From 197ac4f78821d3e03a982b1c889782ede254f2e5 Mon Sep 17 00:00:00 2001
From: bmeller <155629015+bmeller@users.noreply.github.com>
Date: Wed, 31 Jan 2024 16:44:11 +0100
Subject: [PATCH] Artifact encoding fix (#4230)

* fix tags_to_sign by converting it to utf-8

* remove redundant line
---
 .gitlab-ci.yml | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index cc5788a9ba..1772bf4303 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -56,8 +56,8 @@ fossa:
   stage: sign-image
   script:
     - echo "listing images to be signed"
-    - cat $CI_PROJECT_DIR/tags_to_sign
-    - cat $CI_PROJECT_DIR/tags_to_sign | xargs -L1 artifact-ci sign docker
+    - cat tags_to_sign
+    - cat tags_to_sign | xargs -L1 artifact-ci sign docker
 
 
 .get-artifactory-stage: &get-artifactory-stage
@@ -617,7 +617,7 @@ push-linux-image:
         echo "Tagging and pushing ${IMAGE_NAME}:${ARCH_TAG}"
         docker tag otelcol:${arch} ${IMAGE_NAME}:${ARCH_TAG}
         docker push ${IMAGE_NAME}:${ARCH_TAG}
-        echo "${IMAGE_NAME}:${ARCH_TAG}" >> $CI_PROJECT_DIR/tags_to_sign
+        echo "${IMAGE_NAME}:${ARCH_TAG}" >> tags
         if [[ "${CI_COMMIT_BRANCH:-}" = "main" ]] || [[ "${CI_COMMIT_TAG:-}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
           # only push latest tag for main and stable releases; no need to sign them as signing is made for digest
           LATEST_TAG="latest-${arch}"
@@ -643,13 +643,14 @@ push-linux-image:
     - docker inspect --format='{{.RepoDigests}}' ${IMAGE_NAME}:${MANIFEST_TAG}-arm64 | tee dist/linux_arm64_digest.txt
     - docker inspect --format='{{.RepoDigests}}' ${IMAGE_NAME}:${MANIFEST_TAG}-ppc64le | tee dist/linux_ppc64le_digest.txt
     - docker manifest inspect ${IMAGE_NAME}:${MANIFEST_TAG} | tee dist/manifest_digest.txt
+    - mv tags tags_to_sign
   artifacts:
     paths:
       - dist/linux_amd64_digest.txt
       - dist/linux_arm64_digest.txt
       - dist/linux_ppc64le_digest.txt
       - dist/manifest_digest.txt
-      - $CI_PROJECT_DIR/tags_to_sign
+      - tags_to_sign
 
 sign-linux-image:
   extends: .sign-docker
@@ -684,7 +685,7 @@ build-push-windows-image:
       docker build -t ${IMAGE_NAME}:${IMAGE_TAG} --build-arg BASE_IMAGE=mcr.microsoft.com/windows/servercore:1809 --build-arg JMX_METRIC_GATHERER_RELEASE=${JMX_METRIC_GATHERER_RELEASE} -f .\cmd\otelcol\Dockerfile.windows .\cmd\otelcol\
       echo "Pushing ${IMAGE_NAME}:${IMAGE_TAG}"
       docker push ${IMAGE_NAME}:${IMAGE_TAG}
-      echo "${IMAGE_NAME}:${IMAGE_TAG}" >> $CI_PROJECT_DIR/tags_to_sign
+      echo "${IMAGE_NAME}:${IMAGE_TAG}" >> tags
       if ($env:CI_COMMIT_BRANCH -eq "main" -or $env:CI_COMMIT_TAG -match '^v\d+\.\d+\.\d+$') {
         # only push latest tag for main and stable releases; no need to sign them as signing is made for digest
         echo "Tagging and pushing ${IMAGE_NAME}:latest"
@@ -692,12 +693,13 @@ build-push-windows-image:
         docker push ${IMAGE_NAME}:latest
       }
     - docker inspect --format='{{.RepoDigests}}' ${IMAGE_NAME}:${IMAGE_TAG} | Tee-Object -FilePath dist/windows_digest.txt
+    - cat tags | Out-File -Encoding UTF8 tags_to_sign
   after_script:
     - docker image prune --all --force
   artifacts:
     paths:
       - dist/windows_digest.txt
-      - $CI_PROJECT_DIR/tags_to_sign
+      - tags_to_sign
 
 sign-windows-image:
   extends: .sign-docker
@@ -733,7 +735,7 @@ build-push-windows2022-image:
       docker build -t ${IMAGE_NAME}:${IMAGE_TAG} --build-arg BASE_IMAGE=mcr.microsoft.com/windows/servercore:ltsc2022 --build-arg JMX_METRIC_GATHERER_RELEASE=${JMX_METRIC_GATHERER_RELEASE} -f .\cmd\otelcol\Dockerfile.windows .\cmd\otelcol\
       echo "Pushing ${IMAGE_NAME}:${IMAGE_TAG}"
       docker push ${IMAGE_NAME}:${IMAGE_TAG}
-      echo "${IMAGE_NAME}:${IMAGE_TAG}" >> $CI_PROJECT_DIR/tags_to_sign
+      echo "${IMAGE_NAME}:${IMAGE_TAG}" >> tags
       if ($env:CI_COMMIT_BRANCH -eq "main" -or $env:CI_COMMIT_TAG -match '^v\d+\.\d+\.\d+$') {
         # only push latest tag for main and stable releases; no need to sign them as signing is made for digest
         echo "Tagging and pushing ${IMAGE_NAME}:latest-2022"
@@ -741,13 +743,14 @@ build-push-windows2022-image:
         docker push ${IMAGE_NAME}:latest-2022
       }
     - docker inspect --format='{{.RepoDigests}}' ${IMAGE_NAME}:${IMAGE_TAG} | Tee-Object -FilePath dist/windows_2022_digest.txt
+    - cat tags | Out-File -Encoding UTF8 tags_to_sign
   after_script:
     - docker image prune --all --force
     - C:\Users\Administrator\Desktop\ops-scripts\docker-leak-check.exe -remove
   artifacts:
     paths:
       - dist/windows_2022_digest.txt
-      - $CI_PROJECT_DIR/tags_to_sign
+      - tags_to_sign
 
 sign-windows2022-image:
   extends: .sign-docker