djib.allowInsecureRegistries=$(params.INSECUREREGISTRY) \
                                ^------------------------^ SC2046: Quote this to prevent word splitting.


In jib-maven-build-and-push line 28:
  -Djib.to.image=$(params.IMAGE) \
                 ^-------------^ SC2046: Quote this to prevent word splitting.


In jib-maven-build-and-push line 29:
  $certParams \
  ^---------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  "$certParams" \

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
  https://www.shellcheck.net/wiki/SC2181 -- Check exit code directly with e.g...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In jib-maven-digest-to-results line 2:
cat $(workspaces.source.path)/$(params.DIRECTORY)/target/jib-image.digest | tee $(results.IMAGE_DIGEST.path)
    ^-----------------------^ SC2046: Quote this to prevent word splitting.
    ^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
                              ^-----------------^ SC2046: Quote this to prevent word splitting.
                                                                                ^--------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2002 -- Useless cat. Consider 'cmd < file...

@tekton-robot tekton-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jul 22, 2023
@tekton-robot
Copy link

Catlin Output
FILE: task/42crunch-api-security-audit/0.1/42crunch-api-security-audit.yaml
FILE: task/42crunch-api-security-audit/0.2/42crunch-api-security-audit.yaml
FILE: task/catlin-validate/0.1/catlin-validate.yaml
FILE: task/gitlab-set-status/0.2/gitlab-set-status.yaml
WARN : Step "set-status" uses image "registry.access.redhat.com/ubi8/python-38@sha256:af6f93b81f9313de95966e8cd681edb9dbcb5fdbddc5a4cc365af8e4534096ef"; consider using a image tagged with specific version along with digest eg. abc.io/img:v1@sha256:abcde
FILE: task/grype/0.1/grype.yaml
WARN : Step "grype" uses image "$(params.GRYPE_IMAGE)" that contains variables; skipping validation
FILE: task/jib-maven/0.5/jib-maven.yaml
WARN : Step "build-and-push" uses image "$(params.MAVEN_IMAGE)" that contains variables; skipping validation
WARN : Step "digest-to-results" uses image "$(params.MAVEN_IMAGE)" that contains variables; skipping validation
FILE: task/maven/0.3/maven.yaml
HINT : Task: tekton.dev/v1beta1 - name: "maven" is missing a readable display name annotation("tekton.dev/displayName")
WARN : Step "mvn-settings" references "$(params.PROXY_HOST)" directly from its script block. For reliability and security, consider putting the param into an environment variable of the Step and accessing that environment variable in your script instead.
WARN : Step "mvn-goals" uses image "$(params.MAVEN_IMAGE)" that contains variables; skipping validation
FILE: task/syft/0.1/syft.yaml
WARN : Step "syft" uses image "$(params.SYFT_IMAGE)" that contains variables; skipping validation
FILE: task/trivy-scanner/0.2/trivy-scanner.yaml
WARN : Step "trivy-scan" uses image "$(params.TRIVY_IMAGE)" that contains variables; skipping validation
Catlin script lint Output
ERROR: /usr/bin/shellcheck, [-s bash] failed:

In catlin-validate-catlin line 2:
rm -rf "$CATLIN_OUTPUT_WORKSPACE_PATH"/"$OUTPUT_FILE"
       ^-- SC2115: Use "${var:?}" to ensure this never expands to / .

For more information:
  https://www.shellcheck.net/wiki/SC2115 -- Use "${var:?}" to ensure this nev...

WARN : step: gitlab-set-status is not using #!/usr/bin/env 
WARN : step: jib-maven is not using #!/usr/bin/env 
ERROR: /usr/bin/shellcheck, [-s bash] failed:

In jib-maven-build-and-push line 5:
  rm $(workspaces.source.path)/truststore.jks
     ^-----------------------^ SC2046: Quote this to prevent word splitting.


In jib-maven-build-and-push line 12:
  keytool -importkeystore -srckeystore $JAVA_HOME/lib/security/cacerts -srcstoretype JKS -destkeystore $(workspaces.source.path)/truststore.jks -storepass "changeit" -srcstorepass "changeit" > /tmp/logs 2>&1
                                       ^--------^ SC2086: Double quote to prevent globbing and word splitting.
                                                                                                       ^-----------------------^ SC2046: Quote this to prevent word splitting.

Did you mean: 
  keytool -importkeystore -srckeystore "$JAVA_HOME"/lib/security/cacerts -srcstoretype JKS -destkeystore $(workspaces.source.path)/truststore.jks -storepass "changeit" -srcstorepass "changeit" > /tmp/logs 2>&1


In jib-maven-build-and-push line 13:
  if [ $? -ne 0 ]; then
       ^-- SC2181: Check exit code directly with e.g. 'if mycmd;', not indirectly with $?.


In jib-maven-build-and-push line 18:
  keytool -import -keystore $(workspaces.source.path)/truststore.jks -storepass "changeit" -file /tekton-custom-certs/$(params.CACERTFILE) -noprompt
                            ^-----------------------^ SC2046: Quote this to prevent word splitting.
                                                                                                                      ^------------------^ SC2046: Quote this to prevent word splitting.


In jib-maven-build-and-push line 26:
  -Duser.home=$HOME \
              ^---^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  -Duser.home="$HOME" \


In jib-maven-build-and-push line 27:
  -Djib.allowInsecureRegistries=$(params.INSECUREREGISTRY) \
                                ^------------------------^ SC2046: Quote this to prevent word splitting.


In jib-maven-build-and-push line 28:
  -Djib.to.image=$(params.IMAGE) \
                 ^-------------^ SC2046: Quote this to prevent word splitting.


In jib-maven-build-and-push line 29:
  $certParams \
  ^---------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  "$certParams" \

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
  https://www.shellcheck.net/wiki/SC2181 -- Check exit code directly with e.g...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In jib-maven-digest-to-results line 2:
cat $(workspaces.source.path)/$(params.DIRECTORY)/target/jib-image.digest | tee $(results.IMAGE_DIGEST.path)
    ^-----------------------^ SC2046: Quote this to prevent word splitting.
    ^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
                              ^-----------------^ SC2046: Quote this to prevent word splitting.
                                                                                ^--------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2002 -- Useless cat. Consider 'cmd < file...

