Validate container image labels (#4926)

* Validate labels and avoid busting the cache

* Fix validation

* Validate non-empty labels

* Add build date back

* Don't set build date

* Simplify validation script

* Enable build cache

* Setup buildx

* Dynamically set build revision and version

* Remove leftover

* Disable cache

* Add build date back

* Add build date back

* Fix linting errors

* Add checks

* Get head SHA

* Fix linting errors

* Handle merge_group
This commit is contained in:
Marco Ferrari 2023-12-07 15:18:47 +01:00 committed by GitHub
parent eb688a090c
commit 9869638131
WARNING! Although there is a key with this ID in the database it does not verify this commit! This commit is SUSPICIOUS.
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 141 additions and 1274 deletions

View file

@ -1,28 +0,0 @@
# .automation
This folder holds automation scripts to help `deploy` and `cleanup` **DockerHub** images of the **Super-Linter**
## cleanup-docker.sh
This script uses **GitHub Actions** so that when a PR is merged and closed, the **GitHub Action** is triggered.
It will then search **DockerHub** for the image that was deployed during the development, and remove it.
## upload-docker.sh
This script uses **GitHub Actions** so that when a push to the repository is committed, it will complete the following:
- Checkout the source code
- Build the **Docker** container for **Super-Linter** using that source code
- Upload the container to **DockerHub**
When the script is triggered on the main branch, it will push with the tag:**latest** which is used by all scripting for general availability.
When the script is triggered in a branch, it will push with the tag:**NameOfBranch** which can be used for:
- _testing_
- _troubleshooting_
- _debugging_
- **Note:** The branch name will be reduced to alphanumeric for consistency and uploading
## test
This folder holds all **Test Cases** to help run the _CI/CT/CD_ process for the **Super-Linter**.

View file

@ -1,214 +0,0 @@
#!/usr/bin/env bash
################################################################################
############# Clean all code base for additonal testing @admiralawkbar #########
################################################################################
###########
# Globals #
###########
((LOG_TRACE = LOG_DEBUG = LOG_VERBOSE = LOG_NOTICE = LOG_WARN = LOG_ERROR = "true")) # Enable all loging
export LOG_TRACE LOG_DEBUG LOG_VERBOSE LOG_NOTICE LOG_WARN LOG_ERROR
############################
# Source additonal scripts #
############################
# shellcheck source=/dev/null
source "${GITHUB_WORKSPACE}/lib/functions/log.sh" # Source the function script(s)
################################################################################
############################ FUNCTIONS BELOW ###################################
################################################################################
################################################################################
#### Function Header ###########################################################
Header() {
info "-------------------------------------------------------"
info "------- GitHub Clean code base of error tests ---------"
info "-------------------------------------------------------"
}
################################################################################
#### Function CheckShellErrors #################################################
CheckShellErrors() {
#######################
# Load the error code #
#######################
ERROR_CODE=$?
##############################
# Check the shell for errors #
##############################
if [ $ERROR_CODE -ne 0 ]; then
error "$1"
fatal "$2"
fi
}
################################################################################
#### Function CleanTestFiles ###################################################
CleanTestFiles() {
info "-------------------------------------------------------"
info "Finding all tests that are supposed to fail... and removing them..."
##################
# Find the files #
##################
mapfile -t FIND_CMD < <(
cd "${GITHUB_WORKSPACE}" || exit 1
find "${GITHUB_WORKSPACE}" -type f -name "*_bad_*" -o -path "*javascript_prettier*" -name "*javascript_good*" 2>&1
)
CheckShellErrors "ERROR! failed to get list of all files!" "ERROR:[${FIND_CMD[*]}]"
############################################################
# Get the directory and validate it came from tests folder #
############################################################
for FILE in "${FIND_CMD[@]}"; do
#####################
# Get the directory #
#####################
FILE_DIR=$(dirname "$FILE" 2>&1)
##################################
# Check if from the tests folder #
##################################
if [[ $FILE_DIR == **".automation/test"** ]]; then
################################
# Its a test, we can delete it #
################################
REMOVE_FILE_CMD=$(
cd "${GITHUB_WORKSPACE}" || exit 1
sudo rm -f "$FILE" 2>&1
)
CheckShellErrors "ERROR! failed to remove file:[${FILE}]!" "ERROR:[${REMOVE_FILE_CMD[*]}]"
fi
done
}
################################################################################
#### Function CleanTestDockerFiles #############################################
CleanTestDockerFiles() {
info "-------------------------------------------------------"
info "Finding all tests that are supposed to fail for Docker... and removing them..."
##################
# Find the files #
##################
mapfile -t FIND_CMD < <(
cd "${GITHUB_WORKSPACE}" || exit 1
find "${GITHUB_WORKSPACE}" -type f -name "*Dockerfile" -o -name "*.dockerignore" 2>&1
)
CheckShellErrors "ERROR! failed to get list of all file for Docker!" "ERROR:[${FIND_CMD[*]}]"
############################################################
# Get the directory and validate it came from tests folder #
############################################################
for FILE in "${FIND_CMD[@]}"; do
#####################
# Get the directory #
#####################
FILE_DIR=$(dirname "$FILE" 2>&1)
##################################
# Check if from the tests folder #
##################################
if [[ $FILE_DIR != **".automation/test/docker/good"** ]]; then
################################
# Its a test, we can delete it #
################################
REMOVE_FILE_CMD=$(
cd "${GITHUB_WORKSPACE}" || exit 1
sudo rm -f "$FILE" 2>&1
)
CheckShellErrors "ERROR! failed to remove file:[${FILE}]!" "ERROR:[${REMOVE_FILE_CMD[*]}]"
fi
done
}
################################################################################
#### Function CleanSHAFolder ###################################################
CleanSHAFolder() {
info "-------------------------------------------------------"
info "Cleaning folder named:[${GITHUB_SHA}] if it exists"
##################
# Find the files #
##################
REMOVE_CMD=$(
cd "${GITHUB_WORKSPACE}" || exit 1
sudo rm -rf "${GITHUB_SHA}" 2>&1
)
CheckShellErrors "ERROR! Failed to remove folder:[${GITHUB_SHA}]!" "ERROR:[${REMOVE_CMD}]"
}
################################################################################
#### Function CleanPowershell ##################################################
CleanPowershell() {
# Need to remove the .psd1 templates as they are formally parsed,
# and will fail with missing modules
info "-------------------------------------------------------"
info "Finding powershell template files... and removing them..."
##################
# Find the files #
##################
mapfile -t FIND_CMD < <(
cd "${GITHUB_WORKSPACE}" || exit 1
find "${GITHUB_WORKSPACE}" -type f -name "*.psd1" 2>&1
)
CheckShellErrors "ERROR! failed to get list of all file for *.psd1!" "ERROR:[${FIND_CMD[*]}]"
############################################################
# Get the directory and validate it came from tests folder #
############################################################
for FILE in "${FIND_CMD[@]}"; do
#####################
# Get the directory #
#####################
FILE_DIR=$(dirname "$FILE" 2>&1)
##################################
# Check if from the tests folder #
##################################
if [[ $FILE_DIR == **"TEMPLATES"** ]]; then
################################
# Its a test, we can delete it #
################################
REMOVE_FILE_CMD=$(
cd "${GITHUB_WORKSPACE}" || exit 1
sudo rm -f "$FILE" 2>&1
)
CheckShellErrors "ERROR! failed to remove file:[${FILE}]!" "ERROR:[${REMOVE_FILE_CMD[*]}]"
fi
done
}
################################################################################
################################## MAIN ########################################
################################################################################
##########
# Header #
##########
Header
####################
# Clean test files #
####################
CleanTestFiles
###############################
# Clean the test docker files #
###############################
CleanTestDockerFiles
###############################
# Remove sha folder if exists #
###############################
CleanSHAFolder
##############################
# Clean Powershell templates #
##############################
CleanPowershell

