From d10d9a1bd544153e61406682c7d8e7c4aeb33f1f Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Thu, 2 Jan 2025 12:26:50 +0100 Subject: [PATCH 01/11] Create a task for figuring Collector+Scanner image tags I tried having this logic as part of the regular `determine-image-tag` task but it turned to be oddly-looking when I started adding tagging support and so here I just move it to its own place to live its own life. Note tha this task doesn't call `fail-build-if-git-is-dirty.sh` script because the outputs aren't affected by whether git changes are committed. --- .../determine-dependency-image-tag-task.yaml | 63 +++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 tasks/determine-dependency-image-tag-task.yaml diff --git a/tasks/determine-dependency-image-tag-task.yaml b/tasks/determine-dependency-image-tag-task.yaml new file mode 100644 index 0000000..7082449 --- /dev/null +++ b/tasks/determine-dependency-image-tag-task.yaml @@ -0,0 +1,63 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: determine-dependency-image-tag +spec: + description: Determines the tag for the Scanner V2 or Collector images using 'make scanner-tag' or + 'make collector-tag' output. + params: + - name: TAG_SUFFIX + description: Suffix to append to generated image tag. + type: string + - name: SOURCE_ARTIFACT + description: The Trusted Artifact URI pointing to the artifact with the application source code. This should be the + result of the git-clone task for the StackRox repo. + type: string + - name: MAKEFILE_DIRECTORY + description: Directory in which to run 'make' command. + type: string + default: "." + - name: MAKEFILE_TARGET + description: Makefile target to run. + type: string + results: + - name: IMAGE_TAG + description: Image Tag determined by the custom logic. + volumes: + - name: workdir + emptyDir: { } + stepTemplate: + volumeMounts: + - mountPath: /var/workdir + name: workdir + steps: + - name: use-trusted-artifact + image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:ff35e09ff5c89e54538b50abae241a765b2b7868f05d62c4835bebf0978f3659 + args: + - use + - $(params.SOURCE_ARTIFACT)=/var/workdir/source + - name: determine-image-tag + image: registry.access.redhat.com/ubi9:latest@sha256:1057dab827c782abcfb9bda0c3900c0966b5066e671d54976a7bcb3a2d1a5e53 + workingDir: /var/workdir/source + script: | + #!/usr/bin/env bash + + set -euo pipefail + + dnf -y install git make + + makefile_target="$(params.MAKEFILE_TARGET)" + + # Basic protection against running an arbitrary target. + allowed_targets="collector-tag|scanner-tag" + if [[ "|${allowed_targets}|" != *"|${makefile_target}|"* ]]; then + >&2 echo "Error: provided MAKEFILE_TARGET ${makefile_target} is not one of the allowed targets ${allowed_targets}" + exit 2 + fi + + # Note that even release Collector and Scanner V2 images will have the tag suffix. I.e. the suffix isn't planned + # to be suppressed there in the Konflux pipelines building for release at the time of this writing. + + image_tag="$(make -C "$(params.MAKEFILE_DIRECTORY)" --quiet --no-print-directory "${makefile_target}")$(params.TAG_SUFFIX)" + + echo -n "$image_tag" | tee "$(results.IMAGE_TAG.path)" From af5dceefbb24f61ed4438fb9c521f6b4feb7064c Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Thu, 2 Jan 2025 12:45:12 +0100 Subject: [PATCH 02/11] Modify the StackRox `determine-image-tag` task to understand git tags --- tasks/determine-image-tag-stackrox-task.yaml | 45 ++++++++++++++------ 1 file changed, 31 insertions(+), 14 deletions(-) diff --git a/tasks/determine-image-tag-stackrox-task.yaml b/tasks/determine-image-tag-stackrox-task.yaml index a83b8ec..7046a5d 100644 --- a/tasks/determine-image-tag-stackrox-task.yaml +++ b/tasks/determine-image-tag-stackrox-task.yaml @@ -10,21 +10,28 @@ spec: description: Suffix to append to generated image tag. type: string - name: SOURCE_ARTIFACT - description: The Trusted Artifact URI pointing to the artifact with - the application source code. This should be the result of the git-clone task, - results from other tasks might fail as dirty. + description: The Trusted Artifact URI