From 986963813197fc7af4a438f3961c749da6f1d59d Mon Sep 17 00:00:00 2001 From: Marco Ferrari Date: Thu, 7 Dec 2023 15:18:47 +0100 Subject: [PATCH] Validate container image labels (#4926) * Validate labels and avoid busting the cache * Fix validation * Validate non-empty labels * Add build date back * Don't set build date * Simplify validation script * Enable build cache * Setup buildx * Dynamically set build revision and version * Remove leftover * Disable cache * Add build date back * Add build date back * Fix linting errors * Add checks * Get head SHA * Fix linting errors * Handle merge_group --- .automation/README.md | 28 - .automation/clean-code-base-for-tests.sh | 214 -------- .automation/cleanup-docker.sh | 248 --------- .automation/upload-docker.sh | 643 ----------------------- .automation/validate-docker-labels.sh | 114 ---- .github/workflows/cd.yml | 47 +- .github/workflows/ci.yml | 49 +- Makefile | 28 +- docs/run-linter-locally.md | 12 +- test/runTests.sh | 1 - test/validate-docker-labels.sh | 31 ++ 11 files changed, 141 insertions(+), 1274 deletions(-) delete mode 100644 .automation/README.md delete mode 100755 .automation/clean-code-base-for-tests.sh delete mode 100755 .automation/cleanup-docker.sh delete mode 100755 .automation/upload-docker.sh delete mode 100755 .automation/validate-docker-labels.sh delete mode 100755 test/runTests.sh create mode 100755 test/validate-docker-labels.sh diff --git a/.automation/README.md b/.automation/README.md deleted file mode 100644 index bd1e5898..00000000 --- a/.automation/README.md +++ /dev/null @@ -1,28 +0,0 @@ -# .automation - -This folder holds automation scripts to help `deploy` and `cleanup` **DockerHub** images of the **Super-Linter** - -## cleanup-docker.sh - -This script uses **GitHub Actions** so that when a PR is merged and closed, the **GitHub Action** is triggered. -It will then search **DockerHub** for the image that was deployed during the development, and remove it. - -## upload-docker.sh - -This script uses **GitHub Actions** so that when a push to the repository is committed, it will complete the following: - -- Checkout the source code -- Build the **Docker** container for **Super-Linter** using that source code -- Upload the container to **DockerHub** - -When the script is triggered on the main branch, it will push with the tag:**latest** which is used by all scripting for general availability. -When the script is triggered in a branch, it will push with the tag:**NameOfBranch** which can be used for: - -- _testing_ -- _troubleshooting_ -- _debugging_ -- **Note:** The branch name will be reduced to alphanumeric for consistency and uploading - -## test - -This folder holds all **Test Cases** to help run the _CI/CT/CD_ process for the **Super-Linter**. diff --git a/.automation/clean-code-base-for-tests.sh b/.automation/clean-code-base-for-tests.sh deleted file mode 100755 index 9742490a..00000000 --- a/.automation/clean-code-base-for-tests.sh +++ /dev/null @@ -1,214 +0,0 @@ -#!/usr/bin/env bash - -################################################################################ -############# Clean all code base for additonal testing @admiralawkbar ######### -################################################################################ - -########### -# Globals # -########### -((LOG_TRACE = LOG_DEBUG = LOG_VERBOSE = LOG_NOTICE = LOG_WARN = LOG_ERROR = "true")) # Enable all loging -export LOG_TRACE LOG_DEBUG LOG_VERBOSE LOG_NOTICE LOG_WARN LOG_ERROR - -############################ -# Source additonal scripts # -############################ -# shellcheck source=/dev/null -source "${GITHUB_WORKSPACE}/lib/functions/log.sh" # Source the function script(s) - -################################################################################ -############################ FUNCTIONS BELOW ################################### -################################################################################ -################################################################################ -#### Function Header ########################################################### -Header() { - info "-------------------------------------------------------" - info "------- GitHub Clean code base of error tests ---------" - info "-------------------------------------------------------" -} -################################################################################ -#### Function CheckShellErrors ################################################# -CheckShellErrors() { - ####################### - # Load the error code # - ####################### - ERROR_CODE=$? - - ############################## - # Check the shell for errors # - ############################## - if [ $ERROR_CODE -ne 0 ]; then - error "$1" - fatal "$2" - fi -} -################################################################################ -#### Function CleanTestFiles ################################################### -CleanTestFiles() { - info "-------------------------------------------------------" - info "Finding all tests that are supposed to fail... and removing them..." - - ################## - # Find the files # - ################## - mapfile -t FIND_CMD < <( - cd "${GITHUB_WORKSPACE}" || exit 1 - find "${GITHUB_WORKSPACE}" -type f -name "*_bad_*" -o -path "*javascript_prettier*" -name "*javascript_good*" 2>&1 - ) - - CheckShellErrors "ERROR! failed to get list of all files!" "ERROR:[${FIND_CMD[*]}]" - - ############################################################ - # Get the directory and validate it came from tests folder # - ############################################################ - for FILE in "${FIND_CMD[@]}"; do - ##################### - # Get the directory # - ##################### - FILE_DIR=$(dirname "$FILE" 2>&1) - - ################################## - # Check if from the tests folder # - ################################## - if [[ $FILE_DIR == **".automation/test"** ]]; then - ################################ - # Its a test, we can delete it # - ################################ - REMOVE_FILE_CMD=$( - cd "${GITHUB_WORKSPACE}" || exit 1 - sudo rm -f "$FILE" 2>&1 - ) - - CheckShellErrors "ERROR! failed to remove file:[${FILE}]!" "ERROR:[${REMOVE_FILE_CMD[*]}]" - fi - done -} -################################################################################ -#### Function CleanTestDockerFiles ############################################# -CleanTestDockerFiles() { - info "-------------------------------------------------------" - info "Finding all tests that are supposed to fail for Docker... and removing them..." - - ################## - # Find the files # - ################## - mapfile -t FIND_CMD < <( - cd "${GITHUB_WORKSPACE}" || exit 1 - find "${GITHUB_WORKSPACE}" -type f -name "*Dockerfile" -o -name "*.dockerignore" 2>&1 - ) - - CheckShellErrors "ERROR! failed to get list of all file for Docker!" "ERROR:[${FIND_CMD[*]}]" - - ############################################################ - # Get the directory and validate it came from tests folder # - ############################################################ - for FILE in "${FIND_CMD[@]}"; do - ##################### - # Get the directory # - ##################### - FILE_DIR=$(dirname "$FILE" 2>&1) - - ################################## - # Check if from the tests folder # - ################################## - if [[ $FILE_DIR != **".automation/test/docker/good"** ]]; then - ################################ - # Its a test, we can delete it # - ################################ - REMOVE_FILE_CMD=$( - cd "${GITHUB_WORKSPACE}" || exit 1 - sudo rm -f "$FILE" 2>&1 - ) - - CheckShellErrors "ERROR! failed to remove file:[${FILE}]!" "ERROR:[${REMOVE_FILE_CMD[*]}]" - fi - done -} -################################################################################ -#### Function CleanSHAFolder ################################################### -CleanSHAFolder() { - info "-------------------------------------------------------" - info "Cleaning folder named:[${GITHUB_SHA}] if it exists" - - ################## - # Find the files # - ################## - REMOVE_CMD=$( - cd "${GITHUB_WORKSPACE}" || exit 1 - sudo rm -rf "${GITHUB_SHA}" 2>&1 - ) - - CheckShellErrors "ERROR! Failed to remove folder:[${GITHUB_SHA}]!" "ERROR:[${REMOVE_CMD}]" -} -################################################################################ -#### Function CleanPowershell ################################################## -CleanPowershell() { - # Need to remove the .psd1 templates as they are formally parsed, - # and will fail with missing modules - - info "-------------------------------------------------------" - info "Finding powershell template files... and removing them..." - - ################## - # Find the files # - ################## - mapfile -t FIND_CMD < <( - cd "${GITHUB_WORKSPACE}" || exit 1 - find "${GITHUB_WORKSPACE}" -type f -name "*.psd1" 2>&1 - ) - - CheckShellErrors "ERROR! failed to get list of all file for *.psd1!" "ERROR:[${FIND_CMD[*]}]" - - ############################################################ - # Get the directory and validate it came from tests folder # - ############################################################ - for FILE in "${FIND_CMD[@]}"; do - ##################### - # Get the directory # - ##################### - FILE_DIR=$(dirname "$FILE" 2>&1) - - ################################## - # Check if from the tests folder # - ################################## - if [[ $FILE_DIR == **"TEMPLATES"** ]]; then - ################################ - # Its a test, we can delete it # - ################################ - REMOVE_FILE_CMD=$( - cd "${GITHUB_WORKSPACE}" || exit 1 - sudo rm -f "$FILE" 2>&1 - ) - - CheckShellErrors "ERROR! failed to remove file:[${FILE}]!" "ERROR:[${REMOVE_FILE_CMD[*]}]" - fi - done -} -################################################################################ -################################## MAIN ######################################## -################################################################################ - -########## -# Header # -########## -Header - -#################### -# Clean test files # -#################### -CleanTestFiles - -############################### -# Clean the test docker files # -############################### -CleanTestDockerFiles - -############################### -# Remove sha folder if exists # -############################### -CleanSHAFolder - -############################## -# Clean Powershell templates # -############################## -CleanPowershell diff --git a/.automation/cleanup-docker.sh b/.automation/cleanup-docker.sh deleted file mode 100755 index 24761d4f..00000000 --- a/.automation/cleanup-docker.sh +++ /dev/null @@ -1,248 +0,0 @@ -#!/usr/bin/env bash - -################################################################################ -############# Cleanup Image on DockerHub @admiralawkbar ######################## -################################################################################ - -# NOTES: This script is used to remove a tagged image on DockerHub -# Its based on being built from a GitHub Action, but could be easily updated -# To be ran in a different medium. -# -# PRE-Requirements: -# - Dockerfile -# - System with Docker installed -# - Global variables met - -########### -# Globals # -########### -((LOG_TRACE = LOG_DEBUG = LOG_VERBOSE = LOG_NOTICE = LOG_WARN = LOG_ERROR = "true")) # Enable all loging -export LOG_TRACE LOG_DEBUG LOG_VERBOSE LOG_NOTICE LOG_WARN LOG_ERROR - -######################### -# Source Function Files # -######################### -# shellcheck source=/dev/null -source "${GITHUB_WORKSPACE}/lib/functions/log.sh" # Source the function script(s) - -################################################################################ -############################ FUNCTIONS BELOW ################################### -################################################################################ -################################################################################ -#### Function Header ########################################################### -Header() { - info "-------------------------------------------------------" - info "----- GitHub Actions remove image from DockerHub ------" - info "-------------------------------------------------------" -} -################################################################################ -#### Function ValidateInput #################################################### -ValidateInput() { - # Need to validate we have the basic variables - ################ - # Print header # - ################ - info "----------------------------------------------" - info "Gathering variables..." - info "----------------------------------------------" - - ############################ - # Validate GITHUB_WORKSPACE # - ############################ - if [ -z "${GITHUB_WORKSPACE}" ]; then - error "Failed to get [GITHUB_WORKSPACE]!" - fatal "[${GITHUB_WORKSPACE}]" - else - info "Successfully found:[GITHUB_WORKSPACE], value:[${GITHUB_WORKSPACE}]" - fi - - ####################### - # Validate IMAGE_REPO # - ####################### - if [ -z "${IMAGE_REPO}" ]; then - # No repo was pulled - error "Failed to get [IMAGE_REPO]!" - fatal "[${IMAGE_REPO}]" - elif [[ ${IMAGE_REPO} == "super-linter/super-linter" ]]; then - # Found our main repo - info "Successfully