Extract and use devfile images digest from env. (#244)

* Extract and use devfile images digest from env. Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
eclipse-che · Jul 8, 2020 · db49e19 · db49e19
1 parent 6724598
commit db49e19
Show file tree

Hide file tree

Showing 3 changed files with 79 additions and 1 deletion.
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -0,0 +1,11 @@
+{
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "type": "bashdb",
+            "request": "launch",
+            "name": "Bash-Debug (simplest configuration)",
+            "program": "${file}"
+        }
+    ]
+}
diff --git a/build/dockerfiles/Dockerfile b/build/dockerfiles/Dockerfile
@@ -37,7 +37,8 @@ RUN apk add --no-cache bash && \
     mkdir -m 777 /usr/local/apache2/htdocs/devfiles && \
     mkdir -p /var/www && ln -s /usr/local/apache2/htdocs /var/www/html && \
     chmod -R g+rwX /usr/local/apache2 && \
-    echo "ServerName localhost" >> /usr/local/apache2/conf/httpd.conf
+    echo "ServerName localhost" >> /usr/local/apache2/conf/httpd.conf && \
+    apk add --no-cache coreutils
 COPY .htaccess README.md /usr/local/apache2/htdocs/
 COPY --from=builder /build/devfiles /usr/local/apache2/htdocs/devfiles
 COPY ./images /usr/local/apache2/htdocs/images

diff --git a/build/dockerfiles/entrypoint.sh b/build/dockerfiles/entrypoint.sh
@@ -45,6 +45,72 @@ INDEX_JSON="${DEVFILES_DIR}/index.json"
 #   \7 - Optional quotation following image reference
 IMAGE_REGEX='([[:space:]]*"?)([._:a-zA-Z0-9-]*)/([._a-zA-Z0-9-]*)/([._a-zA-Z0-9-]*)(@sha256)?:([._a-zA-Z0-9-]*)("?)'
 
+# Extract and use env variables with image digest information.
+# Env variable name format: 
+# RELATED_IMAGES_(Image_name)_(Image_label)_(Encoded_base32_image_tag)
+# Where are:
+# "Image_name" - image name. Not valid chars for env variable name replaced to '_'.
+# "Image_label" - image target, for example 'devfile_registry_image'.
+# "Encoded_base32_image_tag_" - original image tag encoded to base32, to avoid invalid for env name chars. base32 alphabet has only 
+# one invalid character for env name: '='. That's why it was replaced to '_'. 
+# INFO: "=" for base32 it is pad character. If encoded string contains this char(s), then it is always located at the end of the string.
+# Env value it is image with digest to use.
+# Example env variable:
+# RELATED_IMAGE_che_rust_1_39_devfile_registry_image_G4XDCMZOGIFA____=quay.io/eclipse/che-rust-1.39@sha256:3d9f36e6b3ed99c7a9959ac9476778ef5019add15b7c0f0b5f27b55587db3def
+if env | grep -q ".*devfile_registry_image.*"; then
+  declare -A imageMap
+  readarray -t ENV_IMAGES < <(env | grep ".*devfile_registry_image.*")
+  for imageEnv in "${ENV_IMAGES[@]}"; do
+    tagOrDigest=$(echo "${imageEnv}" | sed -e 's;.*registry_image_\(.*\)=.*;\1;' | tr _ = | base32 -d)
+    if [[ ${tagOrDigest} == *"@"* ]]; then
+      # Well, image was "freezed", because it already has got digest, so do nothing.
+      continue
+    fi
+    imageWithDigest=${imageEnv#*=};
+    if [[ -n "${tagOrDigest}" ]]; then
+      imageToReplace="${imageWithDigest%@*}:${tagOrDigest}"
+    else
+      imageToReplace="${imageWithDigest%@*}"
+    fi
+    digest="@${imageWithDigest#*@}"
+    imageMap["${imageToReplace}"]="${digest}"
+  done
+
+  echo "--------------------------Digest map--------------------------"
+  for KEY in "${!imageMap[@]}"; do
+    echo "Key: $KEY Value: ${imageMap[${KEY}]}"
+  done
+  echo "--------------------------------------------------------------"
+
+  readarray -t devfiles < <(find "${DEVFILES_DIR}" -name 'devfile.yaml')
+  for devfile in "${devfiles[@]}"; do
+    readarray -t images < <(grep "image:" "${devfile}" | sed -r "s;.*image:[[:space:]]*'?\"?([._:a-zA-Z0-9-]*/?[._a-zA-Z0-9-]*/[._a-zA-Z0-9-]*(@sha256)?:?[._a-zA-Z0-9-]*)'?\"?[[:space:]]*;\1;")
+    for image in "${images[@]}"; do
+      separators="${image//[^\/]}"
+      # Warning, keep in mind: image without registry name is it possible case. It's mean, that image comes from private registry, where is we have organization name, but no registry name...
+      digest="${imageMap[${image}]}"
+
+      if [[ -z "${digest}" ]] && [ "${#separators}" == "1" ]; then
+        imageWithDefaultRegistry="docker.io/${image}"
+        digest="${imageMap[${imageWithDefaultRegistry}]}"
+      fi
+
+      if [[ -n "${digest}" ]]; then
+        if [[ ${image} == *":"* ]]; then
+          imageWithoutTag="${image%:*}"
+          tag="${image#*:}"
+        else
+          imageWithoutTag=${image}
+          tag=""
+        fi
+
+        REGEX="([[:space:]]*\"?'?)(${imageWithoutTag}):?(${tag})(\"?'?)"
+        sed -i -E "s|image:${REGEX}|image:\1\2${digest}\4|" "${devfile}"
+      fi
+    done
+  done
+fi
+
 # We can't use the `-d` option for readarray because
 # registry.centos.org/centos/httpd-24-centos7 ships with Bash 4.2
 # The below command will fail if any path contains whitespace