Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve publish-rhel script [DI-343] #823

Merged
merged 3 commits into from
Dec 2, 2024
Merged

Improve publish-rhel script [DI-343] #823

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2dccbc0
Improve `publish-rhel` script [DI-342]
JackPGreen Nov 15, 2024
7a6b98c
Merge branch 'master' into improve-`publish-rhel`-script
JackPGreen Dec 2, 2024
660992b
Duplicate `echoerr`
JackPGreen Dec 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
132 changes: 86 additions & 46 deletions .github/scripts/publish-rhel.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
#!/bin/bash

set -euo pipefail ${RUNNER_DEBUG:+-x}
set -o errexit -o nounset -o pipefail ${RUNNER_DEBUG:+-x}

# shellcheck source=../.github/scripts/abstract-simple-smoke-test.sh
. .github/scripts/abstract-simple-smoke-test.sh
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need it?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the echoerr function.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's confusing that we have a test code in the production script. I would suggest either inline this function as it's very small or move it to another file echo.functions.sh/log.functions.sh?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's confusing that we have a test code in the production script.

Good point.

I would suggest either inline this function as it's very small or move it to another file echo.functions.sh/log.functions.sh?

For now I've duplicated it.
Ideally it should be externalised - but as hazelcast-packaging directly references the script without any other context, a larger change is required to support that.


get_image()
{
Expand All @@ -9,19 +12,24 @@ get_image()
local VERSION=$3
local RHEL_API_KEY=$4

if [[ $PUBLISHED == "published" ]]; then
case "${PUBLISHED}" in
"published")
local PUBLISHED_FILTER="repositories.published==true"
elif [[ $PUBLISHED == "not_published" ]]; then
;;
"not_published")
local PUBLISHED_FILTER="repositories.published!=true"
else
echo "Need first parameter as 'published' or 'not_published'." ; return 1
fi
;;
*)
echoerr "Need first parameter as 'published' or 'not_published', not '${PUBLISHED}'." ; return 1
;;
esac

local FILTER="filter=deleted==false;${PUBLISHED_FILTER};repositories.tags=em=(name=='${VERSION}')"
local INCLUDE="include=total,data.repositories.tags.name,data.certified,data.container_grades,data._id,data.creation_date"
local SORT_BY='sort_by=creation_date\[desc\]'

local RESPONSE=$( \
local RESPONSE
RESPONSE=$( \
curl --silent \
--request GET \
--header "X-API-KEY: ${RHEL_API_KEY}" \
Expand All @@ -36,36 +44,48 @@ wait_for_container_scan()
local VERSION=$2
local RHEL_API_KEY=$3
local TIMEOUT_IN_MINS=$4

local IMAGE
local IS_PUBLISHED

local IS_PUBLISHED=$(get_image published "${RHEL_PROJECT_ID}" "${VERSION}" "${RHEL_API_KEY}" | jq -r '.total')
if [[ $IS_PUBLISHED == "1" ]]; then
IMAGE=$(get_image published "${RHEL_PROJECT_ID}" "${VERSION}" "${RHEL_API_KEY}")
IS_PUBLISHED=$(echo "${IMAGE}" | jq -r '.total')

if [[ ${IS_PUBLISHED} == "1" ]]; then
echo "Image is already published, exiting"
return 0
fi

local NOF_RETRIES=$(( $TIMEOUT_IN_MINS / 2 ))
local NOF_RETRIES=$(( TIMEOUT_IN_MINS / 2 ))
# Wait until the image is scanned
for i in `seq 1 ${NOF_RETRIES}`; do
local IMAGE=$(get_image not_published "${RHEL_PROJECT_ID}" "${VERSION}" "${RHEL_API_KEY}")
local SCAN_STATUS=$(echo "$IMAGE" | jq -r '.data[0].container_grades.status')
local IMAGE_CERTIFIED=$(echo "$IMAGE" | jq -r '.data[0].certified')
for i in $(seq 1 "${NOF_RETRIES}"); do
local IMAGE
local SCAN_STATUS
local IMAGE_CERTIFIED

