Skip to content
This repository has been archived by the owner on Jul 11, 2023. It is now read-only.

Commit

Permalink
ref(build): clean up VERIFY_TAGS
Browse files Browse the repository at this point in the history
This change refactors how images are pushed by using the
publish-image.sh script to do all `docker push` operations and enforcing
`VERIFY_TAGS` there, exiting with a non-zero exit code when appropriate.

In addition, `VERIFY_TAGS` uses the strings `true`/`false` instead of `1`/`0`.

Fixes #4144

Signed-off-by: Jon Huhn <[email protected]>
  • Loading branch information
nojnhuh committed Sep 21, 2021
1 parent d81ba22 commit fe88c8a
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 20 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/pre-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ jobs:
- name: Push images with version tag
env:
CTR_TAG: ${{ needs.version.outputs.version }}
run: make docker-push VERIFY_TAGS=1
run: make docker-push VERIFY_TAGS=true
- name: Push images with latest tag
env:
CTR_TAG: latest
Expand Down
10 changes: 5 additions & 5 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ DIST_DIRS := find * -type d -exec
CTR_REGISTRY ?= openservicemesh
CTR_TAG ?= latest
CTR_DIGEST_FILE ?= /tmp/osm_image_digest_$(CTR_TAG).txt
VERIFY_TAGS ?= 0
VERIFY_TAGS ?= false

GOPATH = $(shell go env GOPATH)
GOBIN = $(GOPATH)/bin
Expand Down Expand Up @@ -253,7 +253,7 @@ DOCKER_PUSH_CONTROL_PLANE_TARGETS = $(addprefix docker-push-, init osm-controlle
.PHONY: $(DOCKER_PUSH_CONTROL_PLANE_TARGETS)
$(DOCKER_PUSH_CONTROL_PLANE_TARGETS): NAME=$(@:docker-push-%=%)
$(DOCKER_PUSH_CONTROL_PLANE_TARGETS):
@if [ $(VERIFY_TAGS) != 1 ]; then make docker-build-$(NAME) && docker push "$(CTR_REGISTRY)/$(NAME):$(CTR_TAG)"; else bash scripts/publish-image.sh "$(NAME)" "linux" "$(CTR_REGISTRY)"; fi
scripts/publish-image.sh "$(NAME)" "linux" "$(CTR_REGISTRY)" "$(CTR_TAG)"
@docker images --digests | grep "$(CTR_REGISTRY)/$(NAME)\s*$(CTR_TAG)" >> "$(CTR_DIGEST_FILE)"


Expand All @@ -262,15 +262,15 @@ DOCKER_PUSH_LINUX_TARGETS = $(addprefix docker-push-, $(DEMO_TARGETS))
.PHONY: $(DOCKER_PUSH_LINUX_TARGETS)
$(DOCKER_PUSH_LINUX_TARGETS): NAME=$(@:docker-push-%=%)
$(DOCKER_PUSH_LINUX_TARGETS):
@if [ $(VERIFY_TAGS) != 1 ]; then make docker-build-$(NAME) && docker push "$(CTR_REGISTRY)/$(NAME):$(CTR_TAG)"; else bash scripts/publish-image.sh "$(NAME)" "linux" "$(CTR_REGISTRY)"; fi
scripts/publish-image.sh "$(NAME)" "linux" "$(CTR_REGISTRY)" "$(CTR_TAG)"


# Windows demo applications
DOCKER_PUSH_WINDOWS_TARGETS = $(addprefix docker-push-windows-, $(DEMO_TARGETS))
.PHONY: $(DOCKER_PUSH_WINDOWS_TARGETS)
$(DOCKER_PUSH_WINDOWS_TARGETS): NAME=$(@:docker-push-%=%)
$(DOCKER_PUSH_WINDOWS_TARGETS): NAME=$(@:docker-push-windows-%=%)
$(DOCKER_PUSH_WINDOWS_TARGETS):
@if [ $(VERIFY_TAGS) != 1 ]; then make ARGS=--output=type=registry docker-build-$(NAME); else bash scripts/publish-image.sh "$(NAME)" "windows" "$(CTR_REGISTRY)"; fi
scripts/publish-image.sh "$(NAME)" "windows" "$(CTR_REGISTRY)" "$(CTR_TAG)"


.PHONY: docker-control-plane-push
Expand Down
35 changes: 21 additions & 14 deletions scripts/publish-image.sh
100644 → 100755
Original file line number Diff line number Diff line change
@@ -1,9 +1,13 @@
#!/bin/bash
# shellcheck disable=SC1091

set -euo pipefail

IMAGE_NAME="$1"
OS="$2"
IMAGE_REPO="$3"
CTR_TAG="$4"
VERIFY_TAGS="${VERIFY_TAGS:-false}"

if [ -z "${IMAGE_NAME}" ]; then
echo "Error: IMAGE_NAME not specified"
Expand All @@ -22,19 +26,22 @@ if [ -z "${CTR_TAG}" ]; then
exit 1
fi

tokenUri="https://auth.docker.io/token?service=registry.docker.io&scope=repository:$IMAGE_REPO/$IMAGE_NAME:pull"
bearerToken="$(curl --silent --get "$tokenUri" | jq --raw-output '.token')"
listUri="https://registry-1.docker.io/v2/$IMAGE_REPO/$IMAGE_NAME/tags/list"
authz="Authorization: Bearer $bearerToken"
version_list="$(curl --silent --get -H "Accept: application/json" -H "$authz" "$listUri" | jq --raw-output '.')"
exists=$(echo "$version_list" | jq --arg t "${CTR_TAG}" '.tags | index($t)')

if [[ $exists == null ]]
then
if [[ $OS == "linux" ]]; then
make docker-build-"$IMAGE_NAME"
docker push "$IMAGE_REPO/$IMAGE_NAME:${CTR_TAG}" || { echo "Error pushing images to container registry $CTR_REGISTRY/$IMAGE_NAME:$CTR_TAG"; exit 1; }
else
make ARGS=--push "docker-build-$IMAGE_NAME"
if [[ "$VERIFY_TAGS" == "true" ]]; then
tokenUri="https://auth.docker.io/token?service=registry.docker.io&scope=repository:$IMAGE_REPO/$IMAGE_NAME:pull"
bearerToken="$(curl --silent --get "$tokenUri" | jq --raw-output '.token')"
listUri="https://registry-1.docker.io/v2/$IMAGE_REPO/$IMAGE_NAME/tags/list"
authz="Authorization: Bearer $bearerToken"
version_list="$(curl --silent --get -H "Accept: application/json" -H "$authz" "$listUri" | jq --raw-output '.')"
exists=$(echo "$version_list" | jq --arg t "${CTR_TAG}" '.tags | index($t)')
if [[ $exists != null ]]; then
echo "image $IMAGE_REPO/$IMAGE_NAME:$CTR_TAG already exists and \$VERIFY_TAGS is set"
exit 1
fi
fi

if [[ $OS == "linux" ]]; then
make "docker-build-$IMAGE_NAME"
docker push "$IMAGE_REPO/$IMAGE_NAME:$CTR_TAG"
else
make ARGS=--push "docker-build-windows-$IMAGE_NAME"
fi

0 comments on commit fe88c8a

Please sign in to comment.