snc.sh: Get pullspec from mirrored release.txt #149
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add a MIRROR variable in case folks want to point at a different mirror for whatever reason. If neither OPENSHIFT_VERSION nor a Git tag are available, use the latest/ entry on the mirror to fetch the latest release (note that this is not pinned to a particular 4.y, it's just the latest stable release). Drop get_openshift_version and just set up OPENSHIFT_RELEASE_VERSION instead; no need to delay that. Echo the chosen release version and how it was determined to be more transparent and reduce surprise. Drop empty-OPENSHIFT_RELEASE_VERSION checks from the rest of the script, now that OPENSHIFT_RELEASE_VERSION is always set. Pull the release pullspec from the mirror's release.txt for the chosen version. This decouples us from the Quay tagging scheme [1,2], decouples us from the particular repository (doesn't even have to get pushed to Quay), and protects us from malicious registries that could point the mutable tag at a malicious image. [1]: https://bugzilla.redhat.com/show_bug.cgi?id=1794466 [2]: openshift/openshift-docs#19266
| else | ||
| curl -L https://mirror.openshift.com/pub/openshift-v4/clients/oc/latest/linux/oc.tar.gz | tar zx oc | ||
| fi | ||
| curl -L "${MIRROR}/${OPENSHIFT_RELEASE_VERSION}/openshift-client-linux-${OPENSHIFT_RELEASE_VERSION}.tar.gz" | tar zx oc |
| export OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE | ||
| echo "Setting OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE to ${OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE}" | ||
| fi | ||
| OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE="$(curl -l "${MIRROR}/${OPENSHIFT_RELEASE_VERSION}/release.txt" | sed -n 's/^Pull From: //p')" |
| CRC_VM_NAME=${CRC_VM_NAME:-crc} | ||
| BASE_DOMAIN=${CRC_BASE_DOMAIN:-testing} | ||
| QUAY_REGISTRY=${QUAY_REGISTRY:-quay.io/openshift-release-dev/ocp-release} | ||
| MIRROR=${MIRROR:-https://mirror.openshift.com/pub/openshift-v4/clients/ocp} |
Member
There was a problem hiding this comment.
@wking So is this correct assumption that mirror.openshift.com is source of truth when it comes to OCP releases? Recently when 4.3 rc bits happened those were not appeared on mirror.openshift.com atleast for a day or two. If you says this is way forward and every bits should be present here then we can merge it.
Contributor
Author
There was a problem hiding this comment.
Recently when 4.3 rc bits happened those were not appeared on mirror.openshift.com at least for a day or two...
They're supposed to get pushed up around when the release is tagged into the candidate channel, with latest* symlinks bumped around when a release is tagged into fast/stable. If that's not what's happening, talk to ART.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add a
MIRRORvariable in case folks want to point at a different mirror for whatever reason. If neitherOPENSHIFT_VERSIONnor a Git tag are available, use thelatest/entry on the mirror to fetch the latest release (note that this is not pinned to a particular 4.y, it's just the latest stable release). Dropget_openshift_versionand just set upOPENSHIFT_RELEASE_VERSIONinstead; no need to delay that. Echo the chosen release version and how it was determined to be more transparent and reduce surprise. Drop empty-OPENSHIFT_RELEASE_VERSIONchecks from the rest of the script, now thatOPENSHIFT_RELEASE_VERSIONis always set.Pull the release pullspec from the mirror's release.txt for the chosen version. This decouples us from the Quay tagging scheme (rhbz#794466, openshift/openshift-docs#19266), decouples us from the particular repository (doesn't even have to get pushed to Quay), and protects us from malicious registries that could point the mutable tag at a malicious image.