Code Review
/
releng
/
global-jjb.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Fix: Address various shellcheck linting errors in scripts
[releng/global-jjb.git]
/
shell
/
release-job.sh
diff --git
a/shell/release-job.sh
b/shell/release-job.sh
index
6c280d2
..
e01d3a9
100644
(file)
--- a/
shell/release-job.sh
+++ b/
shell/release-job.sh
@@
-97,7
+97,7
@@
set_variables_common(){
TAG_RELEASE="${TAG_RELEASE:-None}"
if [[ $TAG_RELEASE == "None" ]]; then
TAG_RELEASE="${TAG_RELEASE:-None}"
if [[ $TAG_RELEASE == "None" ]]; then
- if grep -q "tag_release"
$release_file
; then
+ if grep -q "tag_release"
"$release_file"
; then
TAG_RELEASE=$(yq -r .tag_release "$release_file")
else
TAG_RELEASE=true
TAG_RELEASE=$(yq -r .tag_release "$release_file")
else
TAG_RELEASE=true
@@
-183,7
+183,7
@@
set_variables_packagecloud(){
VERSION=$(yq -r ".version" "$release_file")
fi
if [[ -z ${GIT_TAG:-} ]]; then
VERSION=$(yq -r ".version" "$release_file")
fi
if [[ -z ${GIT_TAG:-} ]]; then
- if grep -q "git_tag"
$release_file
; then
+ if grep -q "git_tag"
"$release_file"
; then
GIT_TAG=$(yq -r ".git_tag" "$release_file")
else
GIT_TAG="$VERSION"
GIT_TAG=$(yq -r ".git_tag" "$release_file")
else
GIT_TAG="$VERSION"
@@
-385,8
+385,8
@@
artifact_release_file(){
mkdir artifacts
ORG=$(echo "$NEXUS_URL" | awk -F'.' '{print $2}')
mkdir artifacts
ORG=$(echo "$NEXUS_URL" | awk -F'.' '{print $2}')
- for namequoted in $(yq '.artifacts[].name'
$release_file
); do
- pathquoted=$(yq ".artifacts[] |select(.name==$namequoted) |.path"
$release_file
)
+ for namequoted in $(yq '.artifacts[].name'
"$release_file"
); do
+ pathquoted=$(yq ".artifacts[] |select(.name==$namequoted) |.path"
"$release_file"
)
#Remove extra yaml quotes
name="${namequoted#\"}"
#Remove extra yaml quotes
name="${namequoted#\"}"
@@
-420,8
+420,8
@@
container_release_file(){
local lfn_umbrella
lfn_umbrella="$(echo "$GERRIT_URL" | awk -F"." '{print $2}')"
local lfn_umbrella
lfn_umbrella="$(echo "$GERRIT_URL" | awk -F"." '{print $2}')"
- for namequoted in $(yq '.containers[].name'
$release_file
); do
- versionquoted=$(yq ".containers[] |select(.name==$namequoted) |.version"
$release_file
)
+ for namequoted in $(yq '.containers[].name'
"$release_file"
); do
+ versionquoted=$(yq ".containers[] |select(.name==$namequoted) |.version"
"$release_file"
)
#Remove extra yaml quotes
name="${namequoted#\"}"
#Remove extra yaml quotes
name="${namequoted#\"}"
@@
-443,8
+443,16
@@
container_release_file(){
echo "docker tag $container_image_id $CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name:$VERSION"
echo "docker push $CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name:$VERSION"
if [[ "$JOB_NAME" =~ "merge" ]]; then
echo "docker tag $container_image_id $CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name:$VERSION"
echo "docker push $CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name:$VERSION"
if [[ "$JOB_NAME" =~ "merge" ]]; then
+ curl -O -L "https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64"
+ sudo mv cosign-linux-amd64 /usr/local/bin/cosign
+ sudo chmod +x /usr/local/bin/cosign
+ export COSIGN_PASSWORD
docker tag "$container_image_id" "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION"
docker push "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION"
docker tag "$container_image_id" "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION"
docker push "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION"
+ image_sha=$(docker images --no-trunc --quiet \
+ "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION")
+ image_digest="$CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name@$image_sha"
+ cosign sign -y --key "$COSIGN_PRIVATE_KEY" "$image_digest"
fi
echo "#########################"
fi
fi
echo "#########################"
fi
@@
-649,7
+657,7
@@
case $DISTRIBUTION_TYPE in
fi
set_variables_packagecloud
verify_packagecloud_match_release
fi
set_variables_packagecloud
verify_packagecloud_match_release
- for name in $(yq -r '.packages[].name'
$release_file
); do
+ for name in $(yq -r '.packages[].name'
"$release_file"
); do
package=$name
packagecloud_verify "$package" "$packagecloud_account"
if [[ "$JOB_NAME" =~ "merge" ]] && ! $DRY_RUN; then
package=$name
packagecloud_verify "$package" "$packagecloud_account"
if [[ "$JOB_NAME" =~ "merge" ]] && ! $DRY_RUN; then