fix checkton issues

task/fbc-related-image-check/0.1/fbc-related-image-check.yaml

@@ -26,17 +26,20 @@ spec:
     script: |
       #!/usr/bin/env bash
       set -euo pipefail
+      # shellcheck source=/dev/null
       source /utils.sh
       trap 'handle_error $(results.TEST_OUTPUT.path)' EXIT
 
       FAILEDIMAGES=""
+      # shellcheck disable=SC2046
       catalog="$(opm render $(workspaces.workspace.path)/hacbs/fbc-validation/confdir/)"
 
       # OPM generates catalog file in a way that yaml file could contain stream of JSON objects
       # thats why we need jq in for this situation, because yq can't parse this file
       # however there is also posibility that catalog.yaml has yaml data in it
 
       status=0
+      # shellcheck disable=SC2086
       relImgs="$(jq -r '.relatedImages[]?.image' <<< ${catalog})" || status=$?
       if [ $status -ne 0 ]; then
         echo "Could not get related images. Make sure catalog.yaml exists in FBC fragment image and it is valid .yaml or .json format."

task/fbc-related-image-check/0.2/fbc-related-image-check.yaml

@@ -26,17 +26,20 @@ spec:
     script: |
       #!/usr/bin/env bash
       set -euo pipefail
+      # shellcheck source=/dev/null
       source /utils.sh
       trap 'handle_error $(results.TEST_OUTPUT.path)' EXIT
 
       FAILEDIMAGES=""
+      # shellcheck disable=SC2046
       catalog="$(opm render $(workspaces.workspace.path)/hacbs/fbc-validation/confdir/)"
 
       # OPM generates catalog file in a way that yaml file could contain stream of JSON objects
       # thats why we need jq in for this situation, because yq can't parse this file
       # however there is also posibility that catalog.yaml has yaml data in it
 
       status=0
+      # shellcheck disable=SC2086
       relImgs="$(jq -r '.relatedImages[]?.image' <<< ${catalog})" || status=$?
       if [ $status -ne 0 ]; then
         echo "Could not get related images. Make sure catalog.yaml exists in FBC fragment image and it is valid .yaml or .json format."

task/fbc-validation/0.1/fbc-validation.yaml

@@ -40,6 +40,7 @@ spec:
     script: |
       #!/usr/bin/env bash
       set -euo pipefail
+      # shellcheck source=/dev/null
       source /utils.sh
       trap 'handle_error $(results.TEST_OUTPUT.path)' EXIT
 
@@ -70,7 +71,7 @@ spec:
       done
 
       if [[ "${allowed}" == false ]]; then
-        echo "Base image ${BASE_IMAGE} is not allowed for the file based catalog image. Allowed images: ${ALLOWED_BASE_IMAGES}"
+        echo "Base image ${BASE_IMAGE} is not allowed for the file based catalog image. Allowed images: ${ALLOWED_BASE_IMAGES[*]}"
         note="Task $(context.task.name) failed: Base image ${BASE_IMAGE} is not allowed for the file based catalog image. For details, check Tekton task logs"
         TEST_OUTPUT=$(make_result_json -r FAILURE -f 1 -t "$note")
         echo "${TEST_OUTPUT}" | tee "$(results.TEST_OUTPUT.path)"
@@ -135,6 +136,7 @@ spec:
         exit 0
       fi
 
+      # shellcheck disable=SC2086
       if [ -z "$(ls -A .$conffolder)" ]; then
         echo "$conffolder is missing catalog file."
         TEST_OUTPUT="$(make_result_json -r ERROR)"
@@ -143,11 +145,12 @@ spec:
         exit 0
       fi
       # copy content of conffolder to confdir - will be used in next task - related image check
-      cp -r .$conffolder/* $(workspaces.workspace.path)/hacbs/$(context.task.name)/confdir
+      # shellcheck disable=SC2086
+      cp -r .$conffolder/* "$(workspaces.workspace.path)/hacbs/$(context.task.name)/confdir"
 
       EXTRACT_DIR="/extracted_base_img"
       mkdir "${EXTRACT_DIR}"
-      if ! oc image extract ${BASE_IMAGE} --path /:"${EXTRACT_DIR}"; then
+      if ! oc image extract "${BASE_IMAGE}" --path /:"${EXTRACT_DIR}"; then
         echo "Unable to extract opm binary"
         note="Task $(context.task.name) failed: Failed to extract base image with oc extract command, so it cannot validate extracted binaries.  For details, check Tekton task log."
         ERROR_OUTPUT=$(make_result_json -r ERROR -t "$note")

task/fbc-validation/0.2/fbc-validation.yaml

@@ -40,6 +40,7 @@ spec:
     script: |
       #!/usr/bin/env bash
       set -euo pipefail
+      # shellcheck source=/dev/null
       source /utils.sh
       trap 'handle_error $(results.TEST_OUTPUT.path)' EXIT
 
@@ -70,7 +71,7 @@ spec:
       done
 
       if [[ "${allowed}" == false ]]; then
-        echo "Base image ${BASE_IMAGE} is not allowed for the file based catalog image. Allowed images: ${ALLOWED_BASE_IMAGES}"
+        echo "Base image ${BASE_IMAGE} is not allowed for the file based catalog image. Allowed images: ${ALLOWED_BASE_IMAGES[*]}"
         note="Task $(context.task.name) failed: Base image ${BASE_IMAGE} is not allowed for the file based catalog image. For details, check Tekton task logs"
         TEST_OUTPUT=$(make_result_json -r FAILURE -f 1 -t "$note")
         echo "${TEST_OUTPUT}" | tee "$(results.TEST_OUTPUT.path)"
@@ -135,6 +136,7 @@ spec:
         exit 0
       fi
 
+      # shellcheck disable=SC2086
       if [ -z "$(ls -A .$conffolder)" ]; then
         echo "$conffolder is missing catalog file."
         TEST_OUTPUT="$(make_result_json -r ERROR)"
@@ -143,11 +145,12 @@ spec:
         exit 0
       fi
       # copy content of conffolder to confdir - will be used in next task - related image check
-      cp -r .$conffolder/* $(workspaces.workspace.path)/hacbs/$(context.task.name)/confdir
+      # shellcheck disable=SC2086
+      cp -r .$conffolder/* "$(workspaces.workspace.path)/hacbs/$(context.task.name)/confdir"
 
       EXTRACT_DIR="/extracted_base_img"
       mkdir "${EXTRACT_DIR}"
-      if ! oc image extract ${BASE_IMAGE} --path /:"${EXTRACT_DIR}"; then
+      if ! oc image extract "${BASE_IMAGE}" --path /:"${EXTRACT_DIR}"; then
         echo "Unable to extract opm binary"
         note="Task $(context.task.name) failed: Failed to extract base image with oc extract command, so it cannot validate extracted binaries.  For details, check Tekton task log."
         ERROR_OUTPUT=$(make_result_json -r ERROR -t "$note")