Replaced curl with Skopeo for in image functions
This commit is contained in:
parent
ed309a15b4
commit
fb5bacc4b4
@ -1,82 +1,17 @@
|
||||
#!/bin/bash
|
||||
# Retrieves image configuration from public images in DockerHub
|
||||
# Functions from https://gist.github.com/cirocosta/17ea17be7ac11594cb0f290b0a3ac0d1
|
||||
# Optimised for our use case
|
||||
|
||||
get_image_label() {
|
||||
local label=$1
|
||||
local image=$2
|
||||
local tag=$3
|
||||
local token
|
||||
token=$(_get_token "$image")
|
||||
local digest
|
||||
digest=$(_get_digest "$image" "$tag" "$token")
|
||||
local retval="null"
|
||||
if [ "$digest" != "null" ]; then
|
||||
retval=$(_get_image_configuration "$image" "$token" "$digest" "$label")
|
||||
fi
|
||||
echo "$retval"
|
||||
skopeo inspect "docker://$image" | jq -r ".Labels[\"$label\"]"
|
||||
}
|
||||
|
||||
get_image_layers() {
|
||||
local image=$1
|
||||
local tag=$2
|
||||
local token
|
||||
token=$(_get_token "$image")
|
||||
_get_layers "$image" "$tag" "$token"
|
||||
skopeo inspect "docker://$image" | jq -r ".Layers"
|
||||
}
|
||||
|
||||
get_image_last_layer() {
|
||||
local image=$1
|
||||
local tag=$2
|
||||
local token
|
||||
token=$(_get_token "$image")
|
||||
local layers
|
||||
mapfile -t layers < <(_get_layers "$image" "$tag" "$token")
|
||||
echo "${layers[-1]}"
|
||||
}
|
||||
|
||||
_get_image_configuration() {
|
||||
local image=$1
|
||||
local token=$2
|
||||
local digest=$3
|
||||
local label=$4
|
||||
curl \
|
||||
--silent \
|
||||
--location \
|
||||
--header "Authorization: Bearer $token" \
|
||||
"https://registry-1.docker.io/v2/$image/blobs/$digest" |
|
||||
jq -r ".config.Labels.\"$label\""
|
||||
}
|
||||
|
||||
_get_token() {
|
||||
local image=$1
|
||||
curl \
|
||||
--silent \
|
||||
"https://auth.docker.io/token?scope=repository:$image:pull&service=registry.docker.io" |
|
||||
jq -r '.token'
|
||||
}
|
||||
|
||||
_get_digest() {
|
||||
local image=$1
|
||||
local tag=$2
|
||||
local token=$3
|
||||
curl \
|
||||
--silent \
|
||||
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
|
||||
--header "Authorization: Bearer $token" \
|
||||
"https://registry-1.docker.io/v2/$image/manifests/$tag" |
|
||||
jq -r '.config.digest'
|
||||
}
|
||||
|
||||
_get_layers() {
|
||||
local image=$1
|
||||
local tag=$2
|
||||
local token=$3
|
||||
curl \
|
||||
--silent \
|
||||
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
|
||||
--header "Authorization: Bearer $token" \
|
||||
"https://registry-1.docker.io/v2/$image/manifests/$tag" |
|
||||
jq -r '.layers[].digest'
|
||||
skopeo inspect "docker://$image" | jq -r ".Layers | last"
|
||||
}
|
||||
|
@ -4,14 +4,6 @@ source ./build-functions/gh-functions.sh
|
||||
|
||||
echo "▶️ $0 $*"
|
||||
|
||||
###
|
||||
# Check for the jq library needed for parsing JSON
|
||||
###
|
||||
if ! command -v jq; then
|
||||
echo "⚠️ jq command missing from \$PATH!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
CURL_ARGS=(
|
||||
--silent
|
||||
)
|
||||
|
32
build.sh
32
build.sh
@ -137,6 +137,14 @@ END_OF_HELP
|
||||
fi
|
||||
fi
|
||||
|
||||
NEEDED_COMMANDS="curl jq docker skopeo"
|
||||
for c in $NEEDED_COMMANDS; do
|
||||
if ! command -v "$c" &>/dev/null; then
|
||||
echo "⚠️ '$c' is not installed. Can't proceed with build."