@tekton-robot
Copy link

Catlin Output
FILE: task/42crunch-api-security-audit/0.1/42crunch-api-security-audit.yaml
FILE: task/42crunch-api-security-audit/0.2/42crunch-api-security-audit.yaml
FILE: task/boskos-acquire/0.1/boskos-acquire.yaml
HINT : Task: tekton.dev/v1beta1 - name: "boskos-acquire" is missing a readable display name annotation("tekton.dev/displayName")
WARN : Step "boskosctl-acquire" uses image "gcr.io/k8s-staging-boskos/boskosctl@sha256:a7fc984732c5dd0b4e0fe0a92e2730fa4b6bddecd0f6f6c7c6b5501abe4ab105"; consider using a image tagged with specific version along with digest eg. abc.io/img:v1@sha256:abcde
WARN : Step "create-heartbeat-pod-yaml" uses image "docker.io/lachlanevenson/k8s-kubectl@sha256:3a5e22a406a109f4f26ec06b5f1f6a66ae0cd0e185bc28499eb7b7a3bbf1fe09"; consider using a image tagged with specific version along with digest eg. abc.io/img:v1@sha256:abcde
FILE: task/buildah/0.1/buildah.yaml
HINT : Task: tekton.dev/v1beta1 - name: "buildah" is missing a readable display name annotation("tekton.dev/displayName")
WARN : Step "build" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
WARN : Step "push" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
WARN : Step "digest-to-results" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
FILE: task/buildah/0.2/buildah.yaml
HINT : Task: tekton.dev/v1beta1 - name: "buildah" is missing a readable display name annotation("tekton.dev/displayName")
WARN : Step "build" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
WARN : Step "push" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
WARN : Step "digest-to-results" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
FILE: task/buildah/0.3/buildah.yaml
HINT : Task: tekton.dev/v1beta1 - name: "buildah" is missing a readable display name annotation("tekton.dev/displayName")
WARN : Step "build" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
WARN : Step "push" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
WARN : Step "digest-to-results" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
FILE: task/catlin-validate/0.1/catlin-validate.yaml
FILE: task/gitlab-set-status/0.2/gitlab-set-status.yaml
WARN : Step "set-status" uses image "registry.access.redhat.com/ubi8/python-38@sha256:af6f93b81f9313de95966e8cd681edb9dbcb5fdbddc5a4cc365af8e4534096ef"; consider using a image tagged with specific version along with digest eg. abc.io/img:v1@sha256:abcde
FILE: task/gke-cluster-create/0.1/gke-cluster-create.yaml
FILE: task/grype/0.1/grype.yaml
WARN : Step "grype" uses image "$(params.GRYPE_IMAGE)" that contains variables; skipping validation
FILE: task/jib-gradle/0.2/jib-gradle.yaml
WARN : Step "build-and-push" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
WARN : Step "digest-to-results" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
FILE: task/jib-gradle/0.3/jib-gradle.yaml
WARN : Step "build-and-push" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
WARN : Step "digest-to-results" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
FILE: task/jib-maven/0.2/jib-maven.yaml
WARN : Step "build-and-push" uses image "$(params.MAVEN_IMAGE)" that contains variables; skipping validation
WARN : Step "digest-to-results" uses image "$(params.MAVEN_IMAGE)" that contains variables; skipping validation
FILE: task/jib-maven/0.3/jib-maven.yaml
WARN : Step "build-and-push" uses image "$(params.MAVEN_IMAGE)" that contains variables; skipping validation
WARN : Step "digest-to-results" uses image "$(params.MAVEN_IMAGE)" that contains variables; skipping validation
FILE: task/jib-maven/0.4/jib-maven.yaml
WARN : Step "build-and-push" uses image "$(params.MAVEN_IMAGE)" that contains variables; skipping validation
WARN : Step "digest-to-results" uses image "$(params.MAVEN_IMAGE)" that contains variables; skipping validation
FILE: task/jib-maven/0.5/jib-maven.yaml
WARN : Step "build-and-push" uses image "$(params.MAVEN_IMAGE)" that contains variables; skipping validation
WARN : Step "digest-to-results" uses image "$(params.MAVEN_IMAGE)" that contains variables; skipping validation
FILE: task/kaniko/0.1/kaniko.yaml
HINT : Task: tekton.dev/v1beta1 - name: "kaniko" is missing a readable display name annotation("tekton.dev/displayName")
WARN : Step "build-and-push" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
WARN : Step "digest-to-results" uses image "docker.io/stedolan/jq@sha256:a61ed0bca213081b64be94c5e1b402ea58bc549f457c2682a86704dd55231e09"; consider using a image tagged with specific version along with digest eg. abc.io/img:v1@sha256:abcde
FILE: task/kaniko/0.2/kaniko.yaml
HINT : Task: tekton.dev/v1beta1 - name: "kaniko" is missing a readable display name annotation("tekton.dev/displayName")
WARN : Step "build-and-push" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
WARN : Step "digest-to-results" uses image "docker.io/stedolan/jq@sha256:a61ed0bca213081b64be94c5e1b402ea58bc549f457c2682a86704dd55231e09"; consider using a image tagged with specific version along with digest eg. abc.io/img:v1@sha256:abcde
FILE: task/kaniko/0.3/kaniko.yaml
HINT : Task: tekton.dev/v1beta1 - name: "kaniko" is missing a readable display name annotation("tekton.dev/displayName")
WARN : Step "build-and-push" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
WARN : Step "digest-to-results" uses image "docker.io/stedolan/jq@sha256:a61ed0bca213081b64be94c5e1b402ea58bc549f457c2682a86704dd55231e09"; consider using a image tagged with specific version along with digest eg. abc.io/img:v1@sha256:abcde
FILE: task/kaniko/0.4/kaniko.yaml
WARN : Step "build-and-push" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
WARN : Step "digest-to-results" uses image "$(params.JQ_IMAGE)" that contains variables; skipping validation
FILE: task/kaniko/0.5/kaniko.yaml
WARN : Step "build-and-push" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
FILE: task/maven/0.3/maven.yaml
HINT : Task: tekton.dev/v1beta1 - name: "maven" is missing a readable display name annotation("tekton.dev/displayName")
WARN : Step "mvn-settings" references "$(params.PROXY_HOST)" directly from its script block. For reliability and security, consider putting the param into an environment variable of the Step and accessing that environment variable in your script instead.
WARN : Step "mvn-goals" uses image "$(params.MAVEN_IMAGE)" that contains variables; skipping validation
FILE: task/s2i/0.2/s2i.yaml
HINT : Task: tekton.dev/v1beta1 - name: "s2i" is missing a readable display name annotation("tekton.dev/displayName")
WARN : Step "build" references "$(params.TLSVERIFY)" directly from its script block. For reliability and security, consider putting the param into an environment variable of the Step and accessing that environment variable in your script instead.
WARN : Step "push" references "$(params.TLSVERIFY)" directly from its script block. For reliability and security, consider putting the param into an environment variable of the Step and accessing that environment variable in your script instead.
WARN : Step "digest-to-results" uses image "$(params.BUILDER_IMAGE)" that contains variables; skipping validation
FILE: task/s2i/0.3/s2i.yaml
HINT : Task: tekton.dev/v1beta1 - name: "s2i" is missing a readable display name annotation("tekton.dev/displayName")
WARN : Step "build" references "$(params.TLSVERIFY)" directly from its script block. For reliability and security, consider putting the param into an environment variable of the Step and accessing that environment variable in your script instead.
FILE: task/syft/0.1/syft.yaml
WARN : Step "syft" uses image "$(params.SYFT_IMAGE)" that contains variables; skipping validation
FILE: task/trivy-scanner/0.2/trivy-scanner.yaml
WARN : Step "trivy-scan" uses image "$(params.TRIVY_IMAGE)" that contains variables; skipping validation
Catlin script lint Output
ERROR: /usr/bin/shellcheck, [-s sh] failed:

In boskos-acquire-boskosctl-acquire line 3:
  --server-url=$(params.server-url) \
               ^------------------^ SC2046: Quote this to prevent word splitting.