found:[IMAGE_REPO], value:[${IMAGE_REPO}]" - else - # This is a fork and we cant pull vars or any info - warn "No image to cleanup as this is a forked branch, and not being built with current automation!" - exit 0 - fi - - ########################## - # Validate IMAGE_VERSION # - ########################## - if [ -z "${IMAGE_VERSION}" ]; then - error "Failed to get [IMAGE_VERSION]!" - fatal "[${IMAGE_VERSION}]" - else - info "Successfully found:[IMAGE_VERSION], value:[${IMAGE_VERSION}]" - fi - - ############################ - # Validate DOCKER_USERNAME # - ############################ - if [ -z "${DOCKER_USERNAME}" ]; then - error "Failed to get [DOCKER_USERNAME]!" - fatal "[${DOCKER_USERNAME}]" - else - info "Successfully found:[DOCKER_USERNAME], value:[${DOCKER_USERNAME}]" - fi - - ############################ - # Validate DOCKER_PASSWORD # - ############################ - if [ -z "${DOCKER_PASSWORD}" ]; then - error "Failed to get [DOCKER_PASSWORD]!" - fatal "[${DOCKER_PASSWORD}]" - else - info "Successfully found:[DOCKER_PASSWORD], value:[********]" - fi - - ################################################## - # Check if we need to get the name of the branch # - ################################################## - if [[ ${IMAGE_VERSION} != "latest" ]]; then - ################################## - # Remove non alpha-numeric chars # - ################################## - IMAGE_VERSION=$(echo "${IMAGE_VERSION}" | tr -cd '[:alnum:]') - else - ############################################# - # Image is 'latest' and we will not destroy # - ############################################# - error "Image Tag is set to:[latest]..." - error "We will never destroy latest..." - fatal "Bye!" - fi -} -################################################################################ -#### Function LoginToDocker #################################################### -LoginToDocker() { - ################ - # Print header # - ################ - info "----------------------------------------------" - info "Login to DockerHub..." - info "----------------------------------------------" - - ###################### - # Login to DockerHub # - ###################### - LOGIN_CMD=$(docker login --username "${DOCKER_USERNAME}" --password "${DOCKER_PASSWORD}" 2>&1) - - ####################### - # Load the error code # - ####################### - ERROR_CODE=$? - - ############################## - # Check the shell for errors # - ############################## - if [ ${ERROR_CODE} -ne 0 ]; then - # ERROR - error "Failed to authenticate to DockerHub!" - fatal "[${LOGIN_CMD}]" - else - # SUCCESS - info "Successfully authenticated to DockerHub!" - fi -} -################################################################################ -#### Function RemoveImage ###################################################### -RemoveImage() { - ################ - # Print header # - ################ - info "----------------------------------------------" - info "Removing the DockerFile image:[${IMAGE_REPO}:${IMAGE_VERSION}]" - info "----------------------------------------------" - - ##################################### - # Create Token to auth to DockerHub # - ##################################### - TOKEN=$(curl -s -k \ - -H "Content-Type: application/json" \ - -X POST \ - -d "{\"username\": \"${DOCKER_USERNAME}\", \"password\": \"${DOCKER_PASSWORD}\"}" \ - "https://hub.docker.com/v2/users/login/" | jq -r .token 2>&1) - - ####################### - # Load the ERROR_CODE # - ####################### - ERROR_CODE=$? - - ############################## - # Check the shell for errors # - ############################## - if [ ${ERROR_CODE} -ne 0 ]; then - # ERROR - error "Failed to gain token from DockerHub!" - fatal "[${TOKEN}]" - else - # SUCCESS - info "Successfully gained auth token from DockerHub!" - fi - - ################################# - # Remove the tag from DockerHub # - ################################# - REMOVE_CMD=$(curl "https://hub.docker.com/v2/repositories/${IMAGE_REPO}/tags/${IMAGE_VERSION}/" \ - -X DELETE \ - -H "Authorization: JWT ${TOKEN}" 2>&1) - - ####################### - # Load the ERROR_CODE # - ####################### - ERROR_CODE=$? - - ############################## - # Check the shell for errors # - ############################## - if [ ${ERROR_CODE} -ne 0 ]; then - # ERROR - error "Failed to remove tag from DockerHub!" - fatal "[${REMOVE_CMD}]" - else - # SUCCESS - info "Successfully [removed] Docker image tag:[${IMAGE_VERSION}] from DockerHub!" - fi -} -################################################################################ -#### Function Footer ########################################################### -Footer() { - info "-------------------------------------------------------" - info "The step has completed" - info "-------------------------------------------------------" -} -################################################################################ -################################## MAIN ######################################## -################################################################################ - -########## -# Header # -########## -Header - -################## -# Validate Input # -################## -ValidateInput - -###################### -# Login to DockerHub # -###################### -LoginToDocker - -#################### -# Remove the image # -#################### -RemoveImage - -########## -# Footer # -########## -Footer diff --git a/.automation/upload-docker.sh b/.automation/upload-docker.sh deleted file mode 100755 index fcd47bda..00000000 --- a/.automation/upload-docker.sh +++ /dev/null @@ -1,643 +0,0 @@ -#!/usr/bin/env bash - -################################################################################ -############# Deploy Container to DockerHub @admiralawkbar ##################### -################################################################################ - -# NOTES: This script is used to upload a Dockerfile to DockerHub -# under the GitHub organization -# Its based on being built from a GitHub Action, but could be easily updated -# To be ran in a different medium. -# -# PRE-Requirements: -# - Dockerfile -# - System with Docker installed -# - Global variables met - -########### -# Globals # -########### -# GITHUB_WORKSPACE="${GITHUB_WORKSPACE}" # GitHub Workspace -# GITHUB_REPOSITORY="${GITHUB_REPOSITORY}" # GitHub Org/Repo passed from system -# DOCKER_USERNAME="${DOCKER_USERNAME}" # Username to login to DockerHub -# DOCKER_PASSWORD="${DOCKER_PASSWORD}" # Password to login to DockerHub -# GCR_USERNAME="${GCR_USERNAME}" # Username to login to GitHub package registry -# GCR_TOKEN="${GCR_TOKEN}" # Password