From b3a8e96c0d5ae8dea7038886f241ed6ae2585260 Mon Sep 17 00:00:00 2001 From: Tomas Nevrlka Date: Tue, 3 Dec 2024 09:45:49 +0100 Subject: [PATCH] refactor: use built-in buildah --retry - Retries were achieved by writing a loop around the buildah command - buildah actually has a `--retry` option - Use the built-in option in order to simplify the code --- task/buildah-oci-ta/0.2/buildah-oci-ta.yaml | 26 +++---- .../0.2/buildah-remote-oci-ta.yaml | 26 +++---- task/buildah-remote/0.2/buildah-remote.yaml | 70 +++++-------------- task/buildah/0.2/buildah.yaml | 26 +++---- 4 files changed, 43 insertions(+), 105 deletions(-) diff --git a/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml b/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml index 4e5bdf7c8d..47ce0128ba 100644 --- a/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml +++ b/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml @@ -559,19 +559,6 @@ spec: #!/bin/bash set -e - retry() { - status=-1 - max_run=5 - sleep_sec=10 - - for run in $(seq 1 $max_run); do - status=0 - [ "$run" -gt 1 ] && sleep $sleep_sec - "$@" && break || status=$? - done - return $status - } - ca_bundle=/mnt/trusted-ca/ca-bundle.crt if [ -f "$ca_bundle" ]; then echo "INFO: Using mounted CA bundle: $ca_bundle" @@ -579,21 +566,26 @@ spec: update-ca-trust fi + retries=5 + # Push to a unique tag based on the TaskRun name to avoid race conditions echo "Pushing to ${IMAGE%:*}:${TASKRUN_NAME}" - if ! retry buildah push \ + if ! buildah push \ + --retry "$retries" \ --tls-verify="$TLSVERIFY" \ "$IMAGE" \ "docker://${IMAGE%:*}:$(context.taskRun.name)"; then - echo "Failed to push sbom image to ${IMAGE%:*}:$(context.taskRun.name) after ${max_run} tries" + echo "Failed to push sbom image to ${IMAGE%:*}:$(context.taskRun.name) after ${retries} tries" exit 1 fi + # Push to a tag based on the git revision echo "Pushing to ${IMAGE}" - if ! retry buildah push \ + if ! buildah push \ + --retry "$retries" \ --tls-verify="$TLSVERIFY" \ --digestfile "/var/workdir/image-digest" "$IMAGE" \ "docker://$IMAGE"; then - echo "Failed to push sbom image to $IMAGE after ${max_run} tries" + echo "Failed to push sbom image to $IMAGE after ${retries} tries" exit 1 fi diff --git a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml index ce75471d4e..4e51a7a909 100644 --- a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml +++ b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml @@ -659,19 +659,6 @@ spec: export IMAGE fi - retry() { - status=-1 - max_run=5 - sleep_sec=10 - - for run in $(seq 1 $max_run); do - status=0 - [ "$run" -gt 1 ] && sleep $sleep_sec - "$@" && break || status=$? - done - return $status - } - ca_bundle=/mnt/trusted-ca/ca-bundle.crt if [ -f "$ca_bundle" ]; then echo "INFO: Using mounted CA bundle: $ca_bundle" @@ -679,21 +666,26 @@ spec: update-ca-trust fi + retries=5 + # Push to a unique tag based on the TaskRun name to avoid race conditions echo "Pushing to ${IMAGE%:*}:${TASKRUN_NAME}" - if ! retry buildah push \ + if ! buildah push \ + --retry "$retries" \ --tls-verify="$TLSVERIFY" \ "$IMAGE" \ "docker://${IMAGE%:*}:$(context.taskRun.name)"; then - echo "Failed to push sbom image to ${IMAGE%:*}:$(context.taskRun.name) after ${max_run} tries" + echo "Failed to push sbom image to ${IMAGE%:*}:$(context.taskRun.name) after ${retries} tries" exit 1 fi + # Push to a tag based on the git revision echo "Pushing to ${IMAGE}" - if ! retry buildah push \ + if ! buildah push \ + --retry "$retries" \ --tls-verify="$TLSVERIFY" \ --digestfile "/var/workdir/image-digest" "$IMAGE" \ "docker://$IMAGE"; then - echo "Failed to push sbom image to $IMAGE after ${max_run} tries" + echo "Failed to push sbom image to $IMAGE after ${retries} tries" exit 1 fi diff --git a/task/buildah-remote/0.2/buildah-remote.yaml b/task/buildah-remote/0.2/buildah-remote.yaml index 9f2c2d0b0e..ab7a273f02 100644 --- a/task/buildah-remote/0.2/buildah-remote.yaml +++ b/task/buildah-remote/0.2/buildah-remote.yaml @@ -629,60 +629,22 @@ spec: memory: 1Gi image: quay.io/konflux-ci/buildah-task:latest@sha256:b2d6c32d1e05e91920cd4475b2761d58bb7ee11ad5dff3ecb59831c7572b4d0c name: push - script: | - #!