#!/usr/bin/env bash # # SPDX-License-Identifier: GPL-2.0 # # Copyright (c) 2013-2023 Igor Pecovnik, igor@armbian.com # # This file is a part of the Armbian Build Framework # https://github.com/armbian/build/ function run_tool_oras() { # Default version ORAS_VERSION=${ORAS_VERSION:-0.16.0} # https://github.com/oras-project/oras/releases #ORAS_VERSION=${ORAS_VERSION:-"1.0.0-rc.1"} # https://github.com/oras-project/oras/releases declare non_cache_dir="/armbian-tools/oras" # To deploy/reuse cached ORAS in a Docker image. if [[ -z "${DIR_ORAS}" ]]; then display_alert "DIR_ORAS is not set, using default" "ORAS" "debug" if [[ "${deploy_to_non_cache_dir:-"no"}" == "yes" ]]; then DIR_ORAS="${non_cache_dir}" # root directory. display_alert "Deploying ORAS to non-cache dir" "DIR_ORAS: ${DIR_ORAS}" "debug" else if [[ -n "${SRC}" ]]; then DIR_ORAS="${SRC}/cache/tools/oras" else display_alert "Missing DIR_ORAS, or SRC fallback" "DIR_ORAS: ${DIR_ORAS}; SRC: ${SRC}" "ORAS" "err" return 1 fi fi else display_alert "DIR_ORAS is set to ${DIR_ORAS}" "ORAS" "debug" fi mkdir -p "${DIR_ORAS}" declare MACHINE="${BASH_VERSINFO[5]}" ORAS_OS ORAS_ARCH display_alert "Running ORAS" "ORAS version ${ORAS_VERSION}" "debug" MACHINE="${BASH_VERSINFO[5]}" case "$MACHINE" in *darwin*) ORAS_OS="darwin" ;; *linux*) ORAS_OS="linux" ;; *) exit_with_error "unknown os: $MACHINE" ;; esac case "$MACHINE" in *aarch64*) ORAS_ARCH="arm64" ;; *x86_64*) ORAS_ARCH="amd64" ;; *) exit_with_error "unknown arch: $MACHINE" ;; esac declare ORAS_FN="oras_${ORAS_VERSION}_${ORAS_OS}_${ORAS_ARCH}" declare ORAS_FN_TARXZ="${ORAS_FN}.tar.gz" declare DOWN_URL="https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/${ORAS_FN_TARXZ}" declare ORAS_BIN="${DIR_ORAS}/${ORAS_FN}" declare ACTUAL_VERSION # Check if we have a cached version in a Docker image, and copy it over before possibly updating it. if [[ "${deploy_to_non_cache_dir:-"no"}" != "yes" && -d "${non_cache_dir}" && ! -f "${ORAS_BIN}" ]]; then display_alert "Using cached ORAS from Docker image" "ORAS" "debug" run_host_command_logged cp -r "${non_cache_dir}/"* "${DIR_ORAS}/" fi if [[ ! -f "${ORAS_BIN}" ]]; then do_with_retries 5 try_download_oras_tooling fi ACTUAL_VERSION="$("${ORAS_BIN}" version | grep "^Version" | xargs echo -n)" display_alert "Running ORAS ${ACTUAL_VERSION}" "ORAS" "debug" if [[ "${deploy_to_non_cache_dir:-"no"}" == "yes" ]]; then display_alert "Deployed ORAS to non-cache dir" "DIR_ORAS: ${DIR_ORAS}" "debug" return 0 # don't actually execute. fi # Run oras, possibly with retries... if [[ "${retries:-1}" -gt 1 ]]; then display_alert "Calling ORAS with retries ${retries}" "$*" "debug" sleep_seconds="30" do_with_retries "${retries}" "${ORAS_BIN}" "$@" else # If any parameters passed, call ORAS, otherwise exit. We call it this way (sans-parameters) early to prepare ORAS tooling. if [[ $# -eq 0 ]]; then display_alert "No parameters passed to ORAS" "ORAS" "debug" return 0 fi display_alert "Calling ORAS" "$*" "debug" "${ORAS_BIN}" "$@" fi } function try_download_oras_tooling() { display_alert "MACHINE: ${MACHINE}" "ORAS" "debug" display_alert "Down URL: ${DOWN_URL}" "ORAS" "debug" display_alert "ORAS_BIN: ${ORAS_BIN}" "ORAS" "debug" display_alert "Downloading required" "ORAS tooling${RETRY_FMT_MORE_THAN_ONCE}" "info" run_host_command_logged wget --no-verbose --progress=dot:giga -O "${ORAS_BIN}.tar.gz.tmp" "${DOWN_URL}" || { return 1 } run_host_command_logged mv "${ORAS_BIN}.tar.gz.tmp" "${ORAS_BIN}.tar.gz" run_host_command_logged tar -xf "${ORAS_BIN}.tar.gz" -C "${DIR_ORAS}" "oras" run_host_command_logged rm -rf "${ORAS_BIN}.tar.gz" run_host_command_logged mv "${DIR_ORAS}/oras" "${ORAS_BIN}" run_host_command_logged chmod +x "${ORAS_BIN}" } function oras_push_artifact_file() { declare image_full_oci="${1}" # Something like "ghcr.io/rpardini/armbian-git-shallow/kernel-git:latest" declare upload_file="${2}" # Absolute path to the file to upload including the path and name declare description="${3:-"missing