From 8d88b6ce4cde90b668609f256970b997282c3930 Mon Sep 17 00:00:00 2001 From: wangyueliang Date: Sun, 4 Feb 2024 16:11:22 +0800 Subject: [PATCH] Generalize container-push to support multi format, inject `baseos-container` into `meta.json`, push the extensions container [upstream] f62f01d581212f563b6a9ecdbb06f7ff62ae2527 4a6477ea6087015a376d433ae64300d50c47f9dc 7f87a9d7ca61c5e0f6e20b586a749a046ea3feca 5936a7cfc50f9fc32786b222d957ba61ce11072d c462739e1a15cd428c865511ffa3a46434580301 80152043d7e7c614c087f4ae4fede123b176a2d1 1f34f5d18662f56dcdcc0cd6e90acfa60f1dc258 738cb390252f737176b15e53db397c6ed924150b --- src/cmd-push-container | 67 ++++++++++++++++++++++++++++++------------ 1 file changed, 49 insertions(+), 18 deletions(-) diff --git a/src/cmd-push-container b/src/cmd-push-container index addc4075..072cead9 100755 --- a/src/cmd-push-container +++ b/src/cmd-push-container @@ -7,6 +7,8 @@ import argparse import json import os +import tempfile +import shutil import subprocess import sys @@ -18,8 +20,13 @@ from cosalib import cmdlib parser = argparse.ArgumentParser() parser.add_argument("--authfile", help="Authentication file", action='store') -parser.add_argument("name", help="destination image reference") -parser.add_argument("source", help="source depository,e.g.(docker,local-harbor,oepkg)") +parser.add_argument("--format", help="Image format for destination", choices=['oci', 'v2s2'], action='store') +parser.add_argument("--tag-suffix", metavar='SUFFIX', help="Append SUFFIX to container tag") +parser.add_argument("name", metavar='NAME[:TAG]', help="destination image reference") +parser.add_argument("--image", default='ostree', help="Container image to push", choices=['ostree', 'extensions-container']) +# add for nestos +parser.add_argument("-d","--dest-repository", help="The destination repository to push") +parser.add_argument("--no-tls-verify", help="Don't verify the destination repository TLS when specified",action="store_true") args = parser.parse_args() @@ -34,25 +41,49 @@ latest_build_path = f"builds/{latest_build}/{arch}" metapath = f"{latest_build_path}/meta.json" with open(metapath) as f: meta = json.load(f) -ociarchive = os.path.join(latest_build_path, meta['images']['ostree']['path']) +ociarchive = os.path.join(latest_build_path, meta['images'][args.image]['path']) skopeoargs = ['skopeo', 'copy'] if args.authfile is None: args.authfile = os.environ.get("REGISTRY_AUTH_FILE") if args.authfile is not None: skopeoargs.extend(['--authfile', args.authfile]) -container_name = args.name -if ":" not in container_name: - container_name = f"{container_name}:{latest_build}-{arch}" - -if args.source == "docker": - skopeoargs.extend([f"oci-archive:{ociarchive}", f"docker://{container_name}"]) -if args.source == "local-harbor": - skopeoargs.extend([f"oci-archive:{ociarchive}", f"docker://local-harbor.wyl-40/{container_name}"]) - skopeoargs.extend(["--insecure-policy"]) - skopeoargs.extend(["--dest-tls-verify=false"]) -if args.source == "oepkg": - skopeoargs.extend([f"oci-archive:{ociarchive}", f"docker://hub.oepkgs.net/{container_name}"]) - -print(subprocess.list2cmdline(skopeoargs)) -os.execvp('skopeo', skopeoargs) +if args.format is not None: + skopeoargs.extend(['--format', args.format]) +if ":" not in args.name: + container_name = args.name + # If a specific tag wasn't requested, add a default one + container_tag = f"{latest_build}-{arch}" +else: + # Strip the tag out, as we will be injecting the digest below + # Note this implicitly errors out if there's more than one ':' + container_name, container_tag = args.name.rsplit(':') +if args.tag_suffix: + container_tag = f"{container_tag}-{args.tag_suffix}" +with tempfile.NamedTemporaryFile(dir='tmp', prefix='push-container-digestfile') as df: + skopeoargs.append(f"--digestfile={df.name}") + # TODO: to test for private registry + if args.dest_repository: + skopeoargs.extend([f"oci-archive:{ociarchive}", f"docker://{args.dest_repository}/{container_name}:{container_tag}"]) + else: + skopeoargs.extend([f"oci-archive:{ociarchive}", f"docker://{container_name}:{container_tag}"]) + if args.no_tls_verify: + skopeoargs.extend(["--insecure-policy"]) + skopeoargs.extend(["--dest-tls-verify=false"]) + + print(subprocess.list2cmdline(skopeoargs)) + subprocess.check_call(skopeoargs) + df.seek(0) + digest = df.read().decode('utf-8').strip() + # Inject the oscontainer with SHA256 into the build metadata + container = 'base-oscontainer' + if args.image != 'ostree': + container = args.image + meta[container] = { + 'image': container_name, + 'digest': digest + } + metapath_new = f"{metapath}.new" + with open(metapath_new, 'w') as f: + json.dump(meta, f, sort_keys=True) + shutil.move(metapath_new, metapath) -- Gitee