improved check

scripts/check-docker-images

@@ -1,20 +1,88 @@
 #!/usr/bin/bash
 set -euo pipefail
 
-_project_root="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)/.."
+inspect-manifest() {
-for _f in $(find "$_project_root" -name "*Dockerfile*"); do
+    local _image
-    echo "checking $_f"
+    _image="${1?"image is required"}"
-    for _img in $(sed -n -r -e 's/^FROM ([^:]*)(:[^@]*)(@sha256[^ ]*).*$/\1\2\3/p' "$_f"); do
-        echo "- $_img"
-        _media_type="$(
-            docker buildx imagetools inspect \
-                --format='{{print .Manifest.MediaType }}' \
-                "$_img"
-        )"
 
-        if [[ "$_media_type" != "application/vnd.oci.image.index.v1+json" && "$_media_type" != "application/vnd.docker.distribution.manifest.list.v2+json" ]]; then
+    local _temp_dir
-            echo "not a multi-platform manifest"
+    _temp_dir="${TMPDIR-/tmp}"
-            exit 1
+    local _image_hash
-        fi
+    _image_hash="$(echo -n "$_image" | shasum | cut -f1 -d' ')"
-    done
+    local _temp_file
-done
+    _temp_file="${_temp_dir}/check-docker-image-${_image_hash}.json"
+
+    if [ ! -f "$_temp_file" ]; then
+        docker buildx imagetools inspect \
+            --format='{{json .}}' \
+            "$_image" >"$_temp_file"
+    fi
+
+    cat "$_temp_file"
+}
+
+check-image() {
+    local _image
+    _image="${1?"image is required"}"
+
+    echo "checking image=$_image"
+
+    local _manifest
+    _manifest="$(inspect-manifest "$_image")"
+
+    local _hasARM64
+    _has_arm64="$(echo "$_manifest" | jq '
+        .manifest.manifests
+        | map(select(.platform.architecture == "arm64" and .platform.os == "linux"))
+        | length >= 1
+    ')"
+
+    if [[ "$_has_arm64" != "true" ]]; then
+        echo "- missing ARM64 in $_manifest"
+        exit 1
+    fi
+
+    local _hasAMD64
+    _has_amd64="$(echo "$_manifest" | jq '
+        .manifest.manifests
+        | map(select(.platform.architecture == "amd64" and .platform.os == "linux"))
+        | length >= 1
+    ')"
+
+    if [[ "$_has_arm64" != "true" ]]; then
+        echo "- missing AMD64 in $_manifest"
+        exit 1
+    fi
+}
+
+check-dockerfile() {
+    local _file
+    _file="${1?"file is required"}"
+
+    echo "checking dockerfile=$_file"
+
+    while IFS= read -r _image; do
+        check-image "$_image"
+    done < <(sed -n -r -e 's/^FROM ([^:]*)(:[^@]*)(@sha256[^ ]*).*$/\1\2\3/p' "$_file")
+}
+
+check-directory() {
+    local _directory
+    _directory="${1?"directory is required"}"
+
+    echo "checking directory=$_directory"
+
+    local _file
+    while IFS= read -r -d '' _file; do
+        check-dockerfile "$_file"
+    done < <(find "$_directory" -name "*Dockerfile*" -print0)
+}
+
+main() {
+    local _project_root
+    _project_root="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)/.."
+
+    check-directory "$_project_root"
+}
+
+main