matthew/netbox-docker
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #956 from tobiasge/954-use-skopeo

Browse Source 
Replaced curl with Skopeo for in image functions
This commit is contained in:
Tobias Genannt 2023-03-15 12:04:10 +01:00 committed by GitHub
commit f9abdf2390
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
build-functions/get-public-image-config.sh
View File

@ -1,82 +1,17 @@
#!/bin/bash #!/bin/bash
# Retrieves image configuration from public images in DockerHub
# Functions from https://gist.github.com/cirocosta/17ea17be7ac11594cb0f290b0a3ac0d1
# Optimised for our use case
get_image_label() { get_image_label() {
local label=$1 local label=$1
local image=$2 local image=$2
local tag=$3 skopeo inspect "docker://$image" | jq -r ".Labels[\"$label\"]"
local token
token=$(_get_token "$image")
local digest
digest=$(_get_digest "$image" "$tag" "$token")
local retval="null"
if [ "$digest" != "null" ]; then
retval=$(_get_image_configuration "$image" "$token" "$digest" "$label")
fi
echo "$retval"
} }
get_image_layers() { get_image_layers() {
local image=$1 local image=$1
local tag=$2 skopeo inspect "docker://$image" | jq -r ".Layers"
local token
token=$(_get_token "$image")
_get_layers "$image" "$tag" "$token"
} }
get_image_last_layer() { get_image_last_layer() {
local image=$1 local image=$1
local tag=$2 skopeo inspect "docker://$image" | jq -r ".Layers | last"
local token
token=$(_get_token "$image")
local layers
mapfile -t layers < <(_get_layers "$image" "$tag" "$token")
echo "${layers[-1]}"
}
_get_image_configuration() {
local image=$1
local token=$2
local digest=$3
local label=$4
curl \
--silent \
--location \
--header "Authorization: Bearer $token" \
"https://registry-1.docker.io/v2/$image/blobs/$digest" |
jq -r ".config.Labels.\"$label\""
}
_get_token() {
local image=$1
curl \
--silent \
"https://auth.docker.io/token?scope=repository:$image:pull&service=registry.docker.io" |
jq -r '.token'
}
_get_digest() {
local image=$1
local tag=$2
local token=$3
curl \
--silent \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Authorization: Bearer $token" \
"https://registry-1.docker.io/v2/$image/manifests/$tag" |
jq -r '.config.digest'
}
_get_layers() {
local image=$1
local tag=$2
local token=$3
curl \
--silent \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Authorization: Bearer $token" \
"https://registry-1.docker.io/v2/$image/manifests/$tag" |
jq -r '.layers[].digest'
} }

8
build-latest.sh
View File

@ -4,14 +4,6 @@ source ./build-functions/gh-functions.sh
echo "▶️ $0 $*" echo "▶️ $0 $*"
###
# Check for the jq library needed for parsing JSON
###
if ! command -v jq; then
echo "⚠️ jq command missing from \$PATH!"
exit 1
fi
CURL_ARGS=( CURL_ARGS=(
--silent --silent
) )