pointing to the artifact with the application source code. This should be the + result of the git-clone task, results from other tasks might fail as dirty. type: string - name: MAKEFILE_DIRECTORY description: Directory in which to run 'make' command. type: string default: "." - - name: MAKEFILE_TARGET - description: Makefile target to run. + - name: SOURCE_BRANCH + description: Branch or tag that triggered a build pipeline with this task. + Must be set to {{ source_branch }} Pipelines as Code variable. + See https://pipelinesascode.com/docs/guide/authoringprs/#dynamic-variables type: string - default: "tag" + - name: SUPPRESS_TAG_SUFFIX_ON_SOURCE_BRANCH_REGEX + description: Regular expression (must be understood by grep -E) which, when matches SOURCE_BRANCH param, prevents + TAG_SUFFIX to be appended to the resulting tag. Intended for Stable Stream builds where we want to produce image + tags without the "-fast" suffix. + By default is set to an expression that never matches anything, i.e. the suffix will always be applied. + type: string + default: ^\b$ results: - name: IMAGE_TAG - description: Image Tag determined by custom logic. + description: Image Tag determined by the custom logic. volumes: - name: workdir emptyDir: { } @@ -43,18 +50,28 @@ spec: workingDir: /var/workdir/source script: | #!/usr/bin/env bash + set -euo pipefail + dnf -y install git make .konflux/scripts/fail-build-if-git-is-dirty.sh - # Basic protection against running something arbitrary. - allowed_targets="tag|collector-tag|scanner-tag" - if [[ "|${allowed_targets}|" != *"|$(params.MAKEFILE_TARGET)|"* ]]; then - >&2 echo "Error: provided MAKEFILE_TARGET $(params.MAKEFILE_TARGET) is not one of the allowed targets ${allowed_targets}" - exit 2 + source_branch="$(params.SOURCE_BRANCH)" + + suffix="$(params.TAG_SUFFIX)" + + if grep -qE '$(params.SUPPRESS_TAG_SUFFIX_ON_SOURCE_BRANCH_REGEX)' <<< "${source_branch}"; then + echo "Source branch ${source_branch} matches the suppression regex, the image tag suffix ${suffix} will be omitted." + suffix="" fi - image_tag="$(make -C "$(params.MAKEFILE_DIRECTORY)" --quiet --no-print-directory "$(params.MAKEFILE_TARGET)")$(params.TAG_SUFFIX)" + if [[ "${source_branch}" == refs/tags/* ]]; then + echo "${source_branch} seems to be a build of a git tag, will use this git tag." + image_tag="${source_branch#refs/tags/}" + else + # Otherwise, delegate the work to Makefiles. + image_tag="$(make -C "$(params.MAKEFILE_DIRECTORY)" --quiet --no-print-directory tag)" + fi - echo -n "$image_tag" | tee "$(results.IMAGE_TAG.path)" + echo -n "${image_tag}${suffix}" | tee "$(results.IMAGE_TAG.path)" From 5a13ce57028fbde8a8ee6e691f4e91b66404c5e2 Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Thu, 2 Jan 2025 12:46:41 +0100 Subject: [PATCH 03/11] Delete the separate Collector and Scanner tag task --- tasks/determine-image-tag-task.yaml | 53 ----------------------------- 1 file changed, 53 deletions(-) delete mode 100644 tasks/determine-image-tag-task.yaml diff --git a/tasks/determine-image-tag-task.yaml b/tasks/determine-image-tag-task.yaml deleted file mode 100644 index 0c9f96e..0000000 --- a/tasks/determine-image-tag-task.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: Task -metadata: - name: determine-image-tag -spec: - # TODO(ROX-27384): this is a task for the Scanner and Collector repos, unify with the StackRox one. - description: Determines the tag for the output image using the StackRox convention from 'make tag' output. - params: - - name: TAG_SUFFIX - description: Suffix to append to generated image tag. - type: string - - name: SOURCE_ARTIFACT - description: The Trusted Artifact URI pointing to the artifact with - the application source code. This should be the result of the git-clone task, - results from other tasks might fail as dirty. - type: string - results: - - name: IMAGE_TAG - description: Image Tag determined by custom logic. - volumes: - - name: workdir - emptyDir: { } - stepTemplate: - volumeMounts: - - mountPath: /var/workdir - name: workdir - steps: - - name: use-trusted-artifact - image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:ff35e09ff5c89e54538b50abae241a765b2b7868f05d62c4835bebf0978f3659 - args: - - use - - $(params.SOURCE_ARTIFACT)=/var/workdir/source - - name: determine-image-tag - image: registry.access.redhat.com/ubi9:latest@sha256:53d6c19d664f4f418ce5c823d3a33dbb562a2550ea249cf07ef10aa063ace38f - workingDir: /var/workdir/source - script: | - #!