View file

@ -1,248 +0,0 @@
#!/usr/bin/env bash
################################################################################
############# Cleanup Image on DockerHub @admiralawkbar ########################
################################################################################
# NOTES: This script is used to remove a tagged image on DockerHub
# Its based on being built from a GitHub Action, but could be easily updated
# To be ran in a different medium.
#
# PRE-Requirements:
# - Dockerfile
# - System with Docker installed
# - Global variables met
###########
# Globals #
###########
((LOG_TRACE = LOG_DEBUG = LOG_VERBOSE = LOG_NOTICE = LOG_WARN = LOG_ERROR = "true")) # Enable all loging
export LOG_TRACE LOG_DEBUG LOG_VERBOSE LOG_NOTICE LOG_WARN LOG_ERROR
#########################
# Source Function Files #
#########################
# shellcheck source=/dev/null
source "${GITHUB_WORKSPACE}/lib/functions/log.sh" # Source the function script(s)
################################################################################
############################ FUNCTIONS BELOW ###################################
################################################################################
################################################################################
#### Function Header ###########################################################
Header() {
info "-------------------------------------------------------"
info "----- GitHub Actions remove image from DockerHub ------"
info "-------------------------------------------------------"
}
################################################################################
#### Function ValidateInput ####################################################
ValidateInput() {
# Need to validate we have the basic variables
################
# Print header #
################
info "----------------------------------------------"
info "Gathering variables..."
info "----------------------------------------------"
############################
# Validate GITHUB_WORKSPACE #
############################
if [ -z "${GITHUB_WORKSPACE}" ]; then
error "Failed to get [GITHUB_WORKSPACE]!"
fatal "[${GITHUB_WORKSPACE}]"
else
info "Successfully found:[GITHUB_WORKSPACE], value:[${GITHUB_WORKSPACE}]"
fi
#######################
# Validate IMAGE_REPO #
#######################
if [ -z "${IMAGE_REPO}" ]; then
# No repo was pulled
error "Failed to get [IMAGE_REPO]!"
fatal "[${IMAGE_REPO}]"
elif [[ ${IMAGE_REPO} == "super-linter/super-linter" ]]; then
# Found our main repo
info "Successfully found:[IMAGE_REPO], value:[${IMAGE_REPO}]"
else
# This is a fork and we cant pull vars or any info
warn "No image to cleanup as this is a forked branch, and not being built with current automation!"
exit 0
fi
##########################
# Validate IMAGE_VERSION #
##########################
if [ -z "${IMAGE_VERSION}" ]; then
error "Failed to get [IMAGE_VERSION]!"
fatal "[${IMAGE_VERSION}]"
else
info "Successfully found:[IMAGE_VERSION], value:[${IMAGE_VERSION}]"
fi
############################
# Validate DOCKER_USERNAME #
############################
if [ -z "${DOCKER_USERNAME}" ]; then
error "Failed to get [DOCKER_USERNAME]!"
fatal "[${DOCKER_USERNAME}]"
else
info "Successfully found:[DOCKER_USERNAME], value:[${DOCKER_USERNAME}]"
fi
############################
# Validate DOCKER_PASSWORD #
############################
if [ -z "${DOCKER_PASSWORD}" ]; then
error "Failed to get [DOCKER_PASSWORD]!"
fatal "[${DOCKER_PASSWORD}]"
else
info "Successfully found:[DOCKER_PASSWORD], value:[********]"
fi
##################################################
# Check if we need to get the name of the branch #
##################################################
if [[ ${IMAGE_VERSION} != "latest" ]]; then
##################################
# Remove non alpha-numeric chars #
##################################
IMAGE_VERSION=$(echo "${IMAGE_VERSION}" | tr -cd '[:alnum:]')
else
#############################################
# Image is 'latest' and we will not destroy #
#############################################
error "Image Tag is set to:[latest]..."
error "We will never destroy latest..."
fatal "Bye!"
fi
}
################################################################################
#### Function LoginToDocker ####################################################
LoginToDocker() {
################
# Print header #
################
info "----------------------------------------------"
info "Login to DockerHub..."
info "----------------------------------------------"
######################
# Login to DockerHub #
######################
LOGIN_CMD=$(docker login --username "${DOCKER_USERNAME}" --password "${DOCKER_PASSWORD}" 2>&1)
#######################
# Load the error code #
#######################
ERROR_CODE=$?
##############################
# Check the shell for errors #
##############################
if [ ${ERROR_CODE} -ne 0 ]; then
# ERROR
error "Failed to authenticate to DockerHub!"
fatal "[${LOGIN_CMD}]"
else
# SUCCESS
info "Successfully authenticated to DockerHub!"
fi
}
################################################################################
#### Function RemoveImage ######################################################
RemoveImage() {
################
# Print header #
################
info "----------------------------------------------"
info "Removing the DockerFile image:[${IMAGE_REPO}:${IMAGE_VERSION}]"
info "----------------------------------------------"
#####################################
# Create Token to auth to DockerHub #
#####################################
TOKEN=$(curl -s -k \
-H "Content-Type: application/json" \
-X POST \
-d "{\"username\": \"${DOCKER_USERNAME}\", \"password\": \"${DOCKER_PASSWORD}\"}" \
"https://hub.docker.com/v2/users/login/" | jq -r .token 2>&1)
#######################
# Load the ERROR_CODE #
#######################
ERROR_CODE=$?
##############################
# Check the shell for errors #
##############################
if [ ${ERROR_CODE} -ne 0 ]; then
# ERROR
error "Failed to gain token from DockerHub!"
fatal "[${TOKEN}]"
else
# SUCCESS
info "Successfully gained auth token from DockerHub!"
fi
#################################
# Remove the tag from DockerHub #
#################################
REMOVE_CMD=$(curl "https://hub.docker.com/v2/repositories/${IMAGE_REPO}/tags/${IMAGE_VERSION}/" \
-X DELETE \
-H "Authorization: JWT ${TOKEN}" 2>&1)
#######################
# Load the ERROR_CODE #
#######################
ERROR_CODE=$?
##############################
# Check the shell for errors #
##############################
if [ ${ERROR_CODE} -ne 0 ]; then
# ERROR
error "Failed to remove tag from DockerHub!"
fatal "[${REMOVE_CMD}]"
else
# SUCCESS
info "Successfully [removed] Docker image tag:[${IMAGE_VERSION}] from DockerHub!"
fi
}
################################################################################
#### Function Footer ###########################################################
Footer() {
info "-------------------------------------------------------"
info "The step has completed"
info "-------------------------------------------------------"
}
################################################################################
################################## MAIN ########################################
################################################################################
##########
# Header #
##########
Header
##################
# Validate Input #
##################
ValidateInput
######################
# Login to DockerHub #
######################
LoginToDocker
####################
# Remove the image #
####################
RemoveImage
##########
# Footer #
##########
Footer

