From 8e61780eef41c86a44b7aa182fe3458379b6ec90 Mon Sep 17 00:00:00 2001
From: Tomas Nevrlka <tnevrlka@redhat.com>
Date: Tue, 3 Dec 2024 09:45:49 +0100
Subject: [PATCH]  refactor: use built-in buildah --retry

- Retries were achieved by writing a loop around the buildah command
- buildah actually has a `--retry` option
- Use the built-in option in order to simplify the code
---
 task/buildah-oci-ta/0.2/buildah-oci-ta.yaml   | 26 +++----
 .../0.2/buildah-remote-oci-ta.yaml            | 26 +++----
 task/buildah-remote/0.2/buildah-remote.yaml   | 70 +++++--------------
 task/buildah/0.2/buildah.yaml                 | 26 +++----
 4 files changed, 43 insertions(+), 105 deletions(-)

diff --git a/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml b/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml
index 4e5bdf7c8d..47ce0128ba 100644
--- a/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml
+++ b/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml
@@ -559,19 +559,6 @@ spec:
         #!/bin/bash
         set -e
 
-        retry() {
-          status=-1
-          max_run=5
-          sleep_sec=10
-
-          for run in $(seq 1 $max_run); do
-            status=0
-            [ "$run" -gt 1 ] && sleep $sleep_sec
-            "$@" && break || status=$?
-          done
-          return $status
-        }
-
         ca_bundle=/mnt/trusted-ca/ca-bundle.crt
         if [ -f "$ca_bundle" ]; then
           echo "INFO: Using mounted CA bundle: $ca_bundle"
@@ -579,21 +566,26 @@ spec:
           update-ca-trust
         fi
 
+        retries=5
+        # Push to a unique tag based on the TaskRun name to avoid race conditions
         echo "Pushing to ${IMAGE%:*}:${TASKRUN_NAME}"
-        if ! retry buildah push \
+        if ! buildah push \
+          --retry "$retries" \
           --tls-verify="$TLSVERIFY" \
           "$IMAGE" \
           "docker://${IMAGE%:*}:$(context.taskRun.name)"; then
-          echo "Failed to push sbom image to ${IMAGE%:*}:$(context.taskRun.name) after ${max_run} tries"
+          echo "Failed to push sbom image to ${IMAGE%:*}:$(context.taskRun.name) after ${retries} tries"
           exit 1
         fi
 
+        # Push to a tag based on the git revision
         echo "Pushing to ${IMAGE}"
-        if ! retry buildah push \
+        if ! buildah push \
+          --retry "$retries" \
           --tls-verify="$TLSVERIFY" \
           --digestfile "/var/workdir/image-digest" "$IMAGE" \
           "docker://$IMAGE"; then
-          echo "Failed to push sbom image to $IMAGE after ${max_run} tries"
+          echo "Failed to push sbom image to $IMAGE after ${retries} tries"
           exit 1
         fi
 
diff --git a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml
index ce75471d4e..4e51a7a909 100644
--- a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml
+++ b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml
@@ -659,19 +659,6 @@ spec:
         export IMAGE
       fi
 
-      retry() {
-        status=-1
-        max_run=5
-        sleep_sec=10
-
-        for run in $(seq 1 $max_run); do
-          status=0
-          [ "$run" -gt 1 ] && sleep $sleep_sec
-          "$@" && break || status=$?
-        done
-        return $status
-      }
-
       ca_bundle=/mnt/trusted-ca/ca-bundle.crt
       if [ -f "$ca_bundle" ]; then
         echo "INFO: Using mounted CA bundle: $ca_bundle"
@@ -679,21 +666,26 @@ spec:
         update-ca-trust
       fi
 
+      retries=5
+      # Push to a unique tag based on the TaskRun name to avoid race conditions
       echo "Pushing to ${IMAGE%:*}:${TASKRUN_NAME}"
-      if ! retry buildah push \
+      if ! buildah push \
+        --retry "$retries" \
         --tls-verify="$TLSVERIFY" \
         "$IMAGE" \
         "docker://${IMAGE%:*}:$(context.taskRun.name)"; then
-        echo "Failed to push sbom image to ${IMAGE%:*}:$(context.taskRun.name) after ${max_run} tries"
+        echo "Failed to push sbom image to ${IMAGE%:*}:$(context.taskRun.name) after ${retries} tries"
         exit 1
       fi
 
+      # Push to a tag based on the git revision
       echo "Pushing to ${IMAGE}"
-      if ! retry buildah push \
+      if ! buildah push \
+        --retry "$retries" \
         --tls-verify="$TLSVERIFY" \
         --digestfile "/var/workdir/image-digest" "$IMAGE" \
         "docker://$IMAGE"; then
-        echo "Failed to push sbom image to $IMAGE after ${max_run} tries"
+        echo "Failed to push sbom image to $IMAGE after ${retries} tries"
         exit 1
       fi
 
