Sheogorath · Sheogorath · Sheogorath · Sheogorath · Sheogorath · Sheogorath
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
 include:
-  local: /gitlab-ci-template.yml
+  - local: /gitlab-ci-template.yml
+  - local: /resources/shell-tools/.gitlab-ci.yml

 stages:
+  - shell-tools-lint
+  - shell-tools-test
  - build
  - test
  - tag

--- a/Dockerfile
+++ b/Dockerfile
-FROM docker.io/library/fedora:32
+FROM docker.io/library/fedora:35

 COPY resources/storage.conf /etc/containers/

-ARG SI_TOOLS_VERSION=master
+COPY resources/shell-tools/ /shell-tools

 RUN true\
   && dnf -y upgrade \
   && dnf -y install podman buildah findutils git \
   && dnf clean all \
   && sed -e 's/.* cgroup_manager =.*/cgroup_manager = "cgroupfs"/' /usr/share/containers/containers.conf > /etc/containers/containers.conf \
-   && git clone -b "$SI_TOOLS_VERSION" --depth=3 https://git.shivering-isles.com/shivering-isles/shell-tools.git ./shell-tools \
-   && ./shell-tools/install.sh \
-   && rm -rf ./shell-tools \
+   && /shell-tools/install.sh \
   && true

 CMD ["/bin/bash"]
--- a/gitlab-ci-template.yml
+++ b/gitlab-ci-template.yml
@@ -7,6 +7,8 @@ variables:

 container-build:
  stage: build
+  variables:
+    CI_REGISTRY_CONTAINER_FORMAT: "docker"
  inherit:
    default: false
    variables:
@@ -24,19 +26,21 @@ container-build:
    - export VCS_URL=$CI_PROJECT_URL
  script:
    - si-fix "${CI_REGISTRY_BUILD_DOCKERFILE:-./Dockerfile}"
-    - podman build --pull $CI_REGISTRY_BUILD_ARGS -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA" .
+    - podman build --pull --format "$CI_REGISTRY_CONTAINER_FORMAT"
+      --label "org.opencontainers.image.source=$CI_PROJECT_URL"
+      --label "org.opencontainers.image.revision=$CI_COMMIT_SHA"
+      --label "org.opencontainers.image.created=$(date --rfc-3339 ns)"
+      --label "org.opencontainers.image.title=$CI_PROJECT_TITLE"
+      $CI_REGISTRY_BUILD_ARGS
+      -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA"
+      .
    - podman push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA"

 container-tagging:
  stage: tag
  inherit:
    default: false
-    variables:
-      - CI_REGISTRY
-      - CI_REGISTRY_USER
-      - CI_REGISTRY_PASSWORD
-      - CI_REGISTRY_IMAGE
-      - CI_REGISTRY_IMAGE_VERSION
+    variables: true
  image: quay.io/sheogorath/build-ah-engine:1.3.0
  before_script:
    - podman login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY

--- a/resources/shell-tools/.gitlab-ci.yml
+++ b/resources/shell-tools/.gitlab-ci.yml
+stages:
+  - shell-tools-lint
+  - shell-tools-test
+
+
+shell-tools-shellcheck:
+  image: docker.io/library/fedora:35
+  stage: shell-tools-lint
+  before_script:
+    - dnf install -y ShellCheck
+  script:
+    - shellcheck ./resources/shell-tools/**/*.sh
+
+shell-tools-test:
+  image: $CI_REGISTRY_IMAGE:latest
+  stage: shell-tools-test
+  script:
+    - ./resources/shell-tools/test/latest.sh
+    - ./resources/shell-tools/test/fix-dockerfile-pinning.sh
--- a/resources/shell-tools/bin/fix-dockerfile.sh
+++ b/resources/shell-tools/bin/fix-dockerfile.sh
+#!/bin/bash
+
+set -o pipefail
+set -u
+set -e
+
+VERSION=0.1.0
+
+printVersion() {
+    echo "$VERSION"
+}
+
+printUsage() {
+    printVersion
+    echo "
+    Shivering-Isles fix Dockerfile tool
+
+    This tool fix the Dockerfile for podman to be able to handle pinned tags properly
+
+    Usage of $0:
+        $0 [<DOCKERFILE>]
+
+    Example:
+        $0 ./Dockerfile
+    "
+    exit 1
+}
+
+CONTAINER_CMD=podman
+
+
+if ! command -v "$CONTAINER_CMD" >/dev/null 2>&1; then
+    CONTAINER_CMD=docker
+fi
+
+for i in "$@"
+do
+case $i in
+    --container-cmd=*)
+    CONTAINER_CMD="${i#*=}"
+    shift # past argument with no value
+    ;;
+    -v|--version)
+    printVersion
+    exit 0
+    shift # past argument with no value
+    ;;
+    -h|--help)
+    printUsage
+    shift
+    ;;
+    *)
+          # further/unknown options
+    ;;
+esac
+done
+
+if [ "$CONTAINER_CMD" != "podman" ]; then
+  exit 0
+fi
+
+DOCKERFILE="${1:-./Dockerfile}"
+
+sed -Ei 's/^(FROM [^/]+(\/[^/:]+)+)(:[^@]+)@/\1@/g' "$DOCKERFILE"
--- a/resources/shell-tools/bin/push.sh
+++ b/resources/shell-tools/bin/push.sh
+#!/bin/bash
+
+set -o pipefail
+set -u
+set -e
+
+VERSION=0.1.0
+
+printVersion() {
+    echo "$VERSION"
+}
+
+printUsage() {
+    printVersion
+    echo "
+    Shivering-Isles push tool
+
+    This tool will push all tagged versions of a container image upstream
+
+    Usage of $0:
+        $0 <IMAGE REFERENCE>
+
+    Example:
+        $0 registry.example.com/example/app
+    "
+    exit 1
+}
+
+CONTAINER_CMD=podman
+
+
+if ! command -v "$CONTAINER_CMD" >/dev/null 2>&1; then
+    CONTAINER_CMD=docker
+fi
+
+if [ "$1" = "--help" ]; then
+    printUsage
+fi
+
+for i in "$@"
+do
+case $i in
+    --container-cmd=*)
+    CONTAINER_CMD="${i#*=}"
+    shift # past argument with no value
+    ;;
+    -v|--version)
+    printVersion
+    exit 0
+    shift # past argument with no value
+    ;;
+    -h|--help)
+    printUsage
+    shift
+    ;;
+    *)
+          # further/unknown options
+    ;;
+esac
+done
+
+CONTAINER_IMAGE_NAME=${1:-invalid}
+
+if [ "$CONTAINER_IMAGE_NAME" = "invalid" ]; then
+    echo "Error: Invalid image name" >&2
+    printUsage
+fi
+
+# shellcheck disable=SC2086
+$CONTAINER_CMD images --format "{{.Repository}}:{{.Tag}}" "$CONTAINER_IMAGE_NAME" | grep "$CONTAINER_IMAGE_NAME" | xargs -L 1 $CONTAINER_CMD push
--- a/resources/shell-tools/bin/tagging.sh
+++ b/resources/shell-tools/bin/tagging.sh
+#!/bin/bash
+
+set -o pipefail
+set -u
+set -e
+
+VERSION=0.1.0
+
+printVersion() {
+    echo "$VERSION"
+}
+
+printUsage() {
+    printVersion
+    echo "
+    Shivering-Isles tagging tool
+
+    Usage of $0:
+        $0 <IMAGE REFERENCE> <PREFIX> <VERSION> <SUFFIX>
+
+    Example:
+        $0 myimage:test myApp 2.0.24 alpine
+    "
+    exit 1
+}
+
+CONTAINER_CMD=podman
+PREFIX=""
+SUFFIX=""
+LATEST=0
+
+
+if ! command -v "$CONTAINER_CMD" >/dev/null 2>&1; then
+    CONTAINER_CMD=docker
+fi
+
+if [ "$1" = "--help" ]; then
+    printUsage
+fi
+
+for i in "$@"
+do
+case $i in
+    -p=*|--prefix=*)
+    PREFIX="${i#*=}"
