-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
5fddabb
commit 70c2c9b
Showing
3 changed files
with
167 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
#!/bin/bash | ||
|
||
# Initialize array to store digest SHAs | ||
declare -a digests | ||
|
||
# Fetch all docker image names | ||
image_names=$(gh api \ | ||
-H "Accept: application/vnd.github+json" \ | ||
-H "-GitHub-Api-Version: 2022-11-28" \ | ||
-H "Authorization: Token ${GITHUB_TOKEN}" \ | ||
--paginate "/orgs/boozallen/packages?package_type=container" | jq -r '.[] | select((.name | startswith("aissemble")) and (.name | endswith("-chart") | not)) | .name') | ||
|
||
# For each docker image, find all release versions, excluding 1.7.0(-arm64/amd64) | ||
for name in $image_names; do | ||
release_versions=$(gh api \ | ||
-H "Accept: application/vnd.github+json" \ | ||
-H "-GitHub-Api-Version: 2022-11-28" \ | ||
-H "Authorization: Token ${GITHUB_TOKEN}" \ | ||
--paginate "/orgs/boozallen/packages/container/${name}/versions" \ | ||
| jq -r '.[] | .metadata.container.tags[] | select(test("^\\d+\\.\\d+\\.\\d?$"))' \ | ||
| jq -R -s 'split("\n") | map(select(length > 0)) | map(select(. != "1.7.0" and . != "1.7.0-arm64" and . != "1.7.0-amd64"))') | ||
|
||
# Loop through all release versions | ||
for version in $(echo "$release_versions" | jq -r '.[]'); do | ||
echo "Processing release image ${name}:${version}" | ||
|
||
# Fetch the base manifest SHA | ||
# Inspect command will output Name, MediaType, Digest in the first three lines | ||
# so we can use a regex to pull out the SHA | ||
manifest_base_sha=$(docker buildx imagetools inspect "ghcr.io/boozallen/${name}:${version}" | head -n 3 | sed -n 's/^Digest: *//p') | ||
|
||
echo "Manifest index SHA: ${manifest_base_sha}" | ||
|
||
# Add to digests array | ||
digests+=("$manifest_base_sha") | ||
|
||
# Query the raw inpect output to get the nested manifest list SHAs | ||
manifest_list_shas=$(docker buildx imagetools inspect --raw "ghcr.io/boozallen/${name}:${version}" | jq -r '.manifests[].digest' | paste -s -d ' ' -) | ||
|
||
echo "Manifest List SHAs: $manifest_list_shas" | ||
|
||
# Add to digests array | ||
digests+=("$manifest_list_shas") | ||
done | ||
done | ||
|
||
# Join digests into a single string separated by spaces | ||
digests_string=$(echo "${digests[*]}") | ||
|
||
# Save the output to $GITHUB_OUTPUT | ||
echo "multi-arch-digests=${digests_string}" >> "$GITHUB_OUTPUT" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
#!/bin/bash | ||
|
||
# Initialize array to store digest SHAs | ||
declare -a digests | ||
|
||
# Fetch all docker image names | ||
image_names=$(gh api \ | ||
-H "Accept: application/vnd.github+json" \ | ||
-H "-GitHub-Api-Version: 2022-11-28" \ | ||
-H "Authorization: Token ${GITHUB_TOKEN}" \ | ||
--paginate "/orgs/boozallen/packages?package_type=container" | jq -r '.[] | select((.name | startswith("aissemble")) and (.name | endswith("-chart") | not)) | .name') | ||
|
||
# For each docker image, find their snapshot versions by grabbing any tag that ends with "-SNAPSHOT" | ||
for name in $image_names; do | ||
all_snapshot_versions=$(gh api \ | ||
-H "Accept: application/vnd.github+json" \ | ||
-H "-GitHub-Api-Version: 2022-11-28" \ | ||
-H "Authorization: Token ${GITHUB_TOKEN}" \ | ||
--paginate "/orgs/boozallen/packages/container/${name}/versions" \ | ||
| jq -r '.[] | .metadata.container.tags[] | select(endswith("-SNAPSHOT"))'| jq -R -s 'split("\n")| map(select(length > 0))') | ||
|
||
# Find the latest snapshot version by sorting all snapshot versions, then selecting the top | ||
latest_snapshot_version=$(echo "$all_snapshot_versions" | jq -r '.[] | select(endswith("-SNAPSHOT"))' | sort -r | head -n 1) | ||
|
||
echo "Processing snapshot image ${name}:${latest_snapshot_version}" | ||
|
||
# Fetch the latest snapshot version SHA | ||
latest_snapshot_manifest_list_shas=$(docker buildx imagetools inspect --raw "ghcr.io/boozallen/${name}:${latest_snapshot_version}" | jq -r '.manifests[].digest' | paste -s -d ' ' -) | ||
|
||
echo "Manifest List: $latest_snapshot_manifest_list_shas" | ||
|
||
# Add to digests array | ||
digests+=("$latest_snapshot_manifest_list_shas") | ||
|
||
# Find if there are any patch versions available | ||
# Extract version from latest snapshot | ||
version_part="${latest_snapshot_version%-SNAPSHOT}" | ||
|
||
# Extract the major, minor, and patch components using IFS (Internal Field Separator) | ||
IFS='.' read -r major minor patch <<< "$version_part" | ||
previous_major=$((major - 1)) | ||
previous_minor=$((minor - 1)) | ||
|
||
# If previous_minor is >= 0, then patch pattern = [current_major].[previous_minor].[1-9]-SNAPSHOT | ||
if [ $previous_minor -ge 0 ];then | ||
patch_major=${major} | ||
patch_minor=${previous_minor} | ||
else | ||
# Else previous_minor is < 0, then patch pattern = [previous_major].[10 + previous_minor].[1-9]-SNAPSHOT | ||
patch_major=${previous_major} | ||
patch_minor=$((10 + previous_minor)) | ||
fi | ||
|
||
patch_pattern="${patch_major}\.${patch_minor}\.[1-9]-SNAPSHOT" | ||
|
||
for version in $(echo "$all_snapshot_versions" | jq -r '.[]'); do | ||
if [[ ${version} =~ ^${patch_pattern}$ ]]; then | ||
echo "Patch version ${version} matches patch pattern ${patch_pattern}" | ||
|
||
# Add to array containing all matching patch versions | ||
matching_patch_versions+=("$version") | ||
fi | ||
|
||
# If matching patch versions array is not empty | ||
if [ ${#matching_patch_versions[@]} -ne 0 ]; then | ||
echo "Patch Versions array is not empty" | ||
# Find the latest patch version | ||
latest_patch_version=($(printf "%s\n" "${matching_patch_versions[@]}" | sort -V -r | head -n 1)) | ||
|
||
# Fetch the SHA | ||
latest_patch_version_sha=$(docker buildx imagetools inspect --raw "ghcr.io/boozallen/${name}:${latest_patch_version}" | jq -r '.manifests[].digest' | paste -s -d ' ' -) | ||
|
||
# Add to the digests array | ||
digests+=("$latest_patch_version_sha") | ||
fi | ||
done | ||
done | ||
|
||
# Join digests into a single string separated by spaces | ||
digests_string=$(echo "${digests[*]}") | ||
|
||
# Save the output to $GITHUB_OUTPUT | ||
echo "latest-snapshot-digests=${digests_string}" >> "$GITHUB_OUTPUT" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters