Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(KONFLUX-2742) add a file upload function #247

Closed
wants to merge 1 commit into from
Closed

feat(KONFLUX-2742) add a file upload function #247

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
FROM docker.io/snyk/snyk:linux@sha256:c7f21c3d71f64d592e427e78d5043375c9b93e304f70fdbbd8ca7306cbb0ba1f as snyk
FROM quay.io/enterprise-contract/ec-cli:snapshot@sha256:141a7cd25ce0d098b1e40fd75d6f75873f8709c5f96f6340993b269c56e3f387 AS ec-cli
FROM gcr.io/projectsigstore/cosign:v1.13.6@sha256:366bf5a7e882e9748e2b05f620258f8eab89ef4e3597001279291a88486c4fdf as cosign-bin
#FROM quay.io/konflux-ci/oras:latest as oras
FROM quay.io/redhat-user-workloads/ralphjbean-tenant/oras/oras:f281406da00d033e9f99a4d2010a66b69257972e as oras
FROM registry.access.redhat.com/ubi9/ubi-minimal:9.3-1612

# Note that the version of OPA used by pr-checks must be updated manually to reflect conftest updates
Expand Down Expand Up @@ -50,6 +52,7 @@ COPY --from=ec-cli /usr/bin/ec /usr/local/bin/ec

COPY --from=cosign-bin /ko-app/cosign /usr/local/bin/cosign

COPY --from=oras /usr/bin/oras /usr/local/bin/oras

COPY policies $POLICY_PATH
COPY test/conftest.sh $POLICY_PATH
Expand Down
49 changes: 48 additions & 1 deletion test/utils.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,13 +148,60 @@ parse_test_output() {
then
echo "Task $TEST_NAME failed because of the following issues:"
jq '.[].failures // []|map(.metadata.details.name) | unique' "$TEST_RESULT_FILE"
fi
fi
else
echo "Unsupported TEST_RESULT_FORMAT $TEST_RESULT_FORMAT"
exit 1
fi
}

# Push a file to quay registry
upload_file() {
# The artifact to which the file pertains
OCI_SUBJECT=$1
# The type of the file
MEDIA_TYPE=$2
# The suffix of the tag to push
SUFFIX=$3
# The file to upload
UPLOAD_FILE=$4

if [ -z "$OCI_SUBJECT" ]; then
echo "Missing parameter OCI_SUBJECT" >&2
exit 2
fi
if [ -z "$MEDIA_TYPE" ]; then
echo "Missing parameter MEDIA_TYPE" >&2
exit 2
fi
if [ -z "$SUFFIX" ]; then
echo "Missing parameter SUFFIX" >&2
exit 2
fi
if [ -z "$UPLOAD_FILE" ]; then
echo "Missing parameter UPLOAD_FILE" >&2
exit 2
fi

if [ ! -f "$UPLOAD_FILE" ]; then
echo "File ${UPLOAD_FILE} doesn't exist" >&2
exit 2
fi

if ! raw_inspect_output=$(skopeo inspect --no-tags docker://"${OCI_SUBJECT}"); then
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd not call it raw because it's without skopeo --raw option

echo "Failed to inspect ${OCI_SUBJECT}" >&2
exit 2
fi
if ! DIGEST=$(echo "${raw_inspect_output}" | jq -r .Digest | sed 's/:/-/'); then
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Which digest do we care about here? I't think it's only manifest digest, what should be done in case of index image?

skopeo inspect --raw docker://"${OCI_SUBJECT}" | sha256sum will work for all cases

echo "Failed to identify digest of ${OCI_SUBJECT}"
exit 2
fi

REPO=$(echo "$OCI_SUBJECT" | awk -F ':' '{ print $1 }' | awk -F '@' '{ print $1 }')

oras push --no-tty "${REPO}:${DIGEST}.${SUFFIX}" "${UPLOAD_FILE}:${MEDIA_TYPE}"
}

# The function will be used by the tekton tasks of build-definitions
# It need tekton result path as parameter when generating TEST_OUTPUT task result is needed
handle_error()
Expand Down
17 changes: 17 additions & 0 deletions unittests_bash/test_utils.bats
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,15 @@ setup() {
fi
}

oras() {
if [[ $1 == "push" && $2 == "--no-tty" && $3 == "valid-image-manifest-url:sha256-826def60fd1aa34f5090c9db60016773d91ecc324304d0ac3b01d.sarif" && $4 == "unittests_bash/data/sarif_successes.json:application/sarif+json" ]]; then
echo 'Pushed [registry] valid-image-manifest-url:sha256-826def60fd1aa34f5090c9db60016773d91ecc324304d0ac3b01d.sarif'
echo 'Digest: sha256:826def60fd1aa34f5090c9db60016773d91ecc324304d0ac3b01d'
else
echo 'Unrecognized call to mock oras'
return 1
fi
}
}

@test "Result: missing result" {
Expand Down Expand Up @@ -113,6 +122,14 @@ setup() {
test_json_eq "${EXPECTED_JSON}" "${TEST_OUTPUT}"
}

@test "ORAS upload: sarif file" {
TEST_OUTPUT=$(upload_file valid-image-manifest-url application/sarif+json sarif unittests_bash/data/sarif_successes.json)
EXPECTED_OUTPUT='Pushed [registry] valid-image-manifest-url:sha256-826def60fd1aa34f5090c9db60016773d91ecc324304d0ac3b01d.sarif
Digest: sha256:826def60fd1aa34f5090c9db60016773d91ecc324304d0ac3b01d'
/usr/bin/diff -u <(echo "$TEST_OUTPUT") <(echo "$EXPECTED_OUTPUT")
[[ "${EXPECTED_OUTPUT}" = "${TEST_OUTPUT}" ]]
}

@test "Get Image Index Manifests: missing IMAGE_URL" {
run get_image_manifests
[ "$status" -eq 2 ]
Expand Down
Loading