/usr/bin/env bash - set -euo pipefail - dnf -y install git make - - .konflux/scripts/fail-build-if-git-is-dirty.sh - - # First, try take git tag if it's a tagged commit. - tag="$(git tag --points-at)" - if [[ -z "$tag" ]]; then - # If not, use make target's output. - tag="$(make --quiet --no-print-directory tag)" - elif [[ "$(wc -l <<< "$tag")" -gt 1 ]]; then - >&2 echo -e "Error: the HEAD commit has multiple tags, don't know which one to choose:\n$tag" - exit 5 - fi - - echo -n "${tag}$(params.TAG_SUFFIX)" | tee "$(results.IMAGE_TAG.path)" From 4cb2a1f745b1ada3783c8e1af4bd236562a7504b Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Thu, 2 Jan 2025 12:47:28 +0100 Subject: [PATCH 04/11] Make the former StackRox task to be the only one for determining tags --- ...ge-tag-stackrox-task.yaml => determine-image-tag-task.yaml} | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) rename tasks/{determine-image-tag-stackrox-task.yaml => determine-image-tag-task.yaml} (95%) diff --git a/tasks/determine-image-tag-stackrox-task.yaml b/tasks/determine-image-tag-task.yaml similarity index 95% rename from tasks/determine-image-tag-stackrox-task.yaml rename to tasks/determine-image-tag-task.yaml index 7046a5d..b3b8731 100644 --- a/tasks/determine-image-tag-stackrox-task.yaml +++ b/tasks/determine-image-tag-task.yaml @@ -1,9 +1,8 @@ apiVersion: tekton.dev/v1 kind: Task metadata: - name: determine-image-tag-stackrox + name: determine-image-tag spec: - # TODO(ROX-27384): this is a special task for the StackRox repo, unify with the Scanner and Collector ones. description: Determines the tag for the output image using the StackRox convention from 'make tag' output. params: - name: TAG_SUFFIX From d37799a07348bd162b1d3d527bdb34e4aedf4fa4 Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Thu, 2 Jan 2025 12:54:34 +0100 Subject: [PATCH 05/11] Inline git dirty check We're moving towards https://issues.redhat.com/browse/ROX-27488 and so there's no need to call the external script if the check can be made locally. Note that compared to https://github.com/stackrox/stackrox/blob/b170ccb6e8193151ed5d14799ae984c8c1402724/.konflux/scripts/fail-build-if-git-is-dirty.sh this script doesn't try to restore Dockerfiles because it is executed before prefetch task which makes those changes. --- tasks/determine-image-tag-task.yaml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/tasks/determine-image-tag-task.yaml b/tasks/determine-image-tag-task.yaml index b3b8731..7451cfe 100644 --- a/tasks/determine-image-tag-task.yaml +++ b/tasks/determine-image-tag-task.yaml @@ -54,7 +54,21 @@ spec: dnf -y install git make - .konflux/scripts/fail-build-if-git-is-dirty.sh + function fail_build_if_git_is_dirty() { + echo "Checking that there are no uncommitted changes in the git repo." + echo "If this command fails, you should see the list of modified files below." + echo "You need to find the reason and prevent it because otherwise the 'make tag' output will include '-dirty' which likely isn't what you want." + echo "" + + if git status --porcelain | grep '.' >&2 ; then + >&2 echo "ERROR: Modified files found." + exit 2 + else + echo "git repo looks clean." + fi + } + + fail_build_if_git_is_dirty source_branch="$(params.SOURCE_BRANCH)" From 1e796e1aeafd818176ea58df3d7bed77729d0b18 Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Mon, 6 Jan 2025 11:03:56 +0100 Subject: [PATCH 06/11] Remove suffix suppression After thinking about it, I concluded that the suppression may have to be done differently and it's not the right time to introduce it yet. (If needed in this form, I could restore it from the git history.) --- tasks/determine-image-tag-task.yaml | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/tasks/determine-image-tag-task.yaml