to login to GitHub package registry -# REGISTRY="${REGISTRY}" # What registry to upload | or -# IMAGE_REPO="${IMAGE_REPO}" # Image repo to upload the image -# IMAGE_VERSION="${IMAGE_VERSION}" # Version to tag the image -# DOCKERFILE_PATH="${DOCKERFILE_PATH}" # Path to the Dockerfile to be uploaded -MAJOR_TAG='' # Major tag version if we need to update it -UPDATE_MAJOR_TAG=0 # Flag to deploy the major tag version as well -GCR_URL='ghcr.io' # URL to Github Container Registry -DOCKER_IMAGE_REPO='' # Docker tag for the image when created -GCR_IMAGE_REPO='' # Docker tag for the image when created -FOUND_IMAGE=0 # Flag for if the image has already been built -CONTAINER_URL='' # Final URL to upload - -########################################################### -# Dynamic build variables to pass to container when built # -########################################################### -BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') # Current build date EX> "2017-08-28T09:24:41Z" -BUILD_REVISION=$(git rev-parse --short HEAD) # Current git commit EX> "e89faa7" -BUILD_VERSION='' # Current version of the container being built -((LOG_TRACE = LOG_DEBUG = LOG_VERBOSE = LOG_NOTICE = LOG_WARN = LOG_ERROR = "true")) # Enable all loging -export LOG_TRACE LOG_DEBUG LOG_VERBOSE LOG_NOTICE LOG_WARN LOG_ERROR - -######################### -# Source Function Files # -######################### -# shellcheck source=/dev/null -source "${GITHUB_WORKSPACE}/lib/functions/log.sh" # Source the function script(s) - -################################################################################ -############################ FUNCTIONS BELOW ################################### -################################################################################ -################################################################################ -#### Function Header ########################################################### -Header() { - info "-------------------------------------------------------" - info "---- GitHub Actions Upload image to [${REGISTRY}] ----" - info "-------------------------------------------------------" -} -################################################################################ -#### Function ValidateInput #################################################### -ValidateInput() { - # Need to validate we have the basic variables - ################ - # Print header # - ################ - info "----------------------------------------------" - info "Gathering variables..." - info "----------------------------------------------" - - ############################# - # Validate GITHUB_WORKSPACE # - ############################# - if [ -z "${GITHUB_WORKSPACE}" ]; then - error "Failed to get [GITHUB_WORKSPACE]!" - fatal "[${GITHUB_WORKSPACE}]" - else - info "Successfully found:${F[W]}[GITHUB_WORKSPACE]${F[B]}, value:${F[W]}[${GITHUB_WORKSPACE}]" - fi - - ##################### - # Validate REGISTRY # - ##################### - if [ -z "${REGISTRY}" ]; then - error "Failed to get [REGISTRY]!" - fatal "[${REGISTRY}]" - else - info "Successfully found:${F[W]}[REGISTRY]${F[B]}, value:${F[W]}[${REGISTRY}]" - fi - - ##################################################### - # See if we need values for GitHub package Registry # - ##################################################### - if [[ ${REGISTRY} == "GCR" ]]; then - ######################### - # Validate GCR_USERNAME # - ######################### - if [ -z "${GCR_USERNAME}" ]; then - error "Failed to get [GCR_USERNAME]!" - fatal "[${GCR_USERNAME}]" - else - info "Successfully found:${F[W]}[GCR_USERNAME]${F[B]}, value:${F[W]}[${GCR_USERNAME}]" - fi - - ###################### - # Validate GCR_TOKEN # - ###################### - if [ -z "${GCR_TOKEN}" ]; then - error "Failed to get [GCR_TOKEN]!" - fatal "[${GCR_TOKEN}]" - else - info "Successfully found:${F[W]}[GCR_TOKEN]${F[B]}, value:${F[W]}[********]" - fi - ######################################## - # See if we need values for Ducker hub # - ######################################## - elif [[ ${REGISTRY} == "Docker" ]]; then - ############################ - # Validate DOCKER_USERNAME # - ############################ - if [ -z "${DOCKER_USERNAME}" ]; then - error "Failed to get [DOCKER_USERNAME]!" - fatal "[${DOCKER_USERNAME}]" - else - info "Successfully found:${F[W]}[DOCKER_USERNAME]${F[B]}, value:${F[W]}[${DOCKER_USERNAME}]" - fi - - ############################ - # Validate DOCKER_PASSWORD # - ############################ - if [ -z "${DOCKER_PASSWORD}" ]; then - error "Failed to get [DOCKER_PASSWORD]!" - fatal "[${DOCKER_PASSWORD}]" - else - info "Successfully found:${F[W]}[DOCKER_PASSWORD]${F[B]}, value:${F[B]}[********]" - fi - ########################################### - # We were not passed a registry to update # - ########################################### - else - error "Failed to find a valid registry!" - fatal "Registry:[${REGISTRY}]" - fi - - ####################### - # Validate IMAGE_REPO # - ####################### - if [ -z "${IMAGE_REPO}" ]; then - error "Failed to get [IMAGE_REPO]!" - fatal "[${IMAGE_REPO}]" - else - info "Successfully found:${F[W]}[IMAGE_REPO]${F[B]}, value:${F[W]}[${IMAGE_REPO}]" - # Set the docker Image repo and GCR image repo - DOCKER_IMAGE_REPO="${IMAGE_REPO}" - GCR_IMAGE_REPO="${GCR_URL}/${IMAGE_REPO}" - ######################### - # Set the container URL # - ######################### - if [[ ${REGISTRY} == "Docker" ]]; then - CONTAINER_URL="${DOCKER_IMAGE_REPO}" - elif [[ ${REGISTRY} == "GCR" ]]; then - CONTAINER_URL="${GCR_IMAGE_REPO}" - fi - fi - - ########################## - # Validate IMAGE_VERSION # - ########################## - if [ -z "${IMAGE_VERSION}" ]; then - warn "Failed to get [IMAGE_VERSION]!" - info "Pulling from Branch Name..." - ############################## - # Get the name of the branch # - ############################## - BRANCH_NAME=$(git -C "${GITHUB_WORKSPACE}" branch --contains "${GITHUB_SHA}" | awk '{print $2}' 2>&1) - - ####################### - # Load the error code # - ####################### - ERROR_CODE=$? - - ############################## - # Check the shell for errors # - ############################## - if [ ${ERROR_CODE} -ne 0 ]; then - error "Failed to get branch name!" - fatal "[${BRANCH_NAME}]" - fi - - ################################## - # Remove non alpha-numeric chars # - ################################## - BRANCH_NAME=$(echo "${BRANCH_NAME}" | tr -cd '[:alnum:]') - - ############################################ - # Set the IMAGE_VERSION to the BRANCH_NAME # - ############################################ - IMAGE_VERSION="${BRANCH_NAME}" - BUILD_VERSION="${IMAGE_VERSION}" - info "Tag:[${IMAGE_VERSION}]" - else - info "Successfully found:${F[W]}[IMAGE_VERSION]${F[B]}, value:${F[W]}[${IMAGE_VERSION}]" - ######################### - # Set the build version # - ######################### - BUILD_VERSION="${IMAGE_VERSION}" - fi - - ################################## - # Set regex for getting tag info # - ################################## - REGEX='(v[0-9]+\.