Make image tag immutable for releases

Signed-off-by: Shalier Xia <shalierxia@microsoft.com>
openservicemesh · Jan 26, 2021 · d06015c · d06015c
1 parent ddcdb0f
commit d06015c
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 3 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -135,7 +135,7 @@ jobs:
       - name: Push images with version tag
         env:
           CTR_TAG: ${{ needs.version.outputs.version }}
-        run: make docker-push
+        run: make docker-push VERIFY_TAGS=1
       - name: Push images with latest tag
         env:
           CTR_TAG: latest

diff --git a/Makefile b/Makefile
@@ -137,11 +137,11 @@ docker-build: $(DOCKER_DEMO_TARGETS) docker-build-init docker-build-osm-controll
 
 # docker-push-bookbuyer, etc
 DOCKER_PUSH_TARGETS = $(addprefix docker-push-, $(DEMO_TARGETS) init osm-controller)
+VERIFY_TAGS = 0
 .PHONY: $(DOCKER_PUSH_TARGETS)
 $(DOCKER_PUSH_TARGETS): NAME=$(@:docker-push-%=%)
 $(DOCKER_PUSH_TARGETS):
-	make docker-build-$(NAME)
-	docker push "$(CTR_REGISTRY)/$(NAME):$(CTR_TAG)" || { echo "Error pushing images to container registry $(CTR_REGISTRY)/$(NAME):$(CTR_TAG)"; exit 1; }
+	@if [ $(VERIFY_TAGS) != 1 ]; then make docker-build-$(NAME); docker push "$(CTR_REGISTRY)/$(NAME):$(CTR_TAG)" || { echo "Error pushing images to container registry $(CTR_REGISTRY)/$(NAME):$(CTR_TAG)"; exit 1; }; else bash scripts/publish-image.sh $(NAME); fi
 
 .PHONY: docker-push
 docker-push: $(DOCKER_PUSH_TARGETS)

diff --git a/scripts/publish-image.sh b/scripts/publish-image.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+# shellcheck disable=SC1091
+
+IMAGE_TAG=$1
+IMAGE_REPO=openservicemesh
+
+if [ -z "${CTR_TAG}" ]
+then
+    echo "Error CTR_TAG is empty"
+    exit 1
+fi
+
+tokenUri="https://auth.docker.io/token?service=registry.docker.io&scope=repository:$IMAGE_REPO/$IMAGE_TAG:pull"
+bearerToken="$(curl --silent --get "$tokenUri" | jq --raw-output '.token')"
+listUri="https://registry-1.docker.io/v2/$IMAGE_REPO/$IMAGE_TAG/tags/list"
+authz="Authorization: Bearer $bearerToken"
+version_list="$(curl --silent --get -H "Accept: application/json" -H "$authz" "$listUri" | jq --raw-output '.')"
+exists=$(echo "$version_list" | jq --arg t "${CTR_TAG}" '.tags | index($t)')
+
+if [[ $exists == null ]]
+then
+    make docker-build-"$IMAGE_TAG"
+    docker push "$IMAGE_REPO/$IMAGE_TAG:${CTR_TAG}" || { echo "Error pushing images to container registry $(CTR_REGISTRY)/$(NAME):$(CTR_TAG)"; exit 1; }
+fi