From e7143bfa5c13d8323a2e83323fc9e3ddbc352d61 Mon Sep 17 00:00:00 2001 From: Eric Ribeiro Date: Mon, 13 Jun 2022 13:47:42 -0300 Subject: [PATCH 01/20] fix: import the `push.sh` script in the push command (#131) * fix: import push script in the command * fix: evaluate tag when digest path is set --- src/commands/push.yml | 12 +----------- src/scripts/push.sh | 8 +++++--- 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/src/commands/push.yml b/src/commands/push.yml index da17bdc..a86b258 100644 --- a/src/commands/push.yml +++ b/src/commands/push.yml @@ -34,14 +34,4 @@ steps: PARAM_IMAGE: <> PARAM_TAG: <> PARAM_DIGEST_PATH: <> - command: | - IFS="," read -ra DOCKER_TAGS \<<< "<< parameters.tag >>" - for tag in "${DOCKER_TAGS[@]}"; do - docker push <>/<< parameters.image>>:${tag} - done - - if [ -n "<>" ]; then - mkdir -p "$(dirname <>)" - IFS="," read -ra DOCKER_TAGS \<<< "<< parameters.tag >>" - docker image inspect --format="{{index .RepoDigests 0}}" <>/<< parameters.image>>:"${DOCKER_TAGS[0]}" > "<>" - fi + command: << include(scripts/push.sh) >> diff --git a/src/scripts/push.sh b/src/scripts/push.sh index 70efb22..ff63613 100644 --- a/src/scripts/push.sh +++ b/src/scripts/push.sh @@ -2,12 +2,14 @@ IFS="," read -ra DOCKER_TAGS <<< "$PARAM_TAG" -for tag in "${DOCKER_TAGS[@]}"; do - docker push "$PARAM_REGISTRY"/"$PARAM_IMAGE":${tag} +for docker_tag in "${DOCKER_TAGS[@]}"; do + tag=$(eval echo "$docker_tag") + docker push "$PARAM_REGISTRY"/"$PARAM_IMAGE":"$tag" done if [ -n "$PARAM_DIGEST_PATH" ]; then mkdir -p "$(dirname "$PARAM_DIGEST_PATH")" IFS="," read -ra DOCKER_TAGS <<< "$PARAM_TAG" - docker image inspect --format="{{index .RepoDigests 0}}" "$PARAM_REGISTRY"/"$PARAM_IMAGE":"${DOCKER_TAGS[0]}" > "$PARAM_DIGEST_PATH" + tag=$(eval echo "${DOCKER_TAGS[0]}") + docker image inspect --format="{{index .RepoDigests 0}}" "$PARAM_REGISTRY"/"$PARAM_IMAGE":"$tag" > "$PARAM_DIGEST_PATH" fi \ No newline at end of file From 1697d7c4e1d3b4f0a57e1734e61d9e38c3dc386f Mon Sep 17 00:00:00 2001 From: Kelvin Tay Date: Tue, 14 Jun 2022 01:55:24 +0900 Subject: [PATCH 02/20] fix: replace `deploy` steps to `run` (#129) --- src/commands/push.yml | 2 +- src/commands/update-description.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/commands/push.yml b/src/commands/push.yml index a86b258..f30aade 100644 --- a/src/commands/push.yml +++ b/src/commands/push.yml @@ -27,7 +27,7 @@ parameters: default: "" steps: - - deploy: + - run: name: <> environment: PARAM_REGISTRY: <> diff --git a/src/commands/update-description.yml b/src/commands/update-description.yml index 6d5549f..44c444a 100644 --- a/src/commands/update-description.yml +++ b/src/commands/update-description.yml @@ -36,7 +36,7 @@ parameters: Name of environment variable storing your Docker password steps: - - deploy: + - run: name: Update description environment: PARAM_README: <> From ef1889f319f75bfee63c808e82577c890b0c3990 Mon Sep 17 00:00:00 2001 From: "Y.Matsuda" <44557218+ymtdzzz@users.noreply.github.com> Date: Tue, 14 Jun 2022 02:07:26 +0900 Subject: [PATCH 03/20] fix: enable to expand env vars in `extra_build_args` (#130) --- .circleci/config.yml | 2 +- .circleci/test-deploy.yml | 16 +++++++++++++++- src/commands/build.yml | 6 +++++- test3.Dockerfile | 22 ++++++++++++++++++++++ 4 files changed, 43 insertions(+), 3 deletions(-) create mode 100644 test3.Dockerfile diff --git a/.circleci/config.yml b/.circleci/config.yml index ef91144..b21946f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -42,4 +42,4 @@ workflows: requires: [orb-tools/publish] filters: tags: - only: /.*/ \ No newline at end of file + only: /.*/ diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index 7dc8138..c2387e4 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -29,7 +29,8 @@ promotion_requires: &promotion_requires test-macos-old, test-machine-latest, test-machine-old, - test-build-command-workspace + test-build-command-workspace, + test-build-with-args ] filters: &filters @@ -179,6 +180,17 @@ jobs: ls exit 1 fi + test-build-with-args: + docker: + - image: cimg/base:stable + steps: + - checkout + - setup_remote_docker + - docker/build: + dockerfile: test3.Dockerfile + image: cpeorbtesting/docker-orb-test + tag: $CIRCLE_BUILD_NUM-$CIRCLE_SHA1 + extra_build_args: --build-arg COMMIT_HASH=$CIRCLE_SHA1 test-dockerlint: docker: - image: cimg/node:17.7.2 @@ -221,6 +233,8 @@ workflows: requires: - test-create-workspace filters: *filters + - test-build-with-args: + filters: *filters # begin test-check-command - test-check-command: diff --git a/src/commands/build.yml b/src/commands/build.yml index 9d4fd1c..decf3fc 100644 --- a/src/commands/build.yml +++ b/src/commands/build.yml @@ -112,6 +112,11 @@ steps: steps: - run: echo 'export DOCKER_BUILDKIT=1' >> $BASH_ENV + - when: + condition: <> + steps: + - run: echo 'PARAM_EXTRA_BUILD_ARGS="<>"' >> $BASH_ENV + - when: condition: <> steps: @@ -126,7 +131,6 @@ steps: PARAM_DOCKER_CONTEXT: <> PARAM_DOCKERFILE_NAME: <> PARAM_DOCKERFILE_PATH: <> - PARAM_EXTRA_BUILD_ARGS: <> PARAM_IMAGE: <> PARAM_REGISTRY: <> PARAM_TAG: <> diff --git a/test3.Dockerfile b/test3.Dockerfile new file mode 100644 index 0000000..e0d8db5 --- /dev/null +++ b/test3.Dockerfile @@ -0,0 +1,22 @@ +# vim:set ft=dockerfile: +# +# The Ubuntu-based CircleCI Docker Image. Only use Ubuntu Long-Term Support +# (LTS) releases. + +FROM ubuntu:18.04 + +LABEL maintainer="CircleCI " + +ARG COMMIT_HASH + +# Change default shell from Dash to Bash +RUN rm /bin/sh && ln -s /bin/bash /bin/sh + +RUN if [[ "${COMMIT_HASH}" =~ ^[0-9a-f]{5,40}$ ]]; then \ + echo "Success: COMMIT_HASH is valid commit hash"; \ + else \ + echo "Error: COMMIT_HASH is invalid commit hash"; \ + exit 1; \ + fi + +WORKDIR /root/project From 3674f2f8ded53f98a1397d060bec67d881785408 Mon Sep 17 00:00:00 2001 From: micah Date: Thu, 28 Jul 2022 21:23:27 +1000 Subject: [PATCH 04/20] no need to save local ifs variable in function --- src/scripts/build.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/scripts/build.sh b/src/scripts/build.sh index 76816a7..248e950 100644 --- a/src/scripts/build.sh +++ b/src/scripts/build.sh @@ -20,10 +20,8 @@ parse_tags_to_docker_arg() { done # Set IFS to null to stop "," from breaking bash substitution - local old_ifs="$IFS" local IFS= DOCKER_TAGS_ARG="$(eval echo $docker_arg)" - local IFS="$old_ifs" } pull_images_from_cache() { From 37c70de1f9a1981e088b948d2d2586e073179770 Mon Sep 17 00:00:00 2001 From: Eric Ribeiro Date: Mon, 22 Aug 2022 17:21:36 -0300 Subject: [PATCH 05/20] fix: issues related to `publish`, `install-docker-compose` and `update-description` (#147) * fix: payload used in the `update-description` command (#143) * chore: bump orb dependencies and remove deprecated commands (#146) * fix: curl error in `install-docker-compose` (#145) * fix: support for env vars parameters in `publish` (#142) --- .circleci/test-deploy.yml | 66 ++++++++++++++++++++++++- src/@orb.yml | 5 +- src/commands/check.yml | 6 --- src/commands/install-docker-compose.yml | 3 +- src/commands/update-description.yml | 1 + src/scripts/install-docker-compose.sh | 39 ++++++++++----- src/scripts/push.sh | 9 +++- src/scripts/update-description.sh | 5 +- 8 files changed, 105 insertions(+), 29 deletions(-) diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index c2387e4..9797dea 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -16,6 +16,7 @@ promotion_requires: &promotion_requires publish-docker-cache-not-found, publish-docker-with-buildkit, publish-docker-multiple-tags, + publish-docker-env-var-image-param, test-pull, test-install-docker-tools-docker-latest, test-install-docker-tools-docker-old, @@ -23,6 +24,9 @@ promotion_requires: &promotion_requires test-install-docker-tools-macos-old, test-install-docker-tools-machine-latest, test-install-docker-tools-machine-old, + test-install-docker-compose-with-checksums, + test-install-docker-compose-with-sha256, + test-install-docker-compose-with-checksums-and-sha256, test-docker-latest, test-docker-old, test-macos-latest, @@ -210,6 +214,32 @@ jobs: debug: <> dockerfile: <> treat-warnings-as-errors: <> + test-install-docker-compose: + parameters: + docker-compose-version: + type: string + default: latest + description: > + Version of `docker-compose` to install, defaults to the latest stable release. + If specifying a version other than latest, provide a full release tag, + as listed at https://github.com/docker/compose/releases or + https://api.github.com/repos/docker/compose/releases, e.g., `1.23.1`. + + install-dir: + type: string + default: /usr/local/bin + description: > + Directory in which to install `docker-compose` + executor: + type: executor + + executor: << parameters.executor >> + + steps: + - docker/install-docker + - docker/install-docker-compose: + version: << parameters.docker-compose-version>> + install-dir: << parameters.install-dir>> workflows: test-deploy: @@ -236,6 +266,23 @@ workflows: - test-build-with-args: filters: *filters + # begin test-install-docker-compose + - test-install-docker-compose: + name: test-install-docker-compose-with-checksums + executor: docker-latest + filters: *filters + - test-install-docker-compose: + name: test-install-docker-compose-with-sha256 + docker-compose-version: v2.0.1 + executor: docker-latest + filters: *filters + - test-install-docker-compose: + name: test-install-docker-compose-with-checksums-and-sha256 + docker-compose-version: v2.9.0 + executor: docker-latest + filters: *filters + # end test-install-docker-compose + # begin test-check-command - test-check-command: name: test-check-command-docker @@ -389,6 +436,21 @@ workflows: docker-password: DOCKER_PASS use-docker-credentials-store: true filters: *filters + - docker/publish: + pre-steps: + - run: echo 'export DOCKER_USERNAME=cpeorbtesting' >> $BASH_ENV + - run: echo 'export DOCKER_NAME=docker-orb-test' >> $BASH_ENV + name: publish-docker-env-var-image-param + executor: docker-latest + context: CPE-orb-docker-testing + use-remote-docker: true + dockerfile: test.Dockerfile + image: $DOCKER_USERNAME/$DOCKER_NAME + tag: $CIRCLE_SHA1,$CIRCLE_BUILD_NUM + docker-username: DOCKER_USER + docker-password: DOCKER_PASS + use-docker-credentials-store: true + filters: *filters # end docker/publish # begin test-install-docker-tools @@ -441,10 +503,10 @@ workflows: executors: macos-old: macos: - xcode: 10.3.0 + xcode: 11.7.0 macos-latest: macos: - xcode: 13.1.0 + xcode: 14.0.0 docker-old: docker: - image: cimg/base:2020.08-20.04 diff --git a/src/@orb.yml b/src/@orb.yml index 7d76978..187784c 100644 --- a/src/@orb.yml +++ b/src/@orb.yml @@ -8,6 +8,5 @@ display: source_url: https://github.com/CircleCI-Public/docker-orb orbs: - bt: circleci/build-tools@2.6.3 - jq: circleci/jq@2.0 - orb-tools: circleci/orb-tools@9.1 + bt: circleci/build-tools@3.0 + jq: circleci/jq@2.2 diff --git a/src/commands/check.yml b/src/commands/check.yml index b9b31ea..bfc98b0 100644 --- a/src/commands/check.yml +++ b/src/commands/check.yml @@ -29,12 +29,6 @@ parameters: This option is only supported on Ubuntu/Debian/macOS platforms. steps: - - orb-tools/check-env-var-param: - param: <> - - - orb-tools/check-env-var-param: - param: <> - - when: condition: <> steps: diff --git a/src/commands/install-docker-compose.yml b/src/commands/install-docker-compose.yml index 3afa327..ac9be65 100644 --- a/src/commands/install-docker-compose.yml +++ b/src/commands/install-docker-compose.yml @@ -10,7 +10,8 @@ parameters: Version of `docker-compose` to install, defaults to the latest stable release. If specifying a version other than latest, provide a full release tag, as listed at https://github.com/docker/compose/releases or - https://api.github.com/repos/docker/compose/releases, e.g., `1.23.1`. + https://api.github.com/repos/docker/compose/releases, e.g., `v2.10.0`. + Only versions equal or above v2.0.1 are supported. install-dir: type: string diff --git a/src/commands/update-description.yml b/src/commands/update-description.yml index 44c444a..57f38aa 100644 --- a/src/commands/update-description.yml +++ b/src/commands/update-description.yml @@ -36,6 +36,7 @@ parameters: Name of environment variable storing your Docker password steps: + - jq/install - run: name: Update description environment: diff --git a/src/scripts/install-docker-compose.sh b/src/scripts/install-docker-compose.sh index 2a82b4e..6944ec7 100644 --- a/src/scripts/install-docker-compose.sh +++ b/src/scripts/install-docker-compose.sh @@ -29,7 +29,7 @@ if command -v docker-compose &> /dev/null; then exit 0 else echo "A different version of docker-compose is installed ($(docker-compose --version)); removing it" - $SUDO rm -f "$(command -v docker-compose)"1 + $SUDO rm -f "$(command -v docker-compose)" fi fi @@ -42,31 +42,44 @@ else fi DOCKER_COMPOSE_BASE_URL="https://github.com/docker/compose/releases/download/$DOCKER_COMPOSE_VERSION" -DOCKER_COMPOSE_SHASUM_URL="$DOCKER_COMPOSE_BASE_URL/docker-compose-$PLATFORM-x86_64.sha256" +DOCKER_COMPOSE_RELEASES_HTML="$(curl -Ls --fail --retry 3 "https://github.com/docker/compose/releases/tag/$DOCKER_COMPOSE_VERSION")" +DOCKER_COMPOSE_RELEASE="docker-compose-$PLATFORM-x86_64" +DOCKER_SHASUM_FILENAME="checksum.txt" -# download binary and shasum -curl -O \ - --silent --show-error --location --fail --retry 3 \ - "$DOCKER_COMPOSE_SHASUM_URL" +# since v2.10.0, docker-compose doesn't have a ".sha256" file +# so we need to use the "checksums.txt" file instead +if grep --quiet "checksums.txt" <<< "$DOCKER_COMPOSE_RELEASES_HTML"; then + printf '%s\n' "Downloading \"checksums.txt\" to verify the binary's integrity." -FILENAME=$(cat docker-compose-$PLATFORM-x86_64.sha256 | awk '{ print $NF }' | sed 's/^\*//') + curl -o "$DOCKER_SHASUM_FILENAME" \ + --silent --location --retry 3 \ + "$DOCKER_COMPOSE_BASE_URL/checksums.txt" +else + printf '%s\n' "Downloading \"$DOCKER_COMPOSE_RELEASE.sha256\" to verify the binary's integrity." + + curl -o "$DOCKER_SHASUM_FILENAME" \ + --silent --location --retry 3 \ + "$DOCKER_COMPOSE_BASE_URL/$DOCKER_COMPOSE_RELEASE.sha256" +fi -curl -O \ - --silent --show-error --location --fail --retry 3 \ - "$DOCKER_COMPOSE_BASE_URL/$FILENAME" +# download docker-compose binary +curl -o "$DOCKER_COMPOSE_RELEASE" \ + --location --retry 3 \ + "$DOCKER_COMPOSE_BASE_URL/$DOCKER_COMPOSE_RELEASE" +# verify binary integrity using SHA-256 checksum set +e -grep "$FILENAME" docker-compose-$PLATFORM-x86_64.sha256 | sha256sum -c - +grep "$DOCKER_COMPOSE_RELEASE" "$DOCKER_SHASUM_FILENAME" | sha256sum -c - SHASUM_SUCCESS=$? set -e if [[ "$SHASUM_SUCCESS" -ne 0 ]]; then - echo "Checksum validation failed for $FILENAME" + echo "Checksum validation failed for $DOCKER_COMPOSE_RELEASE" exit 1 fi # install docker-compose -$SUDO mv "$FILENAME" "$PARAM_INSTALL_DIR"/docker-compose +$SUDO mv "$DOCKER_COMPOSE_RELEASE" "$PARAM_INSTALL_DIR"/docker-compose $SUDO chmod +x "$PARAM_INSTALL_DIR"/docker-compose # verify version diff --git a/src/scripts/push.sh b/src/scripts/push.sh index ff63613..7bee301 100644 --- a/src/scripts/push.sh +++ b/src/scripts/push.sh @@ -2,14 +2,19 @@ IFS="," read -ra DOCKER_TAGS <<< "$PARAM_TAG" +image="$(eval echo "$PARAM_IMAGE")" + for docker_tag in "${DOCKER_TAGS[@]}"; do tag=$(eval echo "$docker_tag") - docker