Merge "Add script to check for forbidden instructions"
This commit is contained in:
commit
0dbcb01d0e
@ -14,4 +14,6 @@ find docker -name Dockerfile.j2 -print0 |
|
|||||||
find docker -name Dockerfile.j2 -print0 |
|
find docker -name Dockerfile.j2 -print0 |
|
||||||
xargs -0 tools/validate-indentation.sh || RES=1
|
xargs -0 tools/validate-indentation.sh || RES=1
|
||||||
|
|
||||||
|
tools/validate-binary-build.sh || RES=1
|
||||||
|
|
||||||
exit $RES
|
exit $RES
|
||||||
|
48
tools/validate-binary-build.sh
Executable file
48
tools/validate-binary-build.sh
Executable file
@ -0,0 +1,48 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
REAL_PATH=$(python -c "import os,sys;print(os.path.realpath('$0'))")
|
||||||
|
cd "$(dirname "$REAL_PATH")/.."
|
||||||
|
|
||||||
|
RES=0
|
||||||
|
|
||||||
|
generate_templates () {
|
||||||
|
echo Generating templates for $distro
|
||||||
|
tools/build.py --template-only --type binary --base $distro --work-dir=$tmpdir
|
||||||
|
}
|
||||||
|
|
||||||
|
check_for_errors () {
|
||||||
|
regex=$1
|
||||||
|
# Look for all rendered Dockerfile.
|
||||||
|
# TODO(mwhahaha): Skip kolla-toolbox for now as it's dependent on specific
|
||||||
|
# set of pip installed items.
|
||||||
|
find $tmpdir/docker -not -path "*kolla-toolbox*" -name Dockerfile -print0 |
|
||||||
|
xargs -0 egrep --color "$regex"
|
||||||
|
# NOTE(mandre) grep returns status code of 1 if the expression isn't found
|
||||||
|
# xargs returns with status 123 when the command invocation returns with an
|
||||||
|
# exit status 1-125, this is what we should be looking for as our "everything
|
||||||
|
# is good" code.
|
||||||
|
if [ $? -ne 123 ]; then
|
||||||
|
RES=1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
echo Looking for forbidden instructions in binary image templates
|
||||||
|
|
||||||
|
for distro in debian ubuntu centos rhel oraclelinux; do
|
||||||
|
tmpdir=$(mktemp -d kolla-templates.XXXXXX --tmpdir)
|
||||||
|
generate_templates
|
||||||
|
check_for_errors "gem .*install"
|
||||||
|
check_for_errors "pip .*install"
|
||||||
|
check_for_errors "npm .*install"
|
||||||
|
check_for_errors "sensu-install"
|
||||||
|
check_for_errors "git .*clone"
|
||||||
|
check_for_errors "wget"
|
||||||
|
check_for_errors "curl"
|
||||||
|
rm -r $tmpdir
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ $RES -eq 1 ]; then
|
||||||
|
echo "ERROR Found forbidden instructions in binary image templates"
|
||||||
|
fi
|
||||||
|
# Let's not make it fail pep8 job for now
|
||||||
|
#exit $RES
|
Loading…
Reference in New Issue
Block a user