From 3c1c9f69f8319765e8444447873d715133fddbcf Mon Sep 17 00:00:00 2001 From: "Kiss, Tibor" Date: Wed, 13 Dec 2023 13:59:10 +0100 Subject: [PATCH] Check tags in security-scan-config.yaml --- .github/workflows/create-release.yml | 14 ++++++++--- scripts/check_image.sh | 19 --------------- scripts/check_tag_info.sh | 35 ++++++++++++++++++++++++++++ scripts/verify-status.sh | 2 ++ 4 files changed, 48 insertions(+), 22 deletions(-) delete mode 100755 scripts/check_image.sh create mode 100755 scripts/check_tag_info.sh diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 1df97f57..0c1fb43a 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -14,13 +14,21 @@ jobs: runs-on: ubuntu-latest steps: + - name: Verify that the current branch has a name that starts with 'release-' + run: | + CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD) + if [[ "$CURRENT_BRANCH" == release-* ]]; then + echo "Branch name starts with 'release-'." + else + echo "Branch name does not start with 'release-'." + exit 1 + fi - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 - - - name: Check image - run: ./scripts/check_image.sh ${{ github.ref_name }} + - name: Check image Tag + run: ./scripts/check_tag_info.sh ${{ github.ref_name }} - name: Verify prow post jobs run: ./scripts/verify-status.sh ${{ github.ref_name }} diff --git a/scripts/check_image.sh b/scripts/check_image.sh deleted file mode 100755 index 56e2762b..00000000 --- a/scripts/check_image.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env bash - -# Get release version -DESIRED_TAG="${1:-"main"}" - -# Get eventing-manager tag from sec-scanners-config.yaml -IMAGE_TO_CHECK="${2:-europe-docker.pkg.dev/kyma-project/prod/eventing-manager}" -BUMPED_IMAGE_TAG=$(cat sec-scanners-config.yaml | grep "${IMAGE_TO_CHECK}" | cut -d : -f 2) - -# Check BUMPED_IMAGE_TAG and required image tag -if [[ "$BUMPED_IMAGE_TAG" != "$DESIRED_TAG" ]]; then - # ERROR: Tag issue - echo "Tags are not correct: wanted $DESIRED_TAG but got $BUMPED_IMAGE_TAG" - exit 1 -fi - -# OK: Everything is fine -echo "Tags are correct" -exit 0 diff --git a/scripts/check_tag_info.sh b/scripts/check_tag_info.sh new file mode 100755 index 00000000..d28eda7f --- /dev/null +++ b/scripts/check_tag_info.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env bash + +############################## +# Check tags in security-scan-config.yaml +# Image Tag, rc-tag +############################## + + +# Get release version +DESIRED_TAG="${1:-"main"}" + +# Get eventing-manager tag from sec-scanners-config.yaml +SEC_SCAN_TO_CHECK="${2:-europe-docker.pkg.dev/kyma-project/prod/eventing-manager}" +# Get rc-tag +RC_TAG_TO_CHECK="${3:-rc-tag}" + +IMAGE_TAG=$(cat sec-scanners-config.yaml | grep "${SEC_SCAN_TO_CHECK}" | cut -d : -f 2) +RC_TAG=$(cat sec-scanners-config.yaml | grep "${RC_TAG_TO_CHECK}" | cut -d : -f 2) + +echo $RC_TAG +echo $IMAGE_TAG + +# Check IMAGE_TAG and required image tag +if [[ "$IMAGE_TAG" != "$DESIRED_TAG" ]] || [[ "$RC_TAG" != "$DESIRED_TAG" ]]; then + # ERROR: Tag issue + echo "Tags are not correct: + - wanted $DESIRED_TAG + - securoty-scanner image tag: $IMAGE_TAG + - rc-tag: $RC_TAG" + exit 1 +fi + +# OK: Everything is fine +echo "Tags are correct" +exit 0 diff --git a/scripts/verify-status.sh b/scripts/verify-status.sh index d247bd7a..a0c36279 100755 --- a/scripts/verify-status.sh +++ b/scripts/verify-status.sh @@ -49,6 +49,8 @@ function retry { } +# Initial wait +sleep 10 # Call retry function retry while [ "$fullstatus" == "pending" ]; do