Skip to content

Commit

Permalink
Reformat TA Tasks with with the new version
Browse files Browse the repository at this point in the history 
Mostly whitespace changes.
  • Loading branch information
@zregvart @lcarva
zregvart authored and lcarva committed Oct 31, 2024
1 parent 72f3c79 commit 2f52cb7
Show file tree
Hide file tree
Showing 11 changed files with 122 additions and 122 deletions.
10 changes: 5 additions & 5 deletions task/buildah-oci-ta/0.1/buildah-oci-ta.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -328,9 +328,9 @@ spec:
# Read in the whole file (https://unix.stackexchange.com/questions/533277), then
# for each RUN ... line insert the cachi2.env command *after* any options like --mount
sed -E -i \
-e 'H;1h;$!d;x' \
-e 's@^\s*(run((\s|\\\n)+-\S+)*(\s|\\\n)+)@\1. /cachi2/cachi2.env \&\& \\\n @igM' \
"$dockerfile_path"
-e 'H;1h;$!d;x' \
-e 's@^\s*(run((\s|\\\n)+-\S+)*(\s|\\\n)+)@\1. /cachi2/cachi2.env \&\& \\\n @igM' \
"$dockerfile_path"
echo "Prefetched content will be made available"
prefetched_repo_for_my_arch="/tmp/cachi2/output/deps/rpm/$(uname -m)/repos.d/cachi2.repo"
Expand Down Expand Up @@ -562,8 +562,8 @@ spec:
docker://$IMAGE && break || status=$?
done
if [ "$status" -ne 0 ]; then
echo "Failed to push sbom image to registry after ${max_run} tries"
exit 1
echo "Failed to push sbom image to registry after ${max_run} tries"
exit 1
fi
cat "/var/workdir"/image-digest | tee $(results.IMAGE_DIGEST.path)
Expand Down
64 changes: 32 additions & 32 deletions task/buildah-oci-ta/0.2/buildah-oci-ta.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -318,28 +318,28 @@ spec:
LABELS=()
# Split `args` into two sets of arguments.
while [[ $# -gt 0 ]]; do
case $1 in
--build-args)
shift
# Note: this may result in multiple --build-arg=KEY=value flags with the same KEY being
# passed to buildah. In that case, the *last* occurrence takes precedence. This is why
# we append BUILD_ARGS after the content of the BUILD_ARGS_FILE - they take precedence.
while [[ $# -gt 0 && $1 != --* ]]; do
build_args+=("$1")
shift
case $1 in
--build-args)
shift
# Note: this may result in multiple --build-arg=KEY=value flags with the same KEY being
# passed to buildah. In that case, the *last* occurrence takes precedence. This is why
# we append BUILD_ARGS after the content of the BUILD_ARGS_FILE - they take precedence.
while [[ $# -gt 0 && $1 != --* ]]; do
build_args+=("$1")
shift
done
;;
--labels)
shift
while [[ $# -gt 0 && $1 != --* ]]; do
LABELS+=("--label" "$1")
shift
;;
--labels)
shift
while [[ $# -gt 0 && $1 != --* ]]; do
LABELS+=("--label" "$1")
shift
done
;;
*)
echo "unexpected argument: $1" >&2
exit 2
;;
;;
*)
echo "unexpected argument: $1" >&2
exit 2
;;
esac
done
Expand Down Expand Up @@ -393,9 +393,9 @@ spec:
# Read in the whole file (https://unix.stackexchange.com/questions/533277), then
# for each RUN ... line insert the cachi2.env command *after* any options like --mount
sed -E -i \
-e 'H;1h;$!d;x' \
-e 's@^\s*(run((\s|\\\n)+-\S+)*(\s|\\\n)+)@\1. /cachi2/cachi2.env \&\& \\\n @igM' \
"$dockerfile_copy"
-e 'H;1h;$!d;x' \
-e 's@^\s*(run((\s|\\\n)+-\S+)*(\s|\\\n)+)@\1. /cachi2/cachi2.env \&\& \\\n @igM' \
"$dockerfile_copy"
echo "Prefetched content will be made available"
prefetched_repo_for_my_arch="/tmp/cachi2/output/deps/rpm/$(uname -m)/repos.d/cachi2.repo"
Expand Down Expand Up @@ -490,13 +490,13 @@ spec:
declare IMAGE
buildah_cmd_array=(
buildah build
"${VOLUME_MOUNTS[@]}"
"${BUILDAH_ARGS[@]}"
"${LABELS[@]}"
--tls-verify="$TLSVERIFY" --no-cache
--ulimit nofile=4096:4096
-f "$dockerfile_copy" -t "$IMAGE" .
