diff --git a/.circleci/test-deploy.yml b/.circleci/test-deploy.yml index c2387e4..9797dea 100644 --- a/.circleci/test-deploy.yml +++ b/.circleci/test-deploy.yml @@ -16,6 +16,7 @@ promotion_requires: &promotion_requires publish-docker-cache-not-found, publish-docker-with-buildkit, publish-docker-multiple-tags, + publish-docker-env-var-image-param, test-pull, test-install-docker-tools-docker-latest, test-install-docker-tools-docker-old, @@ -23,6 +24,9 @@ promotion_requires: &promotion_requires test-install-docker-tools-macos-old, test-install-docker-tools-machine-latest, test-install-docker-tools-machine-old, + test-install-docker-compose-with-checksums, + test-install-docker-compose-with-sha256, + test-install-docker-compose-with-checksums-and-sha256, test-docker-latest, test-docker-old, test-macos-latest, @@ -210,6 +214,32 @@ jobs: debug: <> dockerfile: <> treat-warnings-as-errors: <> + test-install-docker-compose: + parameters: + docker-compose-version: + type: string + default: latest + description: > + Version of `docker-compose` to install, defaults to the latest stable release. + If specifying a version other than latest, provide a full release tag, + as listed at https://github.com/docker/compose/releases or + https://api.github.com/repos/docker/compose/releases, e.g., `1.23.1`. + + install-dir: + type: string + default: /usr/local/bin + description: > + Directory in which to install `docker-compose` + executor: + type: executor + + executor: << parameters.executor >> + + steps: + - docker/install-docker + - docker/install-docker-compose: + version: << parameters.docker-compose-version>> + install-dir: << parameters.install-dir>> workflows: test-deploy: @@ -236,6 +266,23 @@ workflows: - test-build-with-args: filters: *filters + # begin test-install-docker-compose + - test-install-docker-compose: + name: test-install-docker-compose-with-checksums + executor: docker-latest + filters: *filters + - test-install-docker-compose: + name: test-install-docker-compose-with-sha256 + docker-compose-version: v2.0.1 + executor: docker-latest + filters: *filters + - test-install-docker-compose: + name: test-install-docker-compose-with-checksums-and-sha256 + docker-compose-version: v2.9.0 + executor: docker-latest + filters: *filters + # end test-install-docker-compose + # begin test-check-command - test-check-command: name: test-check-command-docker @@ -389,6 +436,21 @@ workflows: docker-password: DOCKER_PASS use-docker-credentials-store: true filters: *filters + - docker/publish: + pre-steps: + - run: echo 'export DOCKER_USERNAME=cpeorbtesting' >> $BASH_ENV + - run: echo 'export DOCKER_NAME=docker-orb-test' >> $BASH_ENV + name: publish-docker-env-var-image-param + executor: docker-latest + context: CPE-orb-docker-testing + use-remote-docker: true + dockerfile: test.Dockerfile + image: $DOCKER_USERNAME/$DOCKER_NAME + tag: $CIRCLE_SHA1,$CIRCLE_BUILD_NUM + docker-username: DOCKER_USER + docker-password: DOCKER_PASS + use-docker-credentials-store: true + filters: *filters # end docker/publish # begin test-install-docker-tools @@ -441,10 +503,10 @@ workflows: executors: macos-old: macos: - xcode: 10.3.0 + xcode: 11.7.0 macos-latest: macos: - xcode: 13.1.0 + xcode: 14.0.0 docker-old: docker: - image: cimg/base:2020.08-20.04 diff --git a/src/@orb.yml b/src/@orb.yml index 7d76978..187784c 100644 --- a/src/@orb.yml +++ b/src/@orb.yml @@ -8,6 +8,5 @@ display: source_url: https://github.com/CircleCI-Public/docker-orb orbs: - bt: circleci/build-tools@2.6.3 - jq: circleci/jq@2.0 - orb-tools: circleci/orb-tools@9.1 + bt: circleci/build-tools@3.0 + jq: circleci/jq@2.2 diff --git a/src/commands/check.yml b/src/commands/check.yml index b9b31ea..bfc98b0 100644 --- a/src/commands/check.yml +++ b/src/commands/check.yml @@ -29,12 +29,6 @@ parameters: This option is only supported on Ubuntu/Debian/macOS platforms. steps: - - orb-tools/check-env-var-param: - param: <> - - - orb-tools/check-env-var-param: - param: <> - - when: condition: <> steps: diff --git a/src/commands/install-docker-compose.yml b/src/commands/install-docker-compose.yml index 3afa327..ac9be65 100644 --- a/src/commands/install-docker-compose.yml +++ b/src/commands/install-docker-compose.yml @@ -10,7 +10,8 @@ parameters: Version of `docker-compose` to install, defaults to the latest stable release. If specifying a version other than latest, provide a full release tag, as listed at https://github.com/docker/compose/releases or - https://api.github.com/repos/docker/compose/releases, e.g., `1.23.1`. + https://api.github.com/repos/docker/compose/releases, e.g., `v2.10.0`. + Only versions