b/tasks/determine-image-tag-task.yaml index 7451cfe..be23443 100644 --- a/tasks/determine-image-tag-task.yaml +++ b/tasks/determine-image-tag-task.yaml @@ -17,17 +17,10 @@ spec: type: string default: "." - name: SOURCE_BRANCH - description: Branch or tag that triggered a build pipeline with this task. + description: Branch (or tag) that triggered a build pipeline with this task. Must be set to {{ source_branch }} Pipelines as Code variable. See https://pipelinesascode.com/docs/guide/authoringprs/#dynamic-variables type: string - - name: SUPPRESS_TAG_SUFFIX_ON_SOURCE_BRANCH_REGEX - description: Regular expression (must be understood by grep -E) which, when matches SOURCE_BRANCH param, prevents - TAG_SUFFIX to be appended to the resulting tag. Intended for Stable Stream builds where we want to produce image - tags without the "-fast" suffix. - By default is set to an expression that never matches anything, i.e. the suffix will always be applied. - type: string - default: ^\b$ results: - name: IMAGE_TAG description: Image Tag determined by the custom logic. @@ -71,14 +64,8 @@ spec: fail_build_if_git_is_dirty source_branch="$(params.SOURCE_BRANCH)" - suffix="$(params.TAG_SUFFIX)" - if grep -qE '$(params.SUPPRESS_TAG_SUFFIX_ON_SOURCE_BRANCH_REGEX)' <<< "${source_branch}"; then - echo "Source branch ${source_branch} matches the suppression regex, the image tag suffix ${suffix} will be omitted." - suffix="" - fi - if [[ "${source_branch}" == refs/tags/* ]]; then echo "${source_branch} seems to be a build of a git tag, will use this git tag." image_tag="${source_branch#refs/tags/}" From b0e85e0b74d318382001da204414be73fd4a59bc Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Tue, 7 Jan 2025 14:39:10 +0100 Subject: [PATCH 07/11] Rewrite with handling of the Collector thing --- tasks/determine-image-tag-task.yaml | 76 ++++++++++++++++++++++++----- 1 file changed, 63 insertions(+), 13 deletions(-) diff --git a/tasks/determine-image-tag-task.yaml b/tasks/determine-image-tag-task.yaml index be23443..5aaeee8 100644 --- a/tasks/determine-image-tag-task.yaml +++ b/tasks/determine-image-tag-task.yaml @@ -45,7 +45,19 @@ spec: set -euo pipefail - dnf -y install git make + function main() { + dnf -y install git make + + fail_build_if_git_is_dirty + + local suffix="$(params.TAG_SUFFIX)" + local source_branch="$(params.SOURCE_BRANCH)" + + local image_tag + image_tag="$(determine_tag)" + + echo -n "${image_tag}${suffix}" | tee "$(results.IMAGE_TAG.path)" + } function fail_build_if_git_is_dirty() { echo "Checking that there are no uncommitted changes in the git repo." @@ -53,7 +65,7 @@ spec: echo "You need to find the reason and prevent it because otherwise the 'make tag' output will include '-dirty' which likely isn't what you want." echo "" - if git status --porcelain | grep '.' >&2 ; then + if git status --porcelain | grep "." >&2 ; then >&2 echo "ERROR: Modified files found." exit 2 else @@ -61,17 +73,55 @@ spec: fi } - fail_build_if_git_is_dirty + function determine_tag() { + function log() { + # Log to stderr so not to mess up function's printed result. + >&2 echo "$@" + } + + # 1. Gather data + + local tag_from_tekton="" + if [[ "${source_branch}" == refs/tags/* ]]; then + tag_from_tekton="${source_branch#refs/tags/}" + fi + log "Tag from Tekton event: '${tag_from_tekton}'" + + local tag_from_makefile + tag_from_makefile="$(make -C "$(params.MAKEFILE_DIRECTORY)" --quiet --no-print-directory tag)" + log "Tag reported by Makefile: '${tag_from_makefile}'" + + local tags_from_git + tags_from_git="$(git tag --points-at)" + local -a tags_from_git_arr + readarray tags_from_git_arr <<< "${tags_from_git}" + log "Tags seen by git: '${tags_from_git_arr[*]}'" + + local git_describe_output + git_describe_output="$(git describe --tags --abbrev=10 --dirty --long)" + log "Long git describe output: '${git_describe_output}'" + + # 2. Decide - source_branch="$(params.SOURCE_BRANCH)" - suffix="$(params.TAG_SUFFIX)" + if [[ -n "${tag_from_tekton}" ]]; then + log "This seems to be a tekton tag push event, using ${tag_from_tekton} for