Skip to content

Commit

Permalink
buildah: fix Checkton/ShellCheck findings
Browse files Browse the repository at this point in the history
They cause the CI to be red on tasks derived from the buildah task.

Related: konflux-ci#1653
  • Loading branch information
kdudka committed Dec 12, 2024
1 parent 58950bb commit 244c039
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 36 deletions.
18 changes: 9 additions & 9 deletions task/buildah-oci-ta/0.2/buildah-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -273,14 +273,14 @@ spec:
echo "Fetch Dockerfile from $DOCKERFILE"
dockerfile_path=$(mktemp --suffix=-Dockerfile)
http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path" "$DOCKERFILE")
if [ $http_code != 200 ]; then
if [ "$http_code" != 200 ]; then
echo "No Dockerfile is fetched. Server responds $http_code"
exit 1
fi
http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path.dockerignore.tmp" "$DOCKERFILE.dockerignore")
if [ $http_code = 200 ]; then
if [ "$http_code" = 200 ]; then
echo "Fetched .dockerignore from $DOCKERFILE.dockerignore"
mv "$dockerfile_path.dockerignore.tmp" $SOURCE_CODE_DIR/$CONTEXT/.dockerignore
mv "$dockerfile_path.dockerignore.tmp" "$SOURCE_CODE_DIR/$CONTEXT/.dockerignore"
fi
else
echo "Cannot find Dockerfile $DOCKERFILE"
Expand Down Expand Up @@ -361,7 +361,7 @@ spec:
UNSHARE_ARGS+=("--net")
for image in $BASE_IMAGES; do
unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image
unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull "$image"
done
echo "Build will be executed with network isolation"
fi
Expand Down Expand Up @@ -408,14 +408,14 @@ spec:
# if yum repofiles stored in git, copy them to mount point outside the source dir
if [ -d "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}" ]; then
mkdir -p ${YUM_REPOS_D_FETCHED}
cp -r ${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}/* ${YUM_REPOS_D_FETCHED}
mkdir -p "${YUM_REPOS_D_FETCHED}"
cp -r "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}"/* "${YUM_REPOS_D_FETCHED}"
fi
# if anything in the repofiles mount point (either fetched or from git), mount it
if [ -d "${YUM_REPOS_D_FETCHED}" ]; then
chmod -R go+rwX ${YUM_REPOS_D_FETCHED}
mount_point=$(realpath ${YUM_REPOS_D_FETCHED})
chmod -R go+rwX "${YUM_REPOS_D_FETCHED}"
mount_point=$(realpath "${YUM_REPOS_D_FETCHED}")
VOLUME_MOUNTS+=(--volume "${mount_point}:${YUM_REPOS_D_TARGET}")
fi
Expand Down Expand Up @@ -518,7 +518,7 @@ spec:
unshare -Uf "${UNSHARE_ARGS[@]}" --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -w "${SOURCE_CODE_DIR}/$CONTEXT" -- sh -c "$command"
container=$(buildah from --pull-never "$IMAGE")
buildah mount $container | tee /shared/container_path
buildah mount "$container" | tee /shared/container_path
# delete symlinks - they may point outside the container rootfs, messing with SBOM scanners
find $(cat /shared/container_path) -xtype l -delete
echo $container >/shared/container_name
Expand Down
18 changes: 9 additions & 9 deletions task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -307,14 +307,14 @@ spec:
echo "Fetch Dockerfile from $DOCKERFILE"
dockerfile_path=$(mktemp --suffix=-Dockerfile)
http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path" "$DOCKERFILE")
if [ $http_code != 200 ]; then
if [ "$http_code" != 200 ]; then
echo "No Dockerfile is fetched. Server responds $http_code"
exit 1
fi
http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path.dockerignore.tmp" "$DOCKERFILE.dockerignore")
if [ $http_code = 200 ]; then
if [ "$http_code" = 200 ]; then
