From 51211d448396618d2792a458d0135a1817505ac1 Mon Sep 17 00:00:00 2001
From: Doron Somech <somdoron@gmail.com>
Date: Sat, 20 Jun 2020 20:07:45 +0300
Subject: [PATCH] fix(digest): Add support for GitHub's docker registry

Github registry doesn't support digest yet, we need to download the manifest
and calculate the digest manually

Also fixing a few other issues:
 * Multi-stage dockerfiles override /usr/local/lib, moved jq and reg to /kaniko instead
 * The digest was fetched for the current tag, which doesn't exist yet. Fetching digest for the latest tag instead
---
 Dockerfile    |  9 ++++-----
 entrypoint.sh | 10 +++++++++-
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 8090a3f..024c21c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,13 +6,12 @@ FROM gcr.io/kaniko-project/executor:debug
 
 SHELL ["/busybox/sh", "-c"]
 
-RUN mkdir -p /usr/local/bin && \
-    wget -O /usr/local/bin/jq \
+RUN wget -O /kaniko/jq \
     https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 && \
-    chmod +x /usr/local/bin/jq && \
-    wget -O /usr/local/bin/reg \
+    chmod +x /kaniko/jq && \
+    wget -O /kaniko/reg \
     https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \
-    chmod +x /usr/local/bin/reg
+    chmod +x /kaniko/reg
 
 COPY entrypoint.sh /
 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
diff --git a/entrypoint.sh b/entrypoint.sh
index c6412a1..e62ba86 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -9,6 +9,7 @@ export TAG=${TAG:-"latest"}
 export TAG=${TAG#$INPUT_STRIP_TAG_PREFIX}
 export USERNAME=${INPUT_USERNAME:-$GITHUB_ACTOR}
 export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN}
+export REPOSITORY=$IMAGE
 export IMAGE=$IMAGE:$TAG
 
 function ensure() {
@@ -27,6 +28,7 @@ ensure "${TAG}" "tag"
 if [ "$REGISTRY" == "docker.pkg.github.com" ]; then
     IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')"
     export IMAGE="$IMAGE_NAMESPACE/$IMAGE"
+    export REPOSITORY="$IMAGE_NAMESPACE/$REPOSITORY"
 
     if [ ! -z $INPUT_CACHE_REGISTRY ]; then
         export INPUT_CACHE_REGISTRY="$REGISTRY/$IMAGE_NAMESPACE/$INPUT_CACHE_REGISTRY"
@@ -69,7 +71,13 @@ EOF
 
 if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then
     export DIGEST=$(cat digest)
-    export REMOTE=$(reg digest "$IMAGE" | tail -1)
+
+    if [ "$REGISTRY" == "docker.pkg.github.com" ]; then
+        wget -q -O manifest --header "Authorization: Basic $(echo -n $USERNAME:$PASSWORD | base64)" https://docker.pkg.github.com/v2/$REPOSITORY/manifests/latest || true
+        export REMOTE="sha256:$(cat manifest | sha256sum | awk '{ print $1 }')"
+    else
+        export REMOTE=$(reg digest -u $USERNAME -p $PASSWORD $REGISTRY/$REPOSITORY | tail -1)
+    fi
 
     if [ "$DIGEST" == "$REMOTE" ]; then
         echo "Digest hasn't changed, skipping, $DIGEST"