diff --git a/task/buildah-oci-ta/0.3/buildah-oci-ta.yaml b/task/buildah-oci-ta/0.3/buildah-oci-ta.yaml index d0f3675178..b6eb98ed8c 100644 --- a/task/buildah-oci-ta/0.3/buildah-oci-ta.yaml +++ b/task/buildah-oci-ta/0.3/buildah-oci-ta.yaml @@ -293,14 +293,14 @@ spec: echo "Fetch Dockerfile from $DOCKERFILE" dockerfile_path=$(mktemp --suffix=-Dockerfile) http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path" "$DOCKERFILE") - if [ $http_code != 200 ]; then + if [ "$http_code" != 200 ]; then echo "No Dockerfile is fetched. Server responds $http_code" exit 1 fi http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path.dockerignore.tmp" "$DOCKERFILE.dockerignore") - if [ $http_code = 200 ]; then + if [ "$http_code" = 200 ]; then echo "Fetched .dockerignore from $DOCKERFILE.dockerignore" - mv "$dockerfile_path.dockerignore.tmp" $SOURCE_CODE_DIR/$CONTEXT/.dockerignore + mv "$dockerfile_path.dockerignore.tmp" "$SOURCE_CODE_DIR/$CONTEXT/.dockerignore" fi else echo "Cannot find Dockerfile $DOCKERFILE" @@ -376,7 +376,7 @@ spec: UNSHARE_ARGS+=("--net") for image in $BASE_IMAGES; do - unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image + unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull "$image" done echo "Build will be executed with network isolation" fi @@ -429,14 +429,14 @@ spec: # if yum repofiles stored in git, copy them to mount point outside the source dir if [ -d "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}" ]; then - mkdir -p ${YUM_REPOS_D_FETCHED} - cp -r ${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}/* ${YUM_REPOS_D_FETCHED} + mkdir -p "${YUM_REPOS_D_FETCHED}" + cp -r "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}"/* "${YUM_REPOS_D_FETCHED}" fi # if anything in the repofiles mount point (either fetched or from git), mount it if [ -d "${YUM_REPOS_D_FETCHED}" ]; then - chmod -R go+rwX ${YUM_REPOS_D_FETCHED} - mount_point=$(realpath ${YUM_REPOS_D_FETCHED}) + chmod -R go+rwX "${YUM_REPOS_D_FETCHED}" + mount_point=$(realpath "${YUM_REPOS_D_FETCHED}") VOLUME_MOUNTS+=(--volume "${mount_point}:${YUM_REPOS_D_TARGET}") fi @@ -544,7 +544,7 @@ spec: cp /tmp/cachi2/output/bom.json ./sbom-cachi2.json fi - buildah mount $container | tee /shared/container_path + buildah mount "$container" | tee /shared/container_path # delete symlinks - they may point outside the container rootfs, messing with SBOM scanners find $(cat /shared/container_path) -xtype l -delete echo $container >/shared/container_name diff --git a/task/buildah-remote-oci-ta/0.3/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.3/buildah-remote-oci-ta.yaml index 7516b413d1..39b7458017 100644 --- a/task/buildah-remote-oci-ta/0.3/buildah-remote-oci-ta.yaml +++ b/task/buildah-remote-oci-ta/0.3/buildah-remote-oci-ta.yaml @@ -327,14 +327,14 @@ spec: echo "Fetch Dockerfile from $DOCKERFILE" dockerfile_path=$(mktemp --suffix=-Dockerfile) http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path" "$DOCKERFILE") - if [ $http_code != 200 ]; then + if [ "$http_code" != 200 ]; then echo "No Dockerfile is fetched. Server responds $http_code" exit 1 fi http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path.dockerignore.tmp" "$DOCKERFILE.dockerignore") - if [ $http_code = 200 ]; then + if [ "$http_code" = 200 ]; then echo "Fetched .dockerignore from $DOCKERFILE.dockerignore" - mv "$dockerfile_path.dockerignore.tmp" $SOURCE_CODE_DIR/$CONTEXT/.dockerignore + mv "$dockerfile_path.dockerignore.tmp" "$SOURCE_CODE_DIR/$CONTEXT/.dockerignore" fi else echo "Cannot find Dockerfile $DOCKERFILE" @@ -410,7 +410,7 @@ spec: UNSHARE_ARGS+=("--net") for image in $BASE_IMAGES; do - unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image + unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull "$image" done echo "Build will be executed with network isolation" fi @@ -463,14 +463,14 @@ spec: # if yum repofiles stored in git, copy them to mount point outside the source dir if [ -d "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}" ]; then - mkdir -p ${YUM_REPOS_D_FETCHED} - cp -r ${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}/* ${YUM_REPOS_D_FETCHED} + mkdir -p "${YUM_REPOS_D_FETCHED}" + cp -r "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}"/* "${YUM_REPOS_D_FETCHED}" fi # if anything in the repofiles mount point (either fetched or from git), mount it if [ -d "${YUM_REPOS_D_FETCHED}" ]; then - chmod -R go+rwX ${YUM_REPOS_D_FETCHED} - mount_point=$(realpath ${YUM_REPOS_D_FETCHED}) + chmod -R go+rwX "${YUM_REPOS_D_FETCHED}" + mount_point=$(realpath "${YUM_REPOS_D_FETCHED}") VOLUME_MOUNTS+=(--volume "${mount_point}:${YUM_REPOS_D_TARGET}") fi @@ -578,7 +578,7 @@ spec: cp /tmp/cachi2/output/bom.json ./sbom-cachi2.json fi - buildah mount $container | tee /shared/container_path + buildah mount "$container" | tee /shared/container_path # delete symlinks - they may point outside the container rootfs, messing with SBOM scanners find $(cat /shared/container_path) -xtype l -delete echo $container >/shared/container_name diff --git a/task/buildah-remote/0.3/buildah-remote.yaml b/task/buildah-remote/0.3/buildah-remote.yaml index 9d8420d21d..fb385a5243 100644 --- a/task/buildah-remote/0.3/buildah-remote.yaml +++ b/task/buildah-remote/0.3/buildah-remote.yaml @@ -309,14 +309,14 @@ spec: echo "Fetch Dockerfile from $DOCKERFILE" dockerfile_path=$(mktemp --suffix=-Dockerfile) http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path" "$DOCKERFILE") - if [ $http_code != 200 ]; then + if [ "$http_code" != 200 ]; then echo "No Dockerfile is fetched. Server responds $http_code" exit 1 fi http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path.dockerignore.tmp" "$DOCKERFILE.dockerignore") - if [ $http_code = 200 ]; then + if [ "$http_code" = 200 ]; then echo "Fetched .dockerignore from $DOCKERFILE.dockerignore" - mv "$dockerfile_path.dockerignore.tmp" $SOURCE_CODE_DIR/$CONTEXT/.dockerignore + mv "$dockerfile_path.dockerignore.tmp" "$SOURCE_CODE_DIR/$CONTEXT/.dockerignore" fi else echo "Cannot find Dockerfile $DOCKERFILE" @@ -386,7 +386,7 @@ spec: UNSHARE_ARGS+=("--net") for image in $BASE_IMAGES; do - unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image + unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull "$image" done echo "Build will be executed with network isolation" fi @@ -439,14 +439,14 @@ spec: # if yum repofiles stored in git, copy them to mount point outside the source dir if [ -d "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}" ]; then - mkdir -p ${YUM_REPOS_D_FETCHED} - cp -r ${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}/* ${YUM_REPOS_D_FETCHED} + mkdir -p "${YUM_REPOS_D_FETCHED}" + cp -r "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}"/* "${YUM_REPOS_D_FETCHED}" fi # if anything in the repofiles mount point (either fetched or from git), mount it if [ -d "${YUM_REPOS_D_FETCHED}" ]; then - chmod -R go+rwX ${YUM_REPOS_D_FETCHED} - mount_point=$(realpath ${YUM_REPOS_D_FETCHED}) + chmod -R go+rwX "${YUM_REPOS_D_FETCHED}" + mount_point=$(realpath "${YUM_REPOS_D_FETCHED}") VOLUME_MOUNTS+=(--volume "${mount_point}:${YUM_REPOS_D_TARGET}") fi @@ -554,7 +554,7 @@ spec: cp /tmp/cachi2/output/bom.json ./sbom-cachi2.json fi - buildah mount $container | tee /shared/container_path + buildah mount "$container" | tee /shared/container_path # delete symlinks - they may point outside the container rootfs, messing with SBOM scanners find $(cat /shared/container_path) -xtype l -delete echo $container > /shared/container_name diff --git a/task/buildah/0.3/buildah.yaml b/task/buildah/0.3/buildah.yaml index 0f10c0bde1..f5d1807cab 100644 --- a/task/buildah/0.3/buildah.yaml +++ b/task/buildah/0.3/buildah.yaml @@ -230,14 +230,14 @@ spec: echo "Fetch Dockerfile from $DOCKERFILE" dockerfile_path=$(mktemp --suffix=-Dockerfile) http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path" "$DOCKERFILE") - if [ $http_code != 200 ]; then + if [ "$http_code" != 200 ]; then echo "No Dockerfile is fetched. Server responds $http_code" exit 1 fi http_code=$(curl -s -S -L -w "%{http_code}" --output "$dockerfile_path.dockerignore.tmp" "$DOCKERFILE.dockerignore") - if [ $http_code = 200 ]; then + if [ "$http_code" = 200 ]; then echo "Fetched .dockerignore from $DOCKERFILE.dockerignore" - mv "$dockerfile_path.dockerignore.tmp" $SOURCE_CODE_DIR/$CONTEXT/.dockerignore + mv "$dockerfile_path.dockerignore.tmp" "$SOURCE_CODE_DIR/$CONTEXT/.dockerignore" fi else echo "Cannot find Dockerfile $DOCKERFILE" @@ -307,7 +307,7 @@ spec: UNSHARE_ARGS+=("--net") for image in $BASE_IMAGES; do - unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull $image + unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -- buildah pull "$image" done echo "Build will be executed with network isolation" fi @@ -360,14 +360,14 @@ spec: # if yum repofiles stored in git, copy them to mount point outside the source dir if [ -d "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}" ]; then - mkdir -p ${YUM_REPOS_D_FETCHED} - cp -r ${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}/* ${YUM_REPOS_D_FETCHED} + mkdir -p "${YUM_REPOS_D_FETCHED}" + cp -r "${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}"/* "${YUM_REPOS_D_FETCHED}" fi # if anything in the repofiles mount point (either fetched or from git), mount it if [ -d "${YUM_REPOS_D_FETCHED}" ]; then - chmod -R go+rwX ${YUM_REPOS_D_FETCHED} - mount_point=$(realpath ${YUM_REPOS_D_FETCHED}) + chmod -R go+rwX "${YUM_REPOS_D_FETCHED}" + mount_point=$(realpath "${YUM_REPOS_D_FETCHED}") VOLUME_MOUNTS+=(--volume "${mount_point}:${YUM_REPOS_D_TARGET}") fi @@ -475,7 +475,7 @@ spec: cp /tmp/cachi2/output/bom.json ./sbom-cachi2.json fi - buildah mount $container | tee /shared/container_path + buildah mount "$container" | tee /shared/container_path # delete symlinks - they may point outside the container rootfs, messing with SBOM scanners find $(cat /shared/container_path) -xtype l -delete echo $container > /shared/container_name