Skip to content

Commit

Permalink
buildah: fix Checkton/ShellCheck findings
Browse files Browse the repository at this point in the history
They cause the CI to be red on tasks derived from the buildah task.

Related: konflux-ci#1653
  • Loading branch information
kdudka committed Jan 10, 2025
1 parent a07704d commit dfa0636
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 36 deletions.
18 changes: 9 additions & 9 deletions task/buildah-oci-ta/0.3/buildah-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -285,14 +285,14 @@ spec:
echo "Fetch Dockerfile from $DOCKERFILE"
dockerfile_path=$(mktemp --suffix=-Dockerfile)
http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path" "$DOCKERFILE")
if [ $http_code != 200 ]; then
if [ "$http_code" != 200 ]; then
echo "No Dockerfile is fetched. Server responds $http_code"
exit 1
fi
http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path.dockerignore.tmp" "$DOCKERFILE.dockerignore")
if [ $http_code = 200 ]; then
if [ "$http_code" = 200 ]; then
echo "Fetched .dockerignore from $DOCKERFILE.dockerignore"
mv "$dockerfile_path.dockerignore.tmp" $SOURCE_CODE_DIR/$CONTEXT/.dockerignore
mv "$dockerfile_path.dockerignore.tmp" "$SOURCE_CODE_DIR/$CONTEXT/.dockerignore"
fi
else
echo "Cannot find Dockerfile $DOCKERFILE"
Expand Down Expand Up @@ -368,7 +368,7 @@ spec:
UNSHARE_ARGS+=("--net")
for image in $BASE_IMAGES; do
unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image
unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull "$image"
done
echo "Build will be executed with network isolation"
fi
Expand Down Expand Up @@ -421,14 +421,14 @@ spec:
# if yum repofiles stored in git, copy them to mount point outside the source dir
if [ -d "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}" ]; then
mkdir -p ${YUM_REPOS_D_FETCHED}
cp -r ${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}/* ${YUM_REPOS_D_FETCHED}
mkdir -p "${YUM_REPOS_D_FETCHED}"
cp -r "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}"/* "${YUM_REPOS_D_FETCHED}"
fi
# if anything in the repofiles mount point (either fetched or from git), mount it
if [ -d "${YUM_REPOS_D_FETCHED}" ]; then
chmod -R go+rwX ${YUM_REPOS_D_FETCHED}
mount_point=$(realpath ${YUM_REPOS_D_FETCHED})
chmod -R go+rwX "${YUM_REPOS_D_FETCHED}"
mount_point=$(realpath "${YUM_REPOS_D_FETCHED}")
VOLUME_MOUNTS+=(--volume "${mount_point}:${YUM_REPOS_D_TARGET}")
fi
Expand Down Expand Up @@ -536,7 +536,7 @@ spec:
cp /tmp/cachi2/output/bom.json ./sbom-cachi2.json
fi
buildah mount $container | tee /shared/container_path
buildah mount "$container" | tee /shared/container_path
# delete symlinks - they may point outside the container rootfs, messing with SBOM scanners
find $(cat /shared/container_path) -xtype l -delete
echo $container >/shared/container_name
Expand Down
18 changes: 9 additions & 9 deletions task/buildah-remote-oci-ta/0.3/buildah-remote-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -319,14 +319,14 @@ spec:
echo "Fetch Dockerfile from $DOCKERFILE"
dockerfile_path=$(mktemp --suffix=-Dockerfile)
http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path" "$DOCKERFILE")
if [ $http_code != 200 ]; then
if [ "$http_code" != 200 ]; then
echo "No Dockerfile is fetched. Server responds $http_code"
exit 1
fi
http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path.dockerignore.tmp" "$DOCKERFILE.dockerignore")
if [ $http_code = 200 ]; then
if [ "$http_code" = 200 ]; then
echo "Fetched .dockerignore from $DOCKERFILE.dockerignore"
mv "$dockerfile_path.dockerignore.tmp" $SOURCE_CODE_DIR/$CONTEXT/.dockerignore
mv "$dockerfile_path.dockerignore.tmp" "$SOURCE_CODE_DIR/$CONTEXT/.dockerignore"
fi
else
echo "Cannot find Dockerfile $DOCKERFILE"
Expand Down Expand Up @@ -402,7 +402,7 @@ spec:
UNSHARE_ARGS+=("--net")
for image in $BASE_IMAGES; do
unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image
unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull "$image"
done
echo "Build will be executed with network isolation"
fi
Expand Down Expand Up @@ -455,14 +455,14 @@ spec:
# if yum repofiles stored in git, copy them to mount point outside the source dir
if [ -d "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}" ]; then
mkdir -p ${YUM_REPOS_D_FETCHED}
cp -r ${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}/* ${YUM_REPOS_D_FETCHED}
mkdir -p "${YUM_REPOS_D_FETCHED}"
cp -r "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}"/* "${YUM_REPOS_D_FETCHED}"
fi
# if anything in the repofiles mount point (either fetched or from git), mount it
if [ -d "${YUM_REPOS_D_FETCHED}" ]; then
chmod -R go+rwX ${YUM_REPOS_D_FETCHED}
mount_point=$(realpath ${YUM_REPOS_D_FETCHED})
chmod -R go+rwX "${YUM_REPOS_D_FETCHED}"
mount_point=$(realpath "${YUM_REPOS_D_FETCHED}")
VOLUME_MOUNTS+=(--volume "${mount_point}:${YUM_REPOS_D_TARGET}")
fi
Expand Down Expand Up @@ -570,7 +570,7 @@ spec:
cp /tmp/cachi2/output/bom.json ./sbom-cachi2.json
fi
buildah mount $container | tee /shared/container_path
buildah mount "$container" | tee /shared/container_path