push "$PARAM_REGISTRY"/"$PARAM_IMAGE":"$tag" + + set -x + docker push "$PARAM_REGISTRY"/"$image":"$tag" + set +x done if [ -n "$PARAM_DIGEST_PATH" ]; then mkdir -p "$(dirname "$PARAM_DIGEST_PATH")" IFS="," read -ra DOCKER_TAGS <<< "$PARAM_TAG" tag=$(eval echo "${DOCKER_TAGS[0]}") - docker image inspect --format="{{index .RepoDigests 0}}" "$PARAM_REGISTRY"/"$PARAM_IMAGE":"$tag" > "$PARAM_DIGEST_PATH" + docker image inspect --format="{{index .RepoDigests 0}}" "$PARAM_REGISTRY"/"$image":"$tag" > "$PARAM_DIGEST_PATH" fi \ No newline at end of file diff --git a/src/scripts/update-description.sh b/src/scripts/update-description.sh index a1006c9..69638cd 100644 --- a/src/scripts/update-description.sh +++ b/src/scripts/update-description.sh @@ -7,13 +7,14 @@ fi USERNAME=${!PARAM_DOCKER_USERNAME} PASSWORD=${!PARAM_DOCKER_PASSWORD} +IMAGE="$(eval echo "$PARAM_IMAGE")" DESCRIPTION="$PARAM_PATH/$PARAM_README" PAYLOAD="username=$USERNAME&password=$PASSWORD" JWT=$(curl -s -d "$PAYLOAD" https://hub.docker.com/v2/users/login/ | jq -r .token) HEADER="Authorization: JWT $JWT" -URL="https://hub.docker.com/v2/repositories/$PARAM_IMAGE/" -STATUS=$(curl -s -o /dev/null -w '%{http_code}' -X PATCH -H "$HEADER" --data-urlencode full_description@$DESCRIPTION $URL) +URL="https://hub.docker.com/v2/repositories/$IMAGE/" +STATUS=$(curl -s -o /dev/null -w '%{http_code}' -X PATCH -H "$HEADER" -H 'Content-type: application/json' --data "{\"full_description\": $(jq -Rs '.' $DESCRIPTION)}" $URL) if [ $STATUS -ne 200 ]; then echo "Could not update image description" From 87dc2099c84b073671ccb90a4c389704794d18b3 Mon Sep 17 00:00:00 2001 From: Eric Ribeiro Date: Mon, 22 Aug 2022 17:34:08 -0300 Subject: [PATCH 06/20] feat: clean-up after `install-docker-compose` (#148) --- src/scripts/install-docker-compose.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/scripts/install-docker-compose.sh b/src/scripts/install-docker-compose.sh index 6944ec7..0ea9893 100644 --- a/src/scripts/install-docker-compose.sh +++ b/src/scripts/install-docker-compose.sh @@ -1,5 +1,12 @@ #!/usr/bin/env bash +trap_exit() { + # clean-up + printf '%s\n' "Cleaning up..." + [ -f "$DOCKER_SHASUM_FILENAME" ] && rm -f "$DOCKER_SHASUM_FILENAME" +} +trap trap_exit EXIT + # checking for root user if [[ $(id -u) -eq 0 ]]; then SUDO="" @@ -83,4 +90,4 @@ $SUDO mv "$DOCKER_COMPOSE_RELEASE" "$PARAM_INSTALL_DIR"/docker-compose $SUDO chmod +x "$PARAM_INSTALL_DIR"/docker-compose # verify version -echo "$(docker-compose --version) has been installed to $(command -v docker-compose)" \ No newline at end of file +echo "$(docker-compose --version) has been installed to $(command -v docker-compose)" From ce0c7f2e44bc8b515bc9c95e22af1d7e5f159c13 Mon Sep 17 00:00:00 2001 From: Brandon Olin <12634452+devblackops@users.noreply.github.com> Date: Fri, 2 Sep 2022 08:36:48 -0700 Subject: [PATCH 07/20] Support expanding env vars on the extra_build_args parameter (#149) * use eval for build args * remove extra quote * fix: syntax for appending in array Co-authored-by: Eric Ribeiro --- src/scripts/build.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/scripts/build.sh b/src/scripts/build.sh index e9c1ac8..c83fd32 100644 --- a/src/scripts/build.sh +++ b/src/scripts/build.sh @@ -4,7 +4,7 @@ DOCKER_TAGS_ARG="" parse_tags_to_docker_arg() { # Set comma as the new delimiter for the scope of this function. - local IFS="," + local IFS="," # Split tags into an array based on IFS delimiter. read -ra tags <<< "$PARAM_TAG" @@ -47,12 +47,13 @@ if [ -n "$PARAM_CACHE_FROM" ]; then fi build_args=( - "--file=$PARAM_DOCKERFILE_PATH/$PARAM_DOCKERFILE_NAME" - "$DOCKER_TAGS_ARG" + "--file=$PARAM_DOCKERFILE_PATH/$PARAM_DOCKERFILE_NAME" + "$DOCKER_TAGS_ARG" ) if [ -n "$PARAM_EXTRA_BUILD_ARGS" ]; then - build_args+=("$PARAM_EXTRA_BUILD_ARGS") + extra_build_args="$(eval echo "$PARAM_EXTRA_BUILD_ARGS")" + build_args+=("$extra_build_args") fi if [ -n "$PARAM_CACHE_FROM" ]; then From 83e2896b6cfc942c77e7828b5224123a7c512353 Mon Sep 17 00:00:00 2001 From: Eric Ribeiro Date: Thu, 22 Sep 2022 09:51:42 -0700 Subject: [PATCH 08/20] fix: error when downloading the credential helper's latest version (#156) * fix: change download URL based on release tag * test: add tests for custom release tags Co-authored-by: Steve Jordan --- .circleci/test-deploy.yml | 36 +++++++++++++++++- src/scripts/build.sh | 1 + src/scripts/hadolint.sh | 6 ++- .../install-docker-credential-helper.sh | 38 +++++++++++++------ 4 files changed, 66 insertions(+), 15 deletions(-) diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index 9797dea..539de76 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -11,6 +11,9 @@ promotion_requires: &promotion_requires test-credentials-store-docker, test-credentials-store-machine, test-credentials-store-macos, + test-credentials-store-docker-custom-tag, + test-credentials-store-machine-custom-tag, + test-credentials-store-macos-custom-tag, publish-machine, publish-docker-cache, publish-docker-cache-not-found, @@ -130,10 +133,14 @@ jobs: type: env_var_name docker-password: type: env_var_name + release-tag: + type: string + default: "" executor: <> steps: - docker/install-docker-credential-helper: helper-name: <> + release-tag: <> - docker/configure-docker-credentials-store: helper-name: <> - run: @@ -337,6 +344,33 @@ workflows: pre-steps: - docker/install-docker filters: *filters + - test-credentials-store: + name: test-credentials-store-docker-custom-tag + executor: docker-latest + context: CPE-orb-docker-testing + helper-name: pass + docker-username: DOCKER_USER + docker-password: DOCKER_PASS + release-tag: "v0.6.4" + filters: *filters + - test-credentials-store: + name: test-credentials-store-machine-custom-tag + executor: machine-latest + context: CPE-orb-docker-testing + docker-username: DOCKER_USER + docker-password: DOCKER_PASS + release-tag: "v0.6.4" + filters: *filters + - test-credentials-store: + name: test-credentials-store-macos-custom-tag + executor: macos-latest + context: CPE-orb-docker-testing + docker-username: DOCKER_USER + docker-password: DOCKER_PASS + release-tag: "v0.6.4" + pre-steps: + - docker/install-docker + filters: *filters # end test-credentials-store # begin docker/publish @@ -518,4 +552,4 @@ executors: image: ubuntu-2004:202010-01 machine-latest: machine: - image: ubuntu-2004:current + image: ubuntu-2004:current \ No newline at end of file diff --git a/src/scripts/build.sh b/src/scripts/build.sh index c83fd32..08e0108 100644 --- a/src/scripts/build.sh +++ b/src/scripts/build.sh @@ -71,6 +71,7 @@ old_ifs="$IFS" IFS=' ' set -x +# shellcheck disable=SC2048 # We want word splitting here. docker build ${build_args[*]} set +x diff --git a/src/scripts/hadolint.sh b/src/scripts/hadolint.sh index 44378ee..be375c6 100644 --- a/src/scripts/hadolint.sh +++ b/src/scripts/hadolint.sh @@ -1,9 +1,11 @@ if [ -n "$PARAM_IGNORE_RULES" ]; then - readonly ignore_rules=$(printf '%s' "--ignore ${PARAM_IGNORE_RULES//,/ --ignore }") + ignore_rules=$(printf '%s' "--ignore ${PARAM_IGNORE_RULES//,/ --ignore }") + readonly ignore_rules fi if [ -n "$PARAM_TRUSTED_REGISTRIES" ]; then - readonly trusted_registries=$(printf '%s' "--trusted-registry ${PARAM_TRUSTED_REGISTRIES//,/ --trusted-registry }") + trusted_registries=$(printf '%s' "--trusted-registry ${PARAM_TRUSTED_REGISTRIES//,/ --trusted-registry }") + readonly trusted_registries fi printf '%s\n' "Running hadolint with the following options..." diff --git a/src/scripts/install-docker-credential-helper.sh b/src/scripts/install-docker-credential-helper.sh index af1600e..d9d000d 100644 --- a/src/scripts/install-docker-credential-helper.sh +++ b/src/scripts/install-docker-credential-helper.sh @@ -2,11 +2,14 @@ HELPER_NAME="$PARAM_HELPER_NAME" +if uname | grep -q "Darwin"; then platform="darwin" +else platform="linux" +fi + +# Infer helper name from the platform if [ -z "${HELPER_NAME}" ]; then - if uname | grep -q "Darwin"; then - HELPER_NAME="osxkeychain" - else - HELPER_NAME="pass" + if [ "$platform" = "darwin" ]; then HELPER_NAME="osxkeychain" + else HELPER_NAME="pass" fi fi @@ -55,17 +58,28 @@ echo "Downloading credential helper $HELPER_FILENAME" BIN_PATH="/usr/local/bin" mkdir -p "$BIN_PATH" RELEASE_TAG="$PARAM_RELEASE_TAG" -RELEASE_VERSION=$(curl -Ls --fail --retry 3 -o /dev/null -w '%{url_effective}' "https://github.com/docker/docker-credential-helpers/releases/latest" | sed 's:.