Fix non-hermetic OCI TA builds #1043
Conversation
stuartwdouglas
force-pushed
the
non-hermetic-oci
branch
from
cb50037
to
e79eea1
Compare
| @@ -267,7 +267,7 @@ spec: | |||
| echo $container > /var/workdir/container_name | |||
|
|
|||
| # Save the SBOM produced by Cachi2 so it can be merged into the final SBOM later | |||
| if [ -d "/var/workdir/cachi2" ]; then | |||
| if [ -f "/var/workdir/cachi2/cachi2.env" ]; then | |||
There was a problem hiding this comment.
If we are checking for files, should we not be checking for output/bom.json instead of cachi2.env?
There was a problem hiding this comment.
I saw the build fail due to a lack of /cachi2/cachi2.env in the dockerfile, so that was the file I checked for. Would it make any functional difference?
There was a problem hiding this comment.
Does output/bom.json exists == cachi2.env exists? I think so, but why take the risk?
+1 to Andrew's suggestion, let's check the existence of the file we care about.
| @@ -359,7 +359,7 @@ spec: | |||
| - name: merge-cachi2-sbom | |||
| image: quay.io/redhat-appstudio/cachi2:0.7.0@sha256:1fc772aa3636fd0b43d62120d832e5913843e028e8cac42814b487c3a0a32bd8 | |||
| script: | | |||
| if [ -d "/var/workdir/cachi2" ]; then | |||
| if [ -f "/var/workdir/cachi2/cachi2.env" ]; then | |||
There was a problem hiding this comment.
Similarly, should we just check for the existence of sbom-cachi2.json here?
|
Could you explain in the commit message why non-hermetic OCI TA builds were broken and how this fixes them? |
stuartwdouglas
force-pushed
the
non-hermetic-oci
branch
2 times, most recently
from
094c4da
to
21c6143
Compare
With OCI artifacts the directory is now always there, this now checks for specific files.
stuartwdouglas
force-pushed
the
non-hermetic-oci
branch
from
21c6143
to
7b1fd76
Compare
No description provided.