#!/usr/bin/bash set -euo pipefail inspect-manifest() { local _image _image="${1?"image is required"}" local _temp_dir _temp_dir="${TMPDIR-/tmp}" local _image_hash _image_hash="$(echo -n "$_image" | shasum | cut -f1 -d' ')" local _temp_file _temp_file="${_temp_dir}/check-docker-image-${_image_hash}.json" if [ ! -f "$_temp_file" ]; then docker buildx imagetools inspect \ --format='{{json .}}' \ "$_image" >"$_temp_file" fi cat "$_temp_file" } check-image() { local _image _image="${1?"image is required"}" echo "checking image=$_image" local _manifest _manifest="$(inspect-manifest "$_image")" local _has_arm64 _has_arm64="$(echo "$_manifest" | jq ' .manifest.manifests | map(select(.platform.architecture == "arm64" and .platform.os == "linux")) | length >= 1 ')" if [[ "$_has_arm64" != "true" ]]; then echo "- missing ARM64 in $_manifest" exit 1 fi local _has_amd64 _has_amd64="$(echo "$_manifest" | jq ' .manifest.manifests | map(select(.platform.architecture == "amd64" and .platform.os == "linux")) | length >= 1 ')" if [[ "$_has_amd64" != "true" ]]; then echo "- missing AMD64 in $_manifest" exit 1 fi } check-dockerfile() { local _file _file="${1?"file is required"}" echo "checking dockerfile=$_file" while IFS= read -r _image; do check-image "$_image" done < <(sed -n -r -e 's/^FROM ([^:]*)(:[^@]*)(@sha256[^ ]*).*$/\1\2\3/p' "$_file") } check-directory() { local _directory _directory="${1?"directory is required"}" echo "checking directory=$_directory" local _file while IFS= read -r -d '' _file; do check-dockerfile "$_file" done < <(find "$_directory" -name "*Dockerfile*" -print0) } main() { local _project_root _project_root="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)/.." check-directory "$_project_root" } main