[0-9]+\.[0-9]+)' # Matches 'v1.2.3' - - ###################################################################### - # Check if this is a latest to a versioned release at create new tag # - ###################################################################### - if [[ ${IMAGE_VERSION} =~ ${REGEX} ]]; then - # Need to get the major version, and set flag to update - - ##################### - # Set the major tag # - ##################### - MAJOR_TAG=$(echo "${IMAGE_VERSION}" | cut -d '.' -f1) - - ################################### - # Set flag for updating major tag # - ################################### - UPDATE_MAJOR_TAG=1 - - info "- Also deploying a major tag of:[${MAJOR_TAG}]" - fi - - ############################ - # Validate DOCKERFILE_PATH # - ############################ - if [ -z "${DOCKERFILE_PATH}" ]; then - error "Failed to get [DOCKERFILE_PATH]!" - fatal "[${DOCKERFILE_PATH}]" - else - info "Successfully found:${F[W]}[DOCKERFILE_PATH]${F[B]}, value:${F[W]}[${DOCKERFILE_PATH}]" - fi -} -################################################################################ -#### Function Authenticate ##################################################### -Authenticate() { - ################ - # Pull in Vars # - ################ - USERNAME="${1}" # Name to auth with - PASSWORD="${2}" # Password to auth with - URL="${3}" # Url to auth towards - NAME="${4}" # name of the service - - ################ - # Print header # - ################ - info "----------------------------------------------" - info "Login to ${NAME}..." - info "----------------------------------------------" - - ################### - # Auth to service # - ################### - LOGIN_CMD=$(docker login "${URL}" --username "${USERNAME}" --password "${PASSWORD}" 2>&1) - - ####################### - # Load the error code # - ####################### - ERROR_CODE=$? - - ############################## - # Check the shell for errors # - ############################## - if [ ${ERROR_CODE} -ne 0 ]; then - # ERROR - error "Failed to authenticate to ${NAME}!" - fatal "[${LOGIN_CMD}]" - else - # SUCCESS - info "Successfully authenticated to ${F[C]}${NAME}${F[B]}!" - fi -} -################################################################################ -#### Function BuildImage ####################################################### -BuildImage() { - ################ - # Print header # - ################ - info "----------------------------------------------" - info "Building the Dockerfile image..." - info "----------------------------------------------" - - ################################ - # Validate the DOCKERFILE_PATH # - ################################ - if [ ! -f "${DOCKERFILE_PATH}" ]; then - # No file found - error "failed to find Dockerfile at:[${DOCKERFILE_PATH}]" - error "Please make sure you give full path!" - fatal "Example:[/configs/Dockerfile] or [Dockerfile] if at root directory" - fi - - ################### - # Build the image # - ################### - docker build --no-cache --build-arg "BUILD_DATE=${BUILD_DATE}" --build-arg "BUILD_REVISION=${BUILD_REVISION}" --build-arg "BUILD_VERSION=${BUILD_VERSION}" -t "${CONTAINER_URL}:${IMAGE_VERSION}" -f "${DOCKERFILE_PATH}" . 2>&1 - - ####################### - # Load the error code # - ####################### - ERROR_CODE=$? - - ############################## - # Check the shell for errors # - ############################## - if [ ${ERROR_CODE} -ne 0 ]; then - # ERROR - fatal "failed to [build] Dockerfile!" - else - # SUCCESS - info "Successfully Built image!" - fi - - ######################################################## - # Need to see if we need to tag a major update as well # - ######################################################## - if [ ${UPDATE_MAJOR_TAG} -eq 1 ]; then - # Tag the image with the major tag as well - docker build --build-arg "BUILD_DATE=${BUILD_DATE}" --build-arg "BUILD_REVISION=${BUILD_REVISION}" --build-arg "BUILD_VERSION=${MAJOR_TAG}" -t "${CONTAINER_URL}:${MAJOR_TAG}" -f "${DOCKERFILE_PATH}" . 2>&1 - - ####################### - # Load the error code # - ####################### - ERROR_CODE=$? - - ############################## - # Check the shell for errors # - ############################## - if [ ${ERROR_CODE} -ne 0 ]; then - # ERROR - fatal "failed to [tag] Dockerfile!" - else - # SUCCESS - info "Successfully tagged image!" - fi - fi - - ######################### - # Set var to be updated # - ######################### - ADDITONAL_URL='' - - #################################### - # Set the additional container URL # - #################################### - if [[ ${REGISTRY} == "Docker" ]]; then - ADDITONAL_URL="${GCR_IMAGE_REPO}" - elif [[ ${REGISTRY} == "GCR" ]]; then - ADDITONAL_URL="${DOCKER_IMAGE_REPO}" - fi - - ################### - # Build the image # - ################### - docker build --build-arg "BUILD_DATE=${BUILD_DATE}" --build-arg "BUILD_REVISION=${BUILD_REVISION}" --build-arg "BUILD_VERSION=${BUILD_VERSION}" -t "${ADDITONAL_URL}:${IMAGE_VERSION}" -f "${DOCKERFILE_PATH}" . 2>&1 - - ####################### - # Load the error code # - ####################### - ERROR_CODE=$? - - ############################## - # Check the shell for errors # - ############################## - if [ ${ERROR_CODE} -ne 0 ]; then - # ERROR - fatal "failed to [tag] Version:[${IMAGE_VERSION}] Additonal location Dockerfile!" - else - # SUCCESS - info "Successfull [tag] Version:[${IMAGE_VERSION}] of additonal image!" - fi - - ######################################################## - # Need to see if we need to tag a major update as well # - ######################################################## - if [ ${UPDATE_MAJOR_TAG} -eq 1 ]; then - ################### - # Build the image # - ################### - docker build --build-arg "BUILD_DATE=${BUILD_DATE}" --build-arg "BUILD_REVISION=${BUILD_REVISION}" --build-arg "BUILD_VERSION=${MAJOR_TAG}" -t "${ADDITONAL_URL}:${MAJOR_TAG}" -f "${DOCKERFILE_PATH}" . 2>&1 - - ####################### - # Load the error code # - ####################### - ERROR_CODE=$? - - ############################## - # Check the shell for errors # - ############################## - if [ ${ERROR_CODE} -ne 0 ]; then - # ERROR - fatal "failed to [tag] Version:[${MAJOR_TAG}]Additonal location Dockerfile!" - else - # SUCCESS - info "Successfull [tag] Version:[${MAJOR_TAG}] of additonal image!" - fi - fi -} -################################################################################ -#### Function UploadImage ###################################################### -UploadImage() { - ################ - # Print header # - ################ - info "----------------------------------------------" - info "Uploading the DockerFile image to ${REGISTRY}..." - info "----------------------------------------------" - - ############################################ - # Upload the docker image that was created # - ############################################ - docker push "${CONTAINER_URL}:${IMAGE_VERSION}" 2>&1 - - ####################### - # Load the error code # - ####################### - ERROR_CODE=$? - - ############################## - # Check the shell for errors # - ############################## - if [ ${ERROR_CODE} -ne 0 ]; then - # ERROR - fatal "failed to [upload] Dockerfile!" - else - # SUCCESS - info "Successfully Uploaded Docker image:${F[W]}[${IMAGE_VERSION}]${F[B]} to ${F[C]}${REGISTRY}${F[B]}!" - fi - - ######################### - # Get Image information # - ######################### - IFS=$'\n' # Set the delimit to newline - GET_INFO_CMD=$(docker images | grep "${CONTAINER_URL}" | grep "${IMAGE_VERSION}" 2>&1) - - ####################### - # Load the error code # - ####################### - ERROR_CODE=$? - - ############################## - # Check the shell for errors # - ############################## - if [ ${ERROR_CODE} -ne 0 ]; then - # ERROR - error "Failed to get information about built Image!" - fatal "[${GET_INFO_CMD}]" - else - ################ - # Get the data # - ################ - REPO=$(echo "${GET_INFO_CMD}" | awk '{print $1}') - TAG=$(echo "${GET_INFO_CMD}" | awk '{print $2}') - IMAGE_ID=$(echo "${GET_INFO_CMD}" | awk '{print $3}') - SIZE="${GET_INFO_CMD##* }" - - ################### - # Print the goods # - ################### - info "----------------------------------------------" - info "Docker Image Details:" - info "Repository:[${REPO}]" - info "Tag:[${TAG}]" - info "Image_ID:[${IMAGE_ID}]" - info "Size:[${SIZE}]" - info "----------------------------------------------" - fi - - ############################################################### - # Check if we need to upload the major tagged version as well # - ############################################################### - if [ ${UPDATE_MAJOR_TAG} -eq 1 ]; then - ############################################ - # Upload the docker image that was created # - ############################################ - docker push "${CONTAINER_URL}:${MAJOR_TAG}" 2>&1 - - ####################### - # Load the error code # - ####################### - ERROR_CODE=$? - - ############################## - # Check the shell for errors # - ############################## - if [ ${ERROR_CODE} -ne 0 ]; then - # ERROR - fatal "failed to [upload] MAJOR_TAG:[${MAJOR_TAG}] Dockerfile!" - else - # SUCCESS - info "Successfully Uploaded TAG:${F[W]}[${MAJOR_TAG}]${F[B]} of Docker image to ${F[C]}${REGISTRY}${F[B]}!" - fi - fi -} -################################################################################ -#### Function FindBuiltImage ################################################### -FindBuiltImage() { - # Check the local system to see if an image has already been built - # if so, we only need to update tags and push - # Set FOUND_IMAGE=1 when found - - ############## - # Local vars # - ############## - CHECK_IMAGE_REPO='' # Repo to look for - - #################################### - # Set the additional container URL # - #################################### - if [[ ${REGISTRY} == "GCR" ]]; then - CHECK_IMAGE_REPO="${GCR_IMAGE_REPO}" - elif [[ ${REGISTRY} == "Docker" ]]; then - CHECK_IMAGE_REPO="${DOCKER_IMAGE_REPO}" - fi - - ####################################### - # Look for Release image in DockerHub # - ####################################### - FIND_VERSION_CMD=$(docker images | grep "${CHECK_IMAGE_REPO}" | grep "${IMAGE_VERSION}" 2>&1) - - ####################### - # Load the error code # - ####################### - ERROR_CODE=$? - - ############################## - # Check the shell for errors # - ############################## - if [ $ERROR_CODE -ne 0 ]; then - info "Found ${REGISTRY} image:[${CHECK_IMAGE_REPO}:${IMAGE_VERSION}] already built on instance" - # Increment flag - FOUND_RELASE=1 - else - info "Failed to find locally created Docker image:[${CHECK_IMAGE_REPO}]" - info "${FIND_VERSION_CMD}" - fi - - ##################################### - # Look for Major image in DockerHub # - ##################################### - FIND_MAJOR_CMD=$(docker images | grep "${CHECK_IMAGE_REPO}" | grep "${MAJOR_TAG}" 2>&1) - - ####################### - # Load the error code # - ####################### - ERROR_CODE=$? - - ############################## - # Check the shell for errors # - ############################## - if [ $ERROR_CODE -ne 0 ]; then - info "Found ${REGISTRY} image:[${CHECK_IMAGE_REPO}:${MAJOR_TAG}] already built on instance" - # Increment flag - FOUND_MAJOR=1 - else - info "Failed to find locally created Docker image:[${FIND_MAJOR_CMD}]" - info "${FIND_MAJOR_CMD}" - fi - - ############################### - # Check if we found the image # - ############################### - if [ "${FOUND_MAJOR}" -eq 1 ] && [ "${FOUND_RELASE}" -eq 1 ]; then - FOUND_IMAGE=1 - fi -} -################################################################################ -#### Function Footer ########################################################### -Footer() { - info "-------------------------------------------------------" - info "The step has completed" - info "-------------------------------------------------------" -} -################################################################################ -################################## MAIN ######################################## -################################################################################ - -########## -# Header # -########## -Header - -################## -# Validate Input # -################## -ValidateInput - -############################### -# Find Image if already built # -############################### -FindBuiltImage - -################### -# Build the image # -################### -if [ "$FOUND_IMAGE" -ne 0 ]; then - BuildImage -fi - -###################### -# Login to DockerHub # -###################### -if [[ ${REGISTRY} == "Docker" ]]; then - # Authenticate "Username" "Password" "Url" "Name" - Authenticate "${DOCKER_USERNAME}" "${DOCKER_PASSWORD}" "" "Dockerhub" - -###################################### -# Login to GitHub Container Registry # -###################################### -elif [[ ${REGISTRY} == "GCR" ]]; then - # Authenticate "Username" "Password" "Url" "Name" - Authenticate "${GCR_USERNAME}" "${GCR_TOKEN}" "https://${GCR_URL}" "GitHub Container Registry" - -else - ######### - # ERROR # - ######### - error "Registry not set correctly!" - fatal "Registry:[${REGISTRY}]" -fi - -#################### -# Upload the image # -#################### -UploadImage - -########## -# Footer # -########## -Footer diff --git a/.automation/validate-docker-labels.sh b/.automation/validate-docker-labels.sh deleted file mode 100755 index 745583bf..00000000 --- a/.automation/validate-docker-labels.sh +++ /dev/null @@ -1,114 +0,0 @@ -#!