forked from baron/baron-sso
83 lines
2.8 KiB
Bash
Executable File
83 lines
2.8 KiB
Bash
Executable File
#!/usr/bin/env sh
|
|
set -eu
|
|
|
|
repo_root="$(cd "$(dirname "$0")/.." && pwd)"
|
|
verify_script="$repo_root/scripts/docker-image/verify_archive.sh"
|
|
tmp_root="$(mktemp -d)"
|
|
|
|
cleanup() {
|
|
rm -rf "$tmp_root"
|
|
}
|
|
trap cleanup EXIT INT TERM
|
|
|
|
require_command() {
|
|
command -v "$1" >/dev/null 2>&1 || {
|
|
echo "required command not found: $1" >&2
|
|
exit 1
|
|
}
|
|
}
|
|
|
|
assert_fails() {
|
|
if "$@" >/dev/null 2>&1; then
|
|
echo "expected command to fail: $*" >&2
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
require_command jq
|
|
require_command sha256sum
|
|
require_command zstd
|
|
|
|
artifact_dir="$tmp_root/baron-sso/v1.2606.ab12"
|
|
mkdir -p "$artifact_dir"
|
|
|
|
printf 'docker image archive smoke\n' >"$artifact_dir/backend.v1.2606.ab12.tar"
|
|
zstd -q -f -o "$artifact_dir/backend.v1.2606.ab12.tar.zst" "$artifact_dir/backend.v1.2606.ab12.tar"
|
|
rm -f "$artifact_dir/backend.v1.2606.ab12.tar"
|
|
|
|
archive_sha256="$(sha256sum "$artifact_dir/backend.v1.2606.ab12.tar.zst" | awk '{print $1}')"
|
|
archive_size="$(wc -c <"$artifact_dir/backend.v1.2606.ab12.tar.zst" | tr -d ' ')"
|
|
printf '%s backend.v1.2606.ab12.tar.zst\n' "$archive_sha256" >"$artifact_dir/backend.v1.2606.ab12.sha256"
|
|
|
|
jq -n \
|
|
--arg remotePath "baron-sso/v1.2606.ab12" \
|
|
--arg archiveSha256 "$archive_sha256" \
|
|
--argjson archiveSize "$archive_size" \
|
|
'{
|
|
schema_version: 1,
|
|
format: "docker-save-zstd",
|
|
image_ref: "reg.hmac.kr/baron_sso/backend:v1.2606.ab12",
|
|
repository: "baron_sso/backend",
|
|
release_repository: "baron-sso",
|
|
image_name: "backend",
|
|
tag: "v1.2606.ab12",
|
|
remote_path: $remotePath,
|
|
archive: {
|
|
file_name: "backend.v1.2606.ab12.tar.zst",
|
|
size_bytes: $archiveSize,
|
|
sha256: $archiveSha256
|
|
}
|
|
}' >"$artifact_dir/manifest.v1.2606.ab12.json"
|
|
|
|
"$verify_script" "$artifact_dir" >/dev/null
|
|
|
|
bad_checksum_dir="$tmp_root/bad-checksum"
|
|
cp -R "$artifact_dir" "$bad_checksum_dir"
|
|
printf '0000000000000000000000000000000000000000000000000000000000000000 backend.v1.2606.ab12.tar.zst\n' >"$bad_checksum_dir/backend.v1.2606.ab12.sha256"
|
|
assert_fails "$verify_script" "$bad_checksum_dir"
|
|
|
|
bad_manifest_dir="$tmp_root/bad-manifest"
|
|
cp -R "$artifact_dir" "$bad_manifest_dir"
|
|
jq '.archive.sha256 = "1111111111111111111111111111111111111111111111111111111111111111"' \
|
|
"$bad_manifest_dir/manifest.v1.2606.ab12.json" >"$bad_manifest_dir/manifest.v1.2606.ab12.json.tmp"
|
|
mv "$bad_manifest_dir/manifest.v1.2606.ab12.json.tmp" "$bad_manifest_dir/manifest.v1.2606.ab12.json"
|
|
assert_fails "$verify_script" "$bad_manifest_dir"
|
|
|
|
bad_archive_dir="$tmp_root/bad-archive"
|
|
cp -R "$artifact_dir" "$bad_archive_dir"
|
|
printf 'not a zstd stream\n' >"$bad_archive_dir/backend.v1.2606.ab12.tar.zst"
|
|
sha256sum "$bad_archive_dir/backend.v1.2606.ab12.tar.zst" | awk '{print $1 " backend.v1.2606.ab12.tar.zst"}' >"$bad_archive_dir/backend.v1.2606.ab12.sha256"
|
|
assert_fails "$verify_script" "$bad_archive_dir"
|
|
|
|
echo "docker image archive verification checks passed"
|