Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 6db2e11a046e88e0cfa0ddb6ca42f1cf09ee5acd / . / build / pin-images.py
blob: fbc8f2ca2df560b876e6ab96308f3f744f50e067 [file] [log] [blame]
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]1#!/usr/bin/env python3
2
3import argparse
4import functools
5
Mohammed Naser12207172024-02-05 18:49:35 -0500[diff] [blame]6import requests
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]7from docker_image import reference
8from oslo_config import cfg
9from oslo_log import log as logging
10from ruyaml import YAML
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]11
12LOG = logging.getLogger(__name__)
13CONF = cfg.CONF
14
Oleksandr Kd4e5b232024-01-18 17:20:16 +0100[diff] [blame]15SKIP_IMAGE_LIST = ["secretgen_controller"]
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]16
Mohammed Naser891a2902024-01-23 09:47:47 -0500[diff] [blame]17
Mohammed Naser21066a12024-01-02 11:14:53 -0500[diff] [blame]18def get_digest(image_ref, token=None):
vexxhost-botf5ee7992024-06-19 00:13:44 +0200[diff] [blame]19 url = f"https://{image_ref.domain()}/v2/{image_ref.path()}/manifests/{image_ref['tag']}"
20
Mohammed Naser21066a12024-01-02 11:14:53 -0500[diff] [blame]21 headers = {}
22 if token:
23 headers["Authorization"] = f"Bearer {token}"
vexxhost-botf5ee7992024-06-19 00:13:44 +0200[diff] [blame]24 else:
Yaguang Tang6db2e112025-01-17 20:14:29 +0800[diff] [blame^]25 r = requests.get(url, timeout=5, verify=False)
vexxhost-botf5ee7992024-06-19 00:13:44 +0200[diff] [blame]26 auth_header = r.headers.get("Www-Authenticate")
27 if auth_header:
28 realm = auth_header.split(",")[0].split("=")[1].strip('"')
29
30 r = requests.get(
31 realm,
32 timeout=5,
Yaguang Tang6db2e112025-01-17 20:14:29 +0800[diff] [blame^]33 verify=False,
vexxhost-botf5ee7992024-06-19 00:13:44 +0200[diff] [blame]34 params={"scope": f"repository:{image_ref.path()}:pull"},
vexxhost-botf5ee7992024-06-19 00:13:44 +0200[diff] [blame]35 )
36 r.raise_for_status()
37
38 headers["Authorization"] = f"Bearer {r.json()['token']}"
Mohammed Naser21066a12024-01-02 11:14:53 -0500[diff] [blame]39
40 try:
41 headers["Accept"] = "application/vnd.docker.distribution.manifest.v2+json"
42
43 r = requests.get(
44 f"https://{image_ref.domain()}/v2/{image_ref.path()}/manifests/{image_ref['tag']}",
45 timeout=5,
Yaguang Tang6db2e112025-01-17 20:14:29 +0800[diff] [blame^]46 verify=False,
Mohammed Naser21066a12024-01-02 11:14:53 -0500[diff] [blame]47 headers=headers,
48 )
49 r.raise_for_status()
50 return r.headers["Docker-Content-Digest"]
51 except requests.exceptions.HTTPError:
52 headers["Accept"] = "application/vnd.oci.image.index.v1+json"
53
54 r = requests.get(
55 f"https://{image_ref.domain()}/v2/{image_ref.path()}/manifests/{image_ref['tag']}",
56 timeout=5,
Yaguang Tang6db2e112025-01-17 20:14:29 +0800[diff] [blame^]57 verify=False,
Mohammed Naser21066a12024-01-02 11:14:53 -0500[diff] [blame]58 headers=headers,
59 )
60 r.raise_for_status()
61 return r.headers["Docker-Content-Digest"]
62
63
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]64@functools.cache
65def get_pinned_image(image_src):
66 image_ref = reference.Reference.parse(image_src)
Mohammed Naser859988e2025-01-19 00:04:34 -0500[diff] [blame]67 if image_ref.domain() != "harbor.atmosphere.dev":
Yaguang Tang6db2e112025-01-17 20:14:29 +0800[diff] [blame^]68 try:
69 image_ref = reference.Reference.parse("harbor.atmosphere.dev/" + image_src)
70 except Exception:
71 LOG.warn(f"failed to parse image path {image_src}")
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]72
Yaguang Tang0953b612024-12-13 04:14:34 +0800[diff] [blame]73 if (
74 image_ref.domain() == "registry.atmosphere.dev"
75 or image_ref.domain() == "harbor.atmosphere.dev"
76 ):
Mohammed Naser1dfea6b2024-02-09 01:04:26 -0500[diff] [blame]77 # Get token for docker.io
78 r = requests.get(
Yaguang Tang0953b612024-12-13 04:14:34 +0800[diff] [blame]79 "https://harbor.atmosphere.dev/service/token",
Mohammed Naser1dfea6b2024-02-09 01:04:26 -0500[diff] [blame]80 timeout=5,
81 params={
82 "service": "harbor-registry",
83 "scope": f"repository:{image_ref.path()}:pull",
84 },
85 )
86 r.raise_for_status()
87 token = r.json()["token"]
88
89 digest = get_digest(image_ref, token=token)