IMAGE=$(get_image not_published "${RHEL_PROJECT_ID}" "${VERSION}" "${RHEL_API_KEY}")
SCAN_STATUS=$(echo "${IMAGE}" | jq -r '.data[0].container_grades.status')
IMAGE_CERTIFIED=$(echo "${IMAGE}" | jq -r '.data[0].certified')

if [[ $SCAN_STATUS == "pending" ]]; then
if [[ ${SCAN_STATUS} == "pending" ]]; then
echo "Scanning pending, waiting..."
elif [[ $SCAN_STATUS == "in progress" ]]; then
elif [[ ${SCAN_STATUS} == "in progress" ]]; then
echo "Scanning in progress, waiting..."
elif [[ $SCAN_STATUS == "null" ]]; then
elif [[ ${SCAN_STATUS} == "null" ]]; then
echo "Image is still not present in the registry!"
elif [[ $SCAN_STATUS == "completed" && "$IMAGE_CERTIFIED" == "true" ]]; then
elif [[ ${SCAN_STATUS} == "completed" && "${IMAGE_CERTIFIED}" == "true" ]]; then
echo "Scan passed!" ; return 0
else
echo "Scan failed!" ; return 1
echoerr "Scan failed with '${SCAN_STATUS}!"
echoerr "${IMAGE}"
return 1
fi

sleep 120

if [[ $i == $NOF_RETRIES ]]; then
echo "Timeout! Scan could not be finished"
if [[ ${i} == "${NOF_RETRIES}" ]]; then
echoerr "Timeout! Scan could not be finished"
echoerr "${IMAGE}"
return 42
fi
done
Expand All @@ -77,25 +97,35 @@ publish_the_image()
local VERSION=$2
local RHEL_API_KEY=$3

echo "Starting publishing the image for $VERSION"
echo "Starting publishing the image for ${VERSION}"

local IMAGE=$(get_image not_published "${RHEL_PROJECT_ID}" "${VERSION}" "${RHEL_API_KEY}")
local IMAGE_EXISTS=$(echo $IMAGE | jq -r '.total')
if [[ $IMAGE_EXISTS == "1" ]]; then
local SCAN_STATUS=$(echo "$IMAGE" | jq -r '.data[0].container_grades.status')
local IMAGE_CERTIFIED=$(echo "$IMAGE" | jq -r '.data[0].certified')
if [[ $SCAN_STATUS != "completed" || "$IMAGE_CERTIFIED" != "true" ]]; then
echo "Image you are trying to publish did not pass the certification test, its status is \"${SCAN_STATUS}\" and certified is \"${IMAGE_CERTIFIED}\""
local IMAGE
local IMAGE_EXISTS

IMAGE=$(get_image not_published "${RHEL_PROJECT_ID}" "${VERSION}" "${RHEL_API_KEY}")
IMAGE_EXISTS=$(echo "${IMAGE}" | jq -r '.total')

if [[ ${IMAGE_EXISTS} == "1" ]]; then
local SCAN_STATUS
local IMAGE_CERTIFIED

SCAN_STATUS=$(echo "${IMAGE}" | jq -r '.data[0].container_grades.status')
IMAGE_CERTIFIED=$(echo "${IMAGE}" | jq -r '.data[0].certified')

if [[ ${SCAN_STATUS} != "completed" || "${IMAGE_CERTIFIED}" != "true" ]]; then
echoerr "Image you are trying to publish did not pass the certification test, its status is \"${SCAN_STATUS}\" and certified is \"${IMAGE_CERTIFIED}\""
return 1
fi
else
echo "Image you are trying to publish does not exist."
echoerr "Image you are trying to publish does not exist."
echoerr "${IMAGE}"
return 1
fi

local IMAGE_ID=$(echo "$IMAGE" | jq -r '.data[0]._id')
local IMAGE_ID
IMAGE_ID=$(echo "${IMAGE}" | jq -r '.data[0]._id')