buildah build
"${VOLUME_MOUNTS[@]}"
"${BUILDAH_ARGS[@]}"
"${LABELS[@]}"
--tls-verify="$TLSVERIFY" --no-cache
--ulimit nofile=4096:4096
-f "$dockerfile_copy" -t "$IMAGE" .
)
buildah_cmd=$(printf "%q " "${buildah_cmd_array[@]}")
Expand Down Expand Up @@ -662,8 +662,8 @@ spec:
docker://$IMAGE && break || status=$?
done
if [ "$status" -ne 0 ]; then
echo "Failed to push sbom image to registry after ${max_run} tries"
exit 1
echo "Failed to push sbom image to registry after ${max_run} tries"
exit 1
fi
cat "/var/workdir"/image-digest | tee $(results.IMAGE_DIGEST.path)
Expand Down
10 changes: 5 additions & 5 deletions task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -352,9 +352,9 @@ spec:
# Read in the whole file (https://unix.stackexchange.com/questions/533277), then
# for each RUN ... line insert the cachi2.env command *after* any options like --mount
sed -E -i \
-e 'H;1h;$!d;x' \
-e 's@^\s*(run((\s|\\\n)+-\S+)*(\s|\\\n)+)@\1. /cachi2/cachi2.env \&\& \\\n @igM' \
"$dockerfile_path"
-e 'H;1h;$!d;x' \
-e 's@^\s*(run((\s|\\\n)+-\S+)*(\s|\\\n)+)@\1. /cachi2/cachi2.env \&\& \\\n @igM' \
"$dockerfile_path"
echo "Prefetched content will be made available"
prefetched_repo_for_my_arch="/tmp/cachi2/output/deps/rpm/$(uname -m)/repos.d/cachi2.repo"
Expand Down Expand Up @@ -650,8 +650,8 @@ spec:
docker://$IMAGE && break || status=$?
done
if [ "$status" -ne 0 ]; then
echo "Failed to push sbom image to registry after ${max_run} tries"
exit 1
echo "Failed to push sbom image to registry after ${max_run} tries"
exit 1
fi
cat "/var/workdir"/image-digest | tee $(results.IMAGE_DIGEST.path)
Expand Down
64 changes: 32 additions & 32 deletions task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -352,28 +352,28 @@ spec:
LABELS=()
# Split `args` into two sets of arguments.
while [[ $# -gt 0 ]]; do
case $1 in
--build-args)
shift
# Note: this may result in multiple --build-arg=KEY=value flags with the same KEY being
# passed to buildah. In that case, the *last* occurrence takes precedence. This is why
# we append BUILD_ARGS after the content of the BUILD_ARGS_FILE - they take precedence.
while [[ $# -gt 0 && $1 != --* ]]; do
build_args+=("$1")
shift
case $1 in
--build-args)
