From 7a922fb9c521d8c1aa2a2b86bc9547818dc49e2b Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 7 Jun 2022 16:07:31 -0400 Subject: [PATCH] push-container: Also inject `base-container` into `meta.json` While I am trying to actively sever the dependence of the base container image build on `meta.json`, there's no reason not to inject it into `meta.json` in this flow too because the build system already requires it. --- src/cmd-push-container | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/src/cmd-push-container b/src/cmd-push-container index 013a6925bb..50a6eaae9d 100755 --- a/src/cmd-push-container +++ b/src/cmd-push-container @@ -7,6 +7,8 @@ import argparse import json import os +import tempfile +import shutil import subprocess import sys @@ -49,6 +51,17 @@ if ":" not in container_name: container_name = f"{container_name}:{latest_build}-{arch}" if args.base_image_name: container_name = f"{container_name}-base-image" -skopeoargs.extend([f"oci-archive:{ociarchive}", f"docker://{container_name}"]) -print(subprocess.list2cmdline(skopeoargs)) -os.execvp('skopeo', skopeoargs) +with tempfile.NamedTemporaryFile(dir='tmp', prefix='push-container-digestfile') as df: + skopeoargs.append(f"--digestfile={df.name}") + skopeoargs.extend([f"oci-archive:{ociarchive}", f"docker://{container_name}"]) + print(subprocess.list2cmdline(skopeoargs)) + subprocess.check_call(skopeoargs) + df.seek(0) + digest = df.read().decode('utf-8').strip() + # Inject the oscontainer with SHA256 into the build metadata + meta['base-oscontainer'] = {'image': container_name, + 'digest': digest} + metapath_new = f"{metapath}.new" + with open(metapath_new, 'w') as f: + json.dump(meta, f, sort_keys=True) + shutil.move(metapath_new, metapath)