forked from baron/baron-sso
81 lines
2.5 KiB
Bash
Executable File
81 lines
2.5 KiB
Bash
Executable File
#!/usr/bin/env sh
|
|
set -eu
|
|
|
|
repo_root="$(cd "$(dirname "$0")/.." && pwd)"
|
|
verify_script="$repo_root/scripts/docker-image/verify_archive.sh"
|
|
tmp_root="$(mktemp -d)"
|
|
|
|
cleanup() {
|
|
rm -rf "$tmp_root"
|
|
}
|
|
trap cleanup EXIT INT TERM
|
|
|
|
require_command() {
|
|
command -v "$1" >/dev/null 2>&1 || {
|
|
echo "required command not found: $1" >&2
|
|
exit 1
|
|
}
|
|
}
|
|
|
|
assert_fails() {
|
|
if "$@" >/dev/null 2>&1; then
|
|
echo "expected command to fail: $*" >&2
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
require_command jq
|
|
require_command sha256sum
|
|
require_command zstd
|
|
|
|
artifact_dir="$tmp_root/baron_sso/backend/v1.2606.ab12"
|
|
mkdir -p "$artifact_dir"
|
|
|
|
printf 'docker image archive smoke\n' >"$artifact_dir/image.tar"
|
|
zstd -q -f -o "$artifact_dir/image.tar.zst" "$artifact_dir/image.tar"
|
|
rm -f "$artifact_dir/image.tar"
|
|
|
|
archive_sha256="$(sha256sum "$artifact_dir/image.tar.zst" | awk '{print $1}')"
|
|
archive_size="$(wc -c <"$artifact_dir/image.tar.zst" | tr -d ' ')"
|
|
printf '%s image.tar.zst\n' "$archive_sha256" >"$artifact_dir/image.tar.zst.sha256"
|
|
|
|
jq -n \
|
|
--arg remotePath "docker-build-image/baron_sso/backend/v1.2606.ab12" \
|
|
--arg archiveSha256 "$archive_sha256" \
|
|
--argjson archiveSize "$archive_size" \
|
|
'{
|
|
schema_version: 1,
|
|
format: "docker-save-zstd",
|
|
image_ref: "reg.hmac.kr/baron_sso/backend:v1.2606.ab12",
|
|
repository: "baron_sso/backend",
|
|
tag: "v1.2606.ab12",
|
|
remote_path: $remotePath,
|
|
archive: {
|
|
file_name: "image.tar.zst",
|
|
size_bytes: $archiveSize,
|
|
sha256: $archiveSha256
|
|
}
|
|
}' >"$artifact_dir/manifest.json"
|
|
|
|
"$verify_script" "$artifact_dir" >/dev/null
|
|
|
|
bad_checksum_dir="$tmp_root/bad-checksum"
|
|
cp -R "$artifact_dir" "$bad_checksum_dir"
|
|
printf '0000000000000000000000000000000000000000000000000000000000000000 image.tar.zst\n' >"$bad_checksum_dir/image.tar.zst.sha256"
|
|
assert_fails "$verify_script" "$bad_checksum_dir"
|
|
|
|
bad_manifest_dir="$tmp_root/bad-manifest"
|
|
cp -R "$artifact_dir" "$bad_manifest_dir"
|
|
jq '.archive.sha256 = "1111111111111111111111111111111111111111111111111111111111111111"' \
|
|
"$bad_manifest_dir/manifest.json" >"$bad_manifest_dir/manifest.json.tmp"
|
|
mv "$bad_manifest_dir/manifest.json.tmp" "$bad_manifest_dir/manifest.json"
|
|
assert_fails "$verify_script" "$bad_manifest_dir"
|
|
|
|
bad_archive_dir="$tmp_root/bad-archive"
|
|
cp -R "$artifact_dir" "$bad_archive_dir"
|
|
printf 'not a zstd stream\n' >"$bad_archive_dir/image.tar.zst"
|
|
sha256sum "$bad_archive_dir/image.tar.zst" | awk '{print $1 " image.tar.zst"}' >"$bad_archive_dir/image.tar.zst.sha256"
|
|
assert_fails "$verify_script" "$bad_archive_dir"
|
|
|
|
echo "docker image archive verification checks passed"
|