*/::') +base_url="https://github.com/docker/docker-credential-helpers/releases" +RELEASE_VERSION=$(curl -Ls --fail --retry 3 -o /dev/null -w '%{url_effective}' "$base_url/latest" | sed 's:.*/::') if [ -n "${RELEASE_TAG}" ]; then RELEASE_VERSION="${RELEASE_TAG}" fi -DOWNLOAD_URL="https://github.com/docker/docker-credential-helpers/releases/download/${RELEASE_VERSION}/${HELPER_FILENAME}-${RELEASE_VERSION}-amd64.tar.gz" -echo "Downloading from url: $DOWNLOAD_URL" -curl -L -o "${HELPER_FILENAME}_archive" "$DOWNLOAD_URL" -tar xvf "./${HELPER_FILENAME}_archive" -chmod +x "./$HELPER_FILENAME" +# Starting from v0.7.0, the release file name is changed to docker-credential--- +minor_version="$(echo "$RELEASE_VERSION" | cut -d. -f2)" +download_base_url="$base_url/download/${RELEASE_VERSION}/${HELPER_FILENAME}-${RELEASE_VERSION}" +if [ "$minor_version" -gt 6 ]; then + DOWNLOAD_URL="$download_base_url.$platform-amd64" + echo "Downloading from url: $DOWNLOAD_URL" + curl -L -o "${HELPER_FILENAME}" "$DOWNLOAD_URL" +else + DOWNLOAD_URL="$download_base_url-amd64.tar.gz" + echo "Downloading from url: $DOWNLOAD_URL" + curl -L -o "${HELPER_FILENAME}_archive" "$DOWNLOAD_URL" + tar xvf "./${HELPER_FILENAME}_archive" + rm "./${HELPER_FILENAME}_archive" +fi + +chmod +x "./$HELPER_FILENAME" $SUDO mv "./$HELPER_FILENAME" "$BIN_PATH/$HELPER_FILENAME" -"$BIN_PATH/$HELPER_FILENAME" version -rm "./${HELPER_FILENAME}_archive" \ No newline at end of file +"$BIN_PATH/$HELPER_FILENAME" version \ No newline at end of file From 014287b19d477ef7229cadf29886d1c64995aa4a Mon Sep 17 00:00:00 2001 From: Eric Ribeiro Date: Fri, 23 Sep 2022 10:31:12 -0700 Subject: [PATCH 09/20] chore: update comment to reflect dev's input (#157) --- src/scripts/install-docker-credential-helper.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/scripts/install-docker-credential-helper.sh b/src/scripts/install-docker-credential-helper.sh index d9d000d..e5eeb0c 100644 --- a/src/scripts/install-docker-credential-helper.sh +++ b/src/scripts/install-docker-credential-helper.sh @@ -64,7 +64,9 @@ if [ -n "${RELEASE_TAG}" ]; then RELEASE_VERSION="${RELEASE_TAG}" fi -# Starting from v0.7.0, the release file name is changed to docker-credential--- +# Starting from v0.7.0, the release file name is changed to docker-credential--.- +# At the moment of writing, the amd64 binary does not have a variant suffix. But this might change in the future. +# https://github.com/CircleCI-Public/docker-orb/pull/156#discussion_r977920812 minor_version="$(echo "$RELEASE_VERSION" | cut -d. -f2)" download_base_url="$base_url/download/${RELEASE_VERSION}/${HELPER_FILENAME}-${RELEASE_VERSION}" From f825d17562c2669ca96a867b5645340f913d599c Mon Sep 17 00:00:00 2001 From: micah Date: Tue, 25 Oct 2022 08:23:34 +0000 Subject: [PATCH 10/20] add example with bash substitution --- src/examples/with-bash-substitution.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 src/examples/with-bash-substitution.yml diff --git a/src/examples/with-bash-substitution.yml b/src/examples/with-bash-substitution.yml new file mode 100644 index 0000000..e49d215 --- /dev/null +++ b/src/examples/with-bash-substitution.yml @@ -0,0 +1,15 @@ +description: > + Build/publish a Docker image bash substitution + +usage: + version: 2.1 + + orbs: + docker: circleci/docker@x.y.z + + workflows: + build-docker-image-only: + jobs: + - docker/publish: + image: ${CIRCLE_PROJECT_USERNAME,,}/${CIRCLE_PROJECT_REPONAME/_/-} + tag: ${CIRCLE_SHA1:0:10} From 448b4c039069eb8b4d40e02ccf8fb313bb76d97f Mon Sep 17 00:00:00 2001 From: micah Date: Tue, 25 Oct 2022 08:25:16 +0000 Subject: [PATCH 11/20] add test with bash substitution --- .circleci/test-deploy.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index 9797dea..c7f96a6 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -34,7 +34,8 @@ promotion_requires: &promotion_requires test-machine-latest, test-machine-old, test-build-command-workspace, - test-build-with-args + test-build-with-args, + test-build-bash-substitution ] filters: &filters @@ -195,6 +196,19 @@ jobs: image: cpeorbtesting/docker-orb-test tag: $CIRCLE_BUILD_NUM-$CIRCLE_SHA1 extra_build_args: --build-arg COMMIT_HASH=$CIRCLE_SHA1 + test-build-bash-substitution: + docker: + - image: cimg/base:stable + environment: + DOCKER_ACCOUNT: CPEOrbTesting + DOCKER_REPO: docker_orb_test + steps: + - checkout + - setup_remote_docker + - docker/build: + dockerfile: test3.Dockerfile + image: ${DOCKER_ACCOUNT,,}/${DOCKER_REPO/_/-} + tag: ${CIRCLE_BUILD_NUM}-${CIRCLE_SHA1:0:10} test-dockerlint: docker: - image: cimg/node:17.7.2 From d8f04f6aeb8df7c16b2adf7a6205b7b99924af9f Mon Sep 17 00:00:00 2001 From: micah Date: Tue, 25 Oct 2022 08:31:18 +0000 Subject: [PATCH 12/20] trigger ci --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 6533f79..42f8a35 100644 --- a/README.md +++ b/README.md @@ -13,3 +13,5 @@ _For full usage guidelines, see the [orb registry listing](https://circleci.com/ We welcome [issues](https://github.com/CircleCI-Public/docker-orb/issues) to and [pull requests](https://github.com/CircleCI-Public/docker-orb/pulls) against this repository! For further questions/comments about this or other orbs, visit [CircleCI's orbs discussion forum](https://discuss.circleci.com/c/orbs). + +Trying to trigger ci From 034897ce04956ce7df8f6e0213e6b14a1c6c4828 Mon Sep 17 00:00:00 2001 From: micah Date: Tue, 25 Oct 2022 08:31:58 +0000 Subject: [PATCH 13/20] remove unnecessary change --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 42f8a35..4a887f1 100644 --- a/README.md +++ b/README.md @@ -14,4 +14,3 @@ We welcome [issues](https://github.com/CircleCI-Public/docker-orb/issues) to and For further questions/comments about this or other orbs, visit [CircleCI's orbs discussion forum](https://discuss.circleci.com/c/orbs). -Trying to trigger ci From b8177ce125a6d055a1a5a5a6a24ed9577fd77733 Mon Sep 17 00:00:00 2001 From: micah Date: Tue, 25 Oct 2022 08:32:45 +0000 Subject: [PATCH 14/20] remove unnecessary change --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 4a887f1..6533f79 100644 --- a/README.md +++ b/README.md @@ -13,4 +13,3 @@ _For full usage guidelines, see the [orb registry listing](https://circleci.com/ We welcome [issues](https://github.com/CircleCI-Public/docker-orb/issues) to and [pull requests](https://github.com/CircleCI-Public/docker-orb/pulls) against this repository! For further questions/comments about this or other orbs, visit [CircleCI's orbs discussion forum](https://discuss.circleci.com/c/orbs). - From 3d432d755b93892d5ee421e273ef87ed9d237c47 Mon Sep 17 00:00:00 2001 From: Jaryt Bustard Date: Wed, 23 Nov 2022 18:30:57 -0500 Subject: [PATCH 15/20] chore: [ci skip] replace CPEng with orb-publishers team in CODEOWNERS (#169) --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index acdbb28..b8bc0b9 