From c66b9cdf3418030c9e410e3b099147537203c18e Mon Sep 17 00:00:00 2001 From: vexxhost-bot <105816074+vexxhost-bot@users.noreply.github.com> Date: Thu, 20 Jun 2024 14:19:16 +0200 Subject: [PATCH] [stable/2023.1] Fix collection builds (#1399) Co-authored-by: Mohammed Naser --- build/pin-images.py | 36 ++++++++++++++++++++++++------------ zuul.d/project.yaml | 4 ++++ 2 files changed, 28 insertions(+), 12 deletions(-) diff --git a/build/pin-images.py b/build/pin-images.py index 8818f2c1a..1bf4112d0 100755 --- a/build/pin-images.py +++ b/build/pin-images.py @@ -16,9 +16,26 @@ def get_digest(image_ref, token=None): + url = f"https://{image_ref.domain()}/v2/{image_ref.path()}/manifests/{image_ref['tag']}" + headers = {} if token: headers["Authorization"] = f"Bearer {token}" + else: + r = requests.get(url, timeout=5, verify=False) + auth_header = r.headers.get("Www-Authenticate") + if auth_header: + realm = auth_header.split(",")[0].split("=")[1].strip('"') + + r = requests.get( + realm, + timeout=5, + params={"scope": f"repository:{image_ref.path()}:pull"}, + verify=False, + ) + r.raise_for_status() + + headers["Authorization"] = f"Bearer {r.json()['token']}" try: headers["Accept"] = "application/vnd.docker.distribution.manifest.v2+json" @@ -27,6 +44,7 @@ def get_digest(image_ref, token=None): f"https://{image_ref.domain()}/v2/{image_ref.path()}/manifests/{image_ref['tag']}", timeout=5, headers=headers, + verify=False, ) r.raise_for_status() return r.headers["Docker-Content-Digest"] @@ -37,6 +55,7 @@ def get_digest(image_ref, token=None): f"https://{image_ref.domain()}/v2/{image_ref.path()}/manifests/{image_ref['tag']}", timeout=5, headers=headers, + verify=False, ) r.raise_for_status() return r.headers["Docker-Content-Digest"] @@ -46,12 +65,6 @@ def get_digest(image_ref, token=None): def get_pinned_image(image_src): image_ref = reference.Reference.parse(image_src) - if image_ref.domain() in ( - "registry.k8s.io", - "us-docker.pkg.dev", - ): - digest = get_digest(image_ref) - if image_ref.domain() == "registry.atmosphere.dev": # Get token for docker.io r = requests.get( @@ -66,8 +79,7 @@ def get_pinned_image(image_src): token = r.json()["token"] digest = get_digest(image_ref, token=token) - - if image_ref.domain() == "quay.io": + elif image_ref.domain() == "quay.io": r = requests.get( f"https://quay.io/api/v1/repository/{image_ref.path()}/tag/", timeout=5, @@ -75,8 +87,7 @@ def get_pinned_image(image_src): ) r.raise_for_status() digest = r.json()["tags"][0]["manifest_digest"] - - if image_ref.domain() == "docker.io": + elif image_ref.domain() == "docker.io": # Get token for docker.io r = requests.get( "https://auth.docker.io/token", @@ -99,8 +110,7 @@ def get_pinned_image(image_src): ) r.raise_for_status() digest = r.headers["Docker-Content-Digest"] - - if image_ref.domain() == "ghcr.io": + elif image_ref.domain() == "ghcr.io": # Get token for docker.io r = requests.get( "https://ghcr.io/token", @@ -114,6 +124,8 @@ def get_pinned_image(image_src): token = r.json()["token"] digest = get_digest(image_ref, token=token) + else: + digest = get_digest(image_ref) return f"{image_ref.domain()}/{image_ref.path()}:{image_ref['tag']}@{digest}" diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 962426c45..4e4ab8c43 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -35,6 +35,8 @@ soft: true - name: atmosphere-build-container-image-ironic soft: true + - name: atmosphere-build-container-image-keepalived + soft: true - name: atmosphere-build-container-image-keystone soft: true - name: atmosphere-build-container-image-kubernetes-entrypoint @@ -102,6 +104,8 @@ soft: true - name: atmosphere-upload-container-image-ironic soft: true + - name: atmosphere-upload-container-image-keepalived + soft: true - name: atmosphere-upload-container-image-keystone soft: true - name: atmosphere-upload-container-image-kubernetes-entrypoint