echo "Fetched .dockerignore from $DOCKERFILE.dockerignore"
mv "$dockerfile_path.dockerignore.tmp" $SOURCE_CODE_DIR/$CONTEXT/.dockerignore
mv "$dockerfile_path.dockerignore.tmp" "$SOURCE_CODE_DIR/$CONTEXT/.dockerignore"
fi
else
echo "Cannot find Dockerfile $DOCKERFILE"
Expand Down Expand Up @@ -395,7 +395,7 @@ spec:
UNSHARE_ARGS+=("--net")
for image in $BASE_IMAGES; do
unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image
unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull "$image"
done
echo "Build will be executed with network isolation"
fi
Expand Down Expand Up @@ -442,14 +442,14 @@ spec:
# if yum repofiles stored in git, copy them to mount point outside the source dir
if [ -d "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}" ]; then
mkdir -p ${YUM_REPOS_D_FETCHED}
cp -r ${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}/* ${YUM_REPOS_D_FETCHED}
mkdir -p "${YUM_REPOS_D_FETCHED}"
cp -r "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}"/* "${YUM_REPOS_D_FETCHED}"
fi
# if anything in the repofiles mount point (either fetched or from git), mount it
if [ -d "${YUM_REPOS_D_FETCHED}" ]; then
chmod -R go+rwX ${YUM_REPOS_D_FETCHED}
mount_point=$(realpath ${YUM_REPOS_D_FETCHED})
chmod -R go+rwX "${YUM_REPOS_D_FETCHED}"
mount_point=$(realpath "${YUM_REPOS_D_FETCHED}")
VOLUME_MOUNTS+=(--volume "${mount_point}:${YUM_REPOS_D_TARGET}")
fi
Expand Down Expand Up @@ -552,7 +552,7 @@ spec:
unshare -Uf "${UNSHARE_ARGS[@]}" --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -w "${SOURCE_CODE_DIR}/$CONTEXT" -- sh -c "$command"
container=$(buildah from --pull-never "$IMAGE")
buildah mount $container | tee /shared/container_path
buildah mount "$container" | tee /shared/container_path
# delete symlinks - they may point outside the container rootfs, messing with SBOM scanners
find $(cat /shared/container_path) -xtype l -delete
echo $container >/shared/container_name
Expand Down
18 changes: 9 additions & 9 deletions task/buildah-remote/0.2/buildah-remote.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -289,14 +289,14 @@ spec:
echo "Fetch Dockerfile from $DOCKERFILE"
dockerfile_path=$(mktemp --suffix=-Dockerfile)
http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path" "$DOCKERFILE")
if [ $http_code != 200 ]; then
if [ "$http_code" != 200 ]; then
echo "No Dockerfile is fetched. Server responds $http_code"
exit 1
fi
http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path.dockerignore.tmp" "$DOCKERFILE.dockerignore")
if [ $http_code = 200 ]; then
if [ "$http_code" = 200 ]; then
echo "Fetched .dockerignore from $DOCKERFILE.dockerignore"
mv "$dockerfile_path.dockerignore.tmp" $SOURCE_CODE_DIR/$CONTEXT/.dockerignore
mv "$dockerfile_path.dockerignore.tmp" "$SOURCE_CODE_DIR/$CONTEXT/.dockerignore"
fi
else
echo "Cannot find Dockerfile $DOCKERFILE"
Expand Down Expand Up @@ -372,7 +372,7 @@ spec:
UNSHARE_ARGS+=("--net")
for image in $BASE_IMAGES; do
unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image
unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull "$image"
done
echo "Build will be executed with network isolation"
fi
Expand Down Expand Up @@ -419,14 +419,14 @@ spec:
# if yum repofiles stored in git, copy them to mount point outside the source dir
if [ -d "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}" ]; then
mkdir -p ${YUM_REPOS_D_FETCHED}
cp -r ${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}/* ${YUM_REPOS_D_FETCHED}
mkdir -p "${YUM_REPOS_D_FETCHED}"
cp -r "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}"/* "${YUM_REPOS_D_FETCHED}"
fi
# if anything in the repofiles mount point (either fetched or from git), mount it
if [ -d "${YUM_REPOS_D_FETCHED}" ]; then
chmod -R go+rwX ${YUM_REPOS_D_FETCHED}
mount_point=$(realpath ${YUM_REPOS_D_FETCHED})
chmod -R go+rwX "${YUM_REPOS_D_FETCHED}"
mount_point=$(realpath "${YUM_REPOS_D_FETCHED}")
VOLUME_MOUNTS+=(--volume "${mount_point}:${YUM_REPOS_D_TARGET}")
fi
Expand Down Expand Up @@ -531,7 +531,7 @@ spec:
unshare -Uf "${UNSHARE_ARGS[@]}" --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -w "${SOURCE_CODE_DIR}/$CONTEXT" -- sh -c "$command"
container=$(buildah from --pull-never "$IMAGE")
buildah mount $container | tee /shared/container_path
buildah mount "$container" | tee /shared/container_path
# delete symlinks - they may point outside the container rootfs, messing with SBOM scanners
find $(cat /shared/container_path) -xtype l -delete
echo $container > /shared/container_name
Expand Down
18 changes: 9 additions & 9 deletions task/buildah/0.2/buildah.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -210,14 +210,14 @@ spec:
echo "Fetch Dockerfile from $DOCKERFILE"
dockerfile_path=$(mktemp --suffix=-Dockerfile)
http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path" "$DOCKERFILE")
if [ $http_code != 200 ]; then
if [ "$http_code" != 200 ]; then
echo "No Dockerfile is fetched. Server responds $http_code"
exit 1
fi
http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path.dockerignore.tmp" "$DOCKERFILE.dockerignore")
if [ $http_code = 200 ]; then
if [ "$http_code" = 200 ]; then
echo "Fetched .dockerignore from $DOCKERFILE.dockerignore"
mv "$dockerfile_path.dockerignore.tmp" $SOURCE_CODE_DIR/$CONTEXT/.dockerignore
mv "$dockerfile_path.dockerignore.tmp" "$SOURCE_CODE_DIR/$CONTEXT/.dockerignore"
fi
else
echo "Cannot find Dockerfile $DOCKERFILE"
Expand Down Expand Up @@ -293,7 +293,7 @@ spec:
UNSHARE_ARGS+=("--net")
for image in $BASE_IMAGES; do
unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image
unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull "$image"
done
echo "Build will be executed with network isolation"
fi
Expand Down Expand Up @@ -340,14 +340,14 @@ spec:
# if yum repofiles stored in git, copy them to mount point outside the source dir
if [ -d "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}" ]; then
mkdir -p ${YUM_REPOS_D_FETCHED}
cp -r ${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}/* ${YUM_REPOS_D_FETCHED}
mkdir -p "${YUM_REPOS_D_FETCHED}"
cp -r "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}"/* "${YUM_REPOS_D_FETCHED}"
fi
# if anything in the repofiles mount point (either fetched or from git), mount it
if [ -d "${YUM_REPOS_D_FETCHED}" ]; then
chmod -R go+rwX ${YUM_REPOS_D_FETCHED}
mount_point=$(realpath ${YUM_REPOS_D_FETCHED})
chmod -R go+rwX "${YUM_REPOS_D_FETCHED}"
mount_point=$(realpath "${YUM_REPOS_D_FETCHED}")
VOLUME_MOUNTS+=(--volume "${mount_point}:${YUM_REPOS_D_TARGET}")
fi
Expand Down Expand Up @@ -452,7 +452,7 @@ spec:
unshare -Uf "${UNSHARE_ARGS[@]}" --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -w "${SOURCE_CODE_DIR}/$CONTEXT" -- sh -c "$command"
container=$(buildah from --pull-never "$IMAGE")
buildah mount $container | tee /shared/container_path
buildah mount "$container" | tee /shared/container_path
# delete symlinks - they may point outside the container rootfs, messing with SBOM scanners
find $(cat /shared/container_path) -xtype l -delete
echo $container > /shared/container_name
Expand Down

0 comments on commit 244c039

Please sign in to comment.