the tag." + echo "${tag_from_tekton}" + return + fi + + # Handle the special case in the Collector repo. + if printf '%s\0' "${tags_from_git_arr[@]}" | grep -qzFx -- "${tag_from_makefile}"; then + log "This is not a tag push event but Makefile reports literally the git tag ${tag_from_makefile}." + log "This happens when a build was triggered not by a tag push event but the commit is tagged and when the Makefile doesn't use '--long' with 'git describe'." + log "We should use a different image tag for this build in order to not mix results with a build that was triggered by a tag push event and which will tag its images as ${tag_from_makefile}." + log "Using ${git_describe_output} for the tag." + echo "${git_describe_output}" + return + fi - if [[ "${source_branch}" == refs/tags/* ]]; then - echo "${source_branch} seems to be a build of a git tag, will use this git tag." - image_tag="${source_branch#refs/tags/}" - else - # Otherwise, delegate the work to Makefiles. - image_tag="$(make -C "$(params.MAKEFILE_DIRECTORY)" --quiet --no-print-directory tag)" - fi + log "Using Makefile output ${tag_from_makefile} for the tag." + echo "${tag_from_makefile}" + return + } - echo -n "${image_tag}${suffix}" | tee "$(results.IMAGE_TAG.path)" + main From a1630b894cfa2d7947d4675fd7eab730d03f8d45 Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Thu, 16 Jan 2025 13:01:29 +0100 Subject: [PATCH 08/11] Fix collector-tag logic and improve printed texts --- tasks/determine-image-tag-task.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tasks/determine-image-tag-task.yaml b/tasks/determine-image-tag-task.yaml index 5aaeee8..4d5002c 100644 --- a/tasks/determine-image-tag-task.yaml +++ b/tasks/determine-image-tag-task.yaml @@ -94,7 +94,7 @@ spec: local tags_from_git tags_from_git="$(git tag --points-at)" local -a tags_from_git_arr - readarray tags_from_git_arr <<< "${tags_from_git}" + readarray -t tags_from_git_arr <<< "${tags_from_git}" log "Tags seen by git: '${tags_from_git_arr[*]}'" local git_describe_output @@ -111,9 +111,9 @@ spec: # Handle the special case in the Collector repo. if printf '%s\0' "${tags_from_git_arr[@]}" | grep -qzFx -- "${tag_from_makefile}"; then - log "This is not a tag push event but Makefile reports literally the git tag ${tag_from_makefile}." + log "This is not a tag push event but Makefile reports literally the git tag '${tag_from_makefile}'." log "This happens when a build was triggered not by a tag push event but the commit is tagged and when the Makefile doesn't use '--long' with 'git describe'." - log "We should use a different image tag for this build in order to not mix results with a build that was triggered by a tag push event and which will tag its images as ${tag_from_makefile}." + log "We should use a different image tag for this build in order to not mix results with a build that was triggered by the tag push event and which will indeed use `${tag_from_makefile}` as the tag for images built there." log "Using ${git_describe_output} for the tag." echo "${git_describe_output}" return From 4ddbc8e71dc98c80034672e9343b48b3b75913ac Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Thu, 16 Jan 2025 14:30:20 +0100 Subject: [PATCH 09/11] Remove unexpected backticks ``` Tag from Tekton event: '' Tag reported by Makefile: 'misha-test-8' Tags seen by git: 'misha-test-8' Long git describe output: 'misha-test-8-0-g8d18e3b812' This is not a tag push event but Makefile reports literally the git tag 'misha-test-8'. This happens when a build was triggered not by a tag push event but the commit is tagged and when the Makefile doesn't use '--long' with 'git describe'. /tekton/scripts/script-1-7v9vw: line 73: misha-test-8: command not found We should use a different image tag for this build in order to not mix results with a build that was triggered by the tag push event and which will indeed use as the tag for images built there. Using misha-test-8-0-g8d18e3b812 for the tag. misha-test-8-0-g8d18e3b812-fast ``` --- tasks/determine-image-tag-task.