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,2 +1,2 @@ # Ping these folks when changes are made to this repository -* @CircleCI-Public/cpeng +* @CircleCI-Public/orb-publishers From 253987c281b439bbf8642eb9ae7647f2316e5a98 Mon Sep 17 00:00:00 2001 From: Eric Ribeiro Date: Mon, 5 Dec 2022 09:41:50 -0800 Subject: [PATCH 16/20] fix: evaluate and expand all orb parameters (#171) * feat: add utils function to expand orb parameters * fix: import `utils.sh` to emulate behaviour before orb-tools migration * fix: shellcheck * ci: add test with params coming from env vars --- .circleci/test-deploy.yml | 31 +++++++++++-- src/commands/build.yml | 1 + src/commands/check.yml | 1 + .../configure-docker-credentials-store.yml | 1 + src/commands/dockerlint.yml | 1 + src/commands/hadolint.yml | 1 + src/commands/install-docker-compose.yml | 1 + .../install-docker-credential-helper.yml | 1 + src/commands/install-docker.yml | 1 + src/commands/install-dockerize.yml | 1 + src/commands/install-goss.yml | 1 + src/commands/pull.yml | 1 + src/commands/push.yml | 1 + src/commands/update-description.yml | 1 + src/scripts/build.sh | 4 ++ src/scripts/check.sh | 6 ++- .../configure-docker-credentials-store.sh | 6 ++- src/scripts/dockerlint.sh | 10 ++-- src/scripts/hadolint.sh | 8 +++- src/scripts/install-docker-compose.sh | 4 ++ .../install-docker-credential-helper.sh | 6 ++- src/scripts/install-docker.sh | 6 ++- src/scripts/install-dockerize.sh | 6 ++- src/scripts/install-goss.sh | 6 ++- src/scripts/pull.sh | 6 ++- src/scripts/push.sh | 6 ++- src/scripts/update-description.sh | 6 ++- src/scripts/utils.sh | 46 +++++++++++++++++++ 28 files changed, 152 insertions(+), 18 deletions(-) create mode 100644 src/scripts/utils.sh diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index 539de76..758fd2e 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -43,7 +43,7 @@ promotion_requires: &promotion_requires filters: &filters tags: only: /.*/ - + orbs: build-tools: circleci/build-tools@3.0.0 docker: circleci/docker@dev:<> @@ -246,7 +246,7 @@ jobs: - docker/install-docker - docker/install-docker-compose: version: << parameters.docker-compose-version>> - install-dir: << parameters.install-dir>> + install-dir: << parameters.install-dir>> workflows: test-deploy: @@ -485,6 +485,27 @@ workflows: docker-password: DOCKER_PASS use-docker-credentials-store: true filters: *filters + - docker/publish: + pre-steps: + - run: + name: Export env vars + command: | + echo 'export DOCKER_USERNAME=cpeorbtesting' >> $BASH_ENV + echo 'export DOCKER_NAME=docker-orb-test' >> $BASH_ENV + echo 'export DOCKERFILE=test.Dockerfile' >> $BASH_ENV + echo 'export REGISTRY=docker.io' >> $BASH_ENV + name: publish-docker-env-var-all-params + executor: docker-latest + context: CPE-orb-docker-testing + use-remote-docker: true + dockerfile: $DOCKERFILE + image: $DOCKER_USERNAME/$DOCKER_NAME + tag: $CIRCLE_SHA1,$CIRCLE_BUILD_NUM + docker-username: DOCKER_USER + docker-password: DOCKER_PASS + use-docker-credentials-store: true + registry: $REGISTRY + filters: *filters # end docker/publish # begin test-install-docker-tools @@ -502,7 +523,7 @@ workflows: install-goss: false filters: *filters # end test-install-docker-tools - + # begin test - test: name: test-<< matrix.executor >> @@ -552,4 +573,6 @@ executors: image: ubuntu-2004:202010-01 machine-latest: machine: - image: ubuntu-2004:current \ No newline at end of file + image: ubuntu-2004:current + +# VS Code Extension Version: 1.3.0 diff --git a/src/commands/build.yml b/src/commands/build.yml index decf3fc..8f1a40c 100644 --- a/src/commands/build.yml +++ b/src/commands/build.yml @@ -135,4 +135,5 @@ steps: PARAM_REGISTRY: <> PARAM_TAG: <> PARAM_USE_BUILDKIT: <> + SCRIPT_UTILS: <> command: <> diff --git a/src/commands/check.yml b/src/commands/check.yml index bfc98b0..4732cc9 100644 --- a/src/commands/check.yml +++ b/src/commands/check.yml @@ -41,4 +41,5 @@ steps: PARAM_REGISTRY: <> PARAM_DOCKER_USERNAME: <> PARAM_DOCKER_PASSWORD: <> + SCRIPT_UTILS: <> command: <> diff --git a/src/commands/configure-docker-credentials-store.yml b/src/commands/configure-docker-credentials-store.yml index 87b58fa..a7e9195 100644 --- a/src/commands/configure-docker-credentials-store.yml +++ b/src/commands/configure-docker-credentials-store.yml @@ -24,4 +24,5 @@ steps: environment: PARAM_HELPER_NAME: "<>" PARAM_DOCKER_CONFIG_PATH: "<>" + SCRIPT_UTILS: <> command: <> diff --git a/src/commands/dockerlint.yml b/src/commands/dockerlint.yml index d6ff984..6023b1b 100644 --- a/src/commands/dockerlint.yml +++ b/src/commands/dockerlint.yml @@ -30,4 +30,5 @@ steps: PARAM_DEBUG: <> PARAM_TREAT_WARNING_AS_ERRORS: <> PARAM_DOCKERFILE: <> + SCRIPT_UTILS: <> command: <> diff --git a/src/commands/hadolint.yml b/src/commands/hadolint.yml index 8459c1f..ab2bdc5 100644 --- a/src/commands/hadolint.yml +++ b/src/commands/hadolint.yml @@ -35,4 +35,5 @@ steps: PARAM_DOCKERFILES: <> PARAM_IGNORE_RULES: <> PARAM_TRUSTED_REGISTRIES: <> + SCRIPT_UTILS: <> command: <> diff --git a/src/commands/install-docker-compose.yml b/src/commands/install-docker-compose.yml index ac9be65..6369e7f 100644 --- a/src/commands/install-docker-compose.yml +++ b/src/commands/install-docker-compose.yml @@ -25,4 +25,5 @@ steps: environment: PARAM_DOCKER_COMPOSER_VERSION: << parameters.version >> PARAM_INSTALL_DIR: <> + SCRIPT_UTILS: <> command: <> diff --git a/src/commands/install-docker-credential-helper.yml b/src/commands/install-docker-credential-helper.yml index d613656..1fa9749 100644 --- a/src/commands/install-docker-credential-helper.yml +++ b/src/commands/install-docker-credential-helper.yml @@ -26,4 +26,5 @@ steps: environment: PARAM_HELPER_NAME: << parameters.helper-name >> PARAM_RELEASE_TAG: << parameters.release-tag >> + SCRIPT_UTILS: <> command: << include(scripts/install-docker-credential-helper.sh) >> diff --git a/src/commands/install-docker.yml b/src/commands/install-docker.yml index be92c32..1f4d1e6 100644 --- a/src/commands/install-docker.yml +++ b/src/commands/install-docker.yml @@ -25,4 +25,5 @@ steps: environment: PARAM_VERSION: << parameters.version >> PARAM_INSTALL_DIR: << parameters.install-dir >> + SCRIPT_UTILS: <> command: << include(scripts/install-docker.sh) >> diff --git a/src/commands/install-dockerize.yml b/src/commands/install-dockerize.yml index 22e995c..4592248 100644 --- a/src/commands/install-dockerize.yml +++ b/src/commands/install-dockerize.yml @@ -23,4 +23,5 @@ steps: environment: PARAM_VERSION: << parameters.version >> PARAM_INSTALL_DIR: << parameters.install-dir >> + SCRIPT_UTILS: <> command: << include(scripts/install-dockerize.sh) >> diff --git a/src/commands/install-goss.yml b/src/commands/install-goss.yml index 5267650..2823ee6 100644 --- a/src/commands/install-goss.yml +++ b/src/commands/install-goss.yml @@ -34,4 +34,5 @@ steps: PARAM_VERSION: <> PARAM_INSTALL_DIR: <> PARAM_DEBUG: <> + SCRIPT_UTILS: <> command: << include(scripts/install-goss.sh) >> diff --git a/src/commands/pull.yml b/src/commands/pull.yml index 53dbf83..939e539 100644 --- a/src/commands/pull.yml +++ b/src/commands/pull.yml @@ -19,4 +19,5 @@ steps: environment: PARAM_IMAGES: <> PARAM_IGNORE_DOCKER_PULL_ERROR: <> + SCRIPT_UTILS: <> command: << include(scripts/pull.sh) >> diff --git a/src/commands/push.yml b/src/commands/push.yml index f30aade..2b20871 100644 --- a/src/commands/push.yml +++ b/src/commands/push.yml @@ -34,4 +34,5 @@ steps: PARAM_IMAGE: <> PARAM_TAG: <> PARAM_DIGEST_PATH: <> + SCRIPT_UTILS: <> command: << include(scripts/push.sh) >> diff --git a/src/commands/update-description.yml b/src/commands/update-description.yml index 57f38aa..9a58506 100644 --- a/src/commands/update-description.yml +++ b/src/commands/update-description.yml @@ -46,4 +46,5 @@ steps: PARAM_IMAGE: <> PARAM_DOCKER_USERNAME: <> PARAM_DOCKER_PASSWORD: <> + SCRIPT_UTILS: <> command: << include(scripts/update-description.sh) >> diff --git a/src/scripts/build.sh b/src/scripts/build.sh index 08e0108..55daf7c 100644 --- a/src/scripts/build.sh +++ b/src/scripts/build.