Clean up arch-specific tags if Docker Hub credentials are provided
This commit is contained in:
parent
4559e85daa
commit
73f0841f17
|
@ -17,3 +17,4 @@ The current multi-arch image build relies on the original bitwarden_rs Dockerfil
|
||||||
* https://docs.docker.com/docker-hub/builds/advanced/
|
* https://docs.docker.com/docker-hub/builds/advanced/
|
||||||
* https://docs.docker.com/engine/reference/commandline/manifest/
|
* https://docs.docker.com/engine/reference/commandline/manifest/
|
||||||
* https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/
|
* https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/
|
||||||
|
* https://success.docker.com/article/how-do-i-authenticate-with-the-v2-api
|
||||||
|
|
41
hooks/push
41
hooks/push
|
@ -53,3 +53,44 @@ for manifest_list in "${manifest_lists[@]}"; do
|
||||||
# Push the manifest list.
|
# Push the manifest list.
|
||||||
docker manifest push --purge ${manifest_list}
|
docker manifest push --purge ${manifest_list}
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# Avoid logging credentials and tokens.
|
||||||
|
set +ex
|
||||||
|
|
||||||
|
# Delete the arch-specific tags, if credentials for doing so are available.
|
||||||
|
# Note that `DOCKER_PASSWORD` must be the actual user password. Passing a JWT
|
||||||
|
# obtained using a personal access token results in a 403 error with
|
||||||
|
# {"detail": "access to the resource is forbidden with personal access token"}
|
||||||
|
if [[ -z "${DOCKER_USERNAME}" || -z "${DOCKER_PASSWORD}" ]]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Given a JSON input on stdin, extract the string value associated with the
|
||||||
|
# specified key. This avoids an extra dependency on a tool like `jq`.
|
||||||
|
extract() {
|
||||||
|
local key="$1"
|
||||||
|
# Extract "<key>":"<val>" (assumes key/val won't contain double quotes).
|
||||||
|
# The colon may have whitespace on either side.
|
||||||
|
grep -o "\"${key}\"[[:space:]]*:[[:space:]]*\"[^\"]\+\"" |
|
||||||
|
# Extract just <val> by deleting the last '"', and then greedily deleting
|
||||||
|
# everything up to '"'.
|
||||||
|
sed -e 's/"$//' -e 's/.*"//'
|
||||||
|
}
|
||||||
|
|
||||||
|
echo ">>> Getting API token..."
|
||||||
|
jwt=$(curl -sS -X POST \
|
||||||
|
-H "Content-Type: application/json" \
|
||||||
|
-d "{\"username\":\"${DOCKER_USERNAME}\",\"password\": \"${DOCKER_PASSWORD}\"}" \
|
||||||
|
"https://hub.docker.com/v2/users/login" |
|
||||||
|
extract 'token')
|
||||||
|
|
||||||
|
# Strip the registry portion from `index.docker.io/user/repo`.
|
||||||
|
repo="${DOCKER_REPO#*/}"
|
||||||
|
|
||||||
|
for arch in ${arches[@]}; do
|
||||||
|
tag="${DOCKER_TAG}-${arch}"
|
||||||
|
echo ">>> Deleting '${repo}:${tag}'..."
|
||||||
|
curl -sS -X DELETE \
|
||||||
|
-H "Authorization: Bearer ${jwt}" \
|
||||||
|
"https://hub.docker.com/v2/repositories/${repo}/tags/${tag}/"
|
||||||
|
done
|
||||||
|
|
Loading…
Reference in New Issue