push-container: Also inject base-container into meta.json

While I am trying to actively sever the dependence of the base container image build on `meta.json`, there's no reason not to inject it into `meta.json` in this flow too because the build system already requires it.
coreos · Jun 7, 2022 · 51a7d11 · 51a7d11
1 parent 1c3f68f
commit 51a7d11
Showing 1 changed file with 16 additions and 3 deletions.
diff --git a/src/cmd-push-container b/src/cmd-push-container
@@ -7,6 +7,8 @@
 import argparse
 import json
 import os
+import tempfile
+import shutil
 import subprocess
 import sys
 
@@ -49,6 +51,17 @@ if ":" not in container_name:
     container_name = f"{container_name}:{latest_build}-{arch}"
 if args.base_image_name:
     container_name = f"{container_name}-base-image"
-skopeoargs.extend([f"oci-archive:{ociarchive}", f"docker://{container_name}"])
-print(subprocess.list2cmdline(skopeoargs))
-os.execvp('skopeo', skopeoargs)
+with tempfile.NamedTemporaryFile(dir='tmp', prefix='push-container-digestfile') as df:
+    skopeoargs.append(f"--digestfile={df.name}")
+    skopeoargs.extend([f"oci-archive:{ociarchive}", f"docker://{container_name}"])
+    print(subprocess.list2cmdline(skopeoargs))
+    subprocess.check_call(skopeoargs)
+    df.seek(0)
+    digest = df.read().decode('utf-8').strip()
+    # Inject the oscontainer with SHA256 into the build metadata
+    meta['base-oscontainer'] = {'image': container_name,
+                                'digest': digest}
+    metapath_new = f"{metapath}.new"
+    with open(metapath_new, 'w') as f:
+        json.dump(meta, f, sort_keys=True)
+    shutil.move(metapath_new, metapath)