In boskos-acquire-boskosctl-acquire line 4:
  --owner-name=$(params.owner-name) \
               ^------------------^ SC2046: Quote this to prevent word splitting.


In boskos-acquire-boskosctl-acquire line 5:
  --type=$(params.type) \
         ^------------^ SC2046: Quote this to prevent word splitting.


In boskos-acquire-boskosctl-acquire line 8:
echo $RESOURCE > /workspace/full-resource-output.json
     ^-------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
echo "$RESOURCE" > /workspace/full-resource-output.json


In boskos-acquire-boskosctl-acquire line 9:
echo $RESOURCE | jq -rj ".name" > $(results.leased-resource.path)
     ^-------^ SC2086: Double quote to prevent globbing and word splitting.
                                  ^-----------------------------^ SC2046: Quote this to prevent word splitting.

Did you mean: 
echo "$RESOURCE" | jq -rj ".name" > $(results.leased-resource.path)

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In boskos-acquire-create-heartbeat-pod-yaml line 3:
LEASED_RESOURCE=$(cat $(results.leased-resource.path))
                      ^-----------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In buildah-build line 2:
buildah --storage-driver=$(params.STORAGE_DRIVER) bud \
                         ^----------------------^ SC2046: Quote this to prevent word splitting.


In buildah-build line 3:
  $(params.BUILD_EXTRA_ARGS) --format=$(params.FORMAT) \
  ^------------------------^ SC2046: Quote this to prevent word splitting.
                                      ^--------------^ SC2046: Quote this to prevent word splitting.


In buildah-build line 4:
  --tls-verify=$(params.TLSVERIFY) --no-cache \
               ^-----------------^ SC2046: Quote this to prevent word splitting.


In buildah-build line 5:
  -f $(params.DOCKERFILE) -t $(params.IMAGE) $(params.CONTEXT)
     ^------------------^ SC2046: Quote this to prevent word splitting.
                             ^-------------^ SC2046: Quote this to prevent word splitting.
                                             ^---------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In buildah-push line 2:
buildah --storage-driver=$(params.STORAGE_DRIVER) push \
                         ^----------------------^ SC2046: Quote this to prevent word splitting.


In buildah-push line 3:
  $(params.PUSH_EXTRA_ARGS) --tls-verify=$(params.TLSVERIFY) \
  ^-----------------------^ SC2046: Quote this to prevent word splitting.
                                         ^-----------------^ SC2046: Quote this to prevent word splitting.


In buildah-push line 4:
  --digestfile $(workspaces.source.path)/image-digest $(params.IMAGE) \
               ^-----------------------^ SC2046: Quote this to prevent word splitting.
                                                      ^-------------^ SC2046: Quote this to prevent word splitting.


In buildah-push line 5:
  docker://$(params.IMAGE)
           ^-------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In buildah-digest-to-results line 2:
cat $(workspaces.source.path)/image-digest | tee $(results.IMAGE_DIGEST.path)
    ^-----------------------^ SC2046: Quote this to prevent word splitting.
    ^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
                                                 ^--------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2002 -- Useless cat. Consider 'cmd < file...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In buildah-build line 2:
[[ "$(workspaces.sslcertdir.bound)" == "true" ]] && CERT_DIR_FLAG="--cert-dir $(workspaces.sslcertdir.path)"
^-- SC3010: In POSIX sh, [[ ]] is undefined.


In buildah-build line 3:
buildah ${CERT_DIR_FLAG} --storage-driver=$(params.STORAGE_DRIVER) bud \
        ^--------------^ SC2086: Double quote to prevent globbing and word splitting.
                                          ^----------------------^ SC2046: Quote this to prevent word splitting.

Did you mean: 
buildah "${CERT_DIR_FLAG}" --storage-driver=$(params.STORAGE_DRIVER) bud \


In buildah-build line 4:
  $(params.BUILD_EXTRA_ARGS) --format=$(params.FORMAT) \
  ^------------------------^ SC2046: Quote this to prevent word splitting.
                                      ^--------------^ SC2046: Quote this to prevent word splitting.


In buildah-build line 5:
  --tls-verify=$(params.TLSVERIFY) --no-cache \
               ^-----------------^ SC2046: Quote this to prevent word splitting.


In buildah-build line 6:
  -f $(params.DOCKERFILE) -t $(params.IMAGE) $(params.CONTEXT)
     ^------------------^ SC2046: Quote this to prevent word splitting.
                             ^-------------^ SC2046: Quote this to prevent word splitting.
                                             ^---------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC3010 -- In POSIX sh, [[ ]] is undefined.
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In buildah-push line 2:
[[ "$(workspaces.sslcertdir.bound)" == "true" ]] && CERT_DIR_FLAG="--cert-dir $(workspaces.sslcertdir.path)"
^-- SC3010: In POSIX sh, [[ ]] is undefined.


In buildah-push line 3:
buildah ${CERT_DIR_FLAG} --storage-driver=$(params.STORAGE_DRIVER) push \
        ^--------------^ SC2086: Double quote to prevent globbing and word splitting.
                                          ^----------------------^ SC2046: Quote this to prevent word splitting.

Did you mean: 
buildah "${CERT_DIR_FLAG}" --storage-driver=$(params.STORAGE_DRIVER) push \


In buildah-push line 4:
  $(params.PUSH_EXTRA_ARGS) --tls-verify=$(params.TLSVERIFY) \
  ^-----------------------^ SC2046: Quote this to prevent word splitting.
                                         ^-----------------^ SC2046: Quote this to prevent word splitting.


In buildah-push line 5:
  --digestfile $(workspaces.source.path)/image-digest $(params.IMAGE) \
               ^-----------------------^ SC2046: Quote this to prevent word splitting.
                                                      ^-------------^ SC2046: Quote this to prevent word splitting.


