mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-28 09:56:31 +02:00
d5b4910951
* check docker base images * test bad image * debugging * fix missing gcr image * restore hash * fix docker tag * improved check * fix variable * fix check
88 lines
2 KiB
Bash
Executable file
88 lines
2 KiB
Bash
Executable file
#!/usr/bin/bash
|
|
set -euo pipefail
|
|
|
|
inspect-manifest() {
|
|
local _image
|
|
_image="${1?"image is required"}"
|
|
|
|
local _temp_dir
|
|
_temp_dir="${TMPDIR-/tmp}"
|
|
local _image_hash
|
|
_image_hash="$(echo -n "$_image" | shasum | cut -f1 -d' ')"
|
|
local _temp_file
|
|
_temp_file="${_temp_dir}/check-docker-image-${_image_hash}.json"
|
|
|
|
if [ ! -f "$_temp_file" ]; then
|
|
docker buildx imagetools inspect \
|
|
--format='{{json .}}' \
|
|
"$_image" >"$_temp_file"
|
|
fi
|
|
|
|
cat "$_temp_file"
|
|
}
|
|
|
|
check-image() {
|
|
local _image
|
|
_image="${1?"image is required"}"
|
|
|
|
echo "checking image=$_image"
|
|
|
|
local _manifest
|
|
_manifest="$(inspect-manifest "$_image")"
|
|
|
|
local _has_arm64
|
|
_has_arm64="$(echo "$_manifest" | jq '
|
|
.manifest.manifests
|
|
| map(select(.platform.architecture == "arm64" and .platform.os == "linux"))
|
|
| length >= 1
|
|
')"
|
|
|
|
if [[ "$_has_arm64" != "true" ]]; then
|
|
echo "- missing ARM64 in $_manifest"
|
|
exit 1
|
|
fi
|
|
|
|
local _has_amd64
|
|
_has_amd64="$(echo "$_manifest" | jq '
|
|
.manifest.manifests
|
|
| map(select(.platform.architecture == "amd64" and .platform.os == "linux"))
|
|
| length >= 1
|
|
')"
|
|
|
|
if [[ "$_has_amd64" != "true" ]]; then
|
|
echo "- missing AMD64 in $_manifest"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
check-dockerfile() {
|
|
local _file
|
|
_file="${1?"file is required"}"
|
|
|
|
echo "checking dockerfile=$_file"
|
|
|
|
while IFS= read -r _image; do
|
|
check-image "$_image"
|
|
done < <(sed -n -r -e 's/^FROM ([^:]*)(:[^@]*)(@sha256[^ ]*).*$/\1\2\3/p' "$_file")
|
|
}
|
|
|
|
check-directory() {
|
|
local _directory
|
|
_directory="${1?"directory is required"}"
|
|
|
|
echo "checking directory=$_directory"
|
|
|
|
local _file
|
|
while IFS= read -r -d '' _file; do
|
|
check-dockerfile "$_file"
|
|
done < <(find "$_directory" -name "*Dockerfile*" -print0)
|
|
}
|
|
|
|
main() {
|
|
local _project_root
|
|
_project_root="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)/.."
|
|
|
|
check-directory "$_project_root"
|
|
}
|
|
|
|
main
|