/usr/bin/env bash - -################################################################################ -############# Clean all code base for additonal testing @admiralawkbar ######### -################################################################################ - -########### -# Globals # -########### -IMAGE="${1}" # Image of the super-linter we build -BUILD_REVISION="${GITHUB_SHA}" # GitHub Sha -BUILD_VERSION="${GITHUB_SHA}" # Version of the container -ORG_REPO="super-linter/super-linter" # Org/repo -REGISTRY='ghcr.io' # Docker Registry -((LOG_TRACE = LOG_DEBUG = LOG_VERBOSE = LOG_NOTICE = LOG_WARN = LOG_ERROR = "true")) # Enable all loging -ERROR=0 # Error count -export LOG_TRACE LOG_DEBUG LOG_VERBOSE LOG_NOTICE LOG_WARN LOG_ERROR - -######################### -# Source Function Files # -######################### -# shellcheck source=/dev/null -source "${GITHUB_WORKSPACE}/lib/functions/log.sh" # Source the function script(s) - -################################################################################ -############################ FUNCTIONS BELOW ################################### -################################################################################ -################################################################################ -#### Function Header ########################################################### -Header() { - info "--------------------------------------------------" - info "----- GitHub Actions validate docker labels ------" - info "--------------------------------------------------" - - ################################## - # Print info on local containers # - ################################## - info "--------------------------------------------------" - info "Containers found locally:" - docker images - info "--------------------------------------------------" - -} -################################################################################ -#### Function ValidateLabel #################################################### -ValidateLabel() { - ############## - # Grab input # - ############## - CONTAINER_KEY="$1" # Example: org.opencontainers.image.created - CONTAINER_VALUE="$2" # Example: 1985-04-12T23:20:50.52Z - - ######################## - # Get the docker label # - ######################## - LABEL='' - if [[ "${IMAGE}" == "slim" ]]; then - LABEL=$(docker inspect --format "{{ index .Config.Labels \"${CONTAINER_KEY}\" }}" "${REGISTRY}/${ORG_REPO}:slim-${GITHUB_SHA}") - else - LABEL=$(docker inspect --format "{{ index .Config.Labels \"${CONTAINER_KEY}\" }}" "${REGISTRY}/${ORG_REPO}:${GITHUB_SHA}") - fi - - ################### - # Check the value # - ################### - if [[ ${LABEL} != "${CONTAINER_VALUE}" ]]; then - error "Assert failed [${CONTAINER_KEY} - '${LABEL}' != '${CONTAINER_VALUE}']" - ERROR=1 - else - info "Assert passed [${CONTAINER_KEY}]" - fi -} -################################################################################ -#### Function Footer ########################################################### -Footer() { - ##################################### - # Check if any errors were reported # - ##################################### - if [[ ${ERROR} -gt 0 ]]; then - fatal "There were some failed assertions. See above" - else - info "-------------------------------------------------------" - info "The step has completed" - info "-------------------------------------------------------" - fi -} -################################################################################ -################################## MAIN ######################################## -################################################################################ - -########## -# Header # -########## -Header - -#################### -# Validate created # -#################### -ValidateLabel "org.opencontainers.image.created" "${BUILD_DATE}" - -##################### -# Validate revision # -##################### -ValidateLabel "org.opencontainers.image.revision" "${BUILD_REVISION}" - -#################### -# Validate version # -#################### -ValidateLabel "org.opencontainers.image.version" "${BUILD_VERSION}" - -################# -# Report status # -################# -Footer diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 778c0312..6464c1ed 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -32,17 +32,46 @@ jobs: CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest" CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}" steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Set build metadata + run: | + if [[ ${{ github.event_name }} == 'push' ]] || [[ ${{ github.event_name }} == 'merge_group' ]]; then + BUILD_REVISION=${{ github.sha }} + BUILD_VERSION=${{ github.sha }} + elif [[ ${{ github.event_name }} == 'pull_request' ]]; then + BUILD_REVISION=${{ github.event.pull_request.head.sha }} + BUILD_VERSION=${{ github.event.pull_request.head.sha }} + else + echo "[ERROR] Event not supported when setting build revision and build version" + exit 1 + fi + + if [ -z "${BUILD_REVISION}" ]; then + echo "[ERROR] BUILD_REVISION is empty" + exit 1 + fi + + if [ -z "${BUILD_VERSION}" ]; then + echo "[ERROR] BUILD_VERSION is empty" + exit 1 + fi + + { + echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" + echo "BUILD_REVISION=${BUILD_REVISION}" + echo "BUILD_VERSION=${BUILD_VERSION}" + } >> "${GITHUB_ENV}" + - name: Free Disk space shell: bash run: | sudo rm -rf /usr/local/lib/android sudo rm -rf /usr/share/dotnet - - name: Checkout Code - uses: actions/checkout@v4 - - - name: Retrieve Datetime - run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> "${GITHUB_ENV}" + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - name: Build Image uses: docker/build-push-action@v5 @@ -51,8 +80,8 @@ jobs: file: ./Dockerfile build-args: | BUILD_DATE=${{ env.BUILD_DATE }} - BUILD_REVISION=${{ github.sha }} - BUILD_VERSION=${{ github.sha }} + BUILD_REVISION=${{ env.BUILD_REVISION }} + BUILD_VERSION=${{ env.BUILD_VERSION }} load: true push: false secrets: | @@ -110,8 +139,8 @@ jobs: file: ./Dockerfile build-args: | BUILD_DATE=${{ env.BUILD_DATE }} - BUILD_REVISION=${{ github.sha }} - BUILD_VERSION=${{ github.sha }} + BUILD_REVISION=${{ env.BUILD_REVISION }} + BUILD_VERSION=${{ env.BUILD_VERSION }} load: false push: true secrets: | diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4b3f86ac..5823e427 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,12 +27,6 @@ jobs: CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest" CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}" steps: - - name: Free Disk space - shell: bash - run: | - sudo rm -rf /usr/local/lib/android - sudo rm -rf /usr/share/dotnet - - name: Checkout Code uses: actions/checkout@v4 with: @@ -45,8 +39,43 @@ jobs: echo "Action file contents:" cat action.yml - - name: Retrieve Datetime - run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> "${GITHUB_ENV}" + - name: Set build metadata + run: | + if [[ ${{ github.event_name }} == 'push' ]] || [[ ${{ github.event_name }} == 'merge_group' ]]; then + BUILD_REVISION=${{ github.sha }} + BUILD_VERSION=${{ github.sha }} + elif [[ ${{ github.event_name }} == 'pull_request' ]]; then + BUILD_REVISION=${{ github.event.pull_request.head.sha }} + BUILD_VERSION=${{ github.event.pull_request.head.sha }} + else + echo "[ERROR] Event not supported when setting build revision and build version" + exit 1 + fi + + if [ -z "${BUILD_REVISION}" ]; then + echo "[ERROR] BUILD_REVISION is empty" + exit 1 + fi + + if [ -z "${BUILD_VERSION}" ]; then + echo "[ERROR] BUILD_VERSION is empty" + exit 1 + fi + + { + echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" + echo "BUILD_REVISION=${BUILD_REVISION}" + echo "BUILD_VERSION=${BUILD_VERSION}" + } >> "${GITHUB_ENV}" + + - name: Free Disk space + shell: bash + run: | + sudo rm -rf /usr/local/lib/android + sudo rm -rf /usr/share/dotnet + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - name: Build Image uses: docker/build-push-action@v5 @@ -55,8 +84,8 @@ jobs: file: ./Dockerfile build-args: | BUILD_DATE=${{ env.BUILD_DATE }} - BUILD_REVISION=${{ github.sha }} - BUILD_VERSION=${{ github.sha }} + BUILD_REVISION=${{ env.BUILD_REVISION }} + BUILD_VERSION=${{ env.BUILD_VERSION }} load: true push: false secrets: | diff --git a/Makefile b/Makefile index 6a435d45..50c26445 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ all: info docker test ## Run all targets. .PHONY: test -test: info inspec ## Run tests +test: info validate-container-image-labels inspec ## Run tests # if this session isn't interactive, then we don't want to allocate a # TTY, which would fail, but if it is interactive, we do want to attach @@ -51,6 +51,18 @@ ifeq ($(SUPER_LINTER_TEST_CONTAINER_URL),) SUPER_LINTER_TEST_CONTAINER_URL := "ghcr.io/super-linter/super-linter:latest" endif +ifeq ($(BUILD_DATE),) +BUILD_DATE := $(shell date -u +'%Y-%m-%dT%H:%M:%SZ') +endif + +ifeq ($(BUILD_REVISION),) +BUILD_REVISION := $(shell git rev-parse HEAD) +endif + +ifeq ($(BUILD_VERSION),) +BUILD_VERSION := $(shell git rev-parse HEAD) +endif + .PHONY: inspec inspec: inspec-check ## Run InSpec tests DOCKER_CONTAINER_STATE="$$(docker inspect --format "{{.State.Running}}" $(SUPER_LINTER_TEST_CONTAINER_NAME) 2>/dev/null || echo "")"; \ @@ -75,12 +87,20 @@ inspec: inspec-check ## Run InSpec tests docker: ## Build the container image @if [ -z "${GITHUB_TOKEN}" ]; then echo "GITHUB_TOKEN environment variable not set. Please set your GitHub Personal Access Token."; exit 1; fi DOCKER_BUILDKIT=1 docker buildx build --load \ - --build-arg BUILD_DATE=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ') \ - --build-arg BUILD_REVISION=$(shell git rev-parse --short HEAD) \ - --build-arg BUILD_VERSION=$(shell git rev-parse --short HEAD) \ + --build-arg BUILD_DATE=$(BUILD_DATE) \ + --build-arg BUILD_REVISION=$(BUILD_REVISION) \ + --build-arg BUILD_VERSION=$(BUILD_VERSION) \ --secret id=GITHUB_TOKEN,env=GITHUB_TOKEN \ -t $(SUPER_LINTER_TEST_CONTAINER_URL) . .phony: docker-pull docker-pull: ## Pull the container image from registry docker pull $(SUPER_LINTER_TEST_CONTAINER_URL) + +.phony: validate-container-image-labels +validate-container-image-labels: ## Validate container image labels + $(CURDIR)/test/validate-docker-labels.sh \ + $(SUPER_LINTER_TEST_CONTAINER_URL) \ + $(BUILD_DATE) \ + $(BUILD_REVISION) \ + $(BUILD_VERSION) diff --git a/docs/run-linter-locally.md b/docs/run-linter-locally.md index c8050e3f..14d6ce2f 100644 --- a/docs/run-linter-locally.md +++ b/docs/run-linter-locally.md @@ -127,15 +127,21 @@ a container that is an instance of that container image. You can run the test suite against an arbitrary super-linter container image. -Here is an example that runs the test suite against the `standard` flavor of the -`v5.4.3` image. +Here is an example that runs the test suite against the `v5.4.3` container +image version. ```shell CONTAINER_IMAGE_ID="ghcr.io/super-linter/super-linter:v5.4.3" \ -CONTAINER_IMAGE_TARGET="standard" \ +BUILD_DATE="2023-10-17T16:19:11Z" \ +BUILD_REVISION=b0d1acee1f8050d1684a28ddbf8315f81d084fe9 \ +BUILD_VERSION=b0d1acee1f8050d1684a28ddbf8315f81d084fe9 \ make docker-pull test ``` +Initialize the `BUILD_DATE`, `BUILD_REVISION`, and `BUILD_VERSION` variables +with the values for that specific container image version. You can get these +values from the build log for that version. + ## Troubleshooting ### Run container and gain access to the command-line diff --git a/test/runTests.sh b/test/runTests.sh deleted file mode 100755 index 06179576..00000000 --- a/test/runTests.sh +++ /dev/null @@ -1 +0,0 @@ -#!/usr/bin/env sh diff --git a/test/validate-docker-labels.sh b/test/validate-docker-labels.sh new file mode 100755 index 00000000..aedc8e50 --- /dev/null +++ b/test/validate-docker-labels.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +set -o errexit +set -o nounset + +CONTAINER_IMAGE_ID="${1}" +shift +BUILD_DATE="${1}" +shift +BUILD_REVISION="${1}" +shift +BUILD_VERSION="${1}" +shift + +ValidateLabel() { + local LABEL_KEY="$1" + local CONTAINER_VALUE="$2" + + LABEL="$(docker inspect --format "{{ index .Config.Labels \"${LABEL_KEY}\" }}" "${CONTAINER_IMAGE_ID}")" + + if [[ "${LABEL}" != "${CONTAINER_VALUE}" ]]; then + echo "[ERROR] Invalid container image label: ${LABEL_KEY}: ${LABEL}. Expected: ${CONTAINER_VALUE}" + exit 1 + else + echo "${LABEL_KEY} is valid: ${LABEL}. Expected: ${CONTAINER_VALUE}" + fi +} + +ValidateLabel "org.opencontainers.image.created" "${BUILD_DATE}" +ValidateLabel "org.opencontainers.image.revision" "${BUILD_REVISION}" +ValidateLabel "org.opencontainers.image.version" "${BUILD_VERSION}"