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/determine-image-tag-task.yaml b/tasks/determine-image-tag-task.yaml index 4d5002c..3cb8d38 100644 --- a/tasks/determine-image-tag-task.yaml +++ b/tasks/determine-image-tag-task.yaml @@ -113,7 +113,7 @@ spec: if printf '%s\0' "${tags_from_git_arr[@]}" | grep -qzFx -- "${tag_from_makefile}"; then log "This is not a tag push event but Makefile reports literally the git tag '${tag_from_makefile}'." log "This happens when a build was triggered not by a tag push event but the commit is tagged and when the Makefile doesn't use '--long' with 'git describe'." - log "We should use a different image tag for this build in order to not mix results with a build that was triggered by the tag push event and which will indeed use `${tag_from_makefile}` as the tag for images built there." + log "We should use a different image tag for this build in order to not mix results with a build that was triggered by the tag push event and which will indeed use '${tag_from_makefile}' as the tag for images built there." log "Using ${git_describe_output} for the tag." echo "${git_describe_output}" return From 44f90a4f44833c069726ac47dc31277a9fa3b39e Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Thu, 16 Jan 2025 19:02:03 +0100 Subject: [PATCH 10/11] Improve dependency task from self-review --- tasks/determine-dependency-image-tag-task.yaml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/tasks/determine-dependency-image-tag-task.yaml b/tasks/determine-dependency-image-tag-task.yaml index 7082449..54fd4b7 100644 --- a/tasks/determine-dependency-image-tag-task.yaml +++ b/tasks/determine-dependency-image-tag-task.yaml @@ -3,7 +3,7 @@ kind: Task metadata: name: determine-dependency-image-tag spec: - description: Determines the tag for the Scanner V2 or Collector images using 'make scanner-tag' or + description: Determines the original tags of Scanner V2 or Collector images using 'make scanner-tag' or 'make collector-tag' output. params: - name: TAG_SUFFIX @@ -55,9 +55,8 @@ spec: exit 2 fi - # Note that even release Collector and Scanner V2 images will have the tag suffix. I.e. the suffix isn't planned - # to be suppressed there in the Konflux pipelines building for release at the time of this writing. + image_tag="$(make -C "$(params.MAKEFILE_DIRECTORY)" --quiet --no-print-directory "${makefile_target}")" - image_tag="$(make -C "$(params.MAKEFILE_DIRECTORY)" --quiet --no-print-directory "${makefile_target}")$(params.TAG_SUFFIX)" - - echo -n "$image_tag" | tee "$(results.IMAGE_TAG.path)" + # Note that Collector and Scanner V2 images built with Konflux even for release will have the tag suffix. I.e. the + # suffix isn't planned to be suppressed there in release _builds_ at the time of this writing. + echo -n "${image_tag}$(params.TAG_SUFFIX)" | tee "$(results.IMAGE_TAG.path)" From 880b1a00e9681bd91f0817940c3003d09962c30d Mon Sep 17 00:00:00 2001 From: Misha Sugakov Date: Thu, 16 Jan 2025 19:10:56 +0100 Subject: [PATCH 11/11] Self-review determine-image-tag task --- tasks/determine-image-tag-task.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tasks/determine-image-tag-task.yaml b/tasks/determine-image-tag-task.yaml index 3cb8d38..3a3bf8b 100644 --- a/tasks/determine-image-tag-task.yaml +++ b/tasks/determine-image-tag-task.yaml @@ -18,7 +18,7 @@ spec: default: "." - name: SOURCE_BRANCH description: Branch (or tag) that triggered a build pipeline with this task. - Must be set to {{ source_branch }} Pipelines as Code variable. + Must be set to '{{ source_branch }}' Pipelines as Code variable. See https://pipelinesascode.com/docs/guide/authoringprs/#dynamic-variables type: string results: @@ -50,8 +50,8 @@ spec: fail_build_if_git_is_dirty - local suffix="$(params.TAG_SUFFIX)" - local source_branch="$(params.SOURCE_BRANCH)" + local -r suffix="$(params.TAG_SUFFIX)" + local -r source_branch="$(params.SOURCE_BRANCH)" local image_tag image_tag="$(determine_tag)" @@ -75,7 +75,7 @@ spec: function determine_tag() { function log() { - # Log to stderr so not to mess up function's printed result. + # Log to stderr so not to mess up the function's printed result. >&2 echo "$@" }