diff --git a/task/buildah-remote/0.2/buildah-remote.yaml b/task/buildah-remote/0.2/buildah-remote.yaml
index 9f2c2d0b0e..ab7a273f02 100644
--- a/task/buildah-remote/0.2/buildah-remote.yaml
+++ b/task/buildah-remote/0.2/buildah-remote.yaml
@@ -629,60 +629,22 @@ spec:
         memory: 1Gi
     image: quay.io/konflux-ci/buildah-task:latest@sha256:b2d6c32d1e05e91920cd4475b2761d58bb7ee11ad5dff3ecb59831c7572b4d0c
     name: push
-    script: |
-      #!/bin/bash
-      set -e
-      if [ "${IMAGE_APPEND_PLATFORM}" == "true" ]; then
-        IMAGE="${IMAGE}-${PLATFORM//[^a-zA-Z0-9]/-}"
-        export IMAGE
-      fi
-
-      retry () {
-        status=-1
-        max_run=5
-        sleep_sec=10
-
-        for run in $(seq 1 $max_run); do
-          status=0
-          [ "$run" -gt 1 ] && sleep $sleep_sec
-          "$@" && break || status=$?
-        done
-        return $status
-      }
-
-      ca_bundle=/mnt/trusted-ca/ca-bundle.crt
-      if [ -f "$ca_bundle" ]; then
-        echo "INFO: Using mounted CA bundle: $ca_bundle"
-        cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors
-        update-ca-trust
-      fi
-
-      echo "Pushing to ${IMAGE%:*}:${TASKRUN_NAME}"
-      if ! retry buildah push \
-        --tls-verify="$TLSVERIFY" \
-        "$IMAGE" \
-        "docker://${IMAGE%:*}:$(context.taskRun.name)";
-      then
-        echo "Failed to push sbom image to ${IMAGE%:*}:$(context.taskRun.name) after ${max_run} tries"
-        exit 1
-      fi
-
-      echo "Pushing to ${IMAGE}"
-      if ! retry buildah push \
-        --tls-verify="$TLSVERIFY" \
-        --digestfile "$(workspaces.source.path)/image-digest" "$IMAGE" \
-        "docker://$IMAGE";
-      then
-        echo "Failed to push sbom image to $IMAGE after ${max_run} tries"
-        exit 1
-      fi
-
-      cat "$(workspaces.source.path)"/image-digest | tee $(results.IMAGE_DIGEST.path)
-      echo -n "$IMAGE" | tee $(results.IMAGE_URL.path)
-      {
-        echo -n "${IMAGE}@"
-        cat "$(workspaces.source.path)/image-digest"
-      } > "$(results.IMAGE_REF.path)"
+    script: "#!/bin/bash\nset -e\nif [ \"${IMAGE_APPEND_PLATFORM}\" == \"true\" ];
+      then\n  IMAGE=\"${IMAGE}-${PLATFORM//[^a-zA-Z0-9]/-}\"\n  export IMAGE\nfi\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif
+      [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n
+      \ cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nretries=5\n#
+      Push to a unique tag based on the TaskRun name to avoid race conditions\necho
+      \"Pushing to ${IMAGE%:*}:${TASKRUN_NAME}\"\nif ! buildah push \\\n  --retry
+      \"$retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  \"$IMAGE\" \\\n  \"docker://${IMAGE%:*}:$(context.taskRun.name)\";\nthen\n
+      \ echo \"Failed to push sbom image to ${IMAGE%:*}:$(context.taskRun.name) after
+      ${retries} tries\"\n  exit 1\nfi\n\n# Push to a tag based on the git revision
+      \necho \"Pushing to ${IMAGE}\"\nif ! buildah push \\\n  --retry \"$retries\"
+      \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile \"$(workspaces.source.path)/image-digest\"
+      \"$IMAGE\" \\\n  \"docker://$IMAGE\";\nthen\n  echo \"Failed to push sbom image
+      to $IMAGE after ${retries} tries\"\n  exit 1\nfi\n\ncat \"$(workspaces.source.path)\"/image-digest
+      | tee $(results.IMAGE_DIGEST.path)\necho -n \"$IMAGE\" | tee $(results.IMAGE_URL.path)\n{\n
+      \ echo -n \"${IMAGE}@\"\n  cat \"$(workspaces.source.path)/image-digest\"\n}
+      > \"$(results.IMAGE_REF.path)\"\n"
     securityContext:
       capabilities:
         add:
diff --git a/task/buildah/0.2/buildah.yaml b/task/buildah/0.2/buildah.yaml
index 3a6a9f70a9..34fdcbfa8b 100644
--- a/task/buildah/0.2/buildah.yaml
+++ b/task/buildah/0.2/buildah.yaml
@@ -500,19 +500,6 @@ spec:
       #!/bin/bash
       set -e
 
-      retry () {
-        status=-1
-        max_run=5
-        sleep_sec=10
-
-        for run in $(seq 1 $max_run); do
-          status=0
-          [ "$run" -gt 1 ] && sleep $sleep_sec
-          "$@" && break || status=$?
-        done
-        return $status
-      }
-
       ca_bundle=/mnt/trusted-ca/ca-bundle.crt
       if [ -f "$ca_bundle" ]; then
         echo "INFO: Using mounted CA bundle: $ca_bundle"
@@ -520,23 +507,28 @@ spec:
         update-ca-trust
       fi
 
+      retries=5
+      # Push to a unique tag based on the TaskRun name to avoid race conditions
       echo "Pushing to ${IMAGE%:*}:${TASKRUN_NAME}"
-      if ! retry buildah push \
+      if ! buildah push \
+        --retry "$retries" \
         --tls-verify="$TLSVERIFY" \
         "$IMAGE" \
         "docker://${IMAGE%:*}:$(context.taskRun.name)";
       then
-        echo "Failed to push sbom image to ${IMAGE%:*}:$(context.taskRun.name) after ${max_run} tries"
+        echo "Failed to push sbom image to ${IMAGE%:*}:$(context.taskRun.name) after ${retries} tries"
         exit 1
       fi
 
+      # Push to a tag based on the git revision
       echo "Pushing to ${IMAGE}"
-      if ! retry buildah push \
+      if ! buildah push \
+        --retry "$retries" \
         --tls-verify="$TLSVERIFY" \
         --digestfile "$(workspaces.source.path)/image-digest" "$IMAGE" \
         "docker://$IMAGE";
       then
-        echo "Failed to push sbom image to $IMAGE after ${max_run} tries"
+        echo "Failed to push sbom image to $IMAGE after ${retries} tries"
         exit 1
       fi