+    shift
+    ;;
+    -s=*|--suffix=*)
+    SUFFIX="${i#*=}"
+    shift # past argument=value
+    ;;
+    -l|--latest)
+    LATEST=1
+    shift # past argument=value
+    ;;
+    --container-cmd=*)
+    CONTAINER_CMD="${i#*=}"
+    shift # past argument with no value
+    ;;
+    -v|--version)
+    printVersion
+    exit 0
+    shift # past argument with no value
+    ;;
+    -h|--help)
+    printUsage
+    shift
+    ;;
+    *)
+          # further/unknown options
+    ;;
+esac
+done
+
+CURRENT_IMAGE_REFERENCE=${1:-invalid}
+TARGET_IMAGE_NAME=${2:-invalid}
+TARGET_IMAGE_VERSION=${3:-invalid}
+
+if [ "$CURRENT_IMAGE_REFERENCE" = "invalid" ] || [ "$TARGET_IMAGE_NAME" = "invalid" ] || [ "$TARGET_IMAGE_VERSION" = "invalid" ]; then
+    echo "Error: Invalid image name or version" >&2
+    printUsage
+fi
+
+counter=1
+new_version="$(echo "$TARGET_IMAGE_VERSION" | cut -d. -f$counter)"
+last_version=""
+while [ "$last_version" != "$new_version" ]; do
+    $CONTAINER_CMD tag "$CURRENT_IMAGE_REFERENCE" "${TARGET_IMAGE_NAME}:${PREFIX}${new_version}${SUFFIX}"
+    last_version="$new_version"
+    ((counter++))
+    new_version="$(echo "$TARGET_IMAGE_VERSION" | cut -d. "-f-$counter")"
+done
+
+if [ "$LATEST" = "1" ]; then
+    $CONTAINER_CMD tag "$CURRENT_IMAGE_REFERENCE" "${TARGET_IMAGE_NAME}:latest"
+fi
--- a/resources/shell-tools/install.sh
+++ b/resources/shell-tools/install.sh
+#!/bin/bash
+
+BASENAME="$(dirname "$0")"
+
+cp "$BASENAME"/./bin/tagging.sh /usr/local/bin/si-tagging
+cp "$BASENAME"/./bin/push.sh /usr/local/bin/si-push
+cp "$BASENAME"/./bin/fix-dockerfile.sh /usr/local/bin/si-fix
+chown root:root /usr/local/bin/si-tagging
+chown root:root /usr/local/bin/si-push
+chown root:root /usr/local/bin/si-fix
+chmod 0755 /usr/local/bin/si-tagging
+chmod 0755 /usr/local/bin/si-push
+chmod 0755 /usr/local/bin/si-fix
--- a/resources/shell-tools/test/fix-dockerfile-pinning.sh
+++ b/resources/shell-tools/test/fix-dockerfile-pinning.sh
+#!/bin/bash
+
+set -o pipefail
+set -u
+
+BASEDIR=$(dirname "$0")
+
+TEST_DOCKERFILE="$(mktemp)"
+
+cat >"$TEST_DOCKERFILE" <<EOF
+FROM docker.io/library/haproxy:1.9.15-alpine@sha256:1da27f6d19b52d85c3c31412f2e387be54b4cddba938d68ec6b24775bd89d75c
+FROM docker.io/library/haproxy:1.9.15-alpine
+EOF
+
+"$BASEDIR"/../bin/fix-dockerfile.sh "$TEST_DOCKERFILE"
+
+TEST_VERIFY_DOCKERFILE="$(mktemp)"
+cat >"$TEST_VERIFY_DOCKERFILE" <<EOF
+FROM docker.io/library/haproxy@sha256:1da27f6d19b52d85c3c31412f2e387be54b4cddba938d68ec6b24775bd89d75c
+FROM docker.io/library/haproxy:1.9.15-alpine
+EOF
+
+diff "$TEST_DOCKERFILE" "$TEST_VERIFY_DOCKERFILE"
+
+EXIT_CODE=$?
+
+rm -f "$TEST_DOCKERFILE" "$TEST_VERIFY_DOCKERFILE"
+
+exit $EXIT_CODE
--- a/resources/shell-tools/test/latest.sh
+++ b/resources/shell-tools/test/latest.sh
+#!/bin/bash
+
+set -o pipefail
+set -u
+
+BASEDIR=$(dirname "$0")
+
+podman build -t mytest-latest:test -f- <<EOF
+FROM scratch
+EOF
+
+TEST_OUTPUT="$(mktemp)"
+TEST_VERIFY_OUTPUT="$(mktemp)"
+
+"$BASEDIR"/../bin/tagging.sh -l mytest-latest:test registry.example.com/latest-test 1.2.3
+
+podman images --format "{{.Repository}}:{{.Tag}}" registry.example.com/latest-test | grep registry.example.com/latest-test > "$TEST_OUTPUT" 2>&1
+podman images --format "{{.Repository}}:{{.Tag}}"  registry.example.com/latest-test | grep registry.example.com/latest-test
+
+cat >"$TEST_VERIFY_OUTPUT" <<EOF
+registry.example.com/latest-test:1
+registry.example.com/latest-test:1.2
+registry.example.com/latest-test:1.2.3
+registry.example.com/latest-test:latest
+EOF
+
+diff "$TEST_OUTPUT" "$TEST_VERIFY_OUTPUT"
+
+EXIT_CODE=$?
+
+rm -f "$TEST_OUTPUT" "$TEST_VERIFY_OUTPUT"
+podman rmi -f "$(podman images -q mytest-latest:test)"
+
+
+exit $EXIT_CODE