test(test-data): add layers information to the image metadata json (#347)
* test(test-data): add layers information to the image metadata json Signed-off-by: Andrei Aaron <aaaron@luxoft.com> * fix(tests): fix username userd as password, fix prerequisite validation Signed-off-by: Andrei Aaron <aaaron@luxoft.com> * fix(tests): auto-confirm cosign upload to private registry Signed-off-by: Andrei Aaron <aaaron@luxoft.com> --------- Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
This commit is contained in:
parent
415973e23c
commit
c09a12facc
@ -7,7 +7,7 @@ cosign_password=""
|
|||||||
metafile=""
|
metafile=""
|
||||||
multiarch=""
|
multiarch=""
|
||||||
username=""
|
username=""
|
||||||
username=""
|
password=""
|
||||||
debug=0
|
debug=0
|
||||||
data_dir=$(pwd)
|
data_dir=$(pwd)
|
||||||
|
|
||||||
@ -110,28 +110,33 @@ cosign_key_path=${data_dir}/cosign.key
|
|||||||
function verify_prerequisites {
|
function verify_prerequisites {
|
||||||
mkdir -p ${data_dir}
|
mkdir -p ${data_dir}
|
||||||
|
|
||||||
if [ ! command -v regctl ] &>/dev/null; then
|
command -v regctl
|
||||||
echo "you need to install regctl as a prerequisite" >&3
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "you need to install regctl as a prerequisite"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
command -v skopeo
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "you need to install skopeo as a prerequisite"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
command -v cosign
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "you need to install cosign as a prerequisite"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! command -v skopeo ] &>/dev/null; then
|
command -v trivy
|
||||||
echo "you need to install skopeo as a prerequisite" >&3
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "you need to install trivy as a prerequisite"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! command -v cosign ] &>/dev/null; then
|
command -v jq
|
||||||
echo "you need to install cosign as a prerequisite" >&3
|
if [ $? -ne 0 ]; then
|
||||||
return 1
|
echo "you need to install jq as a prerequisite"
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! command -v trivy ] &>/dev/null; then
|
|
||||||
echo "you need to install trivy as a prerequisite" >&3
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! command -v jq ] &>/dev/null; then
|
|
||||||
echo "you need to install jq as a prerequisite" >&3
|
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -197,7 +202,7 @@ regctl image mod --replace --annotation org.opencontainers.image.documentation="
|
|||||||
|
|
||||||
credentials_args=""
|
credentials_args=""
|
||||||
if [ ! -z "${username}" ]; then
|
if [ ! -z "${username}" ]; then
|
||||||
credentials_args="--dest-creds ${username}:${username}"
|
credentials_args="--dest-creds ${username}:${password}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Upload image to target registry
|
# Upload image to target registry
|
||||||
@ -224,8 +229,27 @@ else
|
|||||||
echo '{"trivy":[]}' > ${trivy_out_file}
|
echo '{"trivy":[]}' > ${trivy_out_file}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
layers_file=manifests-${image}-${tag}.json
|
||||||
|
rm -f ${layers_file}
|
||||||
|
|
||||||
|
if [ -z "${multiarch}" ]; then
|
||||||
|
regctl manifest --format raw-body get ${local_image_ref_regtl} | jq '{ manifests: { default: { layers: [ .layers[].digest ] } } }' > ${layers_file}
|
||||||
|
else
|
||||||
|
manifests=$(regctl manifest --format raw-body get ${local_image_ref_regtl} | jq '[ .manifests[] | { "digest":.digest, "platform":(.platform | [ .os, .architecture, .variant ] | map(select(.!=null)) | join("/") )} ] ')
|
||||||
|
|
||||||
|
echo $manifests | jq -c '.[]' | while read i; do
|
||||||
|
digest=$(echo $i | jq -r '.digest')
|
||||||
|
platform=$(echo $i | jq -r '.platform')
|
||||||
|
regctl manifest --format raw-body get ocidir://${images_dir}@${digest} | jq --arg platform "${platform}" '{ manifests: { ($platform): { layers: [ .layers[].digest ] } } }' >> layers-${image}-${tag}-${digest//:/_}.json
|
||||||
|
done
|
||||||
|
|
||||||
|
jq -n '{ manifests: [ inputs.manifests ] | add }' layers-${image}-${tag}*.json > ${layers_file}
|
||||||
|
rm -f layers-${image}-${tag}*.json
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
# Sign new updated image
|
# Sign new updated image
|
||||||
COSIGN_PASSWORD=${cosign_password} cosign sign ${remote_dest_image_ref} --key ${cosign_key_path} --allow-insecure-registry
|
COSIGN_PASSWORD=${cosign_password} cosign sign ${remote_dest_image_ref} --key ${cosign_key_path} --allow-insecure-registry --yes
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
@ -242,5 +266,5 @@ jq -n \
|
|||||||
--arg org.opencontainers.image.documentation "${description}" \
|
--arg org.opencontainers.image.documentation "${description}" \
|
||||||
'$ARGS.named' > ${details_file}
|
'$ARGS.named' > ${details_file}
|
||||||
|
|
||||||
jq -c -s add ${details_file} ${trivy_out_file} > ${metafile}
|
jq -c -s add ${details_file} ${trivy_out_file} ${layers_file} > ${metafile}
|
||||||
rm ${details_file} ${trivy_out_file}
|
rm ${details_file} ${trivy_out_file} ${layers_file}
|
||||||
|
Loading…
Reference in New Issue
Block a user