View file

@ -1,643 +0,0 @@
#!/usr/bin/env bash
################################################################################
############# Deploy Container to DockerHub @admiralawkbar #####################
################################################################################
# NOTES: This script is used to upload a Dockerfile to DockerHub
# under the GitHub organization
# Its based on being built from a GitHub Action, but could be easily updated
# To be ran in a different medium.
#
# PRE-Requirements:
# - Dockerfile
# - System with Docker installed
# - Global variables met
###########
# Globals #
###########
# GITHUB_WORKSPACE="${GITHUB_WORKSPACE}" # GitHub Workspace
# GITHUB_REPOSITORY="${GITHUB_REPOSITORY}" # GitHub Org/Repo passed from system
# DOCKER_USERNAME="${DOCKER_USERNAME}" # Username to login to DockerHub
# DOCKER_PASSWORD="${DOCKER_PASSWORD}" # Password to login to DockerHub
# GCR_USERNAME="${GCR_USERNAME}" # Username to login to GitHub package registry
# GCR_TOKEN="${GCR_TOKEN}" # Password to login to GitHub package registry
# REGISTRY="${REGISTRY}" # What registry to upload | <GCR> or <Docker>
# IMAGE_REPO="${IMAGE_REPO}" # Image repo to upload the image
# IMAGE_VERSION="${IMAGE_VERSION}" # Version to tag the image
# DOCKERFILE_PATH="${DOCKERFILE_PATH}" # Path to the Dockerfile to be uploaded
MAJOR_TAG='' # Major tag version if we need to update it
UPDATE_MAJOR_TAG=0 # Flag to deploy the major tag version as well
GCR_URL='ghcr.io' # URL to Github Container Registry
DOCKER_IMAGE_REPO='' # Docker tag for the image when created
GCR_IMAGE_REPO='' # Docker tag for the image when created
FOUND_IMAGE=0 # Flag for if the image has already been built
CONTAINER_URL='' # Final URL to upload
###########################################################
# Dynamic build variables to pass to container when built #
###########################################################
BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') # Current build date EX> "2017-08-28T09:24:41Z"
BUILD_REVISION=$(git rev-parse --short HEAD) # Current git commit EX> "e89faa7"
BUILD_VERSION='' # Current version of the container being built
((LOG_TRACE = LOG_DEBUG = LOG_VERBOSE = LOG_NOTICE = LOG_WARN = LOG_ERROR = "true")) # Enable all loging
export LOG_TRACE LOG_DEBUG LOG_VERBOSE LOG_NOTICE LOG_WARN LOG_ERROR
#########################
# Source Function Files #
#########################
# shellcheck source=/dev/null
source "${GITHUB_WORKSPACE}/lib/functions/log.sh" # Source the function script(s)
################################################################################
############################ FUNCTIONS BELOW ###################################
################################################################################
################################################################################
#### Function Header ###########################################################
Header() {
info "-------------------------------------------------------"
info "---- GitHub Actions Upload image to [${REGISTRY}] ----"
info "-------------------------------------------------------"
}
################################################################################
#### Function ValidateInput ####################################################
ValidateInput() {
# Need to validate we have the basic variables
################
# Print header #
################
info "----------------------------------------------"
info "Gathering variables..."
info "----------------------------------------------"
#############################
# Validate GITHUB_WORKSPACE #
#############################
if [ -z "${GITHUB_WORKSPACE}" ]; then
error "Failed to get [GITHUB_WORKSPACE]!"
fatal "[${GITHUB_WORKSPACE}]"
else
info "Successfully found:${F[W]}[GITHUB_WORKSPACE]${F[B]}, value:${F[W]}[${GITHUB_WORKSPACE}]"
fi
#####################
# Validate REGISTRY #
#####################
if [ -z "${REGISTRY}" ]; then
error "Failed to get [REGISTRY]!"
fatal "[${REGISTRY}]"
else
info "Successfully found:${F[W]}[REGISTRY]${F[B]}, value:${F[W]}[${REGISTRY}]"
fi
#####################################################
# See if we need values for GitHub package Registry #
#####################################################
if [[ ${REGISTRY} == "GCR" ]]; then
#########################
# Validate GCR_USERNAME #
#########################
if [ -z "${GCR_USERNAME}" ]; then
error "Failed to get [GCR_USERNAME]!"
fatal "[${GCR_USERNAME}]"
else
info "Successfully found:${F[W]}[GCR_USERNAME]${F[B]}, value:${F[W]}[${GCR_USERNAME}]"
fi
######################
# Validate GCR_TOKEN #
######################
if [ -z "${GCR_TOKEN}" ]; then
error "Failed to get [GCR_TOKEN]!"
fatal "[${GCR_TOKEN}]"
else
info "Successfully found:${F[W]}[GCR_TOKEN]${F[B]}, value:${F[W]}[********]"
fi
########################################
# See if we need values for Ducker hub #
########################################
elif [[ ${REGISTRY} == "Docker" ]]; then
############################
# Validate DOCKER_USERNAME #
############################
if [ -z "${DOCKER_USERNAME}" ]; then