In buildah-push line 6:
  docker://$(params.IMAGE)
           ^-------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC3010 -- In POSIX sh, [[ ]] is undefined.
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In buildah-digest-to-results line 2:
cat $(workspaces.source.path)/image-digest | tee $(results.IMAGE_DIGEST.path)
    ^-----------------------^ SC2046: Quote this to prevent word splitting.
    ^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
                                                 ^--------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2002 -- Useless cat. Consider 'cmd < file...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In buildah-build line 2:
[[ "$(workspaces.sslcertdir.bound)" == "true" ]] && CERT_DIR_FLAG="--cert-dir $(workspaces.sslcertdir.path)"
^-- SC3010: In POSIX sh, [[ ]] is undefined.


In buildah-build line 3:
buildah ${CERT_DIR_FLAG} --storage-driver=$(params.STORAGE_DRIVER) bud \
        ^--------------^ SC2086: Double quote to prevent globbing and word splitting.
                                          ^----------------------^ SC2046: Quote this to prevent word splitting.

Did you mean: 
buildah "${CERT_DIR_FLAG}" --storage-driver=$(params.STORAGE_DRIVER) bud \


In buildah-build line 4:
  $(params.BUILD_EXTRA_ARGS) --format=$(params.FORMAT) \
  ^------------------------^ SC2046: Quote this to prevent word splitting.
                                      ^--------------^ SC2046: Quote this to prevent word splitting.


In buildah-build line 5:
  --tls-verify=$(params.TLSVERIFY) --no-cache \
               ^-----------------^ SC2046: Quote this to prevent word splitting.


In buildah-build line 6:
  -f $(params.DOCKERFILE) -t $(params.IMAGE) $(params.CONTEXT)
     ^------------------^ SC2046: Quote this to prevent word splitting.
                             ^-------------^ SC2046: Quote this to prevent word splitting.
                                             ^---------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC3010 -- In POSIX sh, [[ ]] is undefined.
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In buildah-push line 2:
[[ "$(params.SKIP_PUSH)" == "true" ]] && echo "Push skipped" && exit 0
^-- SC3010: In POSIX sh, [[ ]] is undefined.


In buildah-push line 3:
[[ "$(workspaces.sslcertdir.bound)" == "true" ]] && CERT_DIR_FLAG="--cert-dir $(workspaces.sslcertdir.path)"
^-- SC3010: In POSIX sh, [[ ]] is undefined.


In buildah-push line 4:
buildah ${CERT_DIR_FLAG} --storage-driver=$(params.STORAGE_DRIVER) push \
        ^--------------^ SC2086: Double quote to prevent globbing and word splitting.
                                          ^----------------------^ SC2046: Quote this to prevent word splitting.

Did you mean: 
buildah "${CERT_DIR_FLAG}" --storage-driver=$(params.STORAGE_DRIVER) push \


In buildah-push line 5:
  $(params.PUSH_EXTRA_ARGS) --tls-verify=$(params.TLSVERIFY) \
  ^-----------------------^ SC2046: Quote this to prevent word splitting.
                                         ^-----------------^ SC2046: Quote this to prevent word splitting.


In buildah-push line 6:
  --digestfile $(workspaces.source.path)/image-digest $(params.IMAGE) \
               ^-----------------------^ SC2046: Quote this to prevent word splitting.
                                                      ^-------------^ SC2046: Quote this to prevent word splitting.


In buildah-push line 7:
  docker://$(params.IMAGE)
           ^-------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC3010 -- In POSIX sh, [[ ]] is undefined.
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In buildah-digest-to-results line 2:
cat $(workspaces.source.path)/image-digest | tee $(results.IMAGE_DIGEST.path)
    ^-----------------------^ SC2046: Quote this to prevent word splitting.
    ^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
                                                 ^--------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2002 -- Useless cat. Consider 'cmd < file...

WARN : step: gitlab-set-status is not using #!/usr/bin/env 
ERROR: /usr/bin/shellcheck, [-s sh] failed:

In gke-cluster-create-gcloud line 6:
gcloud auth activate-service-account --key-file=$(workspaces.gcp-service-account.path)/$(params.private-key-path)
                                                ^-- SC2046: Quote this to prevent word splitting.
                                                                                       ^------------------------^ SC2046: Quote this to prevent word splitting.


In gke-cluster-create-gcloud line 9:
gcloud compute networks create $UNIQUE_NAME --project $(params.project-name) --subnet-mode=auto
                               ^----------^ SC2086: Double quote to prevent globbing and word splitting.
                                                      ^--------------------^ SC2046: Quote this to prevent word splitting.

Did you mean: 
gcloud compute networks create "$UNIQUE_NAME" --project $(params.project-name) --subnet-mode=auto


In gke-cluster-create-gcloud line 16:
  --project=$(params.project-name) \
            ^--------------------^ SC2046: Quote this to prevent word splitting.


In gke-cluster-create-gcloud line 17:
  --cluster-version=$(params.cluster-version) \
                    ^-----------------------^ SC2046: Quote this to prevent word splitting.


In gke-cluster-create-gcloud line 18:
  --min-nodes=$(params.min-nodes) \
              ^-----------------^ SC2046: Quote this to prevent word splitting.


In gke-cluster-create-gcloud line 19:
  --max-nodes=$(params.max-nodes) \
              ^-----------------^ SC2046: Quote this to prevent word splitting.


In gke-cluster-create-gcloud line 20:
  --region=$(params.region) \
           ^--------------^ SC2046: Quote this to prevent word splitting.


In gke-cluster-create-gcloud line 21:
  --machine-type=$(params.machine-type) \
                 ^--------------------^ SC2046: Quote this to prevent word splitting.


In gke-cluster-create-gcloud line 22:
  --image-type=$(params.image-type) \
               ^------------------^ SC2046: Quote this to prevent word splitting.


In gke-cluster-create-gcloud line 24:
  --network=$UNIQUE_NAME\
            ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  --network="$UNIQUE_NAME"\


In gke-cluster-create-gcloud line 25:
  $UNIQUE_NAME
  ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  "$UNIQUE_NAME"


In gke-cluster-create-gcloud line 29:
  --project=$(params.project-name) \
            ^--------------------^ SC2046: Quote this to prevent word splitting.


In gke-cluster-create-gcloud line 30:
  --region=$(params.region) \
           ^--------------^ SC2046: Quote this to prevent word splitting.


In gke-cluster-create-gcloud line 31:
  $UNIQUE_NAME
  ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  "$UNIQUE_NAME"


In gke-cluster-create-gcloud line 35:
  --project=$(params.project-name) \
            ^--------------------^ SC2046: Quote this to prevent word splitting.


In gke-cluster-create-gcloud line 36:
  --filter=metadata.cluster-name=$UNIQUE_NAME \
                                 ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  --filter=metadata.cluster-name="$UNIQUE_NAME" \


In gke-cluster-create-gcloud line 42:
gcloud compute firewall-rules create ports-$UNIQUE_STR \
                                           ^---------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
gcloud compute firewall-rules create ports-"$UNIQUE_STR" \


In gke-cluster-create-gcloud line 43:
  --project=$(params.project-name) \
            ^--------------------^ SC2046: Quote this to prevent word splitting.


In gke-cluster-create-gcloud line 44:
  --network=$UNIQUE_NAME \
            ^----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  --network="$UNIQUE_NAME" \


In gke-cluster-create-gcloud line 46:
  --target-tags=$INSTANCE_TAG
                ^-----------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  --target-tags="$INSTANCE_TAG"


In gke-cluster-create-gcloud line 48:
printf $UNIQUE_NAME > $(results.cluster-name.path)
       ^----------^ SC2059: Don't use variables in the printf format string. Use printf '..%s..' "$foo".
       ^----------^ SC2086: Double quote to prevent globbing and word splitting.
                      ^--------------------------^ SC2046: Quote this to prevent word splitting.

Did you mean: 
printf "$UNIQUE_NAME" > $(results.cluster-name.path)

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2059 -- Don't use variables in the printf...
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...

WARN : step: jib-gradle is not using #!/usr/bin/env 
ERROR: /usr/bin/shellcheck, [-s sh] failed:

In jib-gradle-build-and-push line 15:
      }" > $HOME/init-script.gradle
           ^---^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
      }" > "$HOME"/init-script.gradle


In jib-gradle-build-and-push line 20:
  --init-script=$HOME/init-script.gradle \
                ^---^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  --init-script="$HOME"/init-script.gradle \


In jib-gradle-build-and-push line 21:
  --gradle-user-home=$HOME/.gradle \
                     ^---^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  --gradle-user-home="$HOME"/.gradle \


In jib-gradle-build-and-push line 22:
  -Dgradle.user.home=$HOME/.gradle \
                     ^---^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  -Dgradle.user.home="$HOME"/.gradle \


In jib-gradle-build-and-push line 23:
  -Duser.home=$HOME \
              ^---^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  -Duser.home="$HOME" \


In jib-gradle-build-and-push line 24:
  -Djib.allowInsecureRegistries=$(params.INSECUREREGISTRY) \
                                ^------------------------^ SC2046: Quote this to prevent word splitting.


In jib-gradle-build-and-push line 25:
  -Djib.to.image=$(params.IMAGE) \
                 ^-------------^ SC2046: Quote this to prevent word splitting.


In jib-gradle-build-and-push line 26:
  -Djib.outputPaths.digest=$(workspaces.source.path)/$(params.DIRECTORY)/image-digest
                           ^-----------------------^ SC2046: Quote this to prevent word splitting.
                                                     ^-----------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In jib-gradle-digest-to-results line 2:
cat $(workspaces.source.path)/$(params.DIRECTORY)/image-digest | tee $(results.IMAGE_DIGEST.path)
    ^-----------------------^ SC2046: Quote this to prevent word splitting.
    ^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
                              ^-----------------^ SC2046: Quote this to prevent word splitting.
                                                                     ^--------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2002 -- Useless cat. Consider 'cmd < file...

WARN : step: jib-gradle is not using #!/usr/bin/env 
ERROR: /usr/bin/shellcheck, [-s sh] failed:

In jib-gradle-build-and-push line 27:
  $(params.EXTRA_ARGS)
  ^------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In jib-gradle-digest-to-results line 2:
cat $(workspaces.source.path)/$(params.DIRECTORY)/image-digest | tee $(results.IMAGE_DIGEST.path)
    ^-----------------------^ SC2046: Quote this to prevent word splitting.
    ^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
                              ^-----------------^ SC2046: Quote this to prevent word splitting.
                                                                     ^--------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2002 -- Useless cat. Consider 'cmd < file...

WARN : step: jib-maven is not using #!/usr/bin/env 
ERROR: /usr/bin/shellcheck, [-s sh] failed:

In jib-maven-build-and-push line 3:
  -Duser.home=$HOME \
              ^---^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  -Duser.home="$HOME" \


In jib-maven-build-and-push line 4:
  -Djib.allowInsecureRegistries=$(params.INSECUREREGISTRY) \
                                ^------------------------^ SC2046: Quote this to prevent word splitting.


In jib-maven-build-and-push line 5:
  -Djib.to.image=$(params.IMAGE) \
                 ^-------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In jib-maven-digest-to-results line 2:
cat $(workspaces.source.path)/target/jib-image.digest | tee $(results.IMAGE_DIGEST.path)
    ^-----------------------^ SC2046: Quote this to prevent word splitting.
    ^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
                                                            ^--------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2002 -- Useless cat. Consider 'cmd < file...

WARN : step: jib-maven is not using #!/usr/bin/env 
ERROR: /usr/bin/shellcheck, [-s bash] failed:

In jib-maven-build-and-push line 4:
keytool -import -keystore $JAVA_HOME/lib/security/cacerts -storepass "changeit" -file /etc/ssl/certs/$(params.CACERTFILE) -noprompt
                          ^--------^ SC2086: Double quote to prevent globbing and word splitting.
                                                                                                     ^------------------^ SC2046: Quote this to prevent word splitting.

Did you mean: 
keytool -import -keystore "$JAVA_HOME"/lib/security/cacerts -storepass "changeit" -file /etc/ssl/certs/$(params.CACERTFILE) -noprompt


In jib-maven-build-and-push line 7:
  -Duser.home=$HOME \
              ^---^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  -Duser.home="$HOME" \


In jib-maven-build-and-push line 8:
  -Djib.allowInsecureRegistries=$(params.INSECUREREGISTRY) \
                                ^------------------------^ SC2046: Quote this to prevent word splitting.


In jib-maven-build-and-push line 9:
  -Djib.to.image=$(params.IMAGE) \
                 ^-------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In jib-maven-digest-to-results line 2:
cat $(workspaces.source.path)/target/jib-image.digest | tee $(results.IMAGE_DIGEST.path)
    ^-----------------------^ SC2046: Quote this to prevent word splitting.
    ^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
                                                            ^--------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2002 -- Useless cat. Consider 'cmd < file...

WARN : step: jib-maven is not using #!/usr/bin/env 
ERROR: /usr/bin/shellcheck, [-s bash] failed:

In jib-maven-build-and-push line 4:
keytool -import -keystore $JAVA_HOME/lib/security/cacerts -storepass "changeit" -file /tekton-custom-certs/$(params.CACERTFILE) -noprompt
                          ^--------^ SC2086: Double quote to prevent globbing and word splitting.
                                                                                                           ^------------------^ SC2046: Quote this to prevent word splitting.

