New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use proper tmp directory for update-openapi-spec.sh #115106
Conversation
Hi @mhmxs. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/release-note-none |
Unknown CLA label state. Rechecking for CLA labels. Send feedback to sig-contributor-experience at kubernetes/community. /check-cla |
/assign @thockin Tim you are already fixing this area, so you'll be the best person to review this |
hack/update-openapi-spec.sh
Outdated
@@ -47,20 +47,20 @@ trap cleanup EXIT SIGINT | |||
|
|||
kube::golang::setup_env | |||
|
|||
TMP_DIR=$(mktemp -d /tmp/update-openapi-spec.XXXX) | |||
TMP_DIR=${TMP_DIR:-$(mktemp -d 2>/dev/null || mktemp -d -t update-openapi-spec.XXXX)} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mhmxs Thank you for your PR!
Can you explain why do we need to call mktemp twice? I'd say mktemp -d -t update-openapi-spec.XXXXXXXXXX
should be enough.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bart0sh I was looking for existing solutions (there are a few), and this looks the most proper one: https://github.com/kubernetes/kubernetes/blob/master/hack/lib/etcd.sh#L83 🙏
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
interesting. It was brought by this commit with the explanation 'mktemp on OSX behaves differently than Linux'
It could be true, but it's still able to create temporary directory on my MacBookPro:
> uname
Darwin
> mktemp -d -t bla.XXXX
/var/folders/ct/1d805dgs08g37h03gx0rclm00000gn/T/bla.XXXX.INI0XPZy
> echo $?
0
> file /var/folders/ct/1d805dgs08g37h03gx0rclm00000gn/T/bla.XXXX.INI0XPZy
/var/folders/ct/1d805dgs08g37h03gx0rclm00000gn/T/bla.XXXX.INI0XPZy: directory
and a lot of the scripts in hack/ seems to call mktemp only once:
$ git grep 'mktemp -d' ./hack/
hack/lib/etcd.sh: ETCD_DIR=${ETCD_DIR:-$(mktemp -d 2>/dev/null || mktemp -d -t test-etcd.XXXXXX)}
hack/lib/etcd.sh: ETCD_SCRAPE_DIR=$(mktemp -d -t test.XXXXXX)/etcd-scrapes
hack/lib/util.sh: KUBE_TEMP=$(mktemp -d 2>/dev/null || mktemp -d -t kubernetes.XXXXXX)
hack/run-prometheus-on-etcd-scrapes.sh:UNPACKDIR="/tmp/$(cd /tmp && mktemp -d unpack.XXXXXX)"
hack/update-openapi-spec.sh:TMP_DIR=$(mktemp -d /tmp/update-openapi-spec.XXXX)
hack/update-vendor.sh:TMP_DIR="${TMP_DIR:-$(mktemp -d /tmp/update-vendor.XXXX)}"
hack/update-vendor.sh: local_tmp_dir=$(mktemp -d "${TMP_DIR}/pin_replace.XXXX")
hack/update-vendor.sh: local_tmp_dir=$(mktemp -d "${TMP_DIR}/group_replace.XXXX")
hack/update-vendor.sh: local_tmp_dir=$(mktemp -d "${TMP_DIR}/add_generated_comments.XXXX")
hack/verify-e2e-test-ownership.sh:tmpdir=$(mktemp -d -t verify-e2e-test-ownership.XXXX)
hack/verify-generated-swagger-docs.sh:_tmpdir="$(kube::realpath "$(mktemp -d -t "$(basename "$0").XXXXXX")")"
hack/verify-internal-modules.sh:_tmpdir="$(kube::realpath "$(mktemp -d -t verify-internal-modules.XXXXXX)")"
hack/verify-mocks.sh:_tmpdir="$(kube::realpath "$(mktemp -d -t "$(basename "$0").XXXXXX")")"
hack/verify-vendor-licenses.sh:_tmpdir="$(mktemp -d "${KUBE_ROOT}/_tmp/kube-licenses.XXXXXX")"
hack/verify-vendor.sh:_tmpdir="$(mktemp -d "${KUBE_ROOT}/_tmp/kube-vendor.XXXXXX")"
hack/verify-yamlfmt.sh:_tmpdir="$(kube::realpath "$(mktemp -d -t "$(basename "$0").XXXXXX")")"
I'd suggest to investigate this further to fully understand why it's called twice only in 2 scripts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@smarterclayton can you help us to understand the idea of this commit?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bart0sh There are lots of hard-coded temp locations too:
$ git grep '/tmp/' ./hack/
hack/cherry_pick_pull.sh: echo "+++ Downloading patch to /tmp/${pull}.patch (in case you need to do this again)"
hack/cherry_pick_pull.sh: curl -o "/tmp/${pull}.patch" -sSL "https://github.com/${MAIN_REPO_ORG}/${MAIN_REPO_NAME}/pull/${pull}.patch"
hack/cherry_pick_pull.sh: echo " $ git am -3 /tmp/${pull}.patch"
hack/cherry_pick_pull.sh: git am -3 "/tmp/${pull}.patch" || {
hack/cherry_pick_pull.sh: subject=$(grep -m 1 "^Subject" "/tmp/${pull}.patch" | sed -e 's/Subject: \[PATCH//g' | sed 's/.*] //')
hack/cherry_pick_pull.sh: rm -f "/tmp/${pull}.patch"
hack/lib/golang.sh: ) &> "/tmp//${platform//\//_}.build" &
hack/lib/golang.sh: cat "/tmp//${platform//\//_}.build"
hack/lib/init.sh:# T=/tmp/$$.$RANDOM