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +# Import "utils.sh". +eval "$SCRIPT_UTILS" +expand_env_vars_with_prefix "PARAM_" + DOCKER_TAGS_ARG="" parse_tags_to_docker_arg() { diff --git a/src/scripts/check.sh b/src/scripts/check.sh index b6c61cf..8ec8de4 100644 --- a/src/scripts/check.sh +++ b/src/scripts/check.sh @@ -1,3 +1,7 @@ #!/usr/bin/env bash -echo "${!PARAM_DOCKER_PASSWORD}" | docker login -u "${!PARAM_DOCKER_USERNAME}" --password-stdin "$PARAM_REGISTRY" \ No newline at end of file +# Import "utils.sh". +eval "$SCRIPT_UTILS" +expand_env_vars_with_prefix "PARAM_" + +echo "${!PARAM_DOCKER_PASSWORD}" | docker login -u "${!PARAM_DOCKER_USERNAME}" --password-stdin "$PARAM_REGISTRY" diff --git a/src/scripts/configure-docker-credentials-store.sh b/src/scripts/configure-docker-credentials-store.sh index 2500dbe..8eb1606 100644 --- a/src/scripts/configure-docker-credentials-store.sh +++ b/src/scripts/configure-docker-credentials-store.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +# Import "utils.sh". +eval "$SCRIPT_UTILS" +expand_env_vars_with_prefix "PARAM_" + HELPER_NAME="$PARAM_HELPER_NAME" DOCKER_CONFIG_PATH="$(eval echo ${PARAM_DOCKER_CONFIG_PATH})" @@ -22,4 +26,4 @@ cat "$DOCKER_CONFIG_PATH" | >/tmp/docker-config-credsstore-update.json cat /tmp/docker-config-credsstore-update.json > "$DOCKER_CONFIG_PATH" -rm /tmp/docker-config-credsstore-update.json \ No newline at end of file +rm /tmp/docker-config-credsstore-update.json diff --git a/src/scripts/dockerlint.sh b/src/scripts/dockerlint.sh index 872029d..d5ec5f1 100644 --- a/src/scripts/dockerlint.sh +++ b/src/scripts/dockerlint.sh @@ -1,11 +1,15 @@ #!/usr/bin/env bash +# Import "utils.sh". +eval "$SCRIPT_UTILS" +expand_env_vars_with_prefix "PARAM_" + if [[ $EUID == 0 ]]; then SUDO=""; else SUDO="sudo"; fi if ! command -v dockerlint &> /dev/null; then - if ! command -v npm &> /dev/null; then + if ! command -v npm &> /dev/null; then echo "npm is required to install dockerlint."; - echo "Consider running this command with an image that has node available: https://circleci.com/developer/images/image/cimg/node"; + echo "Consider running this command with an image that has node available: https://circleci.com/developer/images/image/cimg/node"; echo "Alternatively, use dockerlint's docker image: https://github.com/RedCoolBeans/dockerlint#docker-image." exit 1 fi @@ -21,4 +25,4 @@ if [ "$PARAM_TREAT_WARNING_AS_ERRORS" = true ]; then dockerlint -f "$PARAM_DOCKERFILE" -p else dockerlint -f "$PARAM_DOCKERFILE" -fi \ No newline at end of file +fi diff --git a/src/scripts/hadolint.sh b/src/scripts/hadolint.sh index be375c6..b742931 100644 --- a/src/scripts/hadolint.sh +++ b/src/scripts/hadolint.sh @@ -1,3 +1,7 @@ +# Import "utils.sh". +eval "$SCRIPT_UTILS" +expand_env_vars_with_prefix "PARAM_" + if [ -n "$PARAM_IGNORE_RULES" ]; then ignore_rules=$(printf '%s' "--ignore ${PARAM_IGNORE_RULES//,/ --ignore }") readonly ignore_rules @@ -16,7 +20,7 @@ printf '%s\n' "$trusted_registries" readonly old_ifs="$IFS" IFS=":" -read -ra dockerfiles <<< "$PARAM_DOCKERFILES" +read -ra dockerfiles <<< "$PARAM_DOCKERFILES" IFS="$old_ifs" for dockerfile in "${dockerfiles[@]}"; do @@ -26,4 +30,4 @@ for dockerfile in "${dockerfiles[@]}"; do $dockerfile printf '%s\n' "Success! $dockerfile linted; no issues found" -done \ No newline at end of file +done diff --git a/src/scripts/install-docker-compose.sh b/src/scripts/install-docker-compose.sh index 0ea9893..5676e9f 100644 --- a/src/scripts/install-docker-compose.sh +++ b/src/scripts/install-docker-compose.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +# Import "utils.sh". +eval "$SCRIPT_UTILS" +expand_env_vars_with_prefix "PARAM_" + trap_exit() { # clean-up printf '%s\n' "Cleaning up..." diff --git a/src/scripts/install-docker-credential-helper.sh b/src/scripts/install-docker-credential-helper.sh index e5eeb0c..7039209 100644 --- a/src/scripts/install-docker-credential-helper.sh +++ b/src/scripts/install-docker-credential-helper.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +# Import "utils.sh". +eval "$SCRIPT_UTILS" +expand_env_vars_with_prefix "PARAM_" + HELPER_NAME="$PARAM_HELPER_NAME" if uname | grep -q "Darwin"; then platform="darwin" @@ -84,4 +88,4 @@ fi chmod +x "./$HELPER_FILENAME" $SUDO mv "./$HELPER_FILENAME" "$BIN_PATH/$HELPER_FILENAME" -"$BIN_PATH/$HELPER_FILENAME" version \ No newline at end of file +"$BIN_PATH/$HELPER_FILENAME" version diff --git a/src/scripts/install-docker.sh b/src/scripts/install-docker.sh index e7f8538..98aee48 100644 --- a/src/scripts/install-docker.sh +++ b/src/scripts/install-docker.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +# Import "utils.sh". +eval "$SCRIPT_UTILS" +expand_env_vars_with_prefix "PARAM_" + if [[ $EUID == 0 ]]; then export SUDO=""; else export SUDO="sudo"; fi # grab Docker version @@ -73,4 +77,4 @@ do done # verify version -echo "$(docker --version) has been installed to $(command -v docker)" \ No newline at end of file +echo "$(docker --version) has been installed to $(command -v docker)" diff --git a/src/scripts/install-dockerize.sh b/src/scripts/install-dockerize.sh index 2fdfb50..0db53ac 100644 --- a/src/scripts/install-dockerize.sh +++ b/src/scripts/install-dockerize.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +# Import "utils.sh". +eval "$SCRIPT_UTILS" +expand_env_vars_with_prefix "PARAM_" + if [[ $EUID == 0 ]]; then export SUDO=""; else export SUDO="sudo"; fi # grab dockerize version @@ -45,4 +49,4 @@ $SUDO mv dockerize "$PARAM_INSTALL_DIR" $SUDO chmod +x "$PARAM_INSTALL_DIR"/dockerize # verify version -echo "dockerize $(dockerize --version) has been installed to $(command -v dockerize)" \ No newline at end of file +echo "dockerize $(dockerize --version) has been installed to $(command -v dockerize)" diff --git a/src/scripts/install-goss.sh b/src/scripts/install-goss.sh index 6d5d2c9..f42b3e1 100644 --- a/src/scripts/install-goss.sh +++ b/src/scripts/install-goss.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +# Import "utils.sh". +eval "$SCRIPT_UTILS" +expand_env_vars_with_prefix "PARAM_" + if [[ $EUID == 0 ]]; then export SUDO=""; else export SUDO="sudo"; fi # determine specified version @@ -69,4 +73,4 @@ if curl --output /dev/null --silent --head --fail "$DGOSS_URL"; then else echo "No dgoss wrapper found for the selected version of Goss ($VERSION)..." echo "Goss installation will proceed, but to use dgoss, please try again with a newer version" -fi \ No newline at end of file +fi diff --git a/src/scripts/pull.sh b/src/scripts/pull.sh index 741f167..148e4dc 100644 --- a/src/scripts/pull.sh +++ b/src/scripts/pull.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +# Import "utils.sh". +eval "$SCRIPT_UTILS" +expand_env_vars_with_prefix "PARAM_" + echo "$PARAM_IMAGES" | sed -n 1'p' | tr ',' '\n' | while read -r image; do echo "Pulling ${image}"; @@ -8,4 +12,4 @@ echo "$PARAM_IMAGES" | sed -n 1'p' | tr ',' '\n' | while read -r image; do else docker pull "${image}"; fi -done \ No newline at end of file +done diff --git a/src/scripts/push.sh b/src/scripts/push.sh index 7bee301..e95da4d 100644 --- a/src/scripts/push.sh +++ b/src/scripts/push.