test(test-data): add layers information to the image metadata json (#347)

* test(test-data): add layers information to the image metadata json

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

* fix(tests): fix username userd as password, fix prerequisite validation

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

* fix(tests): auto-confirm cosign upload to private registry

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

---------

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
This commit is contained in:
Andrei Aaron 2023-04-27 18:06:52 +03:00 committed by GitHub
parent 415973e23c
commit c09a12facc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -7,7 +7,7 @@ cosign_password=""
metafile="" metafile=""
multiarch="" multiarch=""
username="" username=""
username="" password=""
debug=0 debug=0
data_dir=$(pwd) data_dir=$(pwd)
@ -110,28 +110,33 @@ cosign_key_path=${data_dir}/cosign.key
function verify_prerequisites { function verify_prerequisites {
mkdir -p ${data_dir} mkdir -p ${data_dir}
if [ ! command -v regctl ] &>/dev/null; then command -v regctl
echo "you need to install regctl as a prerequisite" >&3 if [ $? -ne 0 ]; then
echo "you need to install regctl as a prerequisite"
exit 1
fi
command -v skopeo
if [ $? -ne 0 ]; then
echo "you need to install skopeo as a prerequisite"
exit 1
fi
command -v cosign
if [ $? -ne 0 ]; then
echo "you need to install cosign as a prerequisite"
return 1 return 1
fi fi
if [ ! command -v skopeo ] &>/dev/null; then command -v trivy
echo "you need to install skopeo as a prerequisite" >&3 if [ $? -ne 0 ]; then
echo "you need to install trivy as a prerequisite"
return 1 return 1
fi fi
if [ ! command -v cosign ] &>/dev/null; then command -v jq
echo "you need to install cosign as a prerequisite" >&3 if [ $? -ne 0 ]; then
return 1 echo "you need to install jq as a prerequisite"
fi
if [ ! command -v trivy ] &>/dev/null; then
echo "you need to install trivy as a prerequisite" >&3
return 1
fi
if [ ! command -v jq ] &>/dev/null; then
echo "you need to install jq as a prerequisite" >&3
return 1 return 1
fi fi
@ -197,7 +202,7 @@ regctl image mod --replace --annotation org.opencontainers.image.documentation="
credentials_args="" credentials_args=""
if [ ! -z "${username}" ]; then if [ ! -z "${username}" ]; then
credentials_args="--dest-creds ${username}:${username}" credentials_args="--dest-creds ${username}:${password}"
fi fi
# Upload image to target registry # Upload image to target registry
@ -224,8 +229,27 @@ else
echo '{"trivy":[]}' > ${trivy_out_file} echo '{"trivy":[]}' > ${trivy_out_file}
fi fi
layers_file=manifests-${image}-${tag}.json
rm -f ${layers_file}
if [ -z "${multiarch}" ]; then
regctl manifest --format raw-body get ${local_image_ref_regtl} | jq '{ manifests: { default: { layers: [ .layers[].digest ] } } }' > ${layers_file}
else
manifests=$(regctl manifest --format raw-body get ${local_image_ref_regtl} | jq '[ .manifests[] | { "digest":.digest, "platform":(.platform | [ .os, .architecture, .variant ] | map(select(.!=null)) | join("/") )} ] ')
echo $manifests | jq -c '.[]' | while read i; do
digest=$(echo $i | jq -r '.digest')
platform=$(echo $i | jq -r '.platform')
regctl manifest --format raw-body get ocidir://${images_dir}@${digest} | jq --arg platform "${platform}" '{ manifests: { ($platform): { layers: [ .layers[].digest ] } } }' >> layers-${image}-${tag}-${digest//:/_}.json
done
jq -n '{ manifests: [ inputs.manifests ] | add }' layers-${image}-${tag}*.json > ${layers_file}
rm -f layers-${image}-${tag}*.json
fi
# Sign new updated image # Sign new updated image
COSIGN_PASSWORD=${cosign_password} cosign sign ${remote_dest_image_ref} --key ${cosign_key_path} --allow-insecure-registry COSIGN_PASSWORD=${cosign_password} cosign sign ${remote_dest_image_ref} --key ${cosign_key_path} --allow-insecure-registry --yes
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
exit 1 exit 1
fi fi
@ -242,5 +266,5 @@ jq -n \
--arg org.opencontainers.image.documentation "${description}" \ --arg org.opencontainers.image.documentation "${description}" \
'$ARGS.named' > ${details_file} '$ARGS.named' > ${details_file}
jq -c -s add ${details_file} ${trivy_out_file} > ${metafile} jq -c -s add ${details_file} ${trivy_out_file} ${layers_file} > ${metafile}
rm ${details_file} ${trivy_out_file} rm ${details_file} ${trivy_out_file} ${layers_file}