From ff9e1ae7617955ff38c3d96cca8802271e38268b Mon Sep 17 00:00:00 2001 From: Doron Somech Date: Sat, 20 Jun 2020 20:07:45 +0300 Subject: [PATCH] chore: fixing digest Fixing few issues with digest: 1. Multi-stage dockerfiles override /usr/local/lib, downloading jq and reg to /kaniko instead 2. Github registry doesn't support digest yet, downloading manifest and calculating the digest manually 3. Digest was fetched for the current tag, which not yet exist. Fetching digest for the latest tag instead --- Dockerfile | 9 ++++----- entrypoint.sh | 10 +++++++++- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8090a3f..024c21c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,13 +6,12 @@ FROM gcr.io/kaniko-project/executor:debug SHELL ["/busybox/sh", "-c"] -RUN mkdir -p /usr/local/bin && \ - wget -O /usr/local/bin/jq \ +RUN wget -O /kaniko/jq \ https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 && \ - chmod +x /usr/local/bin/jq && \ - wget -O /usr/local/bin/reg \ + chmod +x /kaniko/jq && \ + wget -O /kaniko/reg \ https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-386 && \ - chmod +x /usr/local/bin/reg + chmod +x /kaniko/reg COPY entrypoint.sh / COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt diff --git a/entrypoint.sh b/entrypoint.sh index c6412a1..e62ba86 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -9,6 +9,7 @@ export TAG=${TAG:-"latest"} export TAG=${TAG#$INPUT_STRIP_TAG_PREFIX} export USERNAME=${INPUT_USERNAME:-$GITHUB_ACTOR} export PASSWORD=${INPUT_PASSWORD:-$GITHUB_TOKEN} +export REPOSITORY=$IMAGE export IMAGE=$IMAGE:$TAG function ensure() { @@ -27,6 +28,7 @@ ensure "${TAG}" "tag" if [ "$REGISTRY" == "docker.pkg.github.com" ]; then IMAGE_NAMESPACE="$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')" export IMAGE="$IMAGE_NAMESPACE/$IMAGE" + export REPOSITORY="$IMAGE_NAMESPACE/$REPOSITORY" if [ ! -z $INPUT_CACHE_REGISTRY ]; then export INPUT_CACHE_REGISTRY="$REGISTRY/$IMAGE_NAMESPACE/$INPUT_CACHE_REGISTRY" @@ -69,7 +71,13 @@ EOF if [ ! -z $INPUT_SKIP_UNCHANGED_DIGEST ]; then export DIGEST=$(cat digest) - export REMOTE=$(reg digest "$IMAGE" | tail -1) + + if [ "$REGISTRY" == "docker.pkg.github.com" ]; then + wget -q -O manifest --header "Authorization: Basic $(echo -n $USERNAME:$PASSWORD | base64)" https://docker.pkg.github.com/v2/$REPOSITORY/manifests/latest || true + export REMOTE="sha256:$(cat manifest | sha256sum | awk '{ print $1 }')" + else + export REMOTE=$(reg digest -u $USERNAME -p $PASSWORD $REGISTRY/$REPOSITORY | tail -1) + fi if [ "$DIGEST" == "$REMOTE" ]; then echo "Digest hasn't changed, skipping, $DIGEST"