32
build.sh
View File

@ -137,6 +137,14 @@ END_OF_HELP
fi fi
fi fi
NEEDED_COMMANDS="curl jq docker skopeo"
for c in $NEEDED_COMMANDS; do
if ! command -v "$c" &>/dev/null; then
echo "⚠️ '$c' is not installed. Can't proceed with build."
exit 1
fi
done
source ./build-functions/gh-functions.sh source ./build-functions/gh-functions.sh
IMAGE_NAMES="${IMAGE_NAMES-docker.io/netboxcommunity/netbox}" IMAGE_NAMES="${IMAGE_NAMES-docker.io/netboxcommunity/netbox}"
@ -215,7 +223,7 @@ fi
# Determining the value for DOCKER_FROM # Determining the value for DOCKER_FROM
### ###
if [ -z "$DOCKER_FROM" ]; then if [ -z "$DOCKER_FROM" ]; then
DOCKER_FROM="ubuntu:22.04" DOCKER_FROM="docker.io/ubuntu:22.04"
fi fi
### ###
@ -300,6 +308,7 @@ if [ -n "${TARGET_DOCKER_SHORT_TAG}" ]; then
done done
fi fi
FINAL_DOCKER_TAG="${IMAGE_NAME_TAGS[0]}"
gh_env "FINAL_DOCKER_TAG=${IMAGE_NAME_TAGS[0]}" gh_env "FINAL_DOCKER_TAG=${IMAGE_NAME_TAGS[0]}"
### ###
@ -316,19 +325,13 @@ if [ -z "${GH_ACTION}" ]; then
# Asuming non Github builds should always proceed # Asuming non Github builds should always proceed
SHOULD_BUILD="true" SHOULD_BUILD="true"
BUILD_REASON="${BUILD_REASON} interactive" BUILD_REASON="${BUILD_REASON} interactive"
elif [[ "${IMAGE_NAME_TAGS[0]}" = docker.io* ]]; then else
source ./build-functions/get-public-image-config.sh source ./build-functions/get-public-image-config.sh
IFS=':' read -ra DOCKER_FROM_SPLIT <<<"${DOCKER_FROM}" echo "Checking labels for '${FINAL_DOCKER_TAG}'"
if ! [[ ${DOCKER_FROM_SPLIT[0]} =~ .*/.* ]]; then BASE_LAST_LAYER=$(get_image_last_layer "${DOCKER_FROM}")
# Need to use "library/..." for images the have no two part name mapfile -t IMAGES_LAYERS_OLD < <(get_image_layers "${FINAL_DOCKER_TAG}")
DOCKER_FROM_SPLIT[0]="library/${DOCKER_FROM_SPLIT[0]}" NETBOX_GIT_REF_OLD=$(get_image_label netbox.git-ref "${FINAL_DOCKER_TAG}")
fi GIT_REF_OLD=$(get_image_label org.opencontainers.image.revision "${FINAL_DOCKER_TAG}")
IFS='/' read -ra ORG_REPO <<<"${IMAGE_NAMES[0]}"
echo "Checking labels for '${ORG_REPO[1]}' and '${ORG_REPO[2]}'"
BASE_LAST_LAYER=$(get_image_last_layer "${DOCKER_FROM_SPLIT[0]}" "${DOCKER_FROM_SPLIT[1]}")
mapfile -t IMAGES_LAYERS_OLD < <(get_image_layers "${ORG_REPO[1]}"/"${ORG_REPO[2]}" "${TAG}")
NETBOX_GIT_REF_OLD=$(get_image_label netbox.git-ref "${ORG_REPO[1]}"/"${ORG_REPO[2]}" "${TAG}")
GIT_REF_OLD=$(get_image_label org.opencontainers.image.revision "${ORG_REPO[1]}"/"${ORG_REPO[2]}" "${TAG}")
if ! printf '%s\n' "${IMAGES_LAYERS_OLD[@]}" | grep -q -P "^${BASE_LAST_LAYER}\$"; then if ! printf '%s\n' "${IMAGES_LAYERS_OLD[@]}" | grep -q -P "^${BASE_LAST_LAYER}\$"; then
SHOULD_BUILD="true" SHOULD_BUILD="true"
@ -342,9 +345,6 @@ elif [[ "${IMAGE_NAME_TAGS[0]}" = docker.io* ]]; then
SHOULD_BUILD="true" SHOULD_BUILD="true"
BUILD_REASON="${BUILD_REASON} netbox-docker" BUILD_REASON="${BUILD_REASON} netbox-docker"
fi fi
else
SHOULD_BUILD="true"
BUILD_REASON="${BUILD_REASON} no-check"
fi fi
if [ "${SHOULD_BUILD}" != "true" ]; then if [ "${SHOULD_BUILD}" != "true" ]; then