debug

Author: TomerNewman

internal/buildsign/resource/common.go

@@ -146,24 +146,113 @@ func buildBuildahScript(destinationImg string, tlsOptions kmmv1beta1.TLSOptions,
 	}
 
 	// Build the setup section based on operation type
-	setupSection := `echo "setting up build context"
+	setupSection := `echo "=== DEBUG: Starting buildah setup ==="
+echo "DEBUG: Current working directory: $(pwd)"
+echo "DEBUG: Current user: $(whoami)"
+echo "DEBUG: Available disk space:"
+df -h /tmp
+
+echo "=== DEBUG: Setting up build context ==="
+echo "setting up build context"
 mkdir -p /tmp/build-context
 cp /workspace/Dockerfile /tmp/build-context/
+
+echo "=== DEBUG: Checking /run/secrets directory ==="
+if [ -d "/run/secrets" ]; then
+    echo "DEBUG: /run/secrets directory exists"
+    echo "DEBUG: /run/secrets permissions:"
+    ls -ld /run/secrets
+    echo "DEBUG: /run/secrets contents:"
+    ls -la /run/secrets/ || echo "DEBUG: Failed to list /run/secrets contents"
+else
+    echo "DEBUG: ERROR - /run/secrets directory does not exist!"
+fi
+
+echo "=== DEBUG: Checking for secret directories pattern /run/secrets/*/ ==="
 # Copy build secrets into build context so they're accessible during build
 for secret_dir in /run/secrets/*/; do
+    echo "DEBUG: Checking pattern match: $secret_dir"
     if [ -d "$secret_dir" ]; then
+        echo "DEBUG: Found valid secret directory: $secret_dir"
+        echo "DEBUG: Secret directory permissions:"
+        ls -ld "$secret_dir"
+        echo "DEBUG: Secret directory contents:"
+        ls -la "$secret_dir" || echo "DEBUG: Failed to list secret directory contents"
+        
         echo "copying secrets from $secret_dir to build context"
-        cp -r "$secret_dir"* /tmp/build-context/
+        echo "DEBUG: About to copy: $secret_dir* -> /tmp/build-context/"
+        cp -rv "$secret_dir"* /tmp/build-context/ || echo "DEBUG: Copy failed with exit code $?"
+        
+        echo "DEBUG: Verifying copy results:"
+        echo "DEBUG: Files copied from $secret_dir:"
+        find "$secret_dir" -type f -exec basename {} \; || echo "DEBUG: Failed to find files in secret dir"
+    else
+        echo "DEBUG: Pattern $secret_dir is not a directory or doesn't exist"
     fi
-done`
+done
+
+echo "=== DEBUG: Final build context contents ==="
+echo "DEBUG: /tmp/build-context directory:"
+ls -la /tmp/build-context/ || echo "DEBUG: Failed to list build context"
+echo "DEBUG: Checking for specific file ci-build-secret:"
+if [ -f "/tmp/build-context/ci-build-secret" ]; then
+    echo "DEBUG: SUCCESS - ci-build-secret file found!"
+    echo "DEBUG: ci-build-secret file contents:"
+    cat /tmp/build-context/ci-build-secret || echo "DEBUG: Failed to read ci-build-secret"
+else
+    echo "DEBUG: ERROR - ci-build-secret file NOT found in build context!"
+fi
+
+echo "=== DEBUG: Volume mounts information ==="
+echo "DEBUG: All mounted filesystems:"
+mount | grep -E "(secret|tmp)" || echo "DEBUG: No secret or tmp mounts found"`
 
 	// If we do sign instead
 	if operation == Sign {
-		setupSection = `echo "setting up build context with cert and key files"
+		setupSection = `echo "=== DEBUG: Starting buildah sign setup ==="
+echo "DEBUG: Current working directory: $(pwd)"
+echo "DEBUG: Current user: $(whoami)"
+
+echo "=== DEBUG: Setting up build context for signing ==="
+echo "setting up build context with cert and key files"
 mkdir -p /tmp/build-context
 cp /workspace/Dockerfile /tmp/build-context/
-cp /run/secrets/cert/cert.pem /tmp/build-context/cert.pem
-cp /run/secrets/key/key.pem /tmp/build-context/key.pem`
+
+echo "=== DEBUG: Checking signing secrets ==="
+echo "DEBUG: Checking /run/secrets/cert directory:"
+if [ -d "/run/secrets/cert" ]; then
+    echo "DEBUG: /run/secrets/cert exists"
+    ls -la /run/secrets/cert/
+    if [ -f "/run/secrets/cert/cert.pem" ]; then
+        echo "DEBUG: cert.pem file found"
+    else
+        echo "DEBUG: ERROR - cert.pem file not found!"
+    fi
+else
+    echo "DEBUG: ERROR - /run/secrets/cert directory does not exist!"
+fi
+
+echo "DEBUG: Checking /run/secrets/key directory:"
+if [ -d "/run/secrets/key" ]; then
+    echo "DEBUG: /run/secrets/key exists"
+    ls -la /run/secrets/key/
+    if [ -f "/run/secrets/key/key.pem" ]; then
+        echo "DEBUG: key.pem file found"
+    else
+        echo "DEBUG: ERROR - key.pem file not found!"
+    fi
+else
+    echo "DEBUG: ERROR - /run/secrets/key directory does not exist!"
+fi
+
+echo "=== DEBUG: Copying signing certificates ==="
+echo "DEBUG: Copying cert.pem..."
+cp -v /run/secrets/cert/cert.pem /tmp/build-context/cert.pem || echo "DEBUG: Failed to copy cert.pem"
+echo "DEBUG: Copying key.pem..."
+cp -v /run/secrets/key/key.pem /tmp/build-context/key.pem || echo "DEBUG: Failed to copy key.pem"
+
+echo "=== DEBUG: Final signing build context contents ==="
+ls -la /tmp/build-context/`
 	}
 
 	// Build command section
@@ -185,6 +274,14 @@ export PUSH_IMAGE="%s"
 
 %s
 
+echo "=== DEBUG: Setup completed, starting buildah ==="
+echo "DEBUG: About to run buildah command with these parameters:"
+echo "DEBUG: Image: $IMAGE"
+echo "DEBUG: TLS Verify: %s"
+echo "DEBUG: Build command: %s"
+echo "DEBUG: Final verification of /tmp/build-context before buildah:"
+ls -la /tmp/build-context/
+
 echo "starting Buildah %s for $IMAGE"
 %s \
   --tls-verify=%s \
@@ -193,17 +290,23 @@ echo "starting Buildah %s for $IMAGE"
   -t "$IMAGE" \
   /tmp/build-context
 
+echo "=== DEBUG: Buildah command completed with exit code: $? ==="
+
 if [ "$PUSH_IMAGE" = "true" ]; then
+  echo "=== DEBUG: Starting push phase ==="
   echo "pushing %s $IMAGE..."
   buildah push \
     --tls-verify=%s \
     --storage-driver=vfs \
     "$IMAGE" \
     "docker://$IMAGE"
+  echo "DEBUG: Push completed with exit code: $?"
 else
   echo "skipping push step (PUSH_IMAGE=$PUSH_IMAGE)"
 fi
-`, destinationImg, pushImageStr, setupSection, actionDescription, buildCmd, tlsVerify, pushDescription, tlsVerify)
+
+echo "=== DEBUG: Script execution completed ==="
+`, destinationImg, pushImageStr, setupSection, tlsVerify, buildCmd, actionDescription, buildCmd, tlsVerify, pushDescription, tlsVerify)
 
 	return script
 }