Did you mean: 
keytool -import -keystore "$JAVA_HOME"/lib/security/cacerts -storepass "changeit" -file /tekton-custom-certs/$(params.CACERTFILE) -noprompt


In jib-maven-build-and-push line 7:
  -Duser.home=$HOME \
              ^---^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  -Duser.home="$HOME" \


In jib-maven-build-and-push line 8:
  -Djib.allowInsecureRegistries=$(params.INSECUREREGISTRY) \
                                ^------------------------^ SC2046: Quote this to prevent word splitting.


In jib-maven-build-and-push line 9:
  -Djib.to.image=$(params.IMAGE) \
                 ^-------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In jib-maven-digest-to-results line 2:
cat $(workspaces.source.path)/$(params.DIRECTORY)/target/jib-image.digest | tee $(results.IMAGE_DIGEST.path)
    ^-----------------------^ SC2046: Quote this to prevent word splitting.
    ^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
                              ^-----------------^ SC2046: Quote this to prevent word splitting.
                                                                                ^--------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2002 -- Useless cat. Consider 'cmd < file...

WARN : step: jib-maven is not using #!/usr/bin/env 
ERROR: /usr/bin/shellcheck, [-s bash] failed:

In jib-maven-build-and-push line 5:
  rm $(workspaces.source.path)/truststore.jks
     ^-----------------------^ SC2046: Quote this to prevent word splitting.


In jib-maven-build-and-push line 12:
  keytool -importkeystore -srckeystore $JAVA_HOME/lib/security/cacerts -srcstoretype JKS -destkeystore $(workspaces.source.path)/truststore.jks -storepass "changeit" -srcstorepass "changeit" > /tmp/logs 2>&1
                                       ^--------^ SC2086: Double quote to prevent globbing and word splitting.
                                                                                                       ^-----------------------^ SC2046: Quote this to prevent word splitting.

Did you mean: 
  keytool -importkeystore -srckeystore "$JAVA_HOME"/lib/security/cacerts -srcstoretype JKS -destkeystore $(workspaces.source.path)/truststore.jks -storepass "changeit" -srcstorepass "changeit" > /tmp/logs 2>&1


In jib-maven-build-and-push line 13:
  if [ $? -ne 0 ]; then
       ^-- SC2181: Check exit code directly with e.g. 'if mycmd;', not indirectly with $?.


In jib-maven-build-and-push line 18:
  keytool -import -keystore $(workspaces.source.path)/truststore.jks -storepass "changeit" -file /tekton-custom-certs/$(params.CACERTFILE) -noprompt
                            ^-----------------------^ SC2046: Quote this to prevent word splitting.
                                                                                                                      ^------------------^ SC2046: Quote this to prevent word splitting.


In jib-maven-build-and-push line 26:
  -Duser.home=$HOME \
              ^---^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  -Duser.home="$HOME" \


In jib-maven-build-and-push line 27:
  -Djib.allowInsecureRegistries=$(params.INSECUREREGISTRY) \
                                ^------------------------^ SC2046: Quote this to prevent word splitting.


In jib-maven-build-and-push line 28:
  -Djib.to.image=$(params.IMAGE) \
                 ^-------------^ SC2046: Quote this to prevent word splitting.


In jib-maven-build-and-push line 29:
  $certParams \
  ^---------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean: 
  "$certParams" \

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
  https://www.shellcheck.net/wiki/SC2181 -- Check exit code directly with e.g...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In jib-maven-digest-to-results line 2:
cat $(workspaces.source.path)/$(params.DIRECTORY)/target/jib-image.digest | tee $(results.IMAGE_DIGEST.path)
    ^-----------------------^ SC2046: Quote this to prevent word splitting.
    ^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
                              ^-----------------^ SC2046: Quote this to prevent word splitting.
                                                                                ^--------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2002 -- Useless cat. Consider 'cmd < file...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In kaniko-digest-to-results line 2:
cat $(params.CONTEXT)/image-digested | jq '.[0].value' -rj | tee $(results.IMAGE-DIGEST.path)
    ^---------------^ SC2046: Quote this to prevent word splitting.
    ^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
                                                                 ^--------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2002 -- Useless cat. Consider 'cmd < file...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In kaniko-digest-to-results line 2:
cat $(params.CONTEXT)/image-digested | jq '.[0].value' -rj | tee $(results.IMAGE-DIGEST.path)
    ^---------------^ SC2046: Quote this to prevent word splitting.
    ^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
                                                                 ^--------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2002 -- Useless cat. Consider 'cmd < file...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In kaniko-digest-to-results line 2:
cat $(params.CONTEXT)/image-digested | jq '.[0].value' -rj | tee $(results.IMAGE-DIGEST.path)
    ^---------------^ SC2046: Quote this to prevent word splitting.
    ^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
                                                                 ^--------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2002 -- Useless cat. Consider 'cmd < file...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In kaniko-digest-to-results line 2:
cat $(params.CONTEXT)/image-digested | jq '.[0].value' -rj | tee $(results.IMAGE-DIGEST.path)
    ^---------------^ SC2046: Quote this to prevent word splitting.
    ^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
                                                                 ^--------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2002 -- Useless cat. Consider 'cmd < file...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In s2i-build line 2:
[[ "$(workspaces.sslcertdir.bound)" == "true" ]] && CERT_DIR_FLAG="--cert-dir $(workspaces.sslcertdir.path)"
^-- SC3010: In POSIX sh, [[ ]] is undefined.


In s2i-build line 3:
buildah ${CERT_DIR_FLAG} bud --tls-verify=$(params.TLSVERIFY) --layers \
        ^--------------^ SC2086: Double quote to prevent globbing and word splitting.
                                          ^-----------------^ SC2046: Quote this to prevent word splitting.

Did you mean: 
buildah "${CERT_DIR_FLAG}" bud --tls-verify=$(params.TLSVERIFY) --layers \


In s2i-build line 4:
-f /gen-source/Dockerfile.gen -t $(params.IMAGE_NAME) .
                                 ^------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC3010 -- In POSIX sh, [[ ]] is undefined.
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In s2i-push line 2:
[[ "$(workspaces.sslcertdir.bound)" == "true" ]] && CERT_DIR_FLAG="--cert-dir $(workspaces.sslcertdir.path)"
^-- SC3010: In POSIX sh, [[ ]] is undefined.


In s2i-push line 3:
buildah ${CERT_DIR_FLAG} push --tls-verify=$(params.TLSVERIFY) --digestfile $(workspaces.source.path)/image-digest \
        ^--------------^ SC2086: Double quote to prevent globbing and word splitting.
                                           ^-----------------^ SC2046: Quote this to prevent word splitting.
                                                                            ^-----------------------^ SC2046: Quote this to prevent word splitting.