/bin/bash - set -e - if [ "${IMAGE_APPEND_PLATFORM}" == "true" ]; then - IMAGE="${IMAGE}-${PLATFORM//[^a-zA-Z0-9]/-}" - export IMAGE - fi - - retry () { - status=-1 - max_run=5 - sleep_sec=10 - - for run in $(seq 1 $max_run); do - status=0 - [ "$run" -gt 1 ] && sleep $sleep_sec - "$@" && break || status=$? - done - return $status - } - - ca_bundle=/mnt/trusted-ca/ca-bundle.crt - if [ -f "$ca_bundle" ]; then - echo "INFO: Using mounted CA bundle: $ca_bundle" - cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors - update-ca-trust - fi - - echo "Pushing to ${IMAGE%:*}:${TASKRUN_NAME}" - if ! retry buildah push \ - --tls-verify="$TLSVERIFY" \ - "$IMAGE" \ - "docker://${IMAGE%:*}:$(context.taskRun.name)"; - then - echo "Failed to push sbom image to ${IMAGE%:*}:$(context.taskRun.name) after ${max_run} tries" - exit 1 - fi - - echo "Pushing to ${IMAGE}" - if ! retry buildah push \ - --tls-verify="$TLSVERIFY" \ - --digestfile "$(workspaces.source.path)/image-digest" "$IMAGE" \ - "docker://$IMAGE"; - then - echo "Failed to push sbom image to $IMAGE after ${max_run} tries" - exit 1 - fi - - cat "$(workspaces.source.path)"/image-digest | tee $(results.IMAGE_DIGEST.path) - echo -n "$IMAGE" | tee $(results.IMAGE_URL.path) - { - echo -n "${IMAGE}@" - cat "$(workspaces.source.path)/image-digest" - } > "$(results.IMAGE_REF.path)" + script: "#!/bin/bash\nset -e\nif [ \"${IMAGE_APPEND_PLATFORM}\" == \"true\" ]; + then\n IMAGE=\"${IMAGE}-${PLATFORM//[^a-zA-Z0-9]/-}\"\n export IMAGE\nfi\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif + [ -f \"$ca_bundle\" ]; then\n echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n + \ cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n update-ca-trust\nfi\n\nretries=5\n# + Push to a unique tag based on the TaskRun name to avoid race conditions\necho + \"Pushing to ${IMAGE%:*}:${TASKRUN_NAME}\"\nif ! buildah push \\\n --retry + \"$retries\" \\\n --tls-verify=\"$TLSVERIFY\" \\\n \"$IMAGE\" \\\n \"docker://${IMAGE%:*}:$(context.taskRun.name)\";\nthen\n + \ echo \"Failed to push sbom image to ${IMAGE%:*}:$(context.taskRun.name) after + ${retries} tries\"\n exit 1\nfi\n\n# Push to a tag based on the git revision + \necho \"Pushing to ${IMAGE}\"\nif ! buildah push \\\n --retry \"$retries\" + \\\n --tls-verify=\"$TLSVERIFY\" \\\n --digestfile \"$(workspaces.source.path)/image-digest\" + \"$IMAGE\" \\\n \"docker://$IMAGE\";\nthen\n echo \"Failed to push sbom image + to $IMAGE after ${retries} tries\"\n exit 1\nfi\n\ncat \"$(workspaces.source.path)\"/image-digest + | tee $(results.IMAGE_DIGEST.path)\necho -n \"$IMAGE\" | tee $(results.IMAGE_URL.path)\n{\n + \ echo -n \"${IMAGE}@\"\n cat \"$(workspaces.source.path)/image-digest\"\n} + > \"$(results.IMAGE_REF.path)\"\n" securityContext: capabilities: add: diff --git a/task/buildah/0.2/buildah.yaml b/task/buildah/0.2/buildah.yaml index 3a6a9f70a9..04f3df1c61 100644 --- a/task/buildah/0.2/buildah.yaml +++ b/task/buildah/0.2/buildah.yaml @@ -500,19 +500,6 @@ spec: #!/bin/bash set -e - retry () { - status=-1 - max_run=5 - sleep_sec=10 - - for run in $(seq 1 $max_run); do - status=0 - [ "$run" -gt 1 ] && sleep $sleep_sec - "$@" && break || status=$? - done - return $status - } - ca_bundle=/mnt/trusted-ca/ca-bundle.crt if [ -f "$ca_bundle" ]; then echo "INFO: Using mounted CA bundle: $ca_bundle" @@ -520,23 +507,28 @@ spec: update-ca-trust fi + retries=5 + # Push to a unique tag based on the TaskRun name to avoid race conditions echo "Pushing to ${IMAGE%:*}:${TASKRUN_NAME}" - if ! retry buildah push \ + if ! buildah push \ + --retry "$retries" \ --tls-verify="$TLSVERIFY" \ "$IMAGE" \ "docker://${IMAGE%:*}:$(context.taskRun.name)"; then - echo "Failed to push sbom image to ${IMAGE%:*}:$(context.taskRun.name) after ${max_run} tries" + echo "Failed to push sbom image to ${IMAGE%:*}:$(context.taskRun.name) after ${retries} tries" exit 1 fi + # Push to a tag based on the git revision echo "Pushing to ${IMAGE}" - if ! retry buildah push \ + if ! buildah push \ + --retry "$retries" \ --tls-verify="$TLSVERIFY" \ --digestfile "$(workspaces.source.path)/image-digest" "$IMAGE" \ "docker://$IMAGE"; then - echo "Failed to push sbom image to $IMAGE after ${max_run} tries" + echo "Failed to push sbom image to $IMAGE after ${retries} tries" exit 1 fi