145 lines
4.4 KiB
Bash
145 lines
4.4 KiB
Bash
#! /usr/bin/env sh
|
|
|
|
set -e
|
|
|
|
cleanup() {
|
|
if [ "${CLEAN_EXIT}" = false ]; then
|
|
echo "something went wrong"
|
|
echo "continue with the pipeline"
|
|
exit 0
|
|
fi
|
|
}
|
|
|
|
trap cleanup EXIT
|
|
CLEAN_EXIT=false
|
|
|
|
if [ -z "${BASE}" ]; then
|
|
echo "the environment variable BASE is not set"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -z "${TARGET}" ]; then
|
|
echo "the environment variable TARGET is not set"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -z "${BASE_REGISTRY_USERNAME}" && -n "${REGISTRY_USERNAME}" ]; then
|
|
BASE_REPO_USERNAME="${REPO_USERNAME}"
|
|
fi
|
|
|
|
if [ -z "${BASE_REGISTRY_PASSWORD}" && -n "${REGISTRY_PASSWORD}" ]; then
|
|
BASE_REPO_PASSWORD="${REPO_PASSWORD}"
|
|
fi
|
|
|
|
if [ -z "${TARGET_REGISTRY_USERNAME}" && -n "${REGISTRY_USERNAME}" ]; then
|
|
TARGET_REPO_USERNAME="${REPO_USERNAME}"
|
|
fi
|
|
|
|
if [ -z "${TARGET_REGISTRY_PASSWORD}" && -n "${REGISTRY_PASSWORD}" ]; then
|
|
BASE_REPO_PASSWORD="${REPO_PASSWORD}"
|
|
fi
|
|
|
|
if [ -z "${REGISTRY_API}" ]; then
|
|
REGISTRY_API = 'docker'
|
|
fi
|
|
|
|
if [ -z "${BASE_REGISTRY_API}" ]; then
|
|
BASE_REGISTRY_API = '${REGISTRY_API}'
|
|
fi
|
|
|
|
if [ -z "${TARGET_REGISTRY_API}" ]; then
|
|
TARGET_REGISTRY_API = '${REGISTRY_API}'
|
|
fi
|
|
|
|
if [ -z "${REGISTRY_URL}" ]; then
|
|
REGISTRY_URL="https://hub.docker.com/v2"
|
|
# repositories
|
|
fi
|
|
|
|
if [ -z "${BASE_REPO_URL}" ]; then
|
|
BASE_REGISTRY_URL="${REPO_URL}"
|
|
fi
|
|
|
|
if [ -z "${TARGET_REPO_URL}" ]; then
|
|
TARGET_REGISTRY_URL="${REPO_URL}"
|
|
fi
|
|
|
|
# remove trailing /
|
|
BASE_REGISTRY_URL="${BASE_REGISTRY_URL%/}"
|
|
TARGET_REGISTRY_URL="${TARGET_REGISTRY_URL%/}"
|
|
|
|
# add "library/" if its a "official" docker image (no username is provided)
|
|
echo "${BASE}" | grep -q "/" || BASE="library/${BASE}"
|
|
echo "${TARGET}" | grep -q "/" || TARGET="library/${TARGET}"
|
|
|
|
# if no tag is given default to latest
|
|
echo "${BASE}" | grep -q ":" || BASE="${BASE}:latest"
|
|
echo "${TARGET}" | grep -q ":" || TARGET="${TARGET}:latest"
|
|
|
|
# split repo into user reponame and tag
|
|
IFS='/:'
|
|
read -ra parts <<< "${BASE_REPO}"
|
|
BASE_REPO_USER="${parts[0]}"
|
|
BASE_REPO_NAME="${parts[1]}"
|
|
BASE_REPO_TAG="${parts[2]}"
|
|
|
|
read -ra parts <<< "${TARGET_REPO}"
|
|
TARGET_REPO_USER="${parts[0]}"
|
|
TARGET_REPO_NAME="${parts[1]}"
|
|
TARGET_REPO_TAG="${parts[2]}"
|
|
|
|
if [ -n "${BASE_REGISTRY_USERNAME}" && -n "${BASE_REGISTRY_PASSWORD}" \ ]
|
|
|
|
# make a shared login header if REGISTRY_API REGISTRY_USERNAME and REGISTRY_PASSWORD are the same for BASE and TARGET
|
|
if [ "${BASE_REGISTRY_API}" == "${TARGET_REGISTRY_API}" \
|
|
&& "${BASE_REGISTRY_USERNAME}" == "${TARGET_REGISTRY_USERNAME}" \
|
|
&& "${BASE_REGISTRY_PASSWORD}" == "${TARGET_REGISTRY_PASSWORD}" \
|
|
&& "${BASE_REGISTRY_URL}" == "${TARGET_REGISTRY_URL}" \
|
|
&& -n "${BASE_REGISTRY_USERNAME}" \
|
|
&& -n "${BASE_REGISTRY_PASSWORD}" \
|
|
]; then
|
|
if [ "${BASE_REGISTRY_API}" == "docker" ]; then
|
|
TOKEN=$(curl -s -H "Content-Type: application/json" -X POST -d "{\"username\": \"${BASE_REGISTRY_USERNAME}\", \"password\": \"${BASE_REGISTRY_PASSWORD}\"}" ${BASE_REGISTRY_URL}/users/login/ | jq -r .token)
|
|
BASE_HEADER="Authorization: JWT ${TOKEN}"
|
|
TARGET_HEADER="Authorization: JWT ${TOKEN}"
|
|
elif [ "${BASE_REGISTRY_API}" == "gitea" ]; then
|
|
BASE_HEADER="Authorization: token ${BASE_REGISTRY_PASSWORD}"
|
|
TARGET_HEADER="Authorization: token ${TARGET_REGISTRY_PASSWORD}"
|
|
fi
|
|
fi
|
|
|
|
if [ "${BASE_REGISTRY_API}" == "docker" ]; then
|
|
BASE_URL="${BASE_REPO_URL}/${BASE_REPO_USER}/${BASE_REPO_NAME}/tags/${BASE_REPO_TAG}"
|
|
elif [ "${BASE_REGISTRY_API}" == "gitea" ]; then
|
|
|
|
fi
|
|
|
|
# build the url to the repo
|
|
BASE_URL="${BASE_REPO_URL}/${BASE_REPO}/tags/${BASE_TAG}"
|
|
TARGET_URL="${TARGET_REPO_URL}/${TARGET_REPO}/tags/${TARGET_TAG}"
|
|
|
|
# login if credentias are passed
|
|
HEADER=""
|
|
if [ -n "${DOCKER_USERNAME}" ] && [ -n "${DOCKER_PASSWORD}" ]; then
|
|
TOKEN=$(curl -s -H "Content-Type: application/json" -X POST -d '{"username": "'"${DOCKER_USERNAME}"'", "password": "'"${DOCKER_PASSWORD}"'"}' https://hub.docker.com/v2/users/login/ | jq -r .token)
|
|
HEADER="Authorization: JWT ${TOKEN}"
|
|
fi
|
|
|
|
# curl -X 'GET' -H 'accept: application/json' 'https://git.narvas.tech/api/v1/packages/[USER]/container/[REPO]/dev?access_token=[TOKEN]'
|
|
|
|
# compare the update time of the BASE and TARGET images
|
|
BASE_DATE=$(curl -s -H "${HEADER}" "${BASE_URL}" | jq -r .last_updated | sed 's/T/ /' | sed 's/\..*//' )
|
|
TARGET_DATE=$(curl -s -H "${HEADER}" "${TARGET_URL}" | jq -r .last_updated | sed 's/T/ /' | sed 's/\..*//' )
|
|
|
|
BASE_TIMESTAMP=$(date -d "${BASE_DATE}" +%s)
|
|
TARGET_TIMESTAMP=$(date -d "${TARGET_DATE}" +%s)
|
|
|
|
CLEAN_EXIT=true
|
|
|
|
if [ "$BASE_TIMESTAMP" -le "$TARGET_TIMESTAMP" ]; then
|
|
echo "no update needed"
|
|
exit 1
|
|
fi
|
|
|
|
echo "$TARGET needs updating"
|
|
exit 0 |