# delete symlinks - they may point outside the container rootfs, messing with SBOM scanners
find $(cat /shared/container_path) -xtype l -delete
echo $container >/shared/container_name
Expand Down
18 changes: 9 additions & 9 deletions task/buildah-remote/0.3/buildah-remote.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -301,14 +301,14 @@ spec:
echo "Fetch Dockerfile from $DOCKERFILE"
dockerfile_path=$(mktemp --suffix=-Dockerfile)
http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path" "$DOCKERFILE")
if [ $http_code != 200 ]; then
if [ "$http_code" != 200 ]; then
echo "No Dockerfile is fetched. Server responds $http_code"
exit 1
fi
http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path.dockerignore.tmp" "$DOCKERFILE.dockerignore")
if [ $http_code = 200 ]; then
if [ "$http_code" = 200 ]; then
echo "Fetched .dockerignore from $DOCKERFILE.dockerignore"
mv "$dockerfile_path.dockerignore.tmp" $SOURCE_CODE_DIR/$CONTEXT/.dockerignore
mv "$dockerfile_path.dockerignore.tmp" "$SOURCE_CODE_DIR/$CONTEXT/.dockerignore"
fi
else
echo "Cannot find Dockerfile $DOCKERFILE"
Expand Down Expand Up @@ -378,7 +378,7 @@ spec:
UNSHARE_ARGS+=("--net")
for image in $BASE_IMAGES; do
unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image
unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull "$image"
done
echo "Build will be executed with network isolation"
fi
Expand Down Expand Up @@ -431,14 +431,14 @@ spec:
# if yum repofiles stored in git, copy them to mount point outside the source dir
if [ -d "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}" ]; then
mkdir -p ${YUM_REPOS_D_FETCHED}
cp -r ${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}/* ${YUM_REPOS_D_FETCHED}
mkdir -p "${YUM_REPOS_D_FETCHED}"
cp -r "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}"/* "${YUM_REPOS_D_FETCHED}"
fi
# if anything in the repofiles mount point (either fetched or from git), mount it
if [ -d "${YUM_REPOS_D_FETCHED}" ]; then
chmod -R go+rwX ${YUM_REPOS_D_FETCHED}
mount_point=$(realpath ${YUM_REPOS_D_FETCHED})
chmod -R go+rwX "${YUM_REPOS_D_FETCHED}"
mount_point=$(realpath "${YUM_REPOS_D_FETCHED}")
VOLUME_MOUNTS+=(--volume "${mount_point}:${YUM_REPOS_D_TARGET}")
fi
Expand Down Expand Up @@ -546,7 +546,7 @@ spec:
cp /tmp/cachi2/output/bom.json ./sbom-cachi2.json
fi
buildah mount $container | tee /shared/container_path
buildah mount "$container" | tee /shared/container_path
# delete symlinks - they may point outside the container rootfs, messing with SBOM scanners
find $(cat /shared/container_path) -xtype l -delete
echo $container > /shared/container_name
Expand Down
18 changes: 9 additions & 9 deletions task/buildah/0.3/buildah.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -222,14 +222,14 @@ spec:
echo "Fetch Dockerfile from $DOCKERFILE"
dockerfile_path=$(mktemp --suffix=-Dockerfile)
http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path" "$DOCKERFILE")
if [ $http_code != 200 ]; then
if [ "$http_code" != 200 ]; then
echo "No Dockerfile is fetched. Server responds $http_code"
exit 1
fi
http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path.dockerignore.tmp" "$DOCKERFILE.dockerignore")
if [ $http_code = 200 ]; then
if [ "$http_code" = 200 ]; then
echo "Fetched .dockerignore from $DOCKERFILE.dockerignore"
mv "$dockerfile_path.dockerignore.tmp" $SOURCE_CODE_DIR/$CONTEXT/.dockerignore
mv "$dockerfile_path.dockerignore.tmp" "$SOURCE_CODE_DIR/$CONTEXT/.dockerignore"
fi
else
echo "Cannot find Dockerfile $DOCKERFILE"
Expand Down Expand Up @@ -299,7 +299,7 @@ spec:
UNSHARE_ARGS+=("--net")
for image in $BASE_IMAGES; do
unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image
unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull "$image"
done
echo "Build will be executed with network isolation"
fi
Expand Down Expand Up @@ -352,14 +352,14 @@ spec:
# if yum repofiles stored in git, copy them to mount point outside the source dir
if [ -d "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}" ]; then
mkdir -p ${YUM_REPOS_D_FETCHED}
cp -r ${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}/* ${YUM_REPOS_D_FETCHED}
mkdir -p "${YUM_REPOS_D_FETCHED}"
cp -r "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}"/* "${YUM_REPOS_D_FETCHED}"
fi
# if anything in the repofiles mount point (either fetched or from git), mount it
if [ -d "${YUM_REPOS_D_FETCHED}" ]; then
chmod -R go+rwX ${YUM_REPOS_D_FETCHED}
mount_point=$(realpath ${YUM_REPOS_D_FETCHED})
chmod -R go+rwX "${YUM_REPOS_D_FETCHED}"
mount_point=$(realpath "${YUM_REPOS_D_FETCHED}")
VOLUME_MOUNTS+=(--volume "${mount_point}:${YUM_REPOS_D_TARGET}")
fi
Expand Down Expand Up @@ -467,7 +467,7 @@ spec:
cp /tmp/cachi2/output/bom.json ./sbom-cachi2.json
fi
buildah mount $container | tee /shared/container_path
buildah mount "$container" | tee /shared/container_path
# delete symlinks - they may point outside the container rootfs, messing with SBOM scanners
find $(cat /shared/container_path) -xtype l -delete
echo $container > /shared/container_name
Expand Down

0 comments on commit dfa0636

Please sign in to comment.