sonic-buildimage/scripts/docker_version_control.sh

50 lines
1.9 KiB
Bash
Raw Normal View History

# This script is for reproducible build.
# Reproducible build for docker enabled: Before build docker image, this script will change image:tag to image:sha256 in DOCKERFILE.
# And record image sha256 to a target file.
#!/bin/bash
IMAGENAME=$1
DOCKERFILE=$2
ARCH=$3
DOCKERFILE_TARGE=$4
DISTRO=$5
version_file=files/build/versions/default/versions-docker
new_version_file=target/versions/default/versions-docker
mkdir -p target/versions/default
. src/sonic-build-hooks/buildinfo/config/buildinfo.config
image_tag=`grep "^FROM " $DOCKERFILE | awk '{print$2}'`
image_tag_noprefix=$image_tag
[ -n "$DEFAULT_CONTAINER_REGISTRY" ] && image_tag_noprefix=$(echo $image_tag | sed "s#$DEFAULT_CONTAINER_REGISTRY##")
image=`echo $image_tag | cut -f1 -d:`
tag=`echo $image_tag | cut -f2 -d:`
if [[ ",$SONIC_VERSION_CONTROL_COMPONENTS," == *,all,* ]] || [[ ",$SONIC_VERSION_CONTROL_COMPONENTS," == *,docker,* ]]; then
# if docker image not in white list, exit
if [[ "$image_tag" != */debian:* ]] && [[ "$image_tag" != debian:* ]] && [[ "$image_tag" != multiarch/debian-debootstrap:* ]];then
exit 0
fi
if [ -f $version_file ];then
hash_value=`grep "${ARCH}:${image_tag_noprefix}" $version_file | awk -F== '{print$2}'`
fi
if [ -z $hash_value ];then
hash_value=unknown
echo "$image_tag sha256 value is unknown" >> ${new_version_file}.log
exit 0
fi
oldimage=${image_tag//\//\\/}
newimage="${oldimage}@$hash_value"
echo "sed -i \"s/$oldimage/$newimage/\" $DOCKERFILE" >> ${new_version_file}.log
sed -i "s/$oldimage/$newimage/" $DOCKERFILE
else
hash_value=`docker pull $image_tag 2> ${new_version_file}.log | grep Digest | awk '{print$2}'`
if [ -z "$hash_value" ];then
hash_value=unknown
fi
fi
if [[ "$hash_value" != "unknown" ]];then
echo -e "${ARCH}:${image_tag_noprefix}==$hash_value" >> $new_version_file
fi