feat(container-pull): add ability to add custom tags when copying to a registry

carlosmmatos · carlosmmatos · commit aeade858a3c3 · 2025-03-10T14:23:51.000-04:00
Fixes #405 This PR introduces the `--copy-custom-tag` option for the container pull script that now allows a user to use a custom tag when copying an image to registry.
diff --git a/bash/containers/falcon-container-sensor-pull/README.md b/bash/containers/falcon-container-sensor-pull/README.md
@@ -100,7 +100,8 @@ Optional Flags:
 
     --runtime <RUNTIME>                            Use a different container runtime [docker, podman, skopeo] (Default: docker)
     --dump-credentials                             Print registry credentials to stdout to copy/paste into container tools
-    --copy-omit-image-name                         Omit the image name from the destination path when copying
+    --copy-omit-image-name                         Omit the image name from the destination path when copying (requires -c, --copy)
+    --copy-custom-tag <TAG>                        Use custom tag when copying image (requires -c, --copy)
     --get-image-path                               Get the full image path including the registry, repository, and latest tag for the specified SENSOR_TYPE
     --get-pull-token                               Get the pull token of the selected SENSOR_TYPE for Kubernetes
     --get-cid                                      Get the CID assigned to the API Credentials
@@ -131,7 +132,8 @@ Help Options:
 | `--runtime`                                    | `$CONTAINER_TOOL`       | `docker` (Optional)           | Use a different container runtime [docker, podman, skopeo]. **Default is Docker**.                                                                                                                                                                       |
 | `--dump-credentials`                           | `$CREDS`                | `False` (Optional)            | Print registry credentials to stdout to copy/paste into container tools                                                                                                                                                                                  |
 | `--get-image-path`                             | N/A                     | `None`                        | Get the full image path including the registry, repository, and latest tag for the specified `SENSOR_TYPE`.                                                                                                                                              |
-| `--copy-omit-image-name`                       | N/A                     | `None`                        | Omit the image name from the destination path when copying                                                                                                                                                                                               |
+| `--copy-omit-image-name`                       | N/A                     | `None`                        | Omit the image name from the destination path when copying (requires -c, --copy)                                                                                                                                                                                               |
+| `--copy-custom-tag <TAG>`                      | N/A                     | `None`                        | Use custom tag when copying image (requires -c, --copy)                                                                                                                                                                                               |
 | `--get-pull-token`                             | N/A                     | `None`                        | Get the pull token of the selected `SENSOR_TYPE` for Kubernetes.                                                                                                                                                                                         |
 | `--get-cid`                                    | N/A                     | `None`                        | Get the CID assigned to the API Credentials.                                                                                                                                                                                                             |
 | `--list-tags`                                  | `$LISTTAGS`             | `False` (Optional)            | List all tags available for the selected sensor                                                                                                                                                                                                          |
@@ -267,6 +269,37 @@ Results in: `myregistry.com/mynamespace/falcon-sensor:<tag>`
 
 Results in: `myregistry.com/mynamespace/myfalcon-sensor:<tag>`
 
+#### Example copying an image with a custom tag
+
+The following example will copy the `falcon-container` image to a different registry using a custom tag instead of the default version tag:
+
+```shell
+./falcon-container-sensor-pull.sh \
+--client-id <FALCON_CLIENT_ID> \
+--client-secret <FALCON_CLIENT_SECRET> \
+--type falcon-container \
+--copy myregistry.com/mynamespace \
+--copy-custom-tag latest \
+--runtime docker
+```
+
+Results in: `myregistry.com/mynamespace/falcon-container:latest`
+
+You can also combine this with other options:
+
+```shell
+./falcon-container-sensor-pull.sh \
+--client-id <FALCON_CLIENT_ID> \
+--client-secret <FALCON_CLIENT_SECRET> \
+--type falcon-sensor \
+--copy myregistry.com/mynamespace/custom-sensor \
+--copy-omit-image-name \
+--copy-custom-tag v1.2.3-production \
+--runtime skopeo
+```
+
+Results in: `myregistry.com/mynamespace/custom-sensor:v1.2.3-production`
+
 #### Example copying multi-arch image for a specific platform
 
