Skip to content

Commit 4cf5d61

Browse files
committed
fix(KONFLUX-14665): check also internalrequest status
This PR adds a check of the internal-request status after the publish happened as in case of time-out, there will be no error to be caught, instead we will have a IR failed condition. Assisted-By: Claude Signed-off-by: Leandro Mendes <lmendes@redhat.com>
1 parent 440c8cb commit 4cf5d61

3 files changed

Lines changed: 194 additions & 3 deletions

File tree

tasks/managed/publish-index-image/publish-index-image.yaml

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -197,7 +197,18 @@ spec:
197197
internalRequest=$(awk -F"'" '/created/ { print $2 }' "$IR_RESULT_FILE")
198198
echo "done (${internalRequest})"
199199
200-
results=$(kubectl get internalrequest "${internalRequest}" -o=jsonpath='{.status.results}')
200+
# get the internal request status
201+
internalRequestJson="$(kubectl get internalrequest "${internalRequest}" -o json | jq -c)"
202+
203+
status="$(jq '.status.conditions[].status' <<< "$internalRequestJson")"
204+
if [ "$status" = "False" ]; then
205+
errorMessage="$(jq '.status.conditions[].message' <<< "$internalRequestJson")"
206+
echo "ERROR: Publish to ${publishingImages[$x]} failed"
207+
echo "errorMessage: $errorMessage"
208+
exit 1
209+
fi
210+
211+
results=$(jq '.status.results' <<< "$internalRequestJson")
201212
requestMessage=$(echo "${results}" | jq -r '.requestMessage // ""')
202213

203214
if echo "${requestMessage}" | grep -qi "error"; then

tasks/managed/publish-index-image/tests/mocks.sh

Lines changed: 43 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,9 +15,50 @@ function internal-request() {
1515
}
1616

1717
function kubectl() {
18-
if [[ "$*" == *"get internalrequest"*"jsonpath"*"status.results"* ]]
18+
if [[ "$*" == *"get internalrequest"*"-o json"* ]]
1919
then
20-
echo '{"requestMessage":"Index Image Published successfully"}'
20+
# Check if this is the failure test case by looking for a marker in any data.json file
21+
if find /var/workdir -name "data.json" -type f -exec grep -q "test-publish-index-image-failure" {} \; 2>/dev/null; then
22+
echo '{
23+
"status": {
24+
"conditions": [
25+
{
26+
"type": "Succeeded",
27+
"status": "False",
28+
"reason": "Failed",
29+
"message": "Failed to publish index image: permission denied to registry"
30+
}
31+
],
32+
"results": {
33+
"requestMessage": "Error: Failed to push image"
34+
}
35+
}
36+
}'
37+
else
38+
# Return successful status for normal tests
39+
echo '{
40+
"status": {
41+
"conditions": [
42+
{
43+
"type": "Succeeded",
44+
"status": "True",
45+
"reason": "Succeeded",
46+
"message": ""
47+
}
48+
],
49+
"results": {
50+
"requestMessage": "Index Image Published successfully"
51+
}
52+
}
53+
}'
54+
fi
55+
elif [[ "$*" == *"get internalrequest"*"jsonpath"*"status.results"* ]]
56+
then
57+
if find /var/workdir -name "data.json" -type f -exec grep -q "test-publish-index-image-failure" {} \; 2>/dev/null; then
58+
echo '{"requestMessage":"Error: Failed to push image"}'
59+
else
60+
echo '{"requestMessage":"Index Image Published successfully"}'
61+
fi
2162
else
2263
/usr/bin/kubectl $*
2364
fi
Lines changed: 139 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,139 @@
1+
---
2+
apiVersion: tekton.dev/v1
3+
kind: Pipeline
4+
metadata:
5+
name: test-publish-index-image-failure
6+
annotations:
7+
test/assert-task-failure: "run-task"
8+
spec:
9+
description: Test that publish-index-image task properly handles InternalRequest failures
10+
params:
11+
- name: ociStorage
12+
description: The OCI repository where the Trusted Artifacts are stored.
13+
type: string
14+
- name: ociArtifactExpiresAfter
15+
description: Expiration date for the trusted artifacts created in the
16+
OCI repository. An empty string means the artifacts do not expire.
17+
type: string
18+
default: "1d"
19+
- name: orasOptions
20+
description: oras options to pass to Trusted Artifacts calls
21+
type: string
22+
default: "--insecure"
23+
- name: trustedArtifactsDebug
24+
description: Flag to enable debug logging in trusted artifacts. Set to a non-empty string to enable.
25+
type: string
26+
default: ""
27+
- name: dataDir
28+
description: The location where data will be stored
29+
type: string
30+
tasks:
31+
- name: setup
32+
taskSpec:
33+
results:
34+
- name: sourceDataArtifact
35+
type: string
36+
volumes:
37+
- name: workdir
38+
emptyDir: {}
39+
stepTemplate:
40+
volumeMounts:
41+
- mountPath: /var/workdir
42+
name: workdir
43+
env:
44+
- name: IMAGE_EXPIRES_AFTER
45+
value: $(params.ociArtifactExpiresAfter)
46+
- name: "ORAS_OPTIONS"
47+
value: "$(params.orasOptions)"
48+
- name: "DEBUG"
49+
value: "$(params.trustedArtifactsDebug)"
50+
steps:
51+
- name: setup-values
52+
image: quay.io/konflux-ci/release-service-utils@sha256:5546fa78d3c88d7b6a2e8cff8902f7757f00541d0bbaf113b9f293133894afa3
53+
script: |
54+
#!/usr/bin/env sh
55+
set -eux
56+
57+
mkdir -p "$(params.dataDir)/$(context.pipelineRun.uid)"
58+
cat > "$(params.dataDir)/$(context.pipelineRun.uid)/data.json" << EOF
59+
{
60+
"fbc": {
61+
"publishingCredentials": "test-credentials"
62+
},
63+
"test": "test-publish-index-image-failure"
64+
}
65+
EOF
66+
cat > "$(params.dataDir)/internal-requests-results.json" << EOF
67+
{
68+
"index_image": {
69+
"target_index": "quay.io/scoheb/fbc-target-index-testing:v4.12"
70+
},
71+
"components": [
72+
{
73+
"fbc_fragment": "registry.io/image0@sha256:0000",
74+
"target_index": "quay.io/scoheb/fbc-target-index-testing:v4.12",
75+
"target_index_with_timestamp": "quay.io/scoheb/fbc-target-index-testing:v4.12-1678118351",
76+
"ocp_version": "v4.12",
77+
"index_image": "redhat.com/rh-stage/iib:01",
78+
"index_image_resolved": "redhat.com/rh-stage/iib@sha256:abcdefghijk",
79+
"image_digests": [
80+
"quay.io/a",
81+
"quay.io/b"
82+
],
83+
"completion_time": "2023-03-06T16:39:11.314092Z",
84+
"iibLog": "Dummy IIB Log"
85+
}
86+
]
87+
}
88+
EOF
89+
- name: create-trusted-artifact
90+
ref:
91+
name: create-trusted-artifact
92+
params:
93+
- name: ociStorage
94+
value: $(params.ociStorage)
95+
- name: workDir
96+
value: $(params.dataDir)
97+
- name: sourceDataArtifact
98+
value: $(results.sourceDataArtifact.path)
99+
- name: run-task
100+
taskRef:
101+
name: publish-index-image
102+
params:
103+
- name: internalRequestResultsFile
104+
value: "internal-requests-results.json"
105+
- name: buildTimestamp
106+
value: 11111111111
107+
- name: retries
108+
value: 2
109+
- name: pipelineRunUid
110+
value: $(context.pipelineRun.uid)
111+
- name: dataPath
112+
value: $(context.pipelineRun.uid)/data.json
113+
- name: ociStorage
114+
value: $(params.ociStorage)
115+
- name: orasOptions
116+
value: $(params.orasOptions)
117+
- name: sourceDataArtifact
118+
value: "$(tasks.setup.results.sourceDataArtifact)=$(params.dataDir)"
119+
- name: dataDir
120+
value: $(params.dataDir)
121+
- name: trustedArtifactsDebug
122+
value: $(params.trustedArtifactsDebug)
123+
- name: taskGitUrl
124+
value: "http://localhost"
125+
- name: taskGitRevision
126+
value: "main"
127+
runAfter:
128+
- setup
129+
finally:
130+
- name: cleanup
131+
taskSpec:
132+
steps:
133+
- name: delete-crs
134+
image: quay.io/konflux-ci/release-service-utils@sha256:5546fa78d3c88d7b6a2e8cff8902f7757f00541d0bbaf113b9f293133894afa3
135+
script: |
136+
#!/usr/bin/env bash
137+
set -euxo pipefail
138+
139+
kubectl delete internalrequests --all

0 commit comments

Comments
 (0)