| #!/usr/bin/env bash |
| |
| # Copyright 2018-present Open Networking Foundation |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| # tagcollisionreject.sh |
| # checks that there isn't an existing tag in the repo that has this tag |
| |
| set -eu -o pipefail |
| |
| VERSIONFILE="" # file path to file containing version number |
| NEW_VERSION="" # version number found in $VERSIONFILE |
| |
| releaseversion=0 |
| fail_validation=0 |
| |
| # when not running under Jenkins, use current dir as workspace |
| WORKSPACE=${WORKSPACE:-.} |
| |
| # find the version string in the repo, read into NEW_VERSION |
| # Add additional places NEW_VERSION could be found to this function |
| function read_version { |
| if [ -f "VERSION" ] |
| then |
| NEW_VERSION=$(head -n1 "VERSION") |
| VERSIONFILE="VERSION" |
| else |
| echo "ERROR: No versioning file found!" |
| exit 1 |
| fi |
| } |
| |
| # check if the version is already a tag in git |
| function is_git_tag_duplicated { |
| for existing_tag in $(git tag) |
| do |
| if [ "$NEW_VERSION" = "$existing_tag" ] |
| then |
| echo "ERROR: Duplicate tag: $existing_tag" |
| exit 2 |
| fi |
| done |
| } |
| |
| # check if the version is a released version |
| function check_if_releaseversion { |
| if [[ "$NEW_VERSION" =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]] |
| then |
| echo "Version string '$NEW_VERSION' found in '$VERSIONFILE' is a SemVer released version!" |
| releaseversion=1 |
| else |
| echo "Version string '$NEW_VERSION' found in '$VERSIONFILE' is not a SemVer released version, skipping." |
| fi |
| } |
| |
| # check if Dockerfiles have a released version as their parent |
| function dockerfile_parentcheck { |
| while IFS= read -r -d '' dockerfile |
| do |
| echo "Checking dockerfile: '$dockerfile'" |
| |
| # split on newlines |
| IFS=$'\n' |
| df_parents=($(grep "^FROM" "$dockerfile")) |
| |
| # check all parents in the Dockerfile |
| for df_parent in "${df_parents[@]}" |
| do |
| |
| df_pattern="FROM (.*):(.*)" |
| if [[ "$df_parent" =~ $df_pattern ]] |
| then |
| |
| p_image="${BASH_REMATCH[1]}" |
| p_version="${BASH_REMATCH[2]}" |
| |
| if [[ "${p_version}" =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]] |
| then |
| echo " OK: Parent '$p_image:$p_version' is a released SemVer version" |
| elif [[ "${p_version}" =~ ^([0-9]+)\.([0-9]+).*$ ]] |
| then |
| # handle the non-SemVer 'ubuntu:16.04' and 'postgres:10.3-alpine' cases |
| echo " OK: Parent '$p_image:$p_version' is using a non-SemVer, but sufficient, version" |
| else |
| echo " ERROR: Parent '$p_image:$p_version' is NOT using an specific version" |
| fail_validation=1 |
| fi |
| |
| elif [[ "$df_parent" =~ ^FROM\ scratch$ ]] |
| then |
| # Handle the parent-less `FROM scratch` case: |
| # https://docs.docker.com/develop/develop-images/baseimages/ |
| echo " OK: Using the versionless 'scratch' parent: '$df_parent'" |
| else |
| echo " ERROR: Couldn't find a parent image in $df_parent" |
| fi |
| |
| done |
| |
| done < <( find "${WORKSPACE}" -name 'Dockerfile*' -print0 ) |
| } |
| |
| echo "Checking git repo with remotes:" |
| git remote -v |
| |
| echo "Branches:" |
| git branch -v |
| |
| echo "Existing git tags:" |
| git tag -n |
| |
| read_version |
| check_if_releaseversion |
| |
| # perform checks if a released version |
| if [ "$releaseversion" -eq "1" ] |
| then |
| is_git_tag_duplicated |
| dockerfile_parentcheck |
| fi |
| |
| exit $fail_validation |