[stable/2023.2] Fix collection builds (#1397)
This is an automated cherry-pick of #1388
/assign mnaser
diff --git a/build/pin-images.py b/build/pin-images.py
index 8818f2c..1bf4112 100755
--- a/build/pin-images.py
+++ b/build/pin-images.py
@@ -16,9 +16,26 @@
def get_digest(image_ref, token=None):
+ url = f"https://{image_ref.domain()}/v2/{image_ref.path()}/manifests/{image_ref['tag']}"
+
headers = {}
if token:
headers["Authorization"] = f"Bearer {token}"
+ else:
+ r = requests.get(url, timeout=5, verify=False)
+ auth_header = r.headers.get("Www-Authenticate")
+ if auth_header:
+ realm = auth_header.split(",")[0].split("=")[1].strip('"')
+
+ r = requests.get(
+ realm,
+ timeout=5,
+ params={"scope": f"repository:{image_ref.path()}:pull"},
+ verify=False,
+ )
+ r.raise_for_status()
+
+ headers["Authorization"] = f"Bearer {r.json()['token']}"
try:
headers["Accept"] = "application/vnd.docker.distribution.manifest.v2+json"
@@ -27,6 +44,7 @@
f"https://{image_ref.domain()}/v2/{image_ref.path()}/manifests/{image_ref['tag']}",
timeout=5,
headers=headers,
+ verify=False,
)
r.raise_for_status()
return r.headers["Docker-Content-Digest"]
@@ -37,6 +55,7 @@
f"https://{image_ref.domain()}/v2/{image_ref.path()}/manifests/{image_ref['tag']}",
timeout=5,
headers=headers,
+ verify=False,
)
r.raise_for_status()
return r.headers["Docker-Content-Digest"]
@@ -46,12 +65,6 @@
def get_pinned_image(image_src):
image_ref = reference.Reference.parse(image_src)
- if image_ref.domain() in (
- "registry.k8s.io",
- "us-docker.pkg.dev",
- ):
- digest = get_digest(image_ref)
-
if image_ref.domain() == "registry.atmosphere.dev":
# Get token for docker.io
r = requests.get(
@@ -66,8 +79,7 @@
token = r.json()["token"]
digest = get_digest(image_ref, token=token)
-
- if image_ref.domain() == "quay.io":
+ elif image_ref.domain() == "quay.io":
r = requests.get(
f"https://quay.io/api/v1/repository/{image_ref.path()}/tag/",
timeout=5,
@@ -75,8 +87,7 @@
)
r.raise_for_status()
digest = r.json()["tags"][0]["manifest_digest"]
-
- if image_ref.domain() == "docker.io":
+ elif image_ref.domain() == "docker.io":
# Get token for docker.io
r = requests.get(
"https://auth.docker.io/token",
@@ -99,8 +110,7 @@
)
r.raise_for_status()
digest = r.headers["Docker-Content-Digest"]
-
- if image_ref.domain() == "ghcr.io":
+ elif image_ref.domain() == "ghcr.io":
# Get token for docker.io
r = requests.get(
"https://ghcr.io/token",
@@ -114,6 +124,8 @@
token = r.json()["token"]
digest = get_digest(image_ref, token=token)
+ else:
+ digest = get_digest(image_ref)
return f"{image_ref.domain()}/{image_ref.path()}:{image_ref['tag']}@{digest}"
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index 7d1650e..82e5de5 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -35,6 +35,8 @@
soft: true
- name: atmosphere-build-container-image-ironic
soft: true
+ - name: atmosphere-build-container-image-keepalived
+ soft: true
- name: atmosphere-build-container-image-keystone
soft: true
- name: atmosphere-build-container-image-kubernetes-entrypoint
@@ -98,6 +100,8 @@
soft: true
- name: atmosphere-upload-container-image-ironic
soft: true
+ - name: atmosphere-upload-container-image-keepalived
+ soft: true
- name: atmosphere-upload-container-image-keystone
soft: true
- name: atmosphere-upload-container-image-kubernetes-entrypoint