check the version format

s
kyma-project · Dec 18, 2023 · 02a8aff · 02a8aff
1 parent cb6091d
commit 02a8aff
Show file tree

Hide file tree

Showing 5 changed files with 80 additions and 7 deletions.
diff --git a/.github/scripts/check_sec-scanner-info.sh b/.github/scripts/check_sec-scanner-info.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+##############################
+# Check tags in security-scan-config.yaml
+# Image Tag, rc-tag
+##############################
+
+
+# Get release version
+DESIRED_TAG="${1:-"main"}"
+
+# Get eventing-manager tag from sec-scanners-config.yaml
+SEC_SCAN_TO_CHECK="${2:-europe-docker.pkg.dev/kyma-project/prod/eventing-manager}"
+IMAGE_TAG=$(cat sec-scanners-config.yaml | grep "${SEC_SCAN_TO_CHECK}" | cut -d : -f 2)
+
+# Get rc-tag
+RC_TAG_TO_CHECK="${3:-rc-tag}"
+RC_TAG=$(cat sec-scanners-config.yaml | grep "${RC_TAG_TO_CHECK}" | cut -d : -f 2 | xargs)
+
+# Check IMAGE_TAG and required image tag
+if [[ "$IMAGE_TAG" != "$DESIRED_TAG" ]] || [[ "$RC_TAG" != "$DESIRED_TAG" ]]; then
+  # ERROR: Tag issue
+  echo "Tags are not correct:
+  - wanted: $DESIRED_TAG
+  - security-scanner image tag: $IMAGE_TAG
+  - rc-tag: $RC_TAG"
+  exit 1
+fi
+
+# OK: Everything is fine
+echo "Tags are correct"
+exit 0
diff --git a/.github/scripts/check_tag_does_not_exist.sh b/.github/scripts/check_tag_does_not_exist.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+set -eu # stop on error and on missing variable.
+
+# This script checks that the TAG arg does not exist, already.
+
+TAG="$1"
+
+if [ $(git tag -l $TAG) ]; then
+	echo "Error; tag $TAG already exists"
+	exit 1
+else
+	echo "tag $TAG does not exist"
+fi
diff --git a/.github/scripts/check_version_format.sh b/.github/scripts/check_version_format.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+set -eu
+
+# This script checks that the VERSION arg does follow the pattern x.y.z where x, y and z are integers.
+
+TAG="$1"
+
+if [[ $TAG =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+	echo "Version format is valid"
+else
+	echo "Version format is invalid"
+	exit 1
+fi
diff --git a/.github/scripts/verify_is_on_release_branch.sh b/.github/scripts/verify_is_on_release_branch.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+# This script verifies, that the current branch name starts with 'release-'
+
+CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
+if [[ "$CURRENT_BRANCH" == release-* ]]; then
+	echo "Branch name starts with 'release-'."
+else
+	echo "Branch name does not start with 'release-'."
+	exit 1
+fi
diff --git a/.github/workflows/create-release.yaml b/.github/workflows/create-release.yaml
@@ -12,21 +12,23 @@ jobs:
   verify-head-status:
     name: Verify release
     runs-on: ubuntu-latest
-
     steps:
+      - name: Check version follows x.y.z pattern.
+        run: ./.github/scripts/check_version_format.sh ${{ github.event.inputs.name }}
+
       - name: Checkout code
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - name: Check tag
-        run: ./scripts/check_release_tag.sh ${{ github.event.inputs.name }}
+      - name: Verify that the current branch has a name that starts with 'release-'
+        run: ./.github/scripts/verify_is_on_release_branch.sh
 
-      - name: Check image
-        run: ./scripts/check_image.sh ${{ github.ref_name }}
+      - name: Check sec-scanner-config.yaml
+        run: ./.github/scripts/check_sec-scanner-info.sh
 
-      - name: Verify
-        run: ./scripts/verify-status.sh ${{ github.ref_name }}
+      - name: Verify that the tag does not exist
+        run: ./.github/scripts/check_tag_does_not_exist.sh ${{ github.event.inputs.name }}
 
   create-draft:
     name: Create draft release