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
source ./build-functions/gh-functions.sh
|
||||
|
||||
IMAGE_NAMES="${IMAGE_NAMES-docker.io/netboxcommunity/netbox}"
|
||||
@ -215,7 +223,7 @@ fi
|
||||
# Determining the value for DOCKER_FROM
|
||||
###
|
||||
if [ -z "$DOCKER_FROM" ]; then
|
||||
DOCKER_FROM="ubuntu:22.04"
|
||||
DOCKER_FROM="docker.io/ubuntu:22.04"
|
||||
fi
|
||||
|
||||
###
|
||||
@ -300,6 +308,7 @@ if [ -n "${TARGET_DOCKER_SHORT_TAG}" ]; then
|
||||
done
|
||||
fi
|
||||
|
||||
FINAL_DOCKER_TAG="${IMAGE_NAME_TAGS[0]}"
|
||||
gh_env "FINAL_DOCKER_TAG=${IMAGE_NAME_TAGS[0]}"
|
||||
|
||||
###
|
||||
@ -316,19 +325,13 @@ if [ -z "${GH_ACTION}" ]; then
|
||||
# Asuming non Github builds should always proceed
|
||||
SHOULD_BUILD="true"
|
||||
BUILD_REASON="${BUILD_REASON} interactive"
|
||||
elif [[ "${IMAGE_NAME_TAGS[0]}" = docker.io* ]]; then
|
||||
else
|
||||
source ./build-functions/get-public-image-config.sh
|
||||
IFS=':' read -ra DOCKER_FROM_SPLIT <<<"${DOCKER_FROM}"
|
||||
if ! [[ ${DOCKER_FROM_SPLIT[0]} =~ .*/.* ]]; then
|
||||
# Need to use "library/..." for images the have no two part name
|
||||
DOCKER_FROM_SPLIT[0]="library/${DOCKER_FROM_SPLIT[0]}"
|
||||
fi
|
||||
IFS='/' read -ra ORG_REPO <<<"${IMAGE_NAMES[0]}"
|
||||
echo "Checking labels for '${ORG_REPO[1]}' and '${ORG_REPO[2]}'"
|
||||
BASE_LAST_LAYER=$(get_image_last_layer "${DOCKER_FROM_SPLIT[0]}" "${DOCKER_FROM_SPLIT[1]}")
|
||||
mapfile -t IMAGES_LAYERS_OLD < <(get_image_layers "${ORG_REPO[1]}"/"${ORG_REPO[2]}" "${TAG}")
|
||||
NETBOX_GIT_REF_OLD=$(get_image_label netbox.git-ref "${ORG_REPO[1]}"/"${ORG_REPO[2]}" "${TAG}")
|
||||
GIT_REF_OLD=$(get_image_label org.opencontainers.image.revision "${ORG_REPO[1]}"/"${ORG_REPO[2]}" "${TAG}")
|
||||
echo "Checking labels for '${FINAL_DOCKER_TAG}'"
|
||||
BASE_LAST_LAYER=$(get_image_last_layer "${DOCKER_FROM}")
|
||||
mapfile -t IMAGES_LAYERS_OLD < <(get_image_layers "${FINAL_DOCKER_TAG}")
|
||||
NETBOX_GIT_REF_OLD=$(get_image_label netbox.git-ref "${FINAL_DOCKER_TAG}")
|
||||
GIT_REF_OLD=$(get_image_label org.opencontainers.image.revision "${FINAL_DOCKER_TAG}")
|
||||
|
||||
if ! printf '%s\n' "${IMAGES_LAYERS_OLD[@]}" | grep -q -P "^${BASE_LAST_LAYER}\$"; then
|
||||
SHOULD_BUILD="true"
|
||||
@ -342,9 +345,6 @@ elif [[ "${IMAGE_NAME_TAGS[0]}" = docker.io* ]]; then
|
||||
SHOULD_BUILD="true"
|
||||
BUILD_REASON="${BUILD_REASON} netbox-docker"
|
||||
fi
|
||||
else
|
||||
SHOULD_BUILD="true"
|
||||
BUILD_REASON="${BUILD_REASON} no-check"
|
||||
fi
|
||||
|
||||
if [ "${SHOULD_BUILD}" != "true" ]; then
|
||||
|
Loading…
Reference in New Issue
Block a user