error "Failed to get [DOCKER_USERNAME]!"
fatal "[${DOCKER_USERNAME}]"
else
info "Successfully found:${F[W]}[DOCKER_USERNAME]${F[B]}, value:${F[W]}[${DOCKER_USERNAME}]"
fi
############################
# Validate DOCKER_PASSWORD #
############################
if [ -z "${DOCKER_PASSWORD}" ]; then
error "Failed to get [DOCKER_PASSWORD]!"
fatal "[${DOCKER_PASSWORD}]"
else
info "Successfully found:${F[W]}[DOCKER_PASSWORD]${F[B]}, value:${F[B]}[********]"
fi
###########################################
# We were not passed a registry to update #
###########################################
else
error "Failed to find a valid registry!"
fatal "Registry:[${REGISTRY}]"
fi
#######################
# Validate IMAGE_REPO #
#######################
if [ -z "${IMAGE_REPO}" ]; then
error "Failed to get [IMAGE_REPO]!"
fatal "[${IMAGE_REPO}]"
else
info "Successfully found:${F[W]}[IMAGE_REPO]${F[B]}, value:${F[W]}[${IMAGE_REPO}]"
# Set the docker Image repo and GCR image repo
DOCKER_IMAGE_REPO="${IMAGE_REPO}"
GCR_IMAGE_REPO="${GCR_URL}/${IMAGE_REPO}"
#########################
# Set the container URL #
#########################
if [[ ${REGISTRY} == "Docker" ]]; then
CONTAINER_URL="${DOCKER_IMAGE_REPO}"
elif [[ ${REGISTRY} == "GCR" ]]; then
CONTAINER_URL="${GCR_IMAGE_REPO}"
fi
fi
##########################
# Validate IMAGE_VERSION #
##########################
if [ -z "${IMAGE_VERSION}" ]; then
warn "Failed to get [IMAGE_VERSION]!"
info "Pulling from Branch Name..."
##############################
# Get the name of the branch #
##############################
BRANCH_NAME=$(git -C "${GITHUB_WORKSPACE}" branch --contains "${GITHUB_SHA}" | awk '{print $2}' 2>&1)
#######################
# Load the error code #
#######################
ERROR_CODE=$?
##############################
# Check the shell for errors #
##############################
if [ ${ERROR_CODE} -ne 0 ]; then
error "Failed to get branch name!"
fatal "[${BRANCH_NAME}]"
fi
##################################
# Remove non alpha-numeric chars #
##################################
BRANCH_NAME=$(echo "${BRANCH_NAME}" | tr -cd '[:alnum:]')
############################################
# Set the IMAGE_VERSION to the BRANCH_NAME #
############################################
IMAGE_VERSION="${BRANCH_NAME}"
BUILD_VERSION="${IMAGE_VERSION}"
info "Tag:[${IMAGE_VERSION}]"
else
info "Successfully found:${F[W]}[IMAGE_VERSION]${F[B]}, value:${F[W]}[${IMAGE_VERSION}]"
#########################
# Set the build version #
#########################
BUILD_VERSION="${IMAGE_VERSION}"
fi
##################################
# Set regex for getting tag info #
##################################
REGEX='(v[0-9]+\.[0-9]+\.[0-9]+)' # Matches 'v1.2.3'
######################################################################
# Check if this is a latest to a versioned release at create new tag #
######################################################################
if [[ ${IMAGE_VERSION} =~ ${REGEX} ]]; then
# Need to get the major version, and set flag to update
#####################
# Set the major tag #
#####################
MAJOR_TAG=$(echo "${IMAGE_VERSION}" | cut -d '.' -f1)
###################################
# Set flag for updating major tag #
###################################
UPDATE_MAJOR_TAG=1
info "- Also deploying a major tag of:[${MAJOR_TAG}]"
fi
############################
# Validate DOCKERFILE_PATH #
############################
if [ -z "${DOCKERFILE_PATH}" ]; then
error "Failed to get [DOCKERFILE_PATH]!"
fatal "[${DOCKERFILE_PATH}]"
else
info "Successfully found:${F[W]}[DOCKERFILE_PATH]${F[B]}, value:${F[W]}[${DOCKERFILE_PATH}]"
fi
}
################################################################################
#### Function Authenticate #####################################################
Authenticate() {
################
# Pull in Vars #
################
USERNAME="${1}" # Name to auth with
PASSWORD="${2}" # Password to auth with
URL="${3}" # Url to auth towards
NAME="${4}" # name of the service
################
# Print header #
################
info "----------------------------------------------"
info "Login to ${NAME}..."
info "----------------------------------------------"
###################
# Auth to service #
###################
LOGIN_CMD=$(docker login "${URL}" --username "${USERNAME}" --password "${PASSWORD}" 2>&1)
#######################
# Load the error code #
#######################
ERROR_CODE=$?
##############################
# Check the shell for errors #
##############################
if [ ${ERROR_CODE} -ne 0 ]; then
# ERROR
error "Failed to authenticate to ${NAME}!"
fatal "[${LOGIN_CMD}]"
else
# SUCCESS
info "Successfully authenticated to ${F[C]}${NAME}${F[B]}!"
fi
}
################################################################################
#### Function BuildImage #######################################################
BuildImage() {
################
# Print header #
################
info "----------------------------------------------"
info "Building the Dockerfile image..."
info "----------------------------------------------"
################################