shift
# Note: this may result in multiple --build-arg=KEY=value flags with the same KEY being
# passed to buildah. In that case, the *last* occurrence takes precedence. This is why
# we append BUILD_ARGS after the content of the BUILD_ARGS_FILE - they take precedence.
while [[ $# -gt 0 && $1 != --* ]]; do
build_args+=("$1")
shift
done
;;
--labels)
shift
while [[ $# -gt 0 && $1 != --* ]]; do
LABELS+=("--label" "$1")
shift
;;
--labels)
shift
while [[ $# -gt 0 && $1 != --* ]]; do
LABELS+=("--label" "$1")
shift
done
;;
*)
echo "unexpected argument: $1" >&2
exit 2
;;
;;
*)
echo "unexpected argument: $1" >&2
exit 2
;;
esac
done
Expand Down Expand Up @@ -427,9 +427,9 @@ spec:
# Read in the whole file (https://unix.stackexchange.com/questions/533277), then
# for each RUN ... line insert the cachi2.env command *after* any options like --mount
sed -E -i \
-e 'H;1h;$!d;x' \
-e 's@^\s*(run((\s|\\\n)+-\S+)*(\s|\\\n)+)@\1. /cachi2/cachi2.env \&\& \\\n @igM' \
"$dockerfile_copy"
-e 'H;1h;$!d;x' \
-e 's@^\s*(run((\s|\\\n)+-\S+)*(\s|\\\n)+)@\1. /cachi2/cachi2.env \&\& \\\n @igM' \
"$dockerfile_copy"
echo "Prefetched content will be made available"
prefetched_repo_for_my_arch="/tmp/cachi2/output/deps/rpm/$(uname -m)/repos.d/cachi2.repo"
Expand Down Expand Up @@ -524,13 +524,13 @@ spec:
declare IMAGE
buildah_cmd_array=(
buildah build
"${VOLUME_MOUNTS[@]}"
"${BUILDAH_ARGS[@]}"
"${LABELS[@]}"
--tls-verify="$TLSVERIFY" --no-cache
--ulimit nofile=4096:4096
-f "$dockerfile_copy" -t "$IMAGE" .
buildah build
"${VOLUME_MOUNTS[@]}"
"${BUILDAH_ARGS[@]}"
"${LABELS[@]}"
--tls-verify="$TLSVERIFY" --no-cache
--ulimit nofile=4096:4096
-f "$dockerfile_copy" -t "$IMAGE" .
)
buildah_cmd=$(printf "%q " "${buildah_cmd_array[@]}")
Expand Down Expand Up @@ -780,8 +780,8 @@ spec:
docker://$IMAGE && break || status=$?
done
if [ "$status" -ne 0 ]; then
echo "Failed to push sbom image to registry after ${max_run} tries"
exit 1
echo "Failed to push sbom image to registry after ${max_run} tries"
exit 1
fi
cat "/var/workdir"/image-digest | tee $(results.IMAGE_DIGEST.path)
Expand Down
20 changes: 10 additions & 10 deletions task/oci-copy-oci-ta/0.1/oci-copy-oci-ta.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ spec:
host;x-amz-content-sha256;x-amz-date
$payload_digest
EOF
canonical_request=$(echo -n "$canonical_request" | head -c -1) # Strip trailing newline
canonical_request=$(echo -n "$canonical_request" | head -c -1) # Strip trailing newline
canonical_digest=$(echo -n "$canonical_request" | sha256sum | cut -d " " -f 1)
# Step 2: construct string to sign
Expand All @@ -169,7 +169,7 @@ spec:
${date%T*}/$region/s3/aws4_request
$canonical_digest
EOF
string_to_sign=$(echo -n "$string_to_sign" | head -c -1) # Strip trailing newline
string_to_sign=$(echo -n "$string_to_sign" | head -c -1) # Strip trailing newline
# Step 3: derive a signing key
startkey="AWS4${AWS_SECRET_ACCESS_KEY}"
Expand All @@ -183,11 +183,11 @@ spec:
authorization="AWS4-HMAC-SHA256 Credential=${AWS_ACCESS_KEY_ID}/${date%T*}/${region}/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=${signature}"
curl "${curl_args[@]}" \
-H "X-Amz-Date: ${date}" \
-H "X-Amz-Content-SHA256: $payload_digest" \
-H "Authorization: ${authorization}" \
--location "$url" \
-o "$file"
-H "X-Amz-Date: ${date}" \
-H "X-Amz-Content-SHA256: $payload_digest" \
-H "Authorization: ${authorization}" \
--location "$url" \
-o "$file"
elif [ -n "${BEARER_TOKEN:-}" ]; then
echo "Found bearer token. Using it for authentication."
curl "${curl_args[@]}" -H "Authorization: Bearer ${BEARER_TOKEN}" --location "$url" -o "$file"
Expand Down Expand Up @@ -228,9 +228,9 @@ spec:
echo "Ensuring that the empty blob exists, for the image manifest config."
echo -n "{}" | oras blob push \
--registry-config auth.json \
${REPO}@sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a \
--media-type application/vnd.oci.empty.v1+json --size 2 -
--registry-config auth.json \
${REPO}@sha256:44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a \
--media-type application/vnd.oci.empty.v1+json --size 2 -
for varfile in "/var/workdir"/vars/*; do
echo "Reading $varfile"
Expand Down
2 changes: 1 addition & 1 deletion task/prefetch-dependencies-oci-ta/0.1/prefetch-dependencies-oci-ta.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ spec:
# we need to drop 'goproxy_url' for safety reasons until cachi2 decides what the SBOM
# impact of this configuration option will be:
# https://github.com/containerbuildsystem/cachi2/issues/577
yq 'del(.goproxy_url)' <<<"${CONFIG_FILE_CONTENT}" >/mnt/config/config.yaml
yq 'del(.goproxy_url)' <<<"${CONFIG_FILE_CONTENT}" >/mnt/config/config.yaml
fi
- name: prefetch-dependencies
image: quay.io/redhat-appstudio/cachi2:0.11.0@sha256:1051a8e55f4b6dddb5591ac103644e1d45b2367cffe50ba900418939aace0fb2
Expand Down
2 changes: 1 addition & 1 deletion task/push-dockerfile-oci-ta/0.1/push-dockerfile-oci-ta.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,4 +112,4 @@ spec:
--registry-config "$auth_json" \
--artifact-type "$ARTIFACT_TYPE" \
"$dockerfile_image" "$(basename $dockerfile_for_upload_path)" |
yq '.reference' | tr -d '\r\n' >"$IMAGE_REF_RESULT"
yq '.reference' | tr -d '\r\n' >"$IMAGE_REF_RESULT"
4 changes: 2 additions & 2 deletions task/sast-snyk-check-oci-ta/0.1/sast-snyk-check-oci-ta.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ spec:
if [[ "$SNYK_EXIT_CODE" -eq 0 ]] || [[ "$SNYK_EXIT_CODE" -eq 1 ]]; then
cat sast_snyk_check_out.json
TEST_OUTPUT=
parse_test_output $(context.task.name) sarif sast_snyk_check_out.json || true
parse_test_output $(context.task.name) sarif sast_snyk_check_out.json || true
# When the test is skipped, the "SNYK_EXIT_CODE" is 3 and it can also be 3 in some other situation
elif [[ "$test_not_skipped" -eq 0 ]]; then
Expand All @@ -126,7 +126,7 @@ spec:
UPLOAD_FILE=sast_snyk_check_out.json
MEDIA_TYPE=application/sarif+json
if [ -z "${IMAGE_URL}" ] || [ -z "${IMAGE_DIGEST}" ]; then
if [ -z "${IMAGE_URL}" ] || [ -z "${IMAGE_DIGEST}" ]; then
echo 'No image-url or image-digest param provided. Skipping upload.'
exit 0
fi
Expand Down
4 changes: 2 additions & 2 deletions task/sast-snyk-check-oci-ta/0.2/sast-snyk-check-oci-ta.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ spec:
if [[ "$SNYK_EXIT_CODE" -eq 0 ]] || [[ "$SNYK_EXIT_CODE" -eq 1 ]]; then
cat sast_snyk_check_out.json
TEST_OUTPUT=
parse_test_output $(context.task.name) sarif sast_snyk_check_out.json || true
parse_test_output $(context.task.name) sarif sast_snyk_check_out.json || true
# When the test is skipped, the "SNYK_EXIT_CODE" is 3 and it can also be 3 in some other situation
elif [[ "$test_not_skipped" -eq 0 ]]; then
Expand All @@ -134,7 +134,7 @@ spec:
UPLOAD_FILE=sast_snyk_check_out.json
MEDIA_TYPE=application/sarif+json
if [ -z "${IMAGE_URL}" ] || [ -z "${IMAGE_DIGEST}" ]; then
if [ -z "${IMAGE_URL}" ] || [ -z "${IMAGE_DIGEST}" ]; then
echo 'No image-url or image-digest param provided. Skipping upload.'
exit 0
fi
Expand Down
28 changes: 14 additions & 14 deletions task/sast-snyk-check-oci-ta/0.3/sast-snyk-check-oci-ta.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ spec:
trap 'handle_error $(results.TEST_OUTPUT.path)' EXIT
if [[ -z "${PROJECT_NAME}" ]]; then
PROJECT_NAME=${COMPONENT_LABEL}
PROJECT_NAME=${COMPONENT_LABEL}
fi
echo "The PROJECT_NAME used is: ${PROJECT_NAME}"
Expand Down Expand Up @@ -176,8 +176,8 @@ spec:
if [[ "$SNYK_EXIT_CODE" -eq 0 ]] || [[ "$SNYK_EXIT_CODE" -eq 1 ]]; then
# In order to generate csdiff/v1, we need to add the whole path of the source code as Snyk only provides an URI to embed the context
(cd "${SOURCE_CODE_DIR}" && csgrep --mode=json --embed-context=3 "${SOURCE_CODE_DIR}"/sast_snyk_check_out.json) |
csgrep --mode=json --strip-path-prefix="source/" \
(cd "${SOURCE_CODE_DIR}" && csgrep --mode=json --embed-context=3 "${SOURCE_CODE_DIR}"/sast_snyk_check_out.json) |
csgrep --mode=json --strip-path-prefix="source/" \
>sast_snyk_check_out_all_findings.json
echo "Results:"
Expand Down Expand Up @@ -218,7 +218,7 @@ spec:
csgrep --mode=sarif filtered_sast_snyk_check_out.json >sast_snyk_check_out.sarif
TEST_OUTPUT=
parse_test_output "$(context.task.name)" sarif sast_snyk_check_out.sarif || true
parse_test_output "$(context.task.name)" sarif sast_snyk_check_out.sarif || true
# When the test is skipped, the "SNYK_EXIT_CODE" is 3 and it can also be 3 in some other situation
elif [[ "$test_not_skipped" -eq 0 ]]; then
Expand Down Expand Up @@ -247,17 +247,17 @@ spec:
UPLOAD_FILES="sast_snyk_check_out.sarif excluded-findings.json"
for UPLOAD_FILE in ${UPLOAD_FILES}; do
if [ ! -f "${UPLOAD_FILE}" ]; then
echo "No ${UPLOAD_FILE} exists. Skipping upload."
continue
if [ ! -f "${UPLOAD_FILE}" ]; then
echo "No ${UPLOAD_FILE} exists. Skipping upload."
continue
fi
if [ "${UPLOAD_FILES}" == "excluded-findings.json" ]; then
MEDIA_TYPE=application/json
if [ "${UPLOAD_FILES}" == "excluded-findings.json" ]; then
MEDIA_TYPE=application/json
else
MEDIA_TYPE=application/sarif+json
MEDIA_TYPE=application/sarif+json
fi
echo "Selecting auth"
select-oci-auth "${IMAGE_URL}" >"${HOME}/auth.json"
echo "Attaching to ${IMAGE_URL}"
oras attach --no-tty --registry-config "$HOME/auth.json" --artifact-type "${MEDIA_TYPE}" "${IMAGE_URL}" "${UPLOAD_FILE}:${MEDIA_TYPE}"
echo "Selecting auth"
select-oci-auth "${IMAGE_URL}" >"${HOME}/auth.json"
echo "Attaching to ${IMAGE_URL}"
oras attach --no-tty --registry-config "$HOME/auth.json" --artifact-type "${MEDIA_TYPE}" "${IMAGE_URL}" "${UPLOAD_FILE}:${MEDIA_TYPE}"
done
Loading

0 comments on commit 2f52cb7

Please sign in to comment.