Did you mean: 
buildah "${CERT_DIR_FLAG}" push --tls-verify=$(params.TLSVERIFY) --digestfile $(workspaces.source.path)/image-digest \


In s2i-push line 4:
$(params.IMAGE_NAME) docker://$(params.IMAGE_NAME)
^------------------^ SC2046: Quote this to prevent word splitting.
                              ^------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC3010 -- In POSIX sh, [[ ]] is undefined.
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In s2i-digest-to-results line 2:
cat $(workspaces.source.path)/image-digest | tee $(results.IMAGE_DIGEST.path)
    ^-----------------------^ SC2046: Quote this to prevent word splitting.
    ^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
                                                 ^--------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2002 -- Useless cat. Consider 'cmd < file...

ERROR: /usr/bin/shellcheck, [-s sh] failed:

In s2i-build line 2:
[[ "$(workspaces.sslcertdir.bound)" == "true" ]] && CERT_DIR_FLAG="--cert-dir $(workspaces.sslcertdir.path)"
^-- SC3010: In POSIX sh, [[ ]] is undefined.


In s2i-build line 3:
buildah ${CERT_DIR_FLAG} bud --tls-verify=$(params.TLSVERIFY) --layers \
        ^--------------^ SC2086: Double quote to prevent globbing and word splitting.
                                          ^-----------------^ SC2046: Quote this to prevent word splitting.

Did you mean: 
buildah "${CERT_DIR_FLAG}" bud --tls-verify=$(params.TLSVERIFY) --layers \


In s2i-build line 4:
  -f /gen-source/Dockerfile.gen -t $(params.IMAGE) .
                                   ^-------------^ SC2046: Quote this to prevent word splitting.


In s2i-build line 5:
[[ "$(workspaces.dockerconfig.bound)" == "true" ]] && export DOCKER_CONFIG="$(workspaces.dockerconfig.path)"
^-- SC3010: In POSIX sh, [[ ]] is undefined.
                                                             ^-----------^ SC2155: Declare and assign separately to avoid masking return values.


In s2i-build line 6:
buildah ${CERT_DIR_FLAG} push --tls-verify=$(params.TLSVERIFY) --digestfile $(workspaces.source.path)/image-digest \
        ^--------------^ SC2086: Double quote to prevent globbing and word splitting.
                                           ^-----------------^ SC2046: Quote this to prevent word splitting.
                                                                            ^-----------------------^ SC2046: Quote this to prevent word splitting.

Did you mean: 
buildah "${CERT_DIR_FLAG}" push --tls-verify=$(params.TLSVERIFY) --digestfile $(workspaces.source.path)/image-digest \


In s2i-build line 7:
  $(params.IMAGE) docker://$(params.IMAGE)
  ^-------------^ SC2046: Quote this to prevent word splitting.
                           ^-------------^ SC2046: Quote this to prevent word splitting.


In s2i-build line 8:
cat $(workspaces.source.path)/image-digest | tee $(results.IMAGE_DIGEST.path)
    ^-----------------------^ SC2046: Quote this to prevent word splitting.
    ^-- SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
                                                 ^--------------------------^ SC2046: Quote this to prevent word splitting.

For more information:
  https://www.shellcheck.net/wiki/SC2046 -- Quote this to prevent word splitt...
  https://www.shellcheck.net/wiki/SC2155 -- Declare and assign separately to ...
  https://www.shellcheck.net/wiki/SC3010 -- In POSIX sh, [[ ]] is undefined.

@pratiktest
Copy link
Author

pratiktest commented Jul 23, 2023

@vinamra28 I am working on getting approval from my company manager for signing CLA, meanwhile I fixed all the shell checks and catlin validate checks, however the catlin output posted in the comments on my PR is showing failed shell checks for other tasks which are not part of this PR

@pratiktest
Copy link
Author

@vinamra28 I have signed CLA, can you please help review again. Thanks!!

@pratiktest
Copy link
Author

@vinamra28 @bobcatfish Do i need ok-to-test label for running the other checks?

@vinamra28
Copy link
Member

/ok-to-test

@tekton-robot tekton-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Aug 7, 2023
Comment on lines 109 to 112




Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we remove these extra lines 😅

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@@ -0,0 +1,8 @@

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

Comment on lines 24 to 34
- name: inputFile
description: |
File that contains catlin input. This file contains relative paths to the task yaml's delimited by newline
this file will be read from /workspaces/catlin-input/$(params.inputFile) and catlin validate will be applied to each file
example if file contains below paths (as you can see the paths are separated by newlines)
task/git-clone/0.9/git-clone.yaml
task/git-clone/0.1/git-comment.yaml
it will run catlin on the above paths in the source workspace one after another and store its output in catlin-output workspace
final command run will be
'catlin validate $(workspaces.source.path)/task/git-clone/0.9/git-clone.yaml >> $(workspaces.catlin-output.path)/output.txt'
'catlin validate $(workspaces.source.path)/task/git-clone/0.1/git-comment.yaml >> $(workspaces.catlin-output.path)/output.txt'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we can have this parameter of type array and pass all the files path directly. Mounting a separate workspace would have been useful if we were mounting tasks there. Let me know your thoughts

Copy link
Author

@pratiktest pratiktest Aug 7, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A file in a workspaces, I feel is useful for task to task communication. I Prefer a file in a workspace which will contain the input over an array parameter since it scales better for larger inputs when one task needs to pass data to another task . As catlin-validate task can accept multiple inputs, the input paths can be long.
Imagine another task that generates the paths on which we need to run catlin-validate
If I use array params, then this other task needs to use results to pass on to the input array parameter. Since catlin-validate accepts multiple input files and this can be long they can exceed kubernetes termination string
Instead If the other task uses a PVC and an input-file in the PVC we do not have any such restrictions and this same PVC can be passed on as a workspace to catlin-validate task , which makes the task work for large inputs
Let me know what you think

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

well, due to affinity-assistance, we won't be able to mount more than 1 pvc at a time (@vdemeester please correct me if I am wrong 😅), if the former is true then before starting the pipeline, we'll have to mount a ConfigMap containing the input file. I guess this approach can restrict the users who would like to first find the tasks they want to validate using catlin and then pass the list to this task? One solution to this can be binding one pvc workspace with both inputFile and source workspace and then go ahead but if this is the idea then can't we just have one workspace source in the task where we check for the input file ? This goes for catlin-output workspace as well.
@vdemeester @piyush-garg please let me know if there is some gap from my side 😅

Copy link
Author

@pratiktest pratiktest Aug 12, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vinamra28 The PVC for source and for catlin-input ideally should be different PVC's as they are for completely different purpose. I have created tasks where I have bounded multiple PVC's into different workspaces for a task.

Irrespective I think both these workspaces are readOnly so even mounting the same PVC for these workspaces should work, it is completely upto the user. For this task I think I should mark these workspaces as readOnly as nothing is written to these workspaces and they are merely inputs to catlin-validate task

we won't be able to mount more than 1 pvc at a time

Why would an affinity assistance restrict mounting more than 1 PVC at a time?

