From 5b2412b02f45b4608fb0cf679e50c5df99c9f494 Mon Sep 17 00:00:00 2001 From: Saul Burgess Date: Thu, 12 Dec 2024 13:00:39 +0000 Subject: [PATCH] Hmmm --- .github/workflows/update-flux.yaml | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/.github/workflows/update-flux.yaml b/.github/workflows/update-flux.yaml index 6faf8278..ff531850 100644 --- a/.github/workflows/update-flux.yaml +++ b/.github/workflows/update-flux.yaml @@ -33,19 +33,31 @@ jobs: FILE="./kubernetes/infra/flux/gotk-components.yaml" TMP_FILE="./kubernetes/infra/flux/gotk-components.tmp.yaml" + # Read the YAML file line by line while IFS= read -r line; do - if [[ "$line" =~ image:\ (.+):([a-zA-Z0-9_.-]+)$ ]]; then + # Match lines with Docker images in the format: image: ghcr.io/fluxcd/source-controller:v1.4.1 + if [[ "$line" =~ image:\ ([^:]+):([a-zA-Z0-9_.-]+)$ ]]; then IMAGE="${BASH_REMATCH[1]}" TAG="${BASH_REMATCH[2]}" - DIGEST=$(skopeo inspect docker://$IMAGE:$TAG | jq -r '.Digest') - PINNED_IMAGE="$IMAGE:$TAG@$DIGEST" + # Fetch the digest using skopeo + DIGEST=$(skopeo inspect --no-tags docker://$IMAGE:$TAG | jq -r '.Digest') - line="${line//${BASH_REMATCH[0]}/image: $PINNED_IMAGE}" + # Ensure the digest was successfully retrieved + if [[ -n "$DIGEST" ]]; then + # Create the new image string with the digest + PINNED_IMAGE="$IMAGE:$TAG@$DIGEST" + + # Replace the line with the pinned image format + line="image: $PINNED_IMAGE" + else + echo "Failed to fetch digest for $IMAGE:$TAG" >&2 + fi fi echo "$line" >> "$TMP_FILE" done < "$FILE" + # Replace the original file with the updated file mv "$TMP_FILE" "$FILE" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}