hack/lib/init.sh:# T=/tmp/$$.$RANDOM
hack/lib/util.sh: $(kube::util::find-binary kubectl) --kubeconfig="${dest_dir}/${client_id}.kubeconfig" config view --minify --flatten > "/tmp/${client_id}.kubeconfig"
hack/lib/util.sh: mv -f "/tmp/${client_id}.kubeconfig" "${dest_dir}/${client_id}.kubeconfig"
hack/local-up-cluster.sh: SERVICE_ACCOUNT_KEY=${SERVICE_ACCOUNT_KEY:-/tmp/kube-serviceaccount.key}
hack/local-up-cluster.sh: cat <<EOF > /tmp/kube_egress_selector_configuration.yaml
hack/local-up-cluster.sh: EGRESS_SELECTOR_CONFIG_FILE="/tmp/kube_egress_selector_configuration.yaml"
hack/local-up-cluster.sh: cat <<EOF > /tmp/kube-audit-policy-file
hack/local-up-cluster.sh: AUDIT_POLICY_FILE="/tmp/kube-audit-policy-file"
hack/local-up-cluster.sh: cat <<EOF > /tmp/kubelet.yaml
hack/local-up-cluster.sh: cat <<EOF >> /tmp/kubelet.yaml
hack/local-up-cluster.sh: } >>/tmp/kubelet.yaml
hack/local-up-cluster.sh: --config=/tmp/kubelet.yaml >"${KUBELET_LOG}" 2>&1 &
hack/local-up-cluster.sh: cat <<EOF > /tmp/kube-proxy.yaml
hack/local-up-cluster.sh: fi >>/tmp/kube-proxy.yaml
hack/local-up-cluster.sh: --config=/tmp/kube-proxy.yaml \
hack/local-up-cluster.sh: cat <<EOF > /tmp/kube-scheduler.yaml
hack/local-up-cluster.sh: --config=/tmp/kube-scheduler.yaml \
hack/local-up-cluster.sh: && curl -sSL --retry 5 --output /tmp/cni."${CNI_TARGETARCH}".tgz "${CNI_PLUGINS_URL}" \
hack/local-up-cluster.sh: && echo "${!cni_plugin_sha} /tmp/cni.${CNI_TARGETARCH}.tgz" | tee /tmp/cni.sha256 \
hack/local-up-cluster.sh: && sha256sum --ignore-missing -c /tmp/cni.sha256 \
hack/local-up-cluster.sh: && rm -f /tmp/cni.sha256 \
hack/local-up-cluster.sh: && sudo tar -C /opt/cni/bin -xzvf /tmp/cni."${CNI_TARGETARCH}".tgz \
hack/local-up-cluster.sh: && rm -rf /tmp/cni."${CNI_TARGETARCH}".tgz \
hack/local-up-cluster.sh:export KUBELET_CIDFILE=/tmp/kubelet.cid
hack/make-rules/test-cmd.sh:SERVICE_ACCOUNT_KEY=${SERVICE_ACCOUNT_KEY:-/tmp/kube-serviceaccount.key}
hack/make-rules/test-cmd.sh: --cert-dir="${TMPDIR:-/tmp/}" \
hack/make-rules/test-e2e-node.sh:artifacts="${ARTIFACTS:-"/tmp/_artifacts/$(date +%y%m%dT%H%M%S)"}"
hack/make-rules/test.sh: cover_report_dir="/tmp/k8s_coverage/$(kube::util::sortable_date)"
hack/make-rules/verify.sh: local output="${KUBE_JUNIT_REPORT_DIR:-/tmp/junit-results}"
hack/run-prometheus-on-etcd-scrapes.sh:CONFIG="/tmp/$(cd /tmp && mktemp config.XXXXXX)"
hack/run-prometheus-on-etcd-scrapes.sh:UNPACKDIR="/tmp/$(cd /tmp && mktemp -d unpack.XXXXXX)"
hack/serve-prom-scrapes.sh:response_file="/tmp/$(cd /tmp && mktemp response.XXXXXX)"
hack/update-openapi-spec.sh:TMP_DIR=$(mktemp -d /tmp/update-openapi-spec.XXXX)
hack/update-openapi-spec.sh:API_LOGFILE=${API_LOGFILE:-/tmp/openapi-api-server.log}
hack/update-openapi-spec.sh:SERVICE_ACCOUNT_KEY=${SERVICE_ACCOUNT_KEY:-/tmp/kube-serviceaccount.key}
hack/update-vendor.sh:TMP_DIR="${TMP_DIR:-$(mktemp -d /tmp/update-vendor.XXXX)}"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can either add them to this PR or create new one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's make smaller PRs where we can - no need to pile them all into one PR.
The pattern I use in many of the verify-* scripts is:
_tmpdir="$(kube::realpath "$(mktemp -d -t "$(basename "$0").XXXXXX")")"
/assign |
/triage accepted |
/ok-to-test |
@thockin I have replaced the |
/lgtm |
LGTM label has been added. Git tree hash: cde19f3c6dd9c47727555c47eded216d626c911f
|
/label tide/merge-method-squash |
@@ -47,20 +47,20 @@ trap cleanup EXIT SIGINT | |||
|
|||
kube::golang::setup_env | |||
|
|||
TMP_DIR=$(mktemp -d /tmp/update-openapi-spec.XXXX) | |||
TMP_DIR=${TMP_DIR:-$(kube::realpath "$(mktemp -d -t "$(basename "$0").XXXXXX")")} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you want to score some more cleanup points, all of these should be quoted:
ETCD_HOST="${ETCD_HOST:-127.0.0.1}"
...
API_LOGFILE="${API_LOGFILE:-${TMP_DIR}/openapi-api-server.log}"
etc :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
/lgtm
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mhmxs, thockin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This change introduces a separate temp folder for
update-openapi-spec.sh
to avoid permission issues with other scripts.What type of PR is this?
/kind bug
/sig node
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #115105