Make kaniko tag sanitization posix compliant (!117798) · Merge requests · GitLab.org / GitLab

Cyril Jouve requested to merge jouve/gitlab:kaniko into master Apr 17, 2023

What does this MR do and why?

the sanitization expression for tags in kaniko template is not posix compliant and the current implementation work only in bash.

it does not with kaniko official image which has only ash's busybox.

As per posix spec:

The character shall be treated as itself if it occurs first (after an initial '^', if any) or last in the list, or as an ending range point in a range expression.

this MR fixes the pattern

Screenshots or screen recordings

before:

/workspace # NOSLASH=$(echo dummy-debug.12 | tr -s / -)
/workspace # SANITIZED="${NOSLASH//[^a-zA-Z0-9\-\.]/}"; echo $SANITIZED
dummydebug.12

after:

/workspace # SANITIZED="${NOSLASH//[^a-zA-Z0-9.-]/}"; echo $SANITIZED
dummy-debug.12

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Apr 17, 2023 by Cyril Jouve

Make kaniko tag sanitization posix compliant

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports