/
docker.go
122 lines (105 loc) · 3.51 KB
/
docker.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
// Trivy
// Copyright 2019-2020 Aqua Security Software Ltd.
// This product includes software developed by Aqua Security (https://aquasec.com).
//
// Adapted from https://github.com/aquasecurity/trivy
package daemon
import (
"context"
"fmt"
"os"
"github.com/docker/docker/client"
"github.com/google/go-containerregistry/pkg/name"
v1 "github.com/google/go-containerregistry/pkg/v1"
"github.com/google/go-containerregistry/pkg/v1/tarball"
)
// DockerImage implements v1.Image by extending daemon.Image.
// The caller must call cleanup() to remove a temporary file.
func DockerImage(ref name.Reference) (Image, func(), error) {
cleanup := func() {}
c, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
if err != nil {
return nil, cleanup, fmt.Errorf("failed to initialize a docker client: %w", err)
}
defer func() {
if err != nil {
_ = c.Close()
}
}()
// <image_name>:<tag> pattern like "alpine:3.15"
// or
// <image_name>@<digest> pattern like "alpine@sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300"
imageID := ref.Name()
inspect, _, err := c.ImageInspectWithRaw(context.Background(), imageID)
if err != nil {
imageID = ref.String() // <image_id> pattern like `5ac716b05a9c`
inspect, _, err = c.ImageInspectWithRaw(context.Background(), imageID)
if err != nil {
return nil, cleanup, fmt.Errorf("unable to inspect the image (%s): %w", imageID, err)
}
}
history, err := c.ImageHistory(context.Background(), imageID)
if err != nil {
return nil, cleanup, fmt.Errorf("unable to get history (%s): %w", imageID, err)
}
f, err := os.CreateTemp("", "fanal-*")
if err != nil {
return nil, cleanup, fmt.Errorf("failed to create a temporary file")
}
cleanup = func() {
_ = c.Close()
_ = f.Close()
_ = os.Remove(f.Name())
}
return &image{
opener: imageOpener(context.Background(), imageID, f, c.ImageSave),
inspect: inspect,
history: configHistory(history),
}, cleanup, nil
}
// DockerTarImage implements v1.Image by extending daemon.Image.
// The caller must call cleanup() to remove a temporary file.
func DockerTarImage(ref name.Reference, localTarPath string) (Image, func(), error) {
cleanup := func() {}
c, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
if err != nil {
return nil, cleanup, fmt.Errorf("failed to initialize a docker client: %w", err)
}
defer func() {
if err != nil {
_ = c.Close()
}
}()
// <image_name>:<tag> pattern like "alpine:3.15"
// or
// <image_name>@<digest> pattern like "alpine@sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300"
imageID := ref.Name()
inspect, _, err := c.ImageInspectWithRaw(context.Background(), imageID)
if err != nil {
imageID = ref.String() // <image_id> pattern like `5ac716b05a9c`
inspect, _, err = c.ImageInspectWithRaw(context.Background(), imageID)
if err != nil {
return nil, cleanup, fmt.Errorf("unable to inspect the image (%s): %w", imageID, err)
}
}
history, err := c.ImageHistory(context.Background(), imageID)
if err != nil {
return nil, cleanup, fmt.Errorf("unable to get history (%s): %w", imageID, err)
}
f, err := os.CreateTemp("", "fanal-*")
if err != nil {
return nil, cleanup, fmt.Errorf("failed to create a temporary file")
}
cleanup = func() {
_ = c.Close()
_ = f.Close()
_ = os.Remove(f.Name())
}
return &image{
opener: func() (v1.Image, error) {
return tarball.ImageFromPath(localTarPath, nil)
},
inspect: inspect,
history: configHistory(history),
}, cleanup, nil
}