vexxhost-botf5ee7992024-06-19 00:13:44 +0200[diff] [blame]90 elif image_ref.domain() == "quay.io":
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]91 r = requests.get(
92 f"https://quay.io/api/v1/repository/{image_ref.path()}/tag/",
Mohammed Naser21066a12024-01-02 11:14:53 -0500[diff] [blame]93 timeout=5,
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]94 params={"specificTag": image_ref["tag"]},
95 )
96 r.raise_for_status()
97 digest = r.json()["tags"][0]["manifest_digest"]
vexxhost-botf5ee7992024-06-19 00:13:44 +0200[diff] [blame]98 elif image_ref.domain() == "docker.io":
Mohammed Naser49e66372023-07-10 14:57:00 -0400[diff] [blame]99 # Get token for docker.io
100 r = requests.get(
101 "https://auth.docker.io/token",
Mohammed Naser21066a12024-01-02 11:14:53 -0500[diff] [blame]102 timeout=5,
Mohammed Naser16baaab2023-07-10 15:07:11 -0400[diff] [blame]103 params={
104 "service": "registry.docker.io",
105 "scope": f"repository:{image_ref.path()}:pull",
106 },
Mohammed Naser49e66372023-07-10 14:57:00 -0400[diff] [blame]107 )
108 r.raise_for_status()
109 token = r.json()["token"]
110
111 r = requests.get(
112 f"https://registry-1.docker.io/v2/{image_ref.path()}/manifests/{image_ref['tag']}",
Mohammed Naser21066a12024-01-02 11:14:53 -0500[diff] [blame]113 timeout=5,
Mohammed Naser16baaab2023-07-10 15:07:11 -0400[diff] [blame]114 headers={
115 "Accept": "application/vnd.docker.distribution.manifest.v2+json",
116 "Authorization": f"Bearer {token}",
117 },
Mohammed Naser49e66372023-07-10 14:57:00 -0400[diff] [blame]118 )
119 r.raise_for_status()
120 digest = r.headers["Docker-Content-Digest"]
vexxhost-botf5ee7992024-06-19 00:13:44 +0200[diff] [blame]121 elif image_ref.domain() == "ghcr.io":
Mohammed Naser21066a12024-01-02 11:14:53 -0500[diff] [blame]122 # Get token for docker.io
123 r = requests.get(
124 "https://ghcr.io/token",
125 timeout=5,
126 params={
127 "service": "ghcr.io",
128 "scope": f"repository:{image_ref.path()}:pull",
129 },
130 )
131 r.raise_for_status()
132 token = r.json()["token"]
133
134 digest = get_digest(image_ref, token=token)
vexxhost-botf5ee7992024-06-19 00:13:44 +0200[diff] [blame]135 else:
136 digest = get_digest(image_ref)
Mohammed Naser21066a12024-01-02 11:14:53 -0500[diff] [blame]137
Mohammed Naser859988e2025-01-19 00:04:34 -0500[diff] [blame]138 original_ref = reference.Reference.parse(image_src)
139 return (
140 f"{original_ref.domain()}/{original_ref.path()}:{original_ref['tag']}@{digest}"
141 )
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]142
143
144def main():
145 logging.register_options(CONF)
146 logging.setup(CONF, "atmosphere-bump-images")
147
148 parser = argparse.ArgumentParser("bump-images")
149 parser.add_argument(
150 "src", help="Path for default values file", type=argparse.FileType("r")
151 )
Mohammed Nasereb257cb2024-04-10 21:14:24 -0400[diff] [blame]152 parser.add_argument(
153 "dst", help="Path for output file", type=argparse.FileType("r+")
154 )
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]155
156 args = parser.parse_args()
157
158 yaml = YAML(typ="rt")
159 data = yaml.load(args.src)
160
Mohammed Naser21066a12024-01-02 11:14:53 -0500[diff] [blame]161 for image in data["_atmosphere_images"]:
Oleksandr Kd4e5b232024-01-18 17:20:16 +0100[diff] [blame]162 if image in SKIP_IMAGE_LIST:
163 continue
Mohammed Naserfdd5cee2024-02-07 23:45:52 -0500[diff] [blame]164
Jason Hall222923e2024-02-19 12:56:23 -0600[diff] [blame]165 image_src = (
166 data["_atmosphere_images"][image]
167 .replace("{{ atmosphere_release }}", data["atmosphere_release"])
168 .replace("{{ atmosphere_image_prefix }}", "")
Mohammed Naser12207172024-02-05 18:49:35 -0500[diff] [blame]169 )
Mohammed Naser859988e2025-01-19 00:04:34 -0500[diff] [blame]170 pinned_image = get_pinned_image(image_src).replace(
171 "harbor.atmosphere.dev", "registry.atmosphere.dev"
172 )
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]173
174 LOG.info("Pinning image %s from %s to %s", image, image_src, pinned_image)
Jason Hall222923e2024-02-19 12:56:23 -0600[diff] [blame]175 data["_atmosphere_images"][image] = "{{ atmosphere_image_prefix }}%s" % (
176 pinned_image,
177 )
Mohammed Naser8613c862023-04-24 17:26:51 -0400[diff] [blame]178
179 yaml.dump(data, args.dst)
180
181
182if __name__ == "__main__":
183 main()