action-container-structure-test/Taskfile.scripts.yml at master · devops-infra/action-container-structure-test · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
version: '3'

silent: true

tasks:
  help:
    desc: Detailed help
    cmds:
      - |
        echo "Tasks:"
        task --list
        echo ""
        echo "Environment:"
        echo "  DOCKER_NAME={{.DOCKER_NAME}}  DOCKER_USERNAME={{.DOCKER_USERNAME}}"
        echo "  GHRC_NAME={{.GHRC_NAME}}  GITHUB_USERNAME={{.GITHUB_USERNAME}}"
        echo "  LAST_RELEASE={{.LAST_RELEASE}}"  VERSION={{.VERSION}}   VERSION_FULL={{.VERSION_FULL}}
        echo "  BRANCH={{.GIT_BRANCH}}  GIT_SHORT_SHA={{.GIT_SHORT_SHA}}"  GIT_SHA={{.GIT_SHA}}

  packages:update:
    desc: Update Alpine package pins in alpine-packages.txt
    cmds:
      - |
        set -eu
        if [ ! -f Dockerfile ]; then
          echo "INFO: Dockerfile not found; nothing to update"
          exit 0
        fi
        if [ ! -f alpine-packages.txt ]; then
          echo "INFO: alpine-packages.txt not found; nothing to update"
          exit 0
        fi

        base_image="$(sed -nE 's/^FROM[[:space:]]+([^[:space:]]+).*/\1/p' Dockerfile | head -1)"
        if [ -z "$base_image" ]; then
          echo "INFO: Could not resolve base image; nothing to update"
          exit 0
        fi

        case "$base_image" in
          alpine:*|alpine)
            :
            ;;
          *)
            echo "INFO: Base image is '$base_image', not Alpine; nothing to update"
            exit 0
            ;;
        esac

        alpine_line="${base_image#alpine:}"
        if [ "$alpine_line" = "$base_image" ] || [ -z "$alpine_line" ]; then
          echo "INFO: Could not parse Alpine version from '$base_image'; nothing to update"
          exit 0
        fi
        alpine_minor="$(printf '%s' "$alpine_line" | awk -F. '{print $1 "." $2}')"
        if ! printf '%s' "$alpine_minor" | grep -Eq '^[0-9]+\.[0-9]+$'; then
          echo "INFO: Unsupported Alpine version '$alpine_line'; nothing to update"
          exit 0
        fi
        alpine_repo="v${alpine_minor}"
        arch="x86_64"

        normalize_minor() {
          version="$1"
          printf '%s' "$version" | sed -E 's/^([0-9]+\.[0-9]+).*/\1/'
        }

        fetch_index() {
          repo="$1"
          out="$2"
          url="https://dl-cdn.alpinelinux.org/alpine/${alpine_repo}/${repo}/${arch}/APKINDEX.tar.gz"
          curl --fail --silent --show-error "$url" | tar -O -zx APKINDEX > "$out"
        }

        lookup_latest() {
          pkg="$1"
          for index in "$index_main" "$index_community"; do
            found="$(awk -v pkg="$pkg" '
              BEGIN { RS=""; FS="\n" }
              {
                p=""; v=""
                for (i=1; i<=NF; i++) {
                  if ($i ~ /^P:/) p=substr($i,3)
                  if ($i ~ /^V:/) v=substr($i,3)
                }
                if (p==pkg) { print v; exit }
              }
            ' "$index")"
            if [ -n "$found" ]; then
              printf '%s' "$found"
              return 0
            fi
          done
          return 1
        }

        mkdir -p .tmp
        index_main=".tmp/apkindex-main-${alpine_repo}-${arch}.txt"
        index_community=".tmp/apkindex-community-${alpine_repo}-${arch}.txt"
        fetch_index main "$index_main"
        fetch_index community "$index_community"

        if ! grep -Eq '^[a-zA-Z0-9+_.-]+(=~|~=)[0-9]+\.[0-9]+$' alpine-packages.txt; then
          echo "INFO: No pinned Alpine packages (~=X.Y) found in alpine-packages.txt"
          exit 0
        fi

        tmp_out=".tmp/alpine-packages.updated.txt"
        : > "$tmp_out"
        updated=0
        while IFS= read -r line || [ -n "$line" ]; do
          if [ -z "$line" ] || printf '%s' "$line" | grep -Eq '^[[:space:]]*#'; then
            echo "$line" >> "$tmp_out"
            continue
          fi
          if ! printf '%s' "$line" | grep -Eq '^[a-zA-Z0-9+_.-]+(=~|~=)[0-9]+\.[0-9]+$'; then
            echo "$line" >> "$tmp_out"
            continue
          fi

          pkg="$(printf '%s' "$line" | sed -E 's/^([a-zA-Z0-9+_.-]+)(=~|~=).*/\1/')"
          current_minor="$(printf '%s' "$line" | sed -E 's/^[a-zA-Z0-9+_.-]+(=~|~=)([0-9]+\.[0-9]+).*$/\2/')"
          latest_full="$(lookup_latest "$pkg" || true)"
          if [ -z "$latest_full" ]; then
            echo "WARN: Could not resolve latest version for $pkg; keeping $line"
            echo "$line" >> "$tmp_out"
            continue
          fi

          latest_minor="$(normalize_minor "$latest_full")"
          if [ "$latest_minor" = "$current_minor" ]; then
            echo "OK: $pkg already up to date at $current_minor"
            echo "$pkg~=$current_minor" >> "$tmp_out"
            continue
          fi
          echo "UPDATE: $pkg $current_minor -> $latest_minor"
          echo "$pkg~=$latest_minor" >> "$tmp_out"
          updated=1
        done < alpine-packages.txt

        if ! cmp -s alpine-packages.txt "$tmp_out"; then
          mv "$tmp_out" alpine-packages.txt
        else
          rm -f "$tmp_out"
        fi

        if [ "$updated" -eq 0 ]; then
          echo "INFO: No Alpine package updates were required"
        fi