diff --git a/cmd/hauler/cli/store/sync.go b/cmd/hauler/cli/store/sync.go index 44877d44..6d8cb0df 100644 --- a/cmd/hauler/cli/store/sync.go +++ b/cmd/hauler/cli/store/sync.go @@ -8,12 +8,11 @@ import ( "os" "strings" + "github.com/mitchellh/go-homedir" "github.com/spf13/cobra" "helm.sh/helm/v3/pkg/action" "k8s.io/apimachinery/pkg/util/yaml" - "github.com/mitchellh/go-homedir" - "github.com/rancherfederal/hauler/pkg/store" "github.com/rancherfederal/hauler/pkg/apis/hauler.cattle.io/v1alpha1" tchart "github.com/rancherfederal/hauler/pkg/collection/chart" "github.com/rancherfederal/hauler/pkg/collection/imagetxt" @@ -22,6 +21,8 @@ import ( "github.com/rancherfederal/hauler/pkg/content" "github.com/rancherfederal/hauler/pkg/cosign" "github.com/rancherfederal/hauler/pkg/log" + "github.com/rancherfederal/hauler/pkg/reference" + "github.com/rancherfederal/hauler/pkg/store" ) type SyncOpts struct { @@ -137,12 +138,26 @@ func processContent(ctx context.Context, fi *os.File, o *SyncOpts, s *store.Layo if err := yaml.Unmarshal(doc, &cfg); err != nil { return err } - + a := cfg.GetAnnotations() for _, i := range cfg.Spec.Images { + + // Check if the user provided a registry. If a registry is provided in the annotation, use it for the images that don't have a registry in their ref name. + if a[consts.ImageAnnotationRegistry] != "" { + newRef,_ := reference.Parse(i.Name) + if newRef.Context().RegistryStr() == "" { + newRef,_ = reference.Relocate(i.Name, a[consts.ImageAnnotationRegistry]) + } + i.Name = newRef.Name() + } - // Check if the user provided a key. - if o.Key != "" || i.Key != "" { - key := o.Key + // Check if the user provided a key. The flag from the CLI takes precedence over the annotation. The individual image key takes precedence over both. + if a[consts.ImageAnnotationKey] != "" || o.Key != "" || i.Key != "" { + key := o.Key // cli flag + // if no cli flag but there was an annotation, use the annotation. + if o.Key == "" && a[consts.ImageAnnotationKey] != "" { + key, err = homedir.Expand(a[consts.ImageAnnotationKey]) + } + // the individual image key trumps all if i.Key != "" { key, err = homedir.Expand(i.Key) } @@ -157,12 +172,18 @@ func processContent(ctx context.Context, fi *os.File, o *SyncOpts, s *store.Layo l.Infof("signature verified for image [%s]", i.Name) } - // Check if the user provided a platform. - platform := o.Platform + // Check if the user provided a platform. The flag from the CLI takes precedence over the annotation. The individual image platform takes precedence over both. + platform := o.Platform // cli flag + // if no cli flag but there was an annotation, use the annotation. + if o.Platform == "" && a[consts.ImageAnnotationPlatform] != "" { + platform = a[consts.ImageAnnotationPlatform] + } + // the individual image platform trumps all if i.Platform != "" { platform = i.Platform } - + l.Debugf("platform for image [%s]", platform) + err = storeImage(ctx, s, i, platform) if err != nil { return err diff --git a/pkg/consts/consts.go b/pkg/consts/consts.go index f3efd804..a3853e2d 100644 --- a/pkg/consts/consts.go +++ b/pkg/consts/consts.go @@ -51,4 +51,7 @@ const ( KindAnnotation = "dev.cosignproject.cosign/image" CarbideRegistry = "rgcrprod.azurecr.us" + ImageAnnotationKey = "hauler.dev/key" + ImageAnnotationPlatform = "hauler.dev/platform" + ImageAnnotationRegistry = "hauler.dev/registry" ) diff --git a/pkg/cosign/cosign.go b/pkg/cosign/cosign.go index 20dfbabb..dbd0703c 100644 --- a/pkg/cosign/cosign.go +++ b/pkg/cosign/cosign.go @@ -43,6 +43,7 @@ func VerifySignature(ctx context.Context, s *store.Layout, keyPath string, ref s // SaveImage saves image and any signatures/attestations to the store. func SaveImage(ctx context.Context, s *store.Layout, ref string, platform string) error { + l := log.FromContext(ctx) operation := func() error { cosignBinaryPath, err := getCosignPath(ctx) if err != nil { @@ -58,6 +59,7 @@ func SaveImage(ctx context.Context, s *store.Layout, ref string, platform string output, err := cmd.CombinedOutput() if err != nil { if strings.Contains(string(output), "specified reference is not a multiarch image") { + l.Debugf(fmt.Sprintf("specified image [%s] is not a multiarch image. (choosing default)", ref)) // Rerun the command without the platform flag cmd = exec.Command(cosignBinaryPath, "save", ref, "--dir", s.Root) output, err = cmd.CombinedOutput()