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +# Import "utils.sh". +eval "$SCRIPT_UTILS" +expand_env_vars_with_prefix "PARAM_" + IFS="," read -ra DOCKER_TAGS <<< "$PARAM_TAG" image="$(eval echo "$PARAM_IMAGE")" @@ -17,4 +21,4 @@ if [ -n "$PARAM_DIGEST_PATH" ]; then IFS="," read -ra DOCKER_TAGS <<< "$PARAM_TAG" tag=$(eval echo "${DOCKER_TAGS[0]}") docker image inspect --format="{{index .RepoDigests 0}}" "$PARAM_REGISTRY"/"$image":"$tag" > "$PARAM_DIGEST_PATH" -fi \ No newline at end of file +fi diff --git a/src/scripts/update-description.sh b/src/scripts/update-description.sh index 69638cd..c2409f5 100644 --- a/src/scripts/update-description.sh +++ b/src/scripts/update-description.sh @@ -1,5 +1,9 @@ #!/usr/bin/env bash +# Import "utils.sh". +eval "$SCRIPT_UTILS" +expand_env_vars_with_prefix "PARAM_" + if [ "$PARAM_REGISTRY" != "docker.io" ]; then echo "Registry is not set to Docker Hub. Exiting" exit 1 @@ -20,4 +24,4 @@ if [ $STATUS -ne 200 ]; then echo "Could not update image description" echo "Error code: $STATUS" exit 1 -fi \ No newline at end of file +fi diff --git a/src/scripts/utils.sh b/src/scripts/utils.sh new file mode 100644 index 0000000..c430167 --- /dev/null +++ b/src/scripts/utils.sh @@ -0,0 +1,46 @@ +#!/usr/bin/env bash + +# Public: Expand the value from environment variables with given prefix. +# +# Takes a prefix as an argument and expands the value of the environment variables +# starting with the prefix. The expansion is done by using the eval command. +# +# $1 - Prefix used to filter the envinronment variables. +# +# Examples +# +# expand_env_vars_with_prefix "ORB_PARAM_" +# expand_env_vars_with_prefix "PARAM_" +# +# Returns 1 if no argument is provided or no environment variables were found with prefix. +# Returns 0 if the expansion was successful. +expand_env_vars_with_prefix() { + if [ "$#" -eq 0 ]; then + >&2 printf '%s\n' "Please provide a prefix to filter the envinronment variables." + return 1 + fi + + # Fetch parameters from the environment variables. + local prefix="$1" + local env_vars + env_vars="$(printenv | grep "^$prefix")" + + if [ -z "$env_vars" ]; then + >&2 printf '%s\n' "No environment variables found with the prefix: \"$prefix\"." + return 1 + fi + + while IFS= read -ra line; do + # Split the line into key and value. + local var_value="${line#*=}" + local var_name="${line%="$var_value"}" + + # Expand the value. + local expanded_value + expanded_value="$(eval echo "$var_value")" + + # The -v option assignes the output to a variable rather than printing it. + printf -v "$var_name" "%s" "$expanded_value" + done <<< "$env_vars" + return 0 +} From 68c004d64caf454b7316ad93f2ca8f5dc21b21a5 Mon Sep 17 00:00:00 2001 From: Ilya Sabelnikov Date: Tue, 6 Dec 2022 23:10:01 +0200 Subject: [PATCH 17/20] feat: adds support for arm64 (M1) architecture while installing goss (#168) * Adds support for arm64 architecture while installing goss * Add tests * Keep new lines --- .circleci/test-deploy.yml | 18 ++++++++++++++++++ src/commands/install-docker-tools.yml | 8 ++++++++ src/commands/install-goss.yml | 8 ++++++++ src/scripts/install-goss.sh | 4 ++-- 4 files changed, 36 insertions(+), 2 deletions(-) diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index 758fd2e..9cbe5ea 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -27,6 +27,7 @@ promotion_requires: &promotion_requires test-install-docker-tools-macos-old, test-install-docker-tools-machine-latest, test-install-docker-tools-machine-old, + test-install-docker-tools-machine-arm, test-install-docker-compose-with-checksums, test-install-docker-compose-with-sha256, test-install-docker-compose-with-checksums-and-sha256, @@ -90,12 +91,17 @@ jobs: debug: type: boolean default: false + goss-architecture: + type: enum + default: amd64 + enum: [ amd64, arm64 ] executor: <> steps: - checkout - jq/install - docker/install-docker-tools: install-goss-dgoss: << parameters.install-goss >> + goss-architecture: << parameters.goss-architecture >> test-pull: executor: docker-latest steps: @@ -514,6 +520,14 @@ workflows: matrix: parameters: executor: [docker-latest, docker-old, machine-latest, machine-old] + goss-architecture: [amd64] + filters: *filters + - test-install-docker-tools: + name: test-install-docker-tools-<< matrix.executor >> + matrix: + parameters: + executor: [machine-arm] + goss-architecture: [arm64] filters: *filters - test-install-docker-tools: name: test-install-docker-tools-<< matrix.executor >> @@ -574,5 +588,9 @@ executors: machine-latest: machine: image: ubuntu-2004:current + machine-arm: + resource_class: arm.medium + machine: + image: ubuntu-2004:202101-01 # VS Code Extension Version: 1.3.0 diff --git a/src/commands/install-docker-tools.yml b/src/commands/install-docker-tools.yml index 7fa5c37..8a991e4 100644 --- a/src/commands/install-docker-tools.yml +++ b/src/commands/install-docker-tools.yml @@ -102,6 +102,13 @@ parameters: description: > Extra output for orb developers + goss-architecture: + type: enum + default: amd64 + enum: [ amd64, arm64 ] + description: > + Which Goss architecture to use. Supports `arm64` architecture from `v0.3.18` and newer. + steps: - when: condition: <> @@ -131,3 +138,4 @@ steps: version: <> install-dir: <> debug: <> + architecture: <> diff --git a/src/commands/install-goss.yml b/src/commands/install-goss.yml index 2823ee6..7bc4da5 100644 --- a/src/commands/install-goss.yml +++ b/src/commands/install-goss.yml @@ -27,6 +27,13 @@ parameters: description: > Extra output for orb developers + architecture: + type: enum + default: amd64 + enum: [ amd64, arm64 ] + description: > + Which Goss architecture to use. Supports `arm64` architecture from `v0.3.18` and newer. + steps: - run: name: Install Goss and dgoss @@ -34,5 +41,6 @@ steps: PARAM_VERSION: <> PARAM_INSTALL_DIR: <> PARAM_DEBUG: <> + PARAM_ARCHITECTURE: <> SCRIPT_UTILS: <> command: << include(scripts/install-goss.sh) >> diff --git a/src/scripts/install-goss.sh b/src/scripts/install-goss.sh index f42b3e1..1a0b489 100644 --- a/src/scripts/install-goss.sh +++ b/src/scripts/install-goss.sh @@ -42,9 +42,9 @@ fi # download/install # goss curl -O --silent --show-error --location --fail --retry 3 \ - "https://github.com/aelsabbahy/goss/releases/download/$VERSION/goss-linux-amd64" + "https://github.com/aelsabbahy/goss/releases/download/$VERSION/goss-linux-$PARAM_ARCHITECTURE" -$SUDO mv goss-linux-amd64 "$PARAM_INSTALL_DIR"/goss +$SUDO mv goss-linux-$PARAM_ARCHITECTURE "$PARAM_INSTALL_DIR"/goss $SUDO chmod +rx /usr/local/bin/goss # test/verify goss From 8b3cd56710d9666704d32ee8eb0d63d1216447be Mon Sep 17 00:00:00 2001 From: Brett Taylor Date: Mon, 20 Feb 2023 04:05:40 -0500 Subject: [PATCH 18/20] chore: set default value to current upstream default value (#173) --- src/jobs/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/jobs/publish.yml b/src/jobs/publish.yml index ddc63cc..bc2e0a4 100644 --- a/src/jobs/publish.yml +++ b/src/jobs/publish.yml @@ -19,7 +19,7 @@ parameters: remote-docker-version: type: string - default: "17.09.0-ce" + default: "20.10.18" description: > Pick remote Docker engine version. Available versions can be found at: https://circleci.com/docs/2.0/building-docker-images/#docker-version. From b6600db35dd7b9b376f91b3e0fd27dcabc538125 Mon Sep 17 00:00:00 2001 From: Brian Vu <64455338+brivu@users.noreply.github.com> Date: Tue, 21 Feb 2023 12:49:13 -0800 Subject: [PATCH 19/20] fix: install hadolint for hadolint command (#175) * feat: install hadolint if not present * ci: tests for hadolint installation * docs: update hadolint command description * fix: add brew install for macos * refactor: address pr suggestions * refactor: address pr comments --- .circleci/test-deploy.yml | 30 +++++++++++++++++++++++++++++- src/commands/hadolint.yml | 4 ++-- src/scripts/hadolint.sh | 28 ++++++++++++++++++++++++++++ 3 files changed, 59 insertions(+), 3 deletions(-) diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index 9cbe5ea..3eb0527 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -14,6 +14,7 @@ promotion_requires: &promotion_requires test-credentials-store-docker-custom-tag, test-credentials-store-machine-custom-tag, test-credentials-store-macos-custom-tag, + test-hadolint-install, publish-machine, publish-docker-cache, publish-docker-cache-not-found, @@ -253,7 +254,28 @@ jobs: - docker/install-docker-compose: version: << parameters.docker-compose-version>> install-dir: << parameters.install-dir>> - + + test-hadolint-install: + parameters: + executor: + type: executor + executor: << parameters.executor >> + steps: + - checkout + - docker/hadolint: + dockerfiles: test.Dockerfile + ignore-rules: DL4005,DL3008,DL3009,DL3015 + trusted-registries: docker.io,my-company.com:5000 + - run: + name: Verifying hadolint install + command: | + if [ ! "$(command -v hadolint)"]; then + echo "hadolint not installed" + exit 1 + else + echo "hadolint installed successfully" + exit 0 + fi workflows: test-deploy: jobs: @@ -263,6 +285,12 @@ workflows: trusted-registries: docker.io,my-company.com:5000 dockerfiles: test.Dockerfile:test2.Dockerfile filters: *filters + - test-hadolint-install: + name: test-install-hadolint-<< matrix.executor >> + matrix: + parameters: + executor: [docker-latest, machine-arm, macos-latest] + filters: *filters - test-dockerlint: name: dockerlint debug: true diff --git a/src/commands/hadolint.yml b/src/commands/hadolint.yml index ab2bdc5..d6e572d 100644 --- a/src/commands/hadolint.yml +++ b/src/commands/hadolint.yml @@ -1,6 +1,6 @@ description: > - Lint a given Dockerfile using a hadolint Docker image: - https://hub.docker.com/r/hadolint/hadolint + Lint a given Dockerfile using hadolint. If the hadolint docker image + is not used, hadolint will be installed. parameters: dockerfiles: diff --git a/src/scripts/hadolint.sh b/src/scripts/hadolint.sh index b742931..c421605 100644 --- a/src/scripts/hadolint.sh +++ b/src/scripts/hadolint.sh @@ -2,6 +2,34 @@ eval "$SCRIPT_UTILS" expand_env_vars_with_prefix "PARAM_" +if [[ $EUID == 0 ]]; then export SUDO=""; else export SUDO="sudo"; fi + +Install_Hadolint() { + if uname -a | grep "Darwin"; then + SYS_ENV_PLATFORM="Darwin" + brew install hadolint + elif uname -a | grep "x86_64 GNU/Linux"; then + export SYS_ENV_PLATFORM=Linux-x86_64 + elif uname -a | grep "aarch64 GNU/Linux"; then + export SYS_ENV_PLATFORM=Linux-arm64 + else + echo "This platform appears to be unsupported." + uname -a + exit 1 + fi + + if [ "${SYS_ENV_PLATFORM}" != "Darwin" ]; then + set -x + $SUDO wget -O /bin/hadolint "https://github.com/hadolint/hadolint/releases/latest/download/hadolint-${SYS_ENV_PLATFORM}" + $SUDO chmod +x /bin/hadolint + set +x + fi +} + +if ! command -v hadolint &> /dev/null; then + Install_Hadolint +fi + if [ -n "$PARAM_IGNORE_RULES" ]; then ignore_rules=$(printf '%s' "--ignore ${PARAM_IGNORE_RULES//,/ --ignore }") readonly ignore_rules From fd4948a4148dd774ffa6902d2bda83580fd529dc Mon Sep 17 00:00:00 2001 From: Brian Vu <64455338+brivu@users.noreply.github.com> Date: Thu, 23 Feb 2023 13:57:51 -0800 Subject: [PATCH 20/20] feat/hadolint failure threshold (#177) * feat: add failure threshold parameter * feat: add failure threshold parameter * ci: test for failure-threshold parameter * fix: jobs to filter * fix: removed duplicate * fix: removed duplicate --- .circleci/test-deploy.yml | 5 +++-- src/commands/hadolint.yml | 9 +++++++++ src/jobs/hadolint.yml | 9 +++++++++ src/scripts/hadolint.sh | 11 ++++++++--- 4 files changed, 29 insertions(+), 5 deletions(-) diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index 3eb0527..caebb45 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -269,7 +269,7 @@ jobs: - run: name: Verifying hadolint install command: | - if [ ! "$(command -v hadolint)"]; then + if ! command -v hadolint; then echo "hadolint not installed" exit 1 else @@ -284,12 +284,13 @@ workflows: ignore-rules: DL4005,DL3008,DL3009,DL3015,DL3059 trusted-registries: docker.io,my-company.com:5000 dockerfiles: test.Dockerfile:test2.Dockerfile + failure-threshold: none filters: *filters - test-hadolint-install: name: test-install-hadolint-<< matrix.executor >> matrix: parameters: - executor: [docker-latest, machine-arm, macos-latest] + executor: [docker-latest, machine-arm, macos-latest] filters: *filters - test-dockerlint: name: dockerlint diff --git a/src/commands/hadolint.yml b/src/commands/hadolint.yml index d6e572d..812d4e0 100644 --- a/src/commands/hadolint.yml +++ b/src/commands/hadolint.yml @@ -28,6 +28,14 @@ parameters: `docker.io,my-company.com:5000`); if set, return an error if Dockerfiles use any images from registries not included in this list + failure-threshold: + type: enum + default: "info" + description: > + Hadolint threshold level to fail on. Exit with failure code only when rules + with a severity equal to or above THRESHOLD are violated + enum: [ "error", "warning", "info", "style", "ignore", "none" ] + steps: - run: name: Lint <> with hadolint @@ -35,5 +43,6 @@ steps: PARAM_DOCKERFILES: <> PARAM_IGNORE_RULES: <> PARAM_TRUSTED_REGISTRIES: <> + PARAM_FAILURE_THRESHOLD: <> SCRIPT_UTILS: <> command: <> diff --git a/src/jobs/hadolint.yml b/src/jobs/hadolint.yml index 136e239..fcf893d 100644 --- a/src/jobs/hadolint.yml +++ b/src/jobs/hadolint.yml @@ -47,6 +47,14 @@ parameters: `docker.io,my-company.com:5000`); if set, return an error if Dockerfiles use any images from registries not included in this list + failure-threshold: + type: enum + default: "info" + description: > + Hadolint threshold level to fail on. Exit with failure code only when rules + with a severity equal to or above THRESHOLD are violated + enum: [ "error", "warning", "info", "style", "ignore", "none" ] + hadolint-tag: type: string default: latest-debian @@ -89,3 +97,4 @@ steps: dockerfiles: <> ignore-rules: <> trusted-registries: <> + failure-threshold: <> diff --git a/src/scripts/hadolint.sh b/src/scripts/hadolint.sh index c421605..17f88ca 100644 --- a/src/scripts/hadolint.sh +++ b/src/scripts/hadolint.sh @@ -19,10 +19,8 @@ Install_Hadolint() { fi if [ "${SYS_ENV_PLATFORM}" != "Darwin" ]; then - set -x $SUDO wget -O /bin/hadolint "https://github.com/hadolint/hadolint/releases/latest/download/hadolint-${SYS_ENV_PLATFORM}" $SUDO chmod +x /bin/hadolint - set +x fi } @@ -35,14 +33,19 @@ if [ -n "$PARAM_IGNORE_RULES" ]; then readonly ignore_rules fi + if [ -n "$PARAM_TRUSTED_REGISTRIES" ]; then trusted_registries=$(printf '%s' "--trusted-registry ${PARAM_TRUSTED_REGISTRIES//,/ --trusted-registry }") readonly trusted_registries fi +failure_threshold=$(printf '%s' "--failure-threshold ${PARAM_FAILURE_THRESHOLD}") +readonly failure_threshold + printf '%s\n' "Running hadolint with the following options..." printf '%s\n' "$ignore_rules" printf '%s\n' "$trusted_registries" +printf '%s\n' "$failure_threshold" # use colon delimiters to create array readonly old_ifs="$IFS" @@ -52,10 +55,12 @@ read -ra dockerfiles <<< "$PARAM_DOCKERFILES" IFS="$old_ifs" for dockerfile in "${dockerfiles[@]}"; do + set -x hadolint \ + ${PARAM_FAILURE_THRESHOLD:+$failure_threshold} \ ${PARAM_IGNORE_RULES:+$ignore_rules} \ ${PARAM_TRUSTED_REGISTRIES:+$trusted_registries} \ $dockerfile - + set +x printf '%s\n' "Success! $dockerfile linted; no issues found" done