echo "Publishing the image $IMAGE_ID..."
echo "Publishing the image ${IMAGE_ID}..."
RESPONSE=$( \
curl --silent \
--retry 5 --retry-all-errors \
Expand All @@ -105,7 +135,7 @@ publish_the_image()
--header 'Content-Type: application/json' \
--data "{\"image_id\":\"${IMAGE_ID}\" , \"operation\" : \"publish\" }" \
"https://catalog.redhat.com/api/containers/v1/projects/certification/id/${RHEL_PROJECT_ID}/requests/images")
echo "Response: $RESPONSE"
echo "Response: ${RESPONSE}"
echo "Created a publish request, please check if the image is published."
}

Expand All @@ -116,18 +146,23 @@ sync_tags()
local VERSION=$2
local RHEL_API_KEY=$3

echo "Starting sync tags for $VERSION"
echo "Starting sync tags for ${VERSION}"

local IMAGE=$(get_image published "${RHEL_PROJECT_ID}" "${VERSION}" "${RHEL_API_KEY}")
local IMAGE_EXISTS=$(echo $IMAGE | jq -r '.total')
if [[ $IMAGE_EXISTS == "0" ]]; then
local IMAGE
local IMAGE_EXISTS

IMAGE=$(get_image published "${RHEL_PROJECT_ID}" "${VERSION}" "${RHEL_API_KEY}")
IMAGE_EXISTS=$(echo "${IMAGE}" | jq -r '.total')

if [[ ${IMAGE_EXISTS} == "0" ]]; then
echo "Image you are trying to sync does not exist."
return 1
fi

local IMAGE_ID=$(echo "$IMAGE" | jq -r '.data[0]._id')
local IMAGE_ID
IMAGE_ID=$(echo "${IMAGE}" | jq -r '.data[0]._id')

echo "Syncing tags of the image $IMAGE_ID..."
echo "Syncing tags of the image ${IMAGE_ID}..."
RESPONSE=$( \
curl --silent \
--retry 5 --retry-all-errors \
Expand All @@ -137,7 +172,7 @@ sync_tags()
--header 'Content-Type: application/json' \
--data "{\"image_id\":\"${IMAGE_ID}\" , \"operation\" : \"sync-tags\" }" \
"https://catalog.redhat.com/api/containers/v1/projects/certification/id/${RHEL_PROJECT_ID}/requests/images")
echo "Response: $RESPONSE"
echo "Response: ${RESPONSE}"
echo "Created a sync-tags request, please check if the tags image are in sync."
}

Expand All @@ -148,12 +183,16 @@ wait_for_container_publish()
local RHEL_API_KEY=$3
local TIMEOUT_IN_MINS=$4

local NOF_RETRIES=$(( $TIMEOUT_IN_MINS * 2 ))
local NOF_RETRIES=$(( TIMEOUT_IN_MINS * 2 ))
# Wait until the image is published
for i in `seq 1 ${NOF_RETRIES}`; do
local IS_PUBLISHED=$(get_image published "${RHEL_PROJECT_ID}" "${VERSION}" "${RHEL_API_KEY}" | jq -r '.total')
for i in $(seq 1 "${NOF_RETRIES}"); do
local IMAGE
local IS_PUBLISHED

IMAGE=$(get_image published "${RHEL_PROJECT_ID}" "${VERSION}" "${RHEL_API_KEY}")
IS_PUBLISHED=$(echo "${IMAGE}" | jq -r '.total')

if [[ $IS_PUBLISHED == "1" ]]; then
if [[ ${IS_PUBLISHED} == "1" ]]; then
echo "Image is published, exiting."
return 0
else
Expand All @@ -162,8 +201,9 @@ wait_for_container_publish()

sleep 30

if [[ $i == $NOF_RETRIES ]]; then
echo "Timeout! Publish could not be finished"
if [[ ${i} == "${NOF_RETRIES}" ]]; then
echoerr "Timeout! Publish could not be finished"
echoerr "${IMAGE}"
return 42
fi
done
Expand Down