From 02a8affd051ae5bd8e1ba060c6cb512612772271 Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Mon, 18 Dec 2023 18:54:14 +0100 Subject: [PATCH] check the version format s --- .github/scripts/check_sec-scanner-info.sh | 32 +++++++++++++++++++ .github/scripts/check_tag_does_not_exist.sh | 14 ++++++++ .github/scripts/check_version_format.sh | 14 ++++++++ .../scripts/verify_is_on_release_branch.sh | 11 +++++++ .github/workflows/create-release.yaml | 16 ++++++---- 5 files changed, 80 insertions(+), 7 deletions(-) create mode 100755 .github/scripts/check_sec-scanner-info.sh create mode 100755 .github/scripts/check_tag_does_not_exist.sh create mode 100755 .github/scripts/check_version_format.sh create mode 100755 .github/scripts/verify_is_on_release_branch.sh diff --git a/.github/scripts/check_sec-scanner-info.sh b/.github/scripts/check_sec-scanner-info.sh new file mode 100755 index 00000000..28a5c8b9 --- /dev/null +++ b/.github/scripts/check_sec-scanner-info.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash + +############################## +# Check tags in security-scan-config.yaml +# Image Tag, rc-tag +############################## + + +# Get release version +DESIRED_TAG="${1:-"main"}" + +# Get eventing-manager tag from sec-scanners-config.yaml +SEC_SCAN_TO_CHECK="${2:-europe-docker.pkg.dev/kyma-project/prod/eventing-manager}" +IMAGE_TAG=$(cat sec-scanners-config.yaml | grep "${SEC_SCAN_TO_CHECK}" | cut -d : -f 2) + +# Get rc-tag +RC_TAG_TO_CHECK="${3:-rc-tag}" +RC_TAG=$(cat sec-scanners-config.yaml | grep "${RC_TAG_TO_CHECK}" | cut -d : -f 2 | xargs) + +# Check IMAGE_TAG and required image tag +if [[ "$IMAGE_TAG" != "$DESIRED_TAG" ]] || [[ "$RC_TAG" != "$DESIRED_TAG" ]]; then + # ERROR: Tag issue + echo "Tags are not correct: + - wanted: $DESIRED_TAG + - security-scanner image tag: $IMAGE_TAG + - rc-tag: $RC_TAG" + exit 1 +fi + +# OK: Everything is fine +echo "Tags are correct" +exit 0 diff --git a/.github/scripts/check_tag_does_not_exist.sh b/.github/scripts/check_tag_does_not_exist.sh new file mode 100755 index 00000000..df5470b6 --- /dev/null +++ b/.github/scripts/check_tag_does_not_exist.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +set -eu # stop on error and on missing variable. + +# This script checks that the TAG arg does not exist, already. + +TAG="$1" + +if [ $(git tag -l $TAG) ]; then + echo "Error; tag $TAG already exists" + exit 1 +else + echo "tag $TAG does not exist" +fi diff --git a/.github/scripts/check_version_format.sh b/.github/scripts/check_version_format.sh new file mode 100755 index 00000000..14623526 --- /dev/null +++ b/.github/scripts/check_version_format.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +set -eu + +# This script checks that the VERSION arg does follow the pattern x.y.z where x, y and z are integers. + +TAG="$1" + +if [[ $TAG =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "Version format is valid" +else + echo "Version format is invalid" + exit 1 +fi diff --git a/.github/scripts/verify_is_on_release_branch.sh b/.github/scripts/verify_is_on_release_branch.sh new file mode 100755 index 00000000..7730282f --- /dev/null +++ b/.github/scripts/verify_is_on_release_branch.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +# This script verifies, that the current branch name starts with 'release-' + +CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD) +if [[ "$CURRENT_BRANCH" == release-* ]]; then + echo "Branch name starts with 'release-'." +else + echo "Branch name does not start with 'release-'." + exit 1 +fi diff --git a/.github/workflows/create-release.yaml b/.github/workflows/create-release.yaml index 6b5a1a80..c6c3a038 100644 --- a/.github/workflows/create-release.yaml +++ b/.github/workflows/create-release.yaml @@ -12,21 +12,23 @@ jobs: verify-head-status: name: Verify release runs-on: ubuntu-latest - steps: + - name: Check version follows x.y.z pattern. + run: ./.github/scripts/check_version_format.sh ${{ github.event.inputs.name }} + - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Check tag - run: ./scripts/check_release_tag.sh ${{ github.event.inputs.name }} + - name: Verify that the current branch has a name that starts with 'release-' + run: ./.github/scripts/verify_is_on_release_branch.sh - - name: Check image - run: ./scripts/check_image.sh ${{ github.ref_name }} + - name: Check sec-scanner-config.yaml + run: ./.github/scripts/check_sec-scanner-info.sh - - name: Verify - run: ./scripts/verify-status.sh ${{ github.ref_name }} + - name: Verify that the tag does not exist + run: ./.github/scripts/check_tag_does_not_exist.sh ${{ github.event.inputs.name }} create-draft: name: Create draft release