From fb5bacc4b4c2744f1a38616e1dce2d5183f8f4db Mon Sep 17 00:00:00 2001 From: Tobias Genannt Date: Wed, 15 Mar 2023 09:13:09 +0100 Subject: [PATCH] Replaced curl with Skopeo for in image functions --- build-functions/get-public-image-config.sh | 71 +--------------------- build-latest.sh | 8 --- build.sh | 32 +++++----- 3 files changed, 19 insertions(+), 92 deletions(-) diff --git a/build-functions/get-public-image-config.sh b/build-functions/get-public-image-config.sh index 4f5b695..054efd2 100644 --- a/build-functions/get-public-image-config.sh +++ b/build-functions/get-public-image-config.sh @@ -1,82 +1,17 @@ #!/bin/bash -# Retrieves image configuration from public images in DockerHub -# Functions from https://gist.github.com/cirocosta/17ea17be7ac11594cb0f290b0a3ac0d1 -# Optimised for our use case get_image_label() { local label=$1 local image=$2 - local tag=$3 - local token - token=$(_get_token "$image") - local digest - digest=$(_get_digest "$image" "$tag" "$token") - local retval="null" - if [ "$digest" != "null" ]; then - retval=$(_get_image_configuration "$image" "$token" "$digest" "$label") - fi - echo "$retval" + skopeo inspect "docker://$image" | jq -r ".Labels[\"$label\"]" } get_image_layers() { local image=$1 - local tag=$2 - local token - token=$(_get_token "$image") - _get_layers "$image" "$tag" "$token" + skopeo inspect "docker://$image" | jq -r ".Layers" } get_image_last_layer() { local image=$1 - local tag=$2 - local token - token=$(_get_token "$image") - local layers - mapfile -t layers < <(_get_layers "$image" "$tag" "$token") - echo "${layers[-1]}" -} - -_get_image_configuration() { - local image=$1 - local token=$2 - local digest=$3 - local label=$4 - curl \ - --silent \ - --location \ - --header "Authorization: Bearer $token" \ - "https://registry-1.docker.io/v2/$image/blobs/$digest" | - jq -r ".config.Labels.\"$label\"" -} - -_get_token() { - local image=$1 - curl \ - --silent \ - "https://auth.docker.io/token?scope=repository:$image:pull&service=registry.docker.io" | - jq -r '.token' -} - -_get_digest() { - local image=$1 - local tag=$2 - local token=$3 - curl \ - --silent \ - --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ - --header "Authorization: Bearer $token" \ - "https://registry-1.docker.io/v2/$image/manifests/$tag" | - jq -r '.config.digest' -} - -_get_layers() { - local image=$1 - local tag=$2 - local token=$3 - curl \ - --silent \ - --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ - --header "Authorization: Bearer $token" \ - "https://registry-1.docker.io/v2/$image/manifests/$tag" | - jq -r '.layers[].digest' + skopeo inspect "docker://$image" | jq -r ".Layers | last" } diff --git a/build-latest.sh b/build-latest.sh index 30a0ba6..ec4cc24 100755 --- a/build-latest.sh +++ b/build-latest.sh @@ -4,14 +4,6 @@ source ./build-functions/gh-functions.sh echo "▶️ $0 $*" -### -# Check for the jq library needed for parsing JSON -### -if ! command -v jq; then - echo "⚠️ jq command missing from \$PATH!" - exit 1 -fi - CURL_ARGS=( --silent ) diff --git a/build.sh b/build.sh index 3a72aff..5e63394 100755 --- a/build.sh +++ b/build.sh @@ -137,6 +137,14 @@ END_OF_HELP fi fi +NEEDED_COMMANDS="curl jq docker skopeo" +for c in $NEEDED_COMMANDS; do + if ! command -v "$c" &>/dev/null; then + echo "⚠️ '$c' is not installed. Can't proceed with build." + exit 1 + fi +done + source ./build-functions/gh-functions.sh IMAGE_NAMES="${IMAGE_NAMES-docker.io/netboxcommunity/netbox}" @@ -215,7 +223,7 @@ fi # Determining the value for DOCKER_FROM ### if [ -z "$DOCKER_FROM" ]; then - DOCKER_FROM="ubuntu:22.04" + DOCKER_FROM="docker.io/ubuntu:22.04" fi ### @@ -300,6 +308,7 @@ if [ -n "${TARGET_DOCKER_SHORT_TAG}" ]; then done fi +FINAL_DOCKER_TAG="${IMAGE_NAME_TAGS[0]}" gh_env "FINAL_DOCKER_TAG=${IMAGE_NAME_TAGS[0]}" ### @@ -316,19 +325,13 @@ if [ -z "${GH_ACTION}" ]; then # Asuming non Github builds should always proceed SHOULD_BUILD="true" BUILD_REASON="${BUILD_REASON} interactive" -elif [[ "${IMAGE_NAME_TAGS[0]}" = docker.io* ]]; then +else source ./build-functions/get-public-image-config.sh - IFS=':' read -ra DOCKER_FROM_SPLIT <<<"${DOCKER_FROM}" - if ! [[ ${DOCKER_FROM_SPLIT[0]} =~ .*/.* ]]; then - # Need to use "library/..." for images the have no two part name - DOCKER_FROM_SPLIT[0]="library/${DOCKER_FROM_SPLIT[0]}" - fi - IFS='/' read -ra ORG_REPO <<<"${IMAGE_NAMES[0]}" - echo "Checking labels for '${ORG_REPO[1]}' and '${ORG_REPO[2]}'" - BASE_LAST_LAYER=$(get_image_last_layer "${DOCKER_FROM_SPLIT[0]}" "${DOCKER_FROM_SPLIT[1]}") - mapfile -t IMAGES_LAYERS_OLD < <(get_image_layers "${ORG_REPO[1]}"/"${ORG_REPO[2]}" "${TAG}") - NETBOX_GIT_REF_OLD=$(get_image_label netbox.git-ref "${ORG_REPO[1]}"/"${ORG_REPO[2]}" "${TAG}") - GIT_REF_OLD=$(get_image_label org.opencontainers.image.revision "${ORG_REPO[1]}"/"${ORG_REPO[2]}" "${TAG}") + echo "Checking labels for '${FINAL_DOCKER_TAG}'" + BASE_LAST_LAYER=$(get_image_last_layer "${DOCKER_FROM}") + mapfile -t IMAGES_LAYERS_OLD < <(get_image_layers "${FINAL_DOCKER_TAG}") + NETBOX_GIT_REF_OLD=$(get_image_label netbox.git-ref "${FINAL_DOCKER_TAG}") + GIT_REF_OLD=$(get_image_label org.opencontainers.image.revision "${FINAL_DOCKER_TAG}") if ! printf '%s\n' "${IMAGES_LAYERS_OLD[@]}" | grep -q -P "^${BASE_LAST_LAYER}\$"; then SHOULD_BUILD="true" @@ -342,9 +345,6 @@ elif [[ "${IMAGE_NAME_TAGS[0]}" = docker.io* ]]; then SHOULD_BUILD="true" BUILD_REASON="${BUILD_REASON} netbox-docker" fi -else - SHOULD_BUILD="true" - BUILD_REASON="${BUILD_REASON} no-check" fi if [ "${SHOULD_BUILD}" != "true" ]; then