-
Notifications
You must be signed in to change notification settings - Fork 52
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(RELEASE-1342): fix sign-index-image
- it now correctly supports internal-pipelineruns and simple-signing-pipeline Signed-off-by: Scott Hebert <scoheb@gmail.com>
- Loading branch information
Showing
8 changed files
with
297 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
163 changes: 163 additions & 0 deletions
163
tasks/sign-index-image/tests/test-sign-index-image-plr.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,163 @@ | ||
--- | ||
apiVersion: tekton.dev/v1 | ||
kind: Pipeline | ||
metadata: | ||
name: test-sign-index-image-plr | ||
spec: | ||
description: Test creating a internal request to sign an image using the simple-signing-pipeline request | ||
workspaces: | ||
- name: tests-workspace | ||
tasks: | ||
- name: setup | ||
workspaces: | ||
- name: data | ||
workspace: tests-workspace | ||
taskSpec: | ||
workspaces: | ||
- name: data | ||
steps: | ||
- name: setup-values | ||
image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f | ||
script: | | ||
#!/usr/bin/env bash | ||
set -eux | ||
cat > "$(workspaces.data.path)/data.json" << EOF | ||
{ | ||
"sign": { | ||
"configMapName": "signing-config-map", | ||
"request": "simple-signing-pipeline", | ||
"requestType": "internal-pipelinerun" | ||
} | ||
} | ||
EOF | ||
cat > "$(workspaces.data.path)/release_plan_admission.json" << EOF | ||
{ | ||
"spec": { | ||
"pipeline": { | ||
"pipelineRef": { | ||
"resolver": "git", | ||
"params": [ | ||
{ | ||
"name": "url", | ||
"value": "https://localhost.git" | ||
}, | ||
{ | ||
"name": "revision", | ||
"value": "main" | ||
}, | ||
{ | ||
"name": "pathInRepo", | ||
"value": "pipelines/abc/abc.yaml" | ||
} | ||
] | ||
}, | ||
"serviceAccountName": "release-service-account" | ||
} | ||
} | ||
} | ||
EOF | ||
- name: run-task | ||
taskRef: | ||
name: sign-index-image | ||
params: | ||
- name: requester | ||
value: testuser | ||
- name: referenceImage | ||
value: quay.io/testrepo/testimage:tag | ||
- name: manifestListDigests | ||
value: "sha256:6f9a420f660e73a sha256:6f9a420f660e73b" | ||
- name: pipelineRunUid | ||
value: $(context.pipelineRun.uid) | ||
- name: taskGitUrl | ||
value: "http://localhost" | ||
- name: taskGitRevision | ||
value: "main" | ||
- name: dataPath | ||
value: data.json | ||
- name: releasePlanAdmissionPath | ||
value: release_plan_admission.json | ||
workspaces: | ||
- name: data | ||
workspace: tests-workspace | ||
runAfter: | ||
- setup | ||
- name: check-result | ||
workspaces: | ||
- name: data | ||
workspace: tests-workspace | ||
taskSpec: | ||
steps: | ||
- name: check-result | ||
image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f | ||
script: | | ||
#!/usr/bin/env bash | ||
set -eux | ||
internalPipelineruns="$(kubectl get pr \ | ||
-l "internal-services.appstudio.openshift.io/pipelinerun-uid=$(context.pipelineRun.uid)" \ | ||
-o json --sort-by=.metadata.creationTimestamp | jq -c)" | ||
plrsLength=$(jq ".items | length" <<< "${internalPipelineruns}" ) | ||
expectedReferences=() | ||
expectedReferences+=("quay.io/testrepo/testimage:tag") | ||
expectedReferences+=("quay.io/testrepo/testimage:tag") | ||
expectedDigests=() | ||
expectedDigests+=("sha256:6f9a420f660e73a") | ||
expectedDigests+=("sha256:6f9a420f660e73b") | ||
foundReferences=() | ||
foundDigests=() | ||
for((iplr=0; iplr<plrsLength; iplr++)); do | ||
params=$(jq -r ".items[$iplr].spec.params" <<< "${internalPipelineruns}") | ||
refValue=$(jq -r '.[1].value' <<< "${params}") | ||
manifestDigest=$(jq -r '.[2].value' <<< "${params}") | ||
foundReferences+=("${refValue}") | ||
foundDigests+=("${manifestDigest}") | ||
if [ "$(jq -r '.[4].value' <<< "${params}")" != "signing-config-map" ]; then | ||
echo "config_map_name does not match" | ||
exit 1 | ||
fi | ||
if [ "$(jq -r '.[3].value' <<< "${params}")" != "testuser" ]; then | ||
echo "requester does not match" | ||
exit 1 | ||
fi | ||
if [ "$(jq -r '.[0].value' <<< "${params}")" != \ | ||
"quay.io/redhat-isv/operator-pipelines-images:released" ]; then | ||
echo "pipeline_image does not match" | ||
exit 1 | ||
fi | ||
done | ||
differenceReferences=$(echo "${expectedReferences[@]}" "${foundReferences[@]}" | tr ' ' '\n' \ | ||
| sort | uniq -u) | ||
differenceDigests=$(echo "${expectedDigests[@]}" "${foundDigests[@]}" | tr ' ' '\n' | sort | uniq -u) | ||
if [ -n "${differenceReferences}" ] ; then | ||
echo "error: references expected compared to found do not match" | ||
echo "" | ||
echo "${differenceReferences}" | ||
exit 1 | ||
fi | ||
if [ -n "${differenceDigests}" ] ; then | ||
echo "error: digests expected compared to found do not match" | ||
echo "" | ||
echo "${differenceDigests}" | ||
exit 1 | ||
fi | ||
runAfter: | ||
- run-task | ||
finally: | ||
- name: cleanup | ||
taskSpec: | ||
steps: | ||
- name: delete-plrs | ||
image: quay.io/konflux-ci/release-service-utils:e633d51cd41d73e4b3310face21bb980af7a662f | ||
script: | | ||
#!/usr/bin/env bash | ||
set -eux | ||
kubectl delete pr -l "internal-services.appstudio.openshift.io/pipelinerun-uid=$(context.pipelineRun.uid)" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.