# Validate the DOCKERFILE_PATH #
################################
if [ ! -f "${DOCKERFILE_PATH}" ]; then
# No file found
error "failed to find Dockerfile at:[${DOCKERFILE_PATH}]"
error "Please make sure you give full path!"
fatal "Example:[/configs/Dockerfile] or [Dockerfile] if at root directory"
fi
###################
# Build the image #
###################
docker build --no-cache --build-arg "BUILD_DATE=${BUILD_DATE}" --build-arg "BUILD_REVISION=${BUILD_REVISION}" --build-arg "BUILD_VERSION=${BUILD_VERSION}" -t "${CONTAINER_URL}:${IMAGE_VERSION}" -f "${DOCKERFILE_PATH}" . 2>&1
#######################
# Load the error code #
#######################
ERROR_CODE=$?
##############################
# Check the shell for errors #
##############################
if [ ${ERROR_CODE} -ne 0 ]; then
# ERROR
fatal "failed to [build] Dockerfile!"
else
# SUCCESS
info "Successfully Built image!"
fi
########################################################
# Need to see if we need to tag a major update as well #
########################################################
if [ ${UPDATE_MAJOR_TAG} -eq 1 ]; then
# Tag the image with the major tag as well
docker build --build-arg "BUILD_DATE=${BUILD_DATE}" --build-arg "BUILD_REVISION=${BUILD_REVISION}" --build-arg "BUILD_VERSION=${MAJOR_TAG}" -t "${CONTAINER_URL}:${MAJOR_TAG}" -f "${DOCKERFILE_PATH}" . 2>&1
#######################
# Load the error code #
#######################
ERROR_CODE=$?
##############################
# Check the shell for errors #
##############################
if [ ${ERROR_CODE} -ne 0 ]; then
# ERROR
fatal "failed to [tag] Dockerfile!"
else
# SUCCESS
info "Successfully tagged image!"
fi
fi
#########################
# Set var to be updated #
#########################
ADDITONAL_URL=''
####################################
# Set the additional container URL #
####################################
if [[ ${REGISTRY} == "Docker" ]]; then
ADDITONAL_URL="${GCR_IMAGE_REPO}"
elif [[ ${REGISTRY} == "GCR" ]]; then
ADDITONAL_URL="${DOCKER_IMAGE_REPO}"
fi
###################
# Build the image #
###################
docker build --build-arg "BUILD_DATE=${BUILD_DATE}" --build-arg "BUILD_REVISION=${BUILD_REVISION}" --build-arg "BUILD_VERSION=${BUILD_VERSION}" -t "${ADDITONAL_URL}:${IMAGE_VERSION}" -f "${DOCKERFILE_PATH}" . 2>&1
#######################
# Load the error code #
#######################
ERROR_CODE=$?
##############################
# Check the shell for errors #
##############################
if [ ${ERROR_CODE} -ne 0 ]; then
# ERROR
fatal "failed to [tag] Version:[${IMAGE_VERSION}] Additonal location Dockerfile!"
else
# SUCCESS
info "Successfull [tag] Version:[${IMAGE_VERSION}] of additonal image!"
fi
########################################################
# Need to see if we need to tag a major update as well #
########################################################
if [ ${UPDATE_MAJOR_TAG} -eq 1 ]; then
###################
# Build the image #
###################
docker build --build-arg "BUILD_DATE=${BUILD_DATE}" --build-arg "BUILD_REVISION=${BUILD_REVISION}" --build-arg "BUILD_VERSION=${MAJOR_TAG}" -t "${ADDITONAL_URL}:${MAJOR_TAG}" -f "${DOCKERFILE_PATH}" . 2>&1
#######################
# Load the error code #
#######################
ERROR_CODE=$?
##############################
# Check the shell for errors #
##############################
if [ ${ERROR_CODE} -ne 0 ]; then
# ERROR
fatal "failed to [tag] Version:[${MAJOR_TAG}]Additonal location Dockerfile!"
else
# SUCCESS
info "Successfull [tag] Version:[${MAJOR_TAG}] of additonal image!"
fi
fi
}
################################################################################
#### Function UploadImage ######################################################
UploadImage() {
################
# Print header #
################
info "----------------------------------------------"
info "Uploading the DockerFile image to ${REGISTRY}..."
info "----------------------------------------------"
############################################
# Upload the docker image that was created #
############################################
docker push "${CONTAINER_URL}:${IMAGE_VERSION}" 2>&1
#######################
# Load the error code #
#######################
ERROR_CODE=$?
##############################
# Check the shell for errors #
##############################
if [ ${ERROR_CODE} -ne 0 ]; then
# ERROR
fatal "failed to [upload] Dockerfile!"
else
# SUCCESS
info "Successfully Uploaded Docker image:${F[W]}[${IMAGE_VERSION}]${F[B]} to ${F[C]}${REGISTRY}${F[B]}!"
fi
#########################
# Get Image information #
#########################
IFS=$'\n' # Set the delimit to newline
GET_INFO_CMD=$(docker images | grep "${CONTAINER_URL}" | grep "${IMAGE_VERSION}" 2>&1)
#######################
# Load the error code #
#######################
ERROR_CODE=$?
##############################
# Check the shell for errors #
##############################
if [ ${ERROR_CODE} -ne 0 ]; then
# ERROR
error "Failed to get information about built Image!"
fatal "[${GET_INFO_CMD}]"
else
################
# Get the data #
################
REPO=$(echo "${GET_INFO_CMD}" | awk '{print $1}')
TAG=$(echo "${GET_INFO_CMD}" | awk '{print $2}')
IMAGE_ID=$(echo "${GET_INFO_CMD}" | awk '{print $3}')
SIZE="${GET_INFO_CMD##* }"
###################
# Print the goods #
###################
info "----------------------------------------------"
info "Docker Image Details:"
info "Repository:[${REPO}]"
info "Tag:[${TAG}]"
info "Image_ID:[${IMAGE_ID}]"
info "Size:[${SIZE}]"
info "----------------------------------------------"
fi
###############################################################
# Check if we need to upload the major tagged version as well #
###############################################################
if [ ${UPDATE_MAJOR_TAG} -eq 1 ]; then
############################################
# Upload the docker image that was created #
############################################
docker push "${CONTAINER_URL}:${MAJOR_TAG}" 2>&1
#######################
# Load the error code #
#######################
ERROR_CODE=$?
##############################
# Check the shell for errors #
##############################
if [ ${ERROR_CODE} -ne 0 ]; then
# ERROR
fatal "failed to [upload] MAJOR_TAG:[${MAJOR_TAG}] Dockerfile!"
else
# SUCCESS
info "Successfully Uploaded TAG:${F[W]}[${MAJOR_TAG}]${F[B]} of Docker image to ${F[C]}${REGISTRY}${F[B]}!"
fi
fi
}
################################################################################
#### Function FindBuiltImage ###################################################
FindBuiltImage() {
# Check the local system to see if an image has already been built
# if so, we only need to update tags and push
# Set FOUND_IMAGE=1 when found
##############
# Local vars #
##############
CHECK_IMAGE_REPO='' # Repo to look for
####################################
# Set the additional container URL #
####################################
if [[ ${REGISTRY} == "GCR" ]]; then
CHECK_IMAGE_REPO="${GCR_IMAGE_REPO}"
elif [[ ${REGISTRY} == "Docker" ]]; then
CHECK_IMAGE_REPO="${DOCKER_IMAGE_REPO}"
fi
#######################################
# Look for Release image in DockerHub #
#######################################
FIND_VERSION_CMD=$(docker images | grep "${CHECK_IMAGE_REPO}" | grep "${IMAGE_VERSION}" 2>&1)
#######################
# Load the error code #
#######################
ERROR_CODE=$?
##############################
# Check the shell for errors #
##############################
if [ $ERROR_CODE -ne 0 ]; then
info "Found ${REGISTRY} image:[${CHECK_IMAGE_REPO}:${IMAGE_VERSION}] already built on instance"
# Increment flag
FOUND_RELASE=1
else
info "Failed to find locally created Docker image:[${CHECK_IMAGE_REPO}]"
info "${FIND_VERSION_CMD}"
fi
#####################################
# Look for Major image in DockerHub #
#####################################
FIND_MAJOR_CMD=$(docker images | grep "${CHECK_IMAGE_REPO}" | grep "${MAJOR_TAG}" 2>&1)
#######################
# Load the error code #
#######################
ERROR_CODE=$?
##############################
# Check the shell for errors #
##############################
if [ $ERROR_CODE -ne 0 ]; then
info "Found ${REGISTRY} image:[${CHECK_IMAGE_REPO}:${MAJOR_TAG}] already built on instance"
# Increment flag
FOUND_MAJOR=1
else
info "Failed to find locally created Docker image:[${FIND_MAJOR_CMD}]"
info "${FIND_MAJOR_CMD}"
fi
###############################
# Check if we found the image #
###############################
if [ "${FOUND_MAJOR}" -eq 1 ] && [ "${FOUND_RELASE}" -eq 1 ]; then
FOUND_IMAGE=1
fi
}
################################################################################
#### Function Footer ###########################################################
Footer() {
info "-------------------------------------------------------"
info "The step has completed"
info "-------------------------------------------------------"
}
################################################################################
################################## MAIN ########################################
################################################################################
##########
# Header #
##########
Header
##################
# Validate Input #
##################
ValidateInput
###############################
# Find Image if already built #
###############################
FindBuiltImage
###################
# Build the image #
###################
if [ "$FOUND_IMAGE" -ne 0 ]; then
BuildImage
fi
######################
# Login to DockerHub #
######################
if [[ ${REGISTRY} == "Docker" ]]; then
# Authenticate "Username" "Password" "Url" "Name"
Authenticate "${DOCKER_USERNAME}" "${DOCKER_PASSWORD}" "" "Dockerhub"
######################################
# Login to GitHub Container Registry #
######################################
elif [[ ${REGISTRY} == "GCR" ]]; then
# Authenticate "Username" "Password" "Url" "Name"
Authenticate "${GCR_USERNAME}" "${GCR_TOKEN}" "https://${GCR_URL}" "GitHub Container Registry"
else
#########
# ERROR #
#########
error "Registry not set correctly!"
fatal "Registry:[${REGISTRY}]"
fi
####################
# Upload the image #
####################
UploadImage
##########
# Footer #
##########
Footer