 The following example will copy the `falcon-sensor` multi-arch image for the `aarch64` platform to a different registry using Skopeo.
diff --git a/bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh b/bash/containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh
@@ -39,7 +39,8 @@ Optional Flags:
 
     --runtime <RUNTIME>                            Use a different container runtime [docker, podman, skopeo] (Default: docker)
     --dump-credentials                             Print registry credentials to stdout to copy/paste into container tools
-    --copy-omit-image-name                         Omit the image name from the destination path when copying
+    --copy-omit-image-name                         Omit the image name from the destination path when copying (requires -c, --copy)
+    --copy-custom-tag <TAG>                        Use custom tag when copying image (requires -c, --copy)
     --get-image-path                               Get the full image path including the registry, repository, and latest tag for the specified SENSOR_TYPE
     --get-pull-token                               Get the pull token of the selected SENSOR_TYPE for Kubernetes
     --get-cid                                      Get the CID assigned to the API Credentials
@@ -145,6 +146,12 @@ while [ $# != 0 ]; do
                 COPY_OMIT_IMAGE_NAME=true
             fi
             ;;
+        --copy-custom-tag)
+            if [ -n "${1}" ]; then
+                CUSTOM_TAG="${2}"
+                shift
+            fi
+            ;;
         --get-pull-token)
             if [ -n "${1}" ]; then
                 PULLTOKEN=true
@@ -415,7 +422,6 @@ copy_image() {
         "$CONTAINER_TOOL" tag "$source_path" "$destination_path"
         "$CONTAINER_TOOL" push "$destination_path"
     fi
-    echo "Image copied to: $destination_path"
 }
 
 detect_container_tool() {
@@ -730,11 +736,24 @@ if [ "${COPY_OMIT_IMAGE_NAME}" = "true" ] && [ -z "${COPY}" ]; then
     die "--copy-omit-image-name requires -c, --copy to be specified"
 fi
 
+if [ -n "${CUSTOM_TAG}" ] && [ -z "${COPY}" ]; then
+    die "--copy-custom-tag requires --copy to be specified"
+fi
+
 # Construct destination path
-if [ "${COPY_OMIT_IMAGE_NAME}" = "true" ]; then
-    COPYPATH="$COPY:$LATESTSENSOR"
+if [ -n "${CUSTOM_TAG}" ]; then
+    # Use custom tag if specified
+    if [ "${COPY_OMIT_IMAGE_NAME}" = "true" ]; then
+        COPYPATH="$COPY:$CUSTOM_TAG"
+    else
+        COPYPATH="$COPY/$IMAGE_NAME:$CUSTOM_TAG"
+    fi
 else
-    COPYPATH="$COPY/$IMAGE_NAME:$LATESTSENSOR"
+    if [ "${COPY_OMIT_IMAGE_NAME}" = "true" ]; then
+        COPYPATH="$COPY:$LATESTSENSOR"
+    else
+        COPYPATH="$COPY/$IMAGE_NAME:$LATESTSENSOR"
+    fi
 fi
 
 # Handle multi-arch images first
@@ -743,7 +762,7 @@ if [ "$(is_multi_arch "$FULLIMAGEPATH")" = "true" ]; then
     if [ -n "$SENSOR_PLATFORM" ]; then
         # If Skopeo is being used, the platform must be overridden
         if grep -qw "skopeo" "$CONTAINER_TOOL"; then
-            "$CONTAINER_TOOL" copy --override-arch "$(platform_override)" "docker://$FULLIMAGEPATH" "docker://$COPYPATH"
+            "$CONTAINER_TOOL" copy --override-arch "$(platform_override)" --override-os linux "docker://$FULLIMAGEPATH" "docker://$COPYPATH"
         else
             # Podman/Docker can pull the specific platform
             pf_override="linux/$(platform_override)"
@@ -781,3 +800,7 @@ else
         fi
     fi
 fi
+
+if [ -n "$COPY" ]; then
+    echo "Image copied to: $COPYPATH"
+fi