description"}" declare upload_file_base_path upload_file_name display_alert "Pushing ${upload_file}" "ORAS to ${image_full_oci}" "info" declare extra_params=("--verbose") oras_add_param_plain_http oras_add_param_insecure extra_params+=("--annotation" "org.opencontainers.image.description=${description}") # make sure file exists if [[ ! -f "${upload_file}" ]]; then display_alert "File not found: ${upload_file}" "ORAS upload" "err" return 1 fi # split the path and the filename upload_file_base_path="$(dirname "${upload_file}")" upload_file_name="$(basename "${upload_file}")" display_alert "upload_file_base_path: ${upload_file_base_path}" "ORAS upload" "debug" display_alert "upload_file_name: ${upload_file_name}" "ORAS upload" "debug" pushd "${upload_file_base_path}" &> /dev/null || exit_with_error "Failed to pushd to ${upload_file_base_path} - ORAS upload" retries=10 run_tool_oras push "${extra_params[@]}" "${image_full_oci}" "${upload_file_name}:application/vnd.unknown.layer.v1+tar" popd &> /dev/null || exit_with_error "Failed to popd" "ORAS upload" return 0 } # Outer scope: oras_has_manifest (yes/no) and oras_manifest_json (json) function oras_get_artifact_manifest() { declare image_full_oci="${1}" # Something like "ghcr.io/rpardini/armbian-git-shallow/kernel-git:latest" display_alert "Getting ORAS manifest" "ORAS manifest from ${image_full_oci}" "info" declare extra_params=("--verbose") oras_add_param_plain_http oras_add_param_insecure oras_has_manifest="no" # Gotta capture the output & if it failed... oras_manifest_json="$(run_tool_oras manifest fetch "${extra_params[@]}" "${image_full_oci}")" && oras_has_manifest="yes" || oras_has_manifest="no" display_alert "oras_has_manifest after: ${oras_has_manifest}" "ORAS manifest yes/no" "debug" display_alert "oras_manifest_json after: ${oras_manifest_json}" "ORAS manifest json" "debug" # if it worked, parse some basic info using jq if [[ "${oras_has_manifest}" == "yes" ]]; then oras_manifest_description="$(echo "${oras_manifest_json}" | jq -r '.annotations."org.opencontainers.image.description"')" display_alert "oras_manifest_description: ${oras_manifest_description}" "ORAS oras_manifest_description" "debug" fi return 0 } # oras pull is very hard to work with, since we don't determine the filename until after the download. function oras_pull_artifact_file() { declare image_full_oci="${1}" # Something like "ghcr.io/rpardini/armbian-git-shallow/kernel-git:latest" declare target_dir="${2}" # temporary directory we'll use for the download to workaround oras being maniac declare target_fn="${3}" declare extra_params=("--verbose") oras_add_param_plain_http oras_add_param_insecure declare full_temp_dir="${target_dir}/${target_fn}.oras.pull.tmp" declare full_tmp_file_path="${full_temp_dir}/${target_fn}" run_host_command_logged mkdir -p "${full_temp_dir}" # @TODO: this needs retries... pushd "${full_temp_dir}" &> /dev/null || exit_with_error "Failed to pushd to ${full_temp_dir} - ORAS download" retries=3 run_tool_oras pull "${extra_params[@]}" "${image_full_oci}" popd &> /dev/null || exit_with_error "Failed to popd - ORAS download" # sanity check; did we get the file we expected? if [[ ! -f "${full_tmp_file_path}" ]]; then exit_with_error "File not found after ORAS pull: ${full_tmp_file_path} - ORAS download" return 1 fi # move the file to the target directory run_host_command_logged mv "${full_tmp_file_path}" "${target_dir}" # remove the temp directory run_host_command_logged rm -rf "${full_temp_dir}" } function oras_add_param_plain_http() { # if image_full_oci contains ":5000/", add --plain-http; to make easy to run self-hosted registry if [[ "${image_full_oci}" == *":5000/"* ]]; then display_alert "Adding --plain-http to ORAS" "ORAS to insecure registry" "warn" extra_params+=("--plain-http") fi } function oras_add_param_insecure() { if [[ ${IS_A_RETRY} -gt 0 ]]; then display_alert "Retrying, adding --insecure to ORAS" "ORAS to insecure registry on retry" "warn" extra_params+=("--insecure") fi }