From 3244a115116f629e45dd38047d543ac9e5821f65 Mon Sep 17 00:00:00 2001 From: arewm Date: Thu, 5 Sep 2024 13:35:17 -0400 Subject: [PATCH] Ensure that we know all image mainfests added to the index Since we are passing --all to the buildah manifest add command, we enable all manifests referenced by an image index to be added to this index. If that happens, then we will only expose the digest of the image index and not all image manifests. By post-processing the image index to identify all manifests, we can ensure that we have identified all image manifests referenced. Signed-off-by: arewm --- task/build-image-index/0.1/build-image-index.yaml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/task/build-image-index/0.1/build-image-index.yaml b/task/build-image-index/0.1/build-image-index.yaml index d61385fc7d..bd3d3e0a07 100644 --- a/task/build-image-index/0.1/build-image-index.yaml +++ b/task/build-image-index/0.1/build-image-index.yaml @@ -85,7 +85,6 @@ spec: exit 2 fi - image_manifests="" buildah manifest create "$IMAGE" for i in $@ do @@ -107,7 +106,6 @@ spec: exit 0 fi echo "Adding $TOADD" - image_manifests="${image_manifests} ${TOADD}," buildah manifest add $IMAGE "docker://$TOADD" --all done @@ -128,6 +126,14 @@ spec: exit 1 fi + INDEX_REPOSITORY="$(echo "$IMAGE" | cut -d@ -f1 | cut -d: -f1)" + MANIFEST_DIGESTS=$(buildah manifest inspect "$IMAGE" | jq -er ".manifests[].digest") + image_manifests="" + for i in $MANIFEST_DIGESTS + do + image_manifests="${image_manifests} ${INDEX_REPOSITORY}@${i}," + done + cat image-digest | tee $(results.IMAGE_DIGEST.path) echo -n "$IMAGE" | tee "$(results.IMAGE_URL.path)" echo -n "${image_manifests:1:-1}" > "$(results.IMAGES.path)"