View file

@ -1,114 +0,0 @@
#!/usr/bin/env bash
################################################################################
############# Clean all code base for additonal testing @admiralawkbar #########
################################################################################
###########
# Globals #
###########
IMAGE="${1}" # Image of the super-linter we build
BUILD_REVISION="${GITHUB_SHA}" # GitHub Sha
BUILD_VERSION="${GITHUB_SHA}" # Version of the container
ORG_REPO="super-linter/super-linter" # Org/repo
REGISTRY='ghcr.io' # Docker Registry
((LOG_TRACE = LOG_DEBUG = LOG_VERBOSE = LOG_NOTICE = LOG_WARN = LOG_ERROR = "true")) # Enable all loging
ERROR=0 # Error count
export LOG_TRACE LOG_DEBUG LOG_VERBOSE LOG_NOTICE LOG_WARN LOG_ERROR
#########################
# Source Function Files #
#########################
# shellcheck source=/dev/null
source "${GITHUB_WORKSPACE}/lib/functions/log.sh" # Source the function script(s)
################################################################################
############################ FUNCTIONS BELOW ###################################
################################################################################
################################################################################
#### Function Header ###########################################################
Header() {
info "--------------------------------------------------"
info "----- GitHub Actions validate docker labels ------"
info "--------------------------------------------------"
##################################
# Print info on local containers #
##################################
info "--------------------------------------------------"
info "Containers found locally:"
docker images
info "--------------------------------------------------"
}
################################################################################
#### Function ValidateLabel ####################################################
ValidateLabel() {
##############
# Grab input #
##############
CONTAINER_KEY="$1" # Example: org.opencontainers.image.created
CONTAINER_VALUE="$2" # Example: 1985-04-12T23:20:50.52Z
########################
# Get the docker label #
########################
LABEL=''
if [[ "${IMAGE}" == "slim" ]]; then
LABEL=$(docker inspect --format "{{ index .Config.Labels \"${CONTAINER_KEY}\" }}" "${REGISTRY}/${ORG_REPO}:slim-${GITHUB_SHA}")
else
LABEL=$(docker inspect --format "{{ index .Config.Labels \"${CONTAINER_KEY}\" }}" "${REGISTRY}/${ORG_REPO}:${GITHUB_SHA}")
fi
###################
# Check the value #
###################
if [[ ${LABEL} != "${CONTAINER_VALUE}" ]]; then
error "Assert failed [${CONTAINER_KEY} - '${LABEL}' != '${CONTAINER_VALUE}']"
ERROR=1
else
info "Assert passed [${CONTAINER_KEY}]"
fi
}
################################################################################
#### Function Footer ###########################################################
Footer() {
#####################################
# Check if any errors were reported #
#####################################
if [[ ${ERROR} -gt 0 ]]; then
fatal "There were some failed assertions. See above"
else
info "-------------------------------------------------------"
info "The step has completed"
info "-------------------------------------------------------"
fi
}
################################################################################
################################## MAIN ########################################
################################################################################
##########
# Header #
##########
Header
####################
# Validate created #
####################
ValidateLabel "org.opencontainers.image.created" "${BUILD_DATE}"
#####################
# Validate revision #
#####################
ValidateLabel "org.opencontainers.image.revision" "${BUILD_REVISION}"
####################
# Validate version #
####################
ValidateLabel "org.opencontainers.image.version" "${BUILD_VERSION}"
#################
# Report status #
#################
Footer

View file

@ -32,17 +32,46 @@ jobs:
CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest"
CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}"
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Set build metadata
run: |
if [[ ${{ github.event_name }} == 'push' ]] || [[ ${{ github.event_name }} == 'merge_group' ]]; then
BUILD_REVISION=${{ github.sha }}
BUILD_VERSION=${{ github.sha }}
elif [[ ${{ github.event_name }} == 'pull_request' ]]; then
BUILD_REVISION=${{ github.event.pull_request.head.sha }}
BUILD_VERSION=${{ github.event.pull_request.head.sha }}
else
echo "[ERROR] Event not supported when setting build revision and build version"
exit 1
fi
if [ -z "${BUILD_REVISION}" ]; then
echo "[ERROR] BUILD_REVISION is empty"
exit 1
fi
if [ -z "${BUILD_VERSION}" ]; then
echo "[ERROR] BUILD_VERSION is empty"
exit 1
fi
{
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
echo "BUILD_REVISION=${BUILD_REVISION}"
echo "BUILD_VERSION=${BUILD_VERSION}"
} >> "${GITHUB_ENV}"
- name: Free Disk space
shell: bash
run: |
sudo rm -rf /usr/local/lib/android
sudo rm -rf /usr/share/dotnet
- name: Checkout Code
uses: actions/checkout@v4
- name: Retrieve Datetime
run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> "${GITHUB_ENV}"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Image
uses: docker/build-push-action@v5
@ -51,8 +80,8 @@ jobs:
file: ./Dockerfile
build-args: |
BUILD_DATE=${{ env.BUILD_DATE }}
BUILD_REVISION=${{ github.sha }}
BUILD_VERSION=${{ github.sha }}
BUILD_REVISION=${{ env.BUILD_REVISION }}
BUILD_VERSION=${{ env.BUILD_VERSION }}
load: true
push: false
secrets: |
@ -110,8 +139,8 @@ jobs:
file: ./Dockerfile
build-args: |
BUILD_DATE=${{ env.BUILD_DATE }}
BUILD_REVISION=${{ github.sha }}
BUILD_VERSION=${{ github.sha }}
BUILD_REVISION=${{ env.BUILD_REVISION }}
BUILD_VERSION=${{ env.BUILD_VERSION }}
load: false
push: true
secrets: |

View file

@ -27,12 +27,6 @@ jobs:
CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest"
CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}"
steps:
- name: Free Disk space
shell: bash
run: |
sudo rm -rf /usr/local/lib/android
sudo rm -rf /usr/share/dotnet
- name: Checkout Code
uses: actions/checkout@v4
with:
@ -45,8 +39,43 @@ jobs:
echo "Action file contents:"
cat action.yml
- name: Retrieve Datetime
run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> "${GITHUB_ENV}"
- name: Set build metadata
run: |
if [[ ${{ github.event_name }} == 'push' ]] || [[ ${{ github.event_name }} == 'merge_group' ]]; then
BUILD_REVISION=${{ github.sha }}
BUILD_VERSION=${{ github.sha }}
elif [[ ${{ github.event_name }} == 'pull_request' ]]; then
BUILD_REVISION=${{ github.event.pull_request.head.sha }}
BUILD_VERSION=${{ github.event.pull_request.head.sha }}
else
echo "[ERROR] Event not supported when setting build revision and build version"
exit 1
fi
if [ -z "${BUILD_REVISION}" ]; then
echo "[ERROR] BUILD_REVISION is empty"
exit 1
fi
if [ -z "${BUILD_VERSION}" ]; then
echo "[ERROR] BUILD_VERSION is empty"
exit 1
fi
{
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
echo "BUILD_REVISION=${BUILD_REVISION}"
echo "BUILD_VERSION=${BUILD_VERSION}"
} >> "${GITHUB_ENV}"
- name: Free Disk space
shell: bash
run: |
sudo rm -rf /usr/local/lib/android
sudo rm -rf /usr/share/dotnet
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Image
uses: docker/build-push-action@v5
@ -55,8 +84,8 @@ jobs:
file: ./Dockerfile
build-args: |
BUILD_DATE=${{ env.BUILD_DATE }}
BUILD_REVISION=${{ github.sha }}
BUILD_VERSION=${{ github.sha }}
BUILD_REVISION=${{ env.BUILD_REVISION }}
BUILD_VERSION=${{ env.BUILD_VERSION }}
load: true
push: false
secrets: |

View file

@ -4,7 +4,7 @@
all: info docker test ## Run all targets.
.PHONY: test
test: info inspec ## Run tests
test: info validate-container-image-labels inspec ## Run tests
# if this session isn't interactive, then we don't want to allocate a
# TTY, which would fail, but if it is interactive, we do want to attach
@ -51,6 +51,18 @@ ifeq ($(SUPER_LINTER_TEST_CONTAINER_URL),)
SUPER_LINTER_TEST_CONTAINER_URL := "ghcr.io/super-linter/super-linter:latest"
endif
ifeq ($(BUILD_DATE),)
BUILD_DATE := $(shell date -u +'%Y-%m-%dT%H:%M:%SZ')
endif
ifeq ($(BUILD_REVISION),)
BUILD_REVISION := $(shell git rev-parse HEAD)
endif
ifeq ($(BUILD_VERSION),)
BUILD_VERSION := $(shell git rev-parse HEAD)
endif
.PHONY: inspec
inspec: inspec-check ## Run InSpec tests
DOCKER_CONTAINER_STATE="$$(docker inspect --format "{{.State.Running}}" $(SUPER_LINTER_TEST_CONTAINER_NAME) 2>/dev/null || echo "")"; \
@ -75,12 +87,20 @@ inspec: inspec-check ## Run InSpec tests
docker: ## Build the container image
@if [ -z "${GITHUB_TOKEN}" ]; then echo "GITHUB_TOKEN environment variable not set. Please set your GitHub Personal Access Token."; exit 1; fi
DOCKER_BUILDKIT=1 docker buildx build --load \
--build-arg BUILD_DATE=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ') \
--build-arg BUILD_REVISION=$(shell git rev-parse --short HEAD) \
--build-arg BUILD_VERSION=$(shell git rev-parse --short HEAD) \
--build-arg BUILD_DATE=$(BUILD_DATE) \
--build-arg BUILD_REVISION=$(BUILD_REVISION) \
--build-arg BUILD_VERSION=$(BUILD_VERSION) \
--secret id=GITHUB_TOKEN,env=GITHUB_TOKEN \
-t $(SUPER_LINTER_TEST_CONTAINER_URL) .
.phony: docker-pull
docker-pull: ## Pull the container image from registry
docker pull $(SUPER_LINTER_TEST_CONTAINER_URL)
.phony: validate-container-image-labels
validate-container-image-labels: ## Validate container image labels
$(CURDIR)/test/validate-docker-labels.sh \
$(SUPER_LINTER_TEST_CONTAINER_URL) \
$(BUILD_DATE) \
$(BUILD_REVISION) \
$(BUILD_VERSION)

View file

@ -127,15 +127,21 @@ a container that is an instance of that container image.
You can run the test suite against an arbitrary super-linter container image.
Here is an example that runs the test suite against the `standard` flavor of the
`v5.4.3` image.
Here is an example that runs the test suite against the `v5.4.3` container
image version.
```shell
CONTAINER_IMAGE_ID="ghcr.io/super-linter/super-linter:v5.4.3" \
CONTAINER_IMAGE_TARGET="standard" \
BUILD_DATE="2023-10-17T16:19:11Z" \
BUILD_REVISION=b0d1acee1f8050d1684a28ddbf8315f81d084fe9 \
BUILD_VERSION=b0d1acee1f8050d1684a28ddbf8315f81d084fe9 \
make docker-pull test
```
Initialize the `BUILD_DATE`, `BUILD_REVISION`, and `BUILD_VERSION` variables
with the values for that specific container image version. You can get these
values from the build log for that version.
## Troubleshooting
### Run container and gain access to the command-line

View file

@ -1 +0,0 @@
#!/usr/bin/env sh

31
test/validate-docker-labels.sh Executable file
View file

@ -0,0 +1,31 @@
#!/usr/bin/env bash
set -o errexit
set -o nounset
CONTAINER_IMAGE_ID="${1}"
shift
BUILD_DATE="${1}"
shift
BUILD_REVISION="${1}"
shift
BUILD_VERSION="${1}"
shift
ValidateLabel() {
local LABEL_KEY="$1"
local CONTAINER_VALUE="$2"
LABEL="$(docker inspect --format "{{ index .Config.Labels \"${LABEL_KEY}\" }}" "${CONTAINER_IMAGE_ID}")"
if [[ "${LABEL}" != "${CONTAINER_VALUE}" ]]; then
echo "[ERROR] Invalid container image label: ${LABEL_KEY}: ${LABEL}. Expected: ${CONTAINER_VALUE}"
exit 1
else
echo "${LABEL_KEY} is valid: ${LABEL}. Expected: ${CONTAINER_VALUE}"
fi
}
ValidateLabel "org.opencontainers.image.created" "${BUILD_DATE}"
ValidateLabel "org.opencontainers.image.revision" "${BUILD_REVISION}"
ValidateLabel "org.opencontainers.image.version" "${BUILD_VERSION}"