Skip to content

Commit

Permalink
Makefile, push: Prevent overwriting existing version tags
Browse files Browse the repository at this point in the history
The IMAGE_GIT_TAG is generated using `git describe` to create a virtual
tag for the image, and used in order to tag every push to the repository
for later use.
However, when an actual git tag exists (e.g., v0.45.0), git describe
returns that tag. This behavior makes it possible to accidentally
overwrite push an existing version tag in the registry.

This change introduces a check to ensure such tags are not overwritten,
preserving the integrity of published versions.

Signed-off-by: Ram Lavi <[email protected]>
  • Loading branch information
RamLavi committed Dec 16, 2024
1 parent e47689f commit 676c5d0
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -93,8 +93,12 @@ container: manager
# Push the docker image
docker-push:
$(OCI_BIN) push ${TLS_SETTING} ${REGISTRY}/${IMG}:${IMAGE_TAG}
$(OCI_BIN) tag ${REGISTRY}/${IMG}:${IMAGE_TAG} ${REGISTRY}/${IMG}:${IMAGE_GIT_TAG}
$(OCI_BIN) push ${TLS_SETTING} ${REGISTRY}/${IMG}:${IMAGE_GIT_TAG}
@if ! skopeo inspect docker://${REGISTRY}/${IMG}:${IMAGE_GIT_TAG} >/dev/null 2>&1; then \
$(OCI_BIN) tag ${REGISTRY}/${IMG}:${IMAGE_TAG} ${REGISTRY}/${IMG}:${IMAGE_GIT_TAG}; \
$(OCI_BIN) push ${TLS_SETTING} ${REGISTRY}/${IMG}:${IMAGE_GIT_TAG}; \
else \
echo "Tag '${IMAGE_GIT_TAG}' already exists. Skipping tagging and push."; \
fi

cluster-up:
./cluster/up.sh
Expand Down

0 comments on commit 676c5d0

Please sign in to comment.