For instance an example pipeline would be

Pipeline ---> Task1 -> Task2 -> catlin-validate
Task1 -> clones takton catalog in PVC1 workspace
|
|
Task2 -> Gets all the task paths on which we need to run catlin-validate and creates input.txt file in PVC2
|
|
Task3 (catlin-validate)
-> Loads source (tekton catalog source code with tasks folder) from PVC1
-> Loads catlin-input (task paths) from PVC2

For above since tasks share same workspace backed by PVC the affinity assistant will probably schedule the pods executing the task on the same Kubernetes Node, but it should not restrict mounting more than 1 PVC at a time. Let me know if my understanding is correct. I am also happy to write a test case to validate this

The reason for separating workspaces out is isolation of concern.

Source workspace refers to the source code which contains all the tekton-catalog tasks (for instance source can contain the git clone of tekton catalog or your internal company tekton catalog)

catlin-input workspace contains the input of paths of task files on which we want to run catlin-validate.

Both these workspaces can be backed with PVC's.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vinamra28 any suggestions comments on above?

Comment on lines +8 to +9
task/hello/0.1/hello.yaml
task/bye/0.1/bye.yaml
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

all these can be passed using parameters of type array. Can you please explain the exact usecase of mounting a configmap for this?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have used a configmap since the input to the task is a file in a workspace instead of array params. This (#1178 (comment)) is the reason to keep it a file in a workspace rather than input parameter array.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you rename this file to something meaningful? like source-multiple-tasks-configmap.yaml

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

similarly other files can be renamed. WDYT?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Renamed

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if the taskrun is going to fail, CI is going to fail. Probably you can add this in samples directory and refer in README for others to consume

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting, Wonder how we can test negative use cases where a task is supposed to fail on certain conditions to not let the pipeline proceed. This test case would be important for as an example as in this case we would want to test that pipeline indeed fails and stops if catlin lint fails to prevent an accidental publish
I have moved The error case in samples folder and updated the README.md

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting, Wonder how we can test negative use cases where a task is supposed to fail on certain conditions to not let the pipeline proceed. This test case would be important for as an example as in this case we would want to test that pipeline indeed fails and stops if catlin lint fails to prevent an accidental publish I have moved The error case in samples folder and updated the README.md

yeah this is one limitation with out current infrastructure 😓 Also we are planning to move away from this community repository and moving towards decentralised one so this repository is going to be archived. We are yet to come with timelines but yes, that's the long term idea.

@tekton-robot
Copy link

Catlin Output
FILE: task/catlin-validate/0.1/catlin-validate.yaml
FILE: task/gitlab-set-status/0.2/gitlab-set-status.yaml
WARN : Step "set-status" uses image "registry.access.redhat.com/ubi8/python-38@sha256:af6f93b81f9313de95966e8cd681edb9dbcb5fdbddc5a4cc365af8e4534096ef"; consider using a image tagged with specific version along with digest eg. abc.io/img:v1@sha256:abcde
Catlin script lint Output
WARN : step: gitlab-set-status is not using #!/usr/bin/env 

@pratiktest pratiktest force-pushed the main branch 2 times, most recently from 1928ef4 to c3a744d Compare August 7, 2023 20:12
@tekton-robot
Copy link

Catlin Output
FILE: task/catlin-validate/0.1/catlin-validate.yaml
FILE: task/gitlab-set-status/0.2/gitlab-set-status.yaml
WARN : Step "set-status" uses image "registry.access.redhat.com/ubi8/python-38@sha256:af6f93b81f9313de95966e8cd681edb9dbcb5fdbddc5a4cc365af8e4534096ef"; consider using a image tagged with specific version along with digest eg. abc.io/img:v1@sha256:abcde
Catlin script lint Output
WARN : step: gitlab-set-status is not using #!/usr/bin/env 

1 similar comment
@tekton-robot
Copy link

Catlin Output
FILE: task/catlin-validate/0.1/catlin-validate.yaml
FILE: task/gitlab-set-status/0.2/gitlab-set-status.yaml
WARN : Step "set-status" uses image "registry.access.redhat.com/ubi8/python-38@sha256:af6f93b81f9313de95966e8cd681edb9dbcb5fdbddc5a4cc365af8e4534096ef"; consider using a image tagged with specific version along with digest eg. abc.io/img:v1@sha256:abcde
Catlin script lint Output
WARN : step: gitlab-set-status is not using #!/usr/bin/env 

@tekton-robot
Copy link

Catlin Output
FILE: task/catlin-validate/0.1/catlin-validate.yaml
FILE: task/gitlab-set-status/0.2/gitlab-set-status.yaml
WARN : Step "set-status" uses image "registry.access.redhat.com/ubi8/python-38@sha256:af6f93b81f9313de95966e8cd681edb9dbcb5fdbddc5a4cc365af8e4534096ef"; consider using a image tagged with specific version along with digest eg. abc.io/img:v1@sha256:abcde
Catlin script lint Output
WARN : step: gitlab-set-status is not using #!/usr/bin/env 

@tekton-robot
Copy link

Catlin Output
FILE: task/catlin-validate/0.1/catlin-validate.yaml
FILE: task/gitlab-set-status/0.2/gitlab-set-status.yaml
WARN : Step "set-status" uses image "registry.access.redhat.com/ubi8/python-38@sha256:af6f93b81f9313de95966e8cd681edb9dbcb5fdbddc5a4cc365af8e4534096ef"; consider using a image tagged with specific version along with digest eg. abc.io/img:v1@sha256:abcde
Catlin script lint Output
WARN : step: gitlab-set-status is not using #!/usr/bin/env 

@pratiktest
Copy link
Author

/retest

Description
1.Rename files
2.Move Error test cases to samples folder
3.Remove unecessary spaces
@tekton-robot
Copy link

Catlin Output
FILE: task/catlin-validate/0.1/catlin-validate.yaml
FILE: task/gitlab-set-status/0.2/gitlab-set-status.yaml
WARN : Step "set-status" uses image "registry.access.redhat.com/ubi8/python-38@sha256:af6f93b81f9313de95966e8cd681edb9dbcb5fdbddc5a4cc365af8e4534096ef"; consider using a image tagged with specific version along with digest eg. abc.io/img:v1@sha256:abcde
Catlin script lint Output
WARN : step: gitlab-set-status is not using #!/usr/bin/env 

@pratiktest
Copy link
Author

@vinamra28 Thank you for the detailed review!!, all checks have now passed

@pratiktest
Copy link
Author

@vinamra28 @bobcatfish Anything else is needed for the task to be merged?

@tekton-robot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale with a justification.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants