From d3781d2b2db2c7d936a2575efd165f18179bf1e7 Mon Sep 17 00:00:00 2001 From: Vibhav Bobade Date: Fri, 23 Feb 2024 00:11:38 +0530 Subject: [PATCH 1/5] update find-images output to contain the images' digest --- src/pkg/packager/prepare.go | 17 ++++++++--------- src/pkg/utils/image.go | 17 +++++++++++++++++ 2 files changed, 25 insertions(+), 9 deletions(-) diff --git a/src/pkg/packager/prepare.go b/src/pkg/packager/prepare.go index 1af0ca01e9..c68f651c2d 100644 --- a/src/pkg/packager/prepare.go +++ b/src/pkg/packager/prepare.go @@ -211,7 +211,14 @@ func (p *Packager) FindImages() (imgMap map[string][]string, err error) { for _, image := range sortedImages { // Use print because we want this dumped to stdout imagesMap[component.Name] = append(imagesMap[component.Name], image) - componentDefinition += fmt.Sprintf(" - %s\n", image) + imageWithSha, err := utils.GetImageWithSha(image) + if err != nil { + message.WarnErrf(err, "Problem getting image with sha for %s: %s", image, err.Error()) + erroredCosignLookups = append(erroredCosignLookups, image) + continue + } + message.Debugf("Image with sha: %s", imageWithSha) + componentDefinition += fmt.Sprintf(" - %s\n", imageWithSha) } } @@ -228,14 +235,6 @@ func (p *Packager) FindImages() (imgMap map[string][]string, err error) { validImages = append(validImages, image) } } - - if len(validImages) > 0 { - componentDefinition += fmt.Sprintf(" # Possible images - %s - %s\n", p.cfg.Pkg.Metadata.Name, component.Name) - for _, image := range validImages { - imagesMap[component.Name] = append(imagesMap[component.Name], image) - componentDefinition += fmt.Sprintf(" - %s\n", image) - } - } } spinner.Success() diff --git a/src/pkg/utils/image.go b/src/pkg/utils/image.go index 46d67e8c88..8d3b2c4472 100644 --- a/src/pkg/utils/image.go +++ b/src/pkg/utils/image.go @@ -7,8 +7,10 @@ package utils import ( "encoding/json" "fmt" + "github.com/google/go-containerregistry/pkg/crane" "os" "path/filepath" + "regexp" "github.com/defenseunicorns/zarf/src/pkg/transform" v1 "github.com/google/go-containerregistry/pkg/v1" @@ -16,6 +18,21 @@ import ( ocispec "github.com/opencontainers/image-spec/specs-go/v1" ) +// GetImageWithSha returns the image reference and the sha256 digest of the image. +func GetImageWithSha(imgSrc string) (string, error) { + regex := regexp.MustCompile(`^.*@sha256:[a-f0-9]{64}$`) + if regex.MatchString(imgSrc) { + return imgSrc, nil + } + + imgDescriptor, err := crane.Head(imgSrc) + if err != nil { + return "", fmt.Errorf("unable to pull image (%s) to get the sha256 digest: %w", imgSrc, err) + } + + return fmt.Sprintf("%s@%s", imgSrc, imgDescriptor.Digest), nil +} + // LoadOCIImage returns a v1.Image with the image ref specified from a location provided, or an error if the image cannot be found. func LoadOCIImage(imgPath string, refInfo transform.Image) (v1.Image, error) { // Use the manifest within the index.json to load the specific image we want From 90a5fc404c7aa627942c1fa723d83fe477cac268 Mon Sep 17 00:00:00 2001 From: Vibhav Bobade Date: Thu, 7 Mar 2024 05:16:01 +0530 Subject: [PATCH 2/5] Update src/pkg/utils/image.go Co-authored-by: Austin Abro <37223396+AustinAbro321@users.noreply.github.com> --- src/pkg/utils/image.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pkg/utils/image.go b/src/pkg/utils/image.go index 8d3b2c4472..2e3eeb1cda 100644 --- a/src/pkg/utils/image.go +++ b/src/pkg/utils/image.go @@ -27,7 +27,7 @@ func GetImageWithSha(imgSrc string) (string, error) { imgDescriptor, err := crane.Head(imgSrc) if err != nil { - return "", fmt.Errorf("unable to pull image (%s) to get the sha256 digest: %w", imgSrc, err) + return "", err } return fmt.Sprintf("%s@%s", imgSrc, imgDescriptor.Digest), nil From 02565f09b39c3a8cacfd363478c257beb32212e8 Mon Sep 17 00:00:00 2001 From: Vibhav Bobade Date: Thu, 7 Mar 2024 05:17:53 +0530 Subject: [PATCH 3/5] revert deleted code --- src/pkg/packager/prepare.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/pkg/packager/prepare.go b/src/pkg/packager/prepare.go index c68f651c2d..ca0d20e1c6 100644 --- a/src/pkg/packager/prepare.go +++ b/src/pkg/packager/prepare.go @@ -235,6 +235,14 @@ func (p *Packager) FindImages() (imgMap map[string][]string, err error) { validImages = append(validImages, image) } } + + if len(validImages) > 0 { + componentDefinition += fmt.Sprintf(" # Possible images - %s - %s\n", p.cfg.Pkg.Metadata.Name, component.Name) + for _, image := range validImages { + imagesMap[component.Name] = append(imagesMap[component.Name], image) + componentDefinition += fmt.Sprintf(" - %s\n", image) + } + } } spinner.Success() From 40159a3c58a237abd454e438c34fbaa4fe109e05 Mon Sep 17 00:00:00 2001 From: Vibhav Bobade Date: Thu, 7 Mar 2024 05:48:17 +0530 Subject: [PATCH 4/5] check for erroredShaLookups --- src/pkg/packager/prepare.go | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/pkg/packager/prepare.go b/src/pkg/packager/prepare.go index aa085531c4..ee8e59087c 100644 --- a/src/pkg/packager/prepare.go +++ b/src/pkg/packager/prepare.go @@ -44,6 +44,7 @@ func (p *Packager) FindImages() (imgMap map[string][]string, err error) { erroredCharts := []string{} erroredCosignLookups := []string{} whyResources := []string{} + erroredShaLookups := []string{} cwd, err := os.Getwd() if err != nil { @@ -235,7 +236,7 @@ func (p *Packager) FindImages() (imgMap map[string][]string, err error) { imageWithSha, err := utils.GetImageWithSha(image) if err != nil { message.WarnErrf(err, "Problem getting image with sha for %s: %s", image, err.Error()) - erroredCosignLookups = append(erroredCosignLookups, image) + erroredShaLookups = append(erroredShaLookups, image) continue } message.Debugf("Image with sha: %s", imageWithSha) @@ -256,7 +257,7 @@ func (p *Packager) FindImages() (imgMap map[string][]string, err error) { validImages = append(validImages, image) } } - + if len(validImages) > 0 { componentDefinition += fmt.Sprintf(" # Possible images - %s - %s\n", p.cfg.Pkg.Metadata.Name, component.Name) for _, image := range validImages { @@ -310,7 +311,7 @@ func (p *Packager) FindImages() (imgMap map[string][]string, err error) { return nil, err } - if len(erroredCharts) > 0 || len(erroredCosignLookups) > 0 { + if len(erroredCharts) > 0 || len(erroredCosignLookups) > 0 || len(erroredShaLookups) > 0 { errMsg := "" if len(erroredCharts) > 0 { errMsg = fmt.Sprintf("the following charts had errors: %s", erroredCharts) @@ -321,6 +322,12 @@ func (p *Packager) FindImages() (imgMap map[string][]string, err error) { } errMsg += fmt.Sprintf("the following images errored on cosign lookups: %s", erroredCosignLookups) } + if len(erroredShaLookups) > 0 { + if errMsg != "" { + errMsg += "\n" + } + errMsg += fmt.Sprintf("the following images errored on sha lookups: %s", erroredShaLookups) + } return imagesMap, fmt.Errorf(errMsg) } From c864287d7f766062648a26782d7219f298e9a59d Mon Sep 17 00:00:00 2001 From: Vibhav Bobade Date: Thu, 7 Mar 2024 05:58:40 +0530 Subject: [PATCH 5/5] update test --- .../packages/13-find-images/dos-games-find-images-expected.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/packages/13-find-images/dos-games-find-images-expected.txt b/src/test/packages/13-find-images/dos-games-find-images-expected.txt index 8d661f4e52..26535892a7 100644 --- a/src/test/packages/13-find-images/dos-games-find-images-expected.txt +++ b/src/test/packages/13-find-images/dos-games-find-images-expected.txt @@ -2,6 +2,6 @@ components: - name: baseline images: - - defenseunicorns/zarf-game:multi-tile-dark + - defenseunicorns/zarf-game:multi-tile-dark@sha256:0b694ca1c33afae97b7471488e07968599f1d2470c629f76af67145ca64428af # Cosign artifacts for images - dos-games - baseline - index.docker.io/defenseunicorns/zarf-game:sha256-0b694ca1c33afae97b7471488e07968599f1d2470c629f76af67145ca64428af.sig