Merge pull request #173 from amartin120/sync-annotations

image spec manifest annotations - key/platform/registry
hauler-dev · Feb 12, 2024 · 3cf4afe · 3cf4afe
2 parents ae80b48 + 0c55d00
commit 3cf4afe
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 9 deletions.
diff --git a/cmd/hauler/cli/store/sync.go b/cmd/hauler/cli/store/sync.go
@@ -8,12 +8,11 @@ import (
 	"os"
 	"strings"
 
+	"github.com/mitchellh/go-homedir"
 	"github.com/spf13/cobra"
 	"helm.sh/helm/v3/pkg/action"
 	"k8s.io/apimachinery/pkg/util/yaml"
-	"github.com/mitchellh/go-homedir"
 
-	"github.com/rancherfederal/hauler/pkg/store"
 	"github.com/rancherfederal/hauler/pkg/apis/hauler.cattle.io/v1alpha1"
 	tchart "github.com/rancherfederal/hauler/pkg/collection/chart"
 	"github.com/rancherfederal/hauler/pkg/collection/imagetxt"
@@ -22,6 +21,8 @@ import (
 	"github.com/rancherfederal/hauler/pkg/content"
 	"github.com/rancherfederal/hauler/pkg/cosign"
 	"github.com/rancherfederal/hauler/pkg/log"
+	"github.com/rancherfederal/hauler/pkg/reference"
+	"github.com/rancherfederal/hauler/pkg/store"
 )
 
 type SyncOpts struct {
@@ -137,12 +138,26 @@ func processContent(ctx context.Context, fi *os.File, o *SyncOpts, s *store.Layo
 			if err := yaml.Unmarshal(doc, &cfg); err != nil {
 				return err
 			}
-
+			a := cfg.GetAnnotations()
 			for _, i := range cfg.Spec.Images {
+
+				// Check if the user provided a registry.  If a registry is provided in the annotation, use it for the images that don't have a registry in their ref name.
+				if a[consts.ImageAnnotationRegistry] != "" {
+					newRef,_ := reference.Parse(i.Name)
+					if newRef.Context().RegistryStr() == "" {
+						newRef,_ = reference.Relocate(i.Name, a[consts.ImageAnnotationRegistry])
+					}
+					i.Name = newRef.Name()
+				}
 
-				// Check if the user provided a key.
-				if o.Key != "" || i.Key != "" {
-					key := o.Key
+				// Check if the user provided a key.  The flag from the CLI takes precedence over the annotation.  The individual image key takes precedence over both.
+				if a[consts.ImageAnnotationKey] != "" || o.Key != "" || i.Key != "" {
+					key := o.Key // cli flag
+					// if no cli flag but there was an annotation, use the annotation.
+					if o.Key == "" && a[consts.ImageAnnotationKey] != "" {
+						key, err = homedir.Expand(a[consts.ImageAnnotationKey])
+					}
+					// the individual image key trumps all
 					if i.Key != "" {
 						key, err = homedir.Expand(i.Key)
 					}
@@ -157,12 +172,18 @@ func processContent(ctx context.Context, fi *os.File, o *SyncOpts, s *store.Layo
 					l.Infof("signature verified for image [%s]", i.Name)
 				}
 
-				// Check if the user provided a platform.
-				platform := o.Platform
+				// Check if the user provided a platform.  The flag from the CLI takes precedence over the annotation.  The individual image platform takes precedence over both.
+				platform := o.Platform // cli flag
+				// if no cli flag but there was an annotation, use the annotation.
+				if o.Platform == "" && a[consts.ImageAnnotationPlatform] != "" {
+					platform = a[consts.ImageAnnotationPlatform]
+				}
+				// the individual image platform trumps all
 				if i.Platform != "" {
 					platform = i.Platform
 				}
-
+				l.Debugf("platform for image [%s]", platform)
+
 				err = storeImage(ctx, s, i, platform)
 				if err != nil {
 					return err

diff --git a/pkg/consts/consts.go b/pkg/consts/consts.go
@@ -51,4 +51,7 @@ const (
 	KindAnnotation     = "dev.cosignproject.cosign/image"
 
 	CarbideRegistry = "rgcrprod.azurecr.us"
+	ImageAnnotationKey = "hauler.dev/key"
+	ImageAnnotationPlatform = "hauler.dev/platform"
+	ImageAnnotationRegistry = "hauler.dev/registry"
 )
diff --git a/pkg/cosign/cosign.go b/pkg/cosign/cosign.go
@@ -43,6 +43,7 @@ func VerifySignature(ctx context.Context, s *store.Layout, keyPath string, ref s
 
 // SaveImage saves image and any signatures/attestations to the store.
 func SaveImage(ctx context.Context, s *store.Layout, ref string, platform string) error {
+	l := log.FromContext(ctx)
 	operation := func() error {
 		cosignBinaryPath, err := getCosignPath(ctx)
 		if err != nil {
@@ -58,6 +59,7 @@ func SaveImage(ctx context.Context, s *store.Layout, ref string, platform string
 		output, err := cmd.CombinedOutput()
 		if err != nil {
 			if strings.Contains(string(output), "specified reference is not a multiarch image") {
+				l.Debugf(fmt.Sprintf("specified image [%s] is not a multiarch image.  (choosing default)", ref))
 				// Rerun the command without the platform flag
 				cmd = exec.Command(cosignBinaryPath, "save", ref, "--dir", s.Root)
 				output, err = cmd.CombinedOutput()