Check tags in security-scan-config.yaml

kyma-project · Dec 13, 2023 · 3c1c9f6 · 3c1c9f6
1 parent e21f410
commit 3c1c9f6
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 22 deletions.
diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml
@@ -14,13 +14,21 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+      - name: Verify that the current branch has a name that starts with 'release-'
+        run: |
+          CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
+          if [[ "$CURRENT_BRANCH" == release-* ]]; then
+            echo "Branch name starts with 'release-'."
+          else
+            echo "Branch name does not start with 'release-'."
+            exit 1
+          fi  
       - name: Checkout code
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-
-      - name: Check image
-        run: ./scripts/check_image.sh ${{ github.ref_name }}
+      - name: Check image Tag
+        run: ./scripts/check_tag_info.sh ${{ github.ref_name }}
 
       - name: Verify prow post jobs
         run: ./scripts/verify-status.sh ${{ github.ref_name }}

diff --git a/scripts/check_image.sh b/scripts/check_image.sh
diff --git a/scripts/check_tag_info.sh b/scripts/check_tag_info.sh
@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+
+##############################
+# Check tags in security-scan-config.yaml
+# Image Tag, rc-tag
+##############################
+
+
+# Get release version
+DESIRED_TAG="${1:-"main"}"
+
+# Get eventing-manager tag from sec-scanners-config.yaml
+SEC_SCAN_TO_CHECK="${2:-europe-docker.pkg.dev/kyma-project/prod/eventing-manager}"
+# Get rc-tag
+RC_TAG_TO_CHECK="${3:-rc-tag}"
+
+IMAGE_TAG=$(cat sec-scanners-config.yaml | grep "${SEC_SCAN_TO_CHECK}" | cut -d : -f 2)
+RC_TAG=$(cat sec-scanners-config.yaml | grep "${RC_TAG_TO_CHECK}" | cut -d : -f 2)
+
+echo $RC_TAG
+echo $IMAGE_TAG
+
+# Check IMAGE_TAG and required image tag
+if [[ "$IMAGE_TAG" != "$DESIRED_TAG" ]] || [[ "$RC_TAG" != "$DESIRED_TAG" ]]; then
+  # ERROR: Tag issue
+  echo "Tags are not correct:
+  - wanted $DESIRED_TAG
+  - securoty-scanner image tag: $IMAGE_TAG
+  - rc-tag: $RC_TAG"
+  exit 1
+fi
+
+# OK: Everything is fine
+echo "Tags are correct"
+exit 0
diff --git a/scripts/verify-status.sh b/scripts/verify-status.sh
@@ -49,6 +49,8 @@ function retry {
 
 }
 
+# Initial wait
+sleep 10
 # Call retry function
 retry
 while [ "$fullstatus" == "pending" ]; do