From 9a14ca6842f50bfc62895a2ff512a7e6c277617a Mon Sep 17 00:00:00 2001 From: ingbbmaster <153082379+ingbbmaster@users.noreply.github.com> Date: Wed, 24 Apr 2024 11:40:46 +0200 Subject: [PATCH 1/4] Export new dockerfile digest function in containerimageutils.d.ts --- common-npm-packages/docker-common/containerimageutils.d.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/common-npm-packages/docker-common/containerimageutils.d.ts b/common-npm-packages/docker-common/containerimageutils.d.ts index 07b7a7f4..685eb893 100644 --- a/common-npm-packages/docker-common/containerimageutils.d.ts +++ b/common-npm-packages/docker-common/containerimageutils.d.ts @@ -4,3 +4,4 @@ export declare function generateValidImageName(imageName: string): string; export declare function getBaseImageNameFromDockerFile(dockerFilePath: string): string; export declare function getBaseImageName(contents: string): string; export declare function getResourceName(image: string, digest: string): string; +export declare function getBaseImageDigestDockerFile(dockerFileContent: string): string; From 92176fd079f41154ec95435f3fd488ed03f7792f Mon Sep 17 00:00:00 2001 From: ingbbmaster <153082379+ingbbmaster@users.noreply.github.com> Date: Wed, 24 Apr 2024 12:26:31 +0200 Subject: [PATCH 2/4] Update pipelineutils.ts - add checking base image digest --- common-npm-packages/docker-common/pipelineutils.ts | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/common-npm-packages/docker-common/pipelineutils.ts b/common-npm-packages/docker-common/pipelineutils.ts index c9e8132b..8e3efeff 100644 --- a/common-npm-packages/docker-common/pipelineutils.ts +++ b/common-npm-packages/docker-common/pipelineutils.ts @@ -66,10 +66,17 @@ function addBaseImageLabels(connection: ContainerConnection, labels: string[], d return; } - const baseImageDigest = containerUtils.getImageDigest(connection, baseImageName); + var baseImageDigest = containerUtils.getBaseImageDigestDockerFile(dockerFilePath); + + //first check if there is digest passed in Dockerfile + if (!baseImageDigest) { + baseImageDigest = containerUtils.getImageDigest(connection, baseImageName); + } + + //if not there is no digest in Dockerfile, get digest using ImageName:tag if (baseImageDigest) { addLabelWithValue("image.base.digest", baseImageDigest, labels); - } + } } function getReverseDNSName(): string { @@ -115,4 +122,4 @@ export function getDefaultLabels(addPipelineData?: boolean, addBaseImageData?: b } } return labels; -} \ No newline at end of file +} From c3c168f3412e2448dd42cb440c3914cc4819a4f6 Mon Sep 17 00:00:00 2001 From: ingbbmaster <153082379+ingbbmaster@users.noreply.github.com> Date: Wed, 24 Apr 2024 12:27:01 +0200 Subject: [PATCH 3/4] Removing previously added export --- common-npm-packages/docker-common/containerimageutils.d.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/common-npm-packages/docker-common/containerimageutils.d.ts b/common-npm-packages/docker-common/containerimageutils.d.ts index 685eb893..07b7a7f4 100644 --- a/common-npm-packages/docker-common/containerimageutils.d.ts +++ b/common-npm-packages/docker-common/containerimageutils.d.ts @@ -4,4 +4,3 @@ export declare function generateValidImageName(imageName: string): string; export declare function getBaseImageNameFromDockerFile(dockerFilePath: string): string; export declare function getBaseImageName(contents: string): string; export declare function getResourceName(image: string, digest: string): string; -export declare function getBaseImageDigestDockerFile(dockerFileContent: string): string; From 8c3cd061e35f843a2112a39f2135d76b68707696 Mon Sep 17 00:00:00 2001 From: ingbbmaster <153082379+ingbbmaster@users.noreply.github.com> Date: Wed, 24 Apr 2024 12:38:05 +0200 Subject: [PATCH 4/4] Update containerimageutils.ts - add function to check base image digest in dockerfile --- .../docker-common/containerimageutils.ts | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/common-npm-packages/docker-common/containerimageutils.ts b/common-npm-packages/docker-common/containerimageutils.ts index bdad3fef..3019a959 100644 --- a/common-npm-packages/docker-common/containerimageutils.ts +++ b/common-npm-packages/docker-common/containerimageutils.ts @@ -253,3 +253,48 @@ export function getImageIdFromBuildOutput(output: string): string { return ""; } +export function getBaseImageDigestDockerFile(dockerFileContent: string): string { + // This method checks if there is FROM image@sha256:digest present in Dockerfile + // if matched it returns digest + // if not, it returns null + + try { + if (!dockerFileContent || dockerFileContent == "") { + return null; + } + + var lines = dockerFileContent.split(/[\r?\n]/); + var aliasToImageNameMapping: Map = new Map(); + var baseImage = ""; + + for (var i = 0; i < lines.length; i++) { + const currentLine = lines[i].trim(); + if (!currentLine.toUpperCase().startsWith("FROM")) { + continue; + } + var nameComponents = currentLine.substring(4).toLowerCase().split(" as "); + var prospectImageName = nameComponents[0].trim(); + + if (nameComponents.length > 1) { + var alias = nameComponents[1].trim(); + + if (aliasToImageNameMapping.has(prospectImageName)) { + aliasToImageNameMapping.set(alias, aliasToImageNameMapping.get(prospectImageName)); + } else { + aliasToImageNameMapping.set(alias, prospectImageName); + } + + baseImage = aliasToImageNameMapping.get(alias); + } else { + baseImage = aliasToImageNameMapping.has(prospectImageName) + ? aliasToImageNameMapping.get(prospectImageName) + : prospectImageName; + } + } + + return baseImage.split('@')[1].split(':')[1]; + } catch (error) { + tl.debug(`An error ocurred getting the base image digest. ${error.message}`); + return null; + } +}