build/pin-images.py - atmosphere - Gitiles

 #!/usr/bin/env python3

 import argparse
 import functools

 import requests
 from docker_image import reference
 from oslo_config import cfg
 from oslo_log import log as logging
 from ruyaml import YAML

 LOG = logging.getLogger(__name__)
 CONF = cfg.CONF

 SKIP_IMAGE_LIST = ["secretgen_controller"]


 def get_digest(image_ref, token=None):
     url = f"https://{image_ref.domain()}/v2/{image_ref.path()}/manifests/{image_ref['tag']}"

     headers = {}
     if token:
         headers["Authorization"] = f"Bearer {token}"
     else:
         r = requests.get(url, timeout=5, verify=False)
         auth_header = r.headers.get("Www-Authenticate")
         if auth_header:
             realm = auth_header.split(",")[0].split("=")[1].strip('"')

             r = requests.get(
                 realm,
                 timeout=5,
                 verify=False,
                 params={"scope": f"repository:{image_ref.path()}:pull"},
             )
             r.raise_for_status()

             headers["Authorization"] = f"Bearer {r.json()['token']}"

     try:
         headers["Accept"] = "application/vnd.docker.distribution.manifest.v2+json"

         r = requests.get(
             f"https://{image_ref.domain()}/v2/{image_ref.path()}/manifests/{image_ref['tag']}",
             timeout=5,
             verify=False,
             headers=headers,
         )
         r.raise_for_status()
         return r.headers["Docker-Content-Digest"]
     except requests.exceptions.HTTPError:
         headers["Accept"] = "application/vnd.oci.image.index.v1+json"

         r = requests.get(
             f"https://{image_ref.domain()}/v2/{image_ref.path()}/manifests/{image_ref['tag']}",
             timeout=5,
             verify=False,
             headers=headers,
         )
         r.raise_for_status()
         return r.headers["Docker-Content-Digest"]


 @functools.cache
 def get_pinned_image(image_src):
     image_ref = reference.Reference.parse(image_src)
     if image_ref.domain() != "harbor.atmosphere.dev":
         try:
             image_ref = reference.Reference.parse("harbor.atmosphere.dev/" + image_src)
         except Exception:
             LOG.warn(f"failed to parse image path {image_src}")

     if (
         image_ref.domain() == "registry.atmosphere.dev"
         or image_ref.domain() == "harbor.atmosphere.dev"
     ):
         # Get token for docker.io
         r = requests.get(
             "https://harbor.atmosphere.dev/service/token",
             timeout=5,
             params={
                 "service": "harbor-registry",
                 "scope": f"repository:{image_ref.path()}:pull",
             },
         )
         r.raise_for_status()
         token = r.json()["token"]

         digest = get_digest(image_ref, token=token)
     elif image_ref.domain() == "quay.io":
         r = requests.get(
             f"https://quay.io/api/v1/repository/{image_ref.path()}/tag/",
             timeout=5,
             params={"specificTag": image_ref["tag"]},
         )
         r.raise_for_status()
         digest = r.json()["tags"][0]["manifest_digest"]
     elif image_ref.domain() == "docker.io":
         # Get token for docker.io
         r = requests.get(
             "https://auth.docker.io/token",
             timeout=5,
             params={
                 "service": "registry.docker.io",
                 "scope": f"repository:{image_ref.path()}:pull",
             },
         )
         r.raise_for_status()
         token = r.json()["token"]

         r = requests.get(
             f"https://registry-1.docker.io/v2/{image_ref.path()}/manifests/{image_ref['tag']}",
             timeout=5,
             headers={
                 "Accept": "application/vnd.docker.distribution.manifest.v2+json",
                 "Authorization": f"Bearer {token}",
             },
         )
         r.raise_for_status()
         digest = r.headers["Docker-Content-Digest"]
     elif image_ref.domain() == "ghcr.io":
         # Get token for docker.io
         r = requests.get(
             "https://ghcr.io/token",
             timeout=5,
             params={
                 "service": "ghcr.io",
                 "scope": f"repository:{image_ref.path()}:pull",
             },
         )
         r.raise_for_status()
         token = r.json()["token"]

         digest = get_digest(image_ref, token=token)
     else:
         digest = get_digest(image_ref)

     original_ref = reference.Reference.parse(image_src)
     return (
         f"{original_ref.domain()}/{original_ref.path()}:{original_ref['tag']}@{digest}"
     )


 def main():
     logging.register_options(CONF)
     logging.setup(CONF, "atmosphere-bump-images")

     parser = argparse.ArgumentParser("bump-images")
     parser.add_argument(
         "src", help="Path for default values file", type=argparse.FileType("r")
     )
     parser.add_argument(
         "dst", help="Path for output file", type=argparse.FileType("r+")
     )

     args = parser.parse_args()

     yaml = YAML(typ="rt")
     data = yaml.load(args.src)

     for image in data["_atmosphere_images"]:
         if image in SKIP_IMAGE_LIST:
             continue

         image_src = (
             data["_atmosphere_images"][image]
             .replace("{{ atmosphere_release }}", data["atmosphere_release"])
             .replace("{{ atmosphere_image_prefix }}", "")
         )
         pinned_image = get_pinned_image(image_src).replace(
             "harbor.atmosphere.dev", "registry.atmosphere.dev"
         )

         LOG.info("Pinning image %s from %s to %s", image, image_src, pinned_image)
         data["_atmosphere_images"][image] = "{{ atmosphere_image_prefix }}%s" % (
             pinned_image,
         )

     yaml.dump(data, args.dst)


 if __name__ == "__main__":
     main()
	#!/usr/bin/env python3

	import argparse
	import functools

	import requests
	from docker_image import reference
	from oslo_config import cfg
	from oslo_log import log as logging
	from ruyaml import YAML

	LOG = logging.getLogger(__name__)
	CONF = cfg.CONF

	SKIP_IMAGE_LIST = ["secretgen_controller"]


	def get_digest(image_ref, token=None):
	url = f"https://{image_ref.domain()}/v2/{image_ref.path()}/manifests/{image_ref['tag']}"

	headers = {}
	if token:
	headers["Authorization"] = f"Bearer {token}"
	else:
	r = requests.get(url, timeout=5, verify=False)
	auth_header = r.headers.get("Www-Authenticate")
	if auth_header:
	realm = auth_header.split(",")[0].split("=")[1].strip('"')

	r = requests.get(
	realm,
	timeout=5,
	verify=False,
	params={"scope": f"repository:{image_ref.path()}:pull"},
	)
	r.raise_for_status()

	headers["Authorization"] = f"Bearer {r.json()['token']}"

	try:
	headers["Accept"] = "application/vnd.docker.distribution.manifest.v2+json"

	r = requests.get(
	f"https://{image_ref.domain()}/v2/{image_ref.path()}/manifests/{image_ref['tag']}",
	timeout=5,
	verify=False,
	headers=headers,
	)
	r.raise_for_status()
	return r.headers["Docker-Content-Digest"]
	except requests.exceptions.HTTPError:
	headers["Accept"] = "application/vnd.oci.image.index.v1+json"

	r = requests.get(
	f"https://{image_ref.domain()}/v2/{image_ref.path()}/manifests/{image_ref['tag']}",
	timeout=5,
	verify=False,
	headers=headers,
	)
	r.raise_for_status()
	return r.headers["Docker-Content-Digest"]


	@functools.cache
	def get_pinned_image(image_src):
	image_ref = reference.Reference.parse(image_src)
	if image_ref.domain() != "harbor.atmosphere.dev":
	try:
	image_ref = reference.Reference.parse("harbor.atmosphere.dev/" + image_src)
	except Exception:
	LOG.warn(f"failed to parse image path {image_src}")

	if (
	image_ref.domain() == "registry.atmosphere.dev"
	or image_ref.domain() == "harbor.atmosphere.dev"
	):
	# Get token for docker.io
	r = requests.get(
	"https://harbor.atmosphere.dev/service/token",
	timeout=5,
	params={
	"service": "harbor-registry",
	"scope": f"repository:{image_ref.path()}:pull",
	},
	)
	r.raise_for_status()
	token = r.json()["token"]

	digest = get_digest(image_ref, token=token)
	elif image_ref.domain() == "quay.io":
	r = requests.get(
	f"https://quay.io/api/v1/repository/{image_ref.path()}/tag/",
	timeout=5,
	params={"specificTag": image_ref["tag"]},
	)
	r.raise_for_status()
	digest = r.json()["tags"][0]["manifest_digest"]
	elif image_ref.domain() == "docker.io":
	# Get token for docker.io
	r = requests.get(
	"https://auth.docker.io/token",
	timeout=5,
	params={
	"service": "registry.docker.io",
	"scope": f"repository:{image_ref.path()}:pull",
	},
	)
	r.raise_for_status()
	token = r.json()["token"]

	r = requests.get(
	f"https://registry-1.docker.io/v2/{image_ref.path()}/manifests/{image_ref['tag']}",
	timeout=5,
	headers={
	"Accept": "application/vnd.docker.distribution.manifest.v2+json",
	"Authorization": f"Bearer {token}",
	},
	)
	r.raise_for_status()
	digest = r.headers["Docker-Content-Digest"]
	elif image_ref.domain() == "ghcr.io":
	# Get token for docker.io
	r = requests.get(
	"https://ghcr.io/token",
	timeout=5,
	params={
	"service": "ghcr.io",
	"scope": f"repository:{image_ref.path()}:pull",
	},
	)
	r.raise_for_status()
	token = r.json()["token"]

	digest = get_digest(image_ref, token=token)
	else:
	digest = get_digest(image_ref)

	original_ref = reference.Reference.parse(image_src)
	return (
	f"{original_ref.domain()}/{original_ref.path()}:{original_ref['tag']}@{digest}"
	)


	def main():
	logging.register_options(CONF)
	logging.setup(CONF, "atmosphere-bump-images")

	parser = argparse.ArgumentParser("bump-images")
	parser.add_argument(
	"src", help="Path for default values file", type=argparse.FileType("r")
	)
	parser.add_argument(
	"dst", help="Path for output file", type=argparse.FileType("r+")
	)

	args = parser.parse_args()

	yaml = YAML(typ="rt")
	data = yaml.load(args.src)

	for image in data["_atmosphere_images"]:
	if image in SKIP_IMAGE_LIST:
	continue

	image_src = (
	data["_atmosphere_images"][image]
	.replace("{{ atmosphere_release }}", data["atmosphere_release"])
	.replace("{{ atmosphere_image_prefix }}", "")
	)
	pinned_image = get_pinned_image(image_src).replace(
	"harbor.atmosphere.dev", "registry.atmosphere.dev"
	)

	LOG.info("Pinning image %s from %s to %s", image, image_src, pinned_image)
	data["_atmosphere_images"][image] = "{{ atmosphere_image_prefix }}%s" % (
	pinned_image,
	)

	yaml.dump(data, args.dst)


	if __name__ == "__main__":
	main()