|
| 1 | +#!/usr/bin/bash |
| 2 | + |
| 3 | +set -euo pipefail |
| 4 | + |
| 5 | + |
| 6 | +function check_images() { |
| 7 | + context=${1} |
| 8 | + source_file="${PWD}/${2}" |
| 9 | + images_file="${PWD}/${3}" |
| 10 | + |
| 11 | + errors="$PWD/errors.txt" |
| 12 | + [[ -e "${errors}" ]] && rm "${errors}" |
| 13 | + [[ -d repos ]] && rm -r repos |
| 14 | + [[ -d images ]] && rm -r images |
| 15 | + mkdir repos |
| 16 | + mkdir images |
| 17 | + |
| 18 | + while read -r image; do |
| 19 | + echo "Checking ${image}" |
| 20 | + if [[ "${image}" != *"openshift-pipeline"* ]] && [[ "${image}" != *"tekton"* ]]; then |
| 21 | + echo "Skipping ${image}, not an openshift pipelines image" |
| 22 | + continue |
| 23 | + fi |
| 24 | + |
| 25 | + image_data=$(skopeo inspect --config "docker://${image}" || echo '{}') |
| 26 | + if [[ "${image_data}" == '{}' ]]; then |
| 27 | + grep -n "${image}" "${source_file}" | cut -d ':' -f1| while read -r line_no; do |
| 28 | + echo "::error file=${source_file},line=${line_no},title=Missing image in ${context}::Could not fetch ${image}" |
| 29 | + done |
| 30 | + |
| 31 | + echo "- Image ${image} not found" >> "${errors}" |
| 32 | + continue |
| 33 | + fi |
| 34 | + labels=$(echo "${image_data}" | jq '.config.Labels') |
| 35 | + repository=$(echo -n "${labels}" | jq -r '.["io.openshift.build.source-location"]') |
| 36 | + revision=$(echo -n "${labels}" | jq -r '.["io.openshift.build.commit.id"]') |
| 37 | + if [[ -z "${repository}" ]]; then |
| 38 | + echo "Unable to find source location for ${image}" |
| 39 | + else |
| 40 | + repository=$(echo "${repository}" | cut -d '/' -f 4- | tr '/' '_') |
| 41 | + fi |
| 42 | + echo "${revision}" >> "repos/${repository}" |
| 43 | + echo "${image}" >> "images/${revision}" |
| 44 | + done < "${images_file}" |
| 45 | + |
| 46 | + # Separate fetching errors from validation errors |
| 47 | + [[ -e "${errors}" ]] && echo -e "\n---\n" >> "${errors}" |
| 48 | + |
| 49 | + pushd repos |
| 50 | + trap "popd" RETURN |
| 51 | + for repo in *; do |
| 52 | + revisions="$(sort "${repo}"| uniq)" |
| 53 | + |
| 54 | + if [[ "$(echo "${revisions}" | wc -l)" -ne "1" ]]; then |
| 55 | + echo "## ${repo} has images from multiple revisions:" | tee -a "$errors" |
| 56 | + echo "${revisions}" | while read -r revision; do |
| 57 | + all_images=$(sort "../images/${revision}" | uniq) |
| 58 | + all_revisions_oneline=$(echo "${revisions}" | xargs) |
| 59 | + echo -e "### Revision ${revision}:" | tee -a "$errors" |
| 60 | + echo "${all_images}" | sed 's/^/- image `/g; s/$/`/g' | tee -a "${errors}" |
| 61 | + echo "${all_images}" | while read -r image; do |
| 62 | + grep -n "${image}" "${source_file}" | cut -d ':' -f1 | while read -r line_no; do |
| 63 | + echo "::warning file=${source_file},line=${line_no},title=Inconsistent source commits::repository: ${repo}, revision: ${revision}, images reference revisions: ${all_revisions_oneline}" |
| 64 | + done |
| 65 | + done |
| 66 | + done |
| 67 | + fi |
| 68 | + done |
| 69 | + |
| 70 | + if [[ -e "${errors}" ]]; then |
| 71 | + echo "# Errors detected in ${context}" | tee -a "${GITHUB_STEP_SUMMARY}" |
| 72 | + tee -a "${GITHUB_STEP_SUMMARY}" < "${errors}" |
| 73 | + fi |
| 74 | +} |
| 75 | + |
| 76 | +echo "::group:: Checking project.yaml" |
| 77 | +yq eval '.images[].value' project.yaml | sort | uniq > images.txt |
| 78 | +check_images "project.yaml" project.yaml images.txt |
| 79 | +echo "::endgroup::" |
| 80 | + |
| 81 | + |
| 82 | +echo "::group:: Checking Cluster Service Version" |
| 83 | +yq eval '.spec.relatedImages[].image' .konflux/olm-catalog/bundle/manifests/openshift-pipelines-operator-rh.clusterserviceversion.yaml | sort | uniq > csv_images.txt |
| 84 | +check_images "cluster service version" .konflux/olm-catalog/bundle/manifests/openshift-pipelines-operator-rh.clusterserviceversion.yaml csv_images.txt |
| 85 | +echo "::endgroup::" |
| 86 | + |
| 87 | +if [ -s "${GITHUB_STEP_SUMMARY}" ]; then |
| 88 | + exit 1 |
| 89 | +fi |
0 commit comments