equal or above v2.0.1 are supported. install-dir: type: string diff --git a/src/commands/update-description.yml b/src/commands/update-description.yml index 44c444a..57f38aa 100644 --- a/src/commands/update-description.yml +++ b/src/commands/update-description.yml @@ -36,6 +36,7 @@ parameters: Name of environment variable storing your Docker password steps: + - jq/install - run: name: Update description environment: diff --git a/src/scripts/install-docker-compose.sh b/src/scripts/install-docker-compose.sh index 2a82b4e..6944ec7 100644 --- a/src/scripts/install-docker-compose.sh +++ b/src/scripts/install-docker-compose.sh @@ -29,7 +29,7 @@ if command -v docker-compose &> /dev/null; then exit 0 else echo "A different version of docker-compose is installed ($(docker-compose --version)); removing it" - $SUDO rm -f "$(command -v docker-compose)"1 + $SUDO rm -f "$(command -v docker-compose)" fi fi @@ -42,31 +42,44 @@ else fi DOCKER_COMPOSE_BASE_URL="https://github.com/docker/compose/releases/download/$DOCKER_COMPOSE_VERSION" -DOCKER_COMPOSE_SHASUM_URL="$DOCKER_COMPOSE_BASE_URL/docker-compose-$PLATFORM-x86_64.sha256" +DOCKER_COMPOSE_RELEASES_HTML="$(curl -Ls --fail --retry 3 "https://github.com/docker/compose/releases/tag/$DOCKER_COMPOSE_VERSION")" +DOCKER_COMPOSE_RELEASE="docker-compose-$PLATFORM-x86_64" +DOCKER_SHASUM_FILENAME="checksum.txt" -# download binary and shasum -curl -O \ - --silent --show-error --location --fail --retry 3 \ - "$DOCKER_COMPOSE_SHASUM_URL" +# since v2.10.0, docker-compose doesn't have a ".sha256" file +# so we need to use the "checksums.txt" file instead +if grep --quiet "checksums.txt" <<< "$DOCKER_COMPOSE_RELEASES_HTML"; then + printf '%s\n' "Downloading \"checksums.txt\" to verify the binary's integrity." -FILENAME=$(cat docker-compose-$PLATFORM-x86_64.sha256 | awk '{ print $NF }' | sed 's/^\*//') + curl -o "$DOCKER_SHASUM_FILENAME" \ + --silent --location --retry 3 \ + "$DOCKER_COMPOSE_BASE_URL/checksums.txt" +else + printf '%s\n' "Downloading \"$DOCKER_COMPOSE_RELEASE.sha256\" to verify the binary's integrity." + + curl -o "$DOCKER_SHASUM_FILENAME" \ + --silent --location --retry 3 \ + "$DOCKER_COMPOSE_BASE_URL/$DOCKER_COMPOSE_RELEASE.sha256" +fi -curl -O \ - --silent --show-error --location --fail --retry 3 \ - "$DOCKER_COMPOSE_BASE_URL/$FILENAME" +# download docker-compose binary +curl -o "$DOCKER_COMPOSE_RELEASE" \ + --location --retry 3 \ + "$DOCKER_COMPOSE_BASE_URL/$DOCKER_COMPOSE_RELEASE" +# verify binary integrity using SHA-256 checksum set +e -grep "$FILENAME" docker-compose-$PLATFORM-x86_64.sha256 | sha256sum -c - +grep "$DOCKER_COMPOSE_RELEASE" "$DOCKER_SHASUM_FILENAME" | sha256sum -c - SHASUM_SUCCESS=$? set -e if [[ "$SHASUM_SUCCESS" -ne 0 ]]; then - echo "Checksum validation failed for $FILENAME" + echo "Checksum validation failed for $DOCKER_COMPOSE_RELEASE" exit 1 fi # install docker-compose -$SUDO mv "$FILENAME" "$PARAM_INSTALL_DIR"/docker-compose +$SUDO mv "$DOCKER_COMPOSE_RELEASE" "$PARAM_INSTALL_DIR"/docker-compose $SUDO chmod +x "$PARAM_INSTALL_DIR"/docker-compose # verify version diff --git a/src/scripts/push.sh b/src/scripts/push.sh index ff63613..7bee301 100644 --- a/src/scripts/push.sh +++ b/src/scripts/push.sh @@ -2,14 +2,19 @@ IFS="," read -ra DOCKER_TAGS <<< "$PARAM_TAG" +image="$(eval echo "$PARAM_IMAGE")" + for docker_tag in "${DOCKER_TAGS[@]}"; do tag=$(eval echo "$docker_tag") - docker push "$PARAM_REGISTRY"/"$PARAM_IMAGE":"$tag" + + set -x + docker push "$PARAM_REGISTRY"/"$image":"$tag" + set +x done if [ -n "$PARAM_DIGEST_PATH" ]; then mkdir -p "$(dirname "$PARAM_DIGEST_PATH")" IFS="," read -ra DOCKER_TAGS <<< "$PARAM_TAG" tag=$(eval echo "${DOCKER_TAGS[0]}") - docker image inspect --format="{{index .RepoDigests 0}}" "$PARAM_REGISTRY"/"$PARAM_IMAGE":"$tag" > "$PARAM_DIGEST_PATH" + docker image inspect --format="{{index .RepoDigests 0}}" "$PARAM_REGISTRY"/"$image":"$tag" > "$PARAM_DIGEST_PATH" fi \ No newline at end of file diff --git a/src/scripts/update-description.sh b/src/scripts/update-description.sh index a1006c9..69638cd 100644 --- a/src/scripts/update-description.sh +++ b/src/scripts/update-description.sh @@ -7,13 +7,14 @@ fi USERNAME=${!PARAM_DOCKER_USERNAME} PASSWORD=${!PARAM_DOCKER_PASSWORD} +IMAGE="$(eval echo "$PARAM_IMAGE")" DESCRIPTION="$PARAM_PATH/$PARAM_README" PAYLOAD="username=$USERNAME&password=$PASSWORD" JWT=$(curl -s -d "$PAYLOAD" https://hub.docker.com/v2/users/login/ | jq -r .token) HEADER="Authorization: JWT $JWT" -URL="https://hub.docker.com/v2/repositories/$PARAM_IMAGE/" -STATUS=$(curl -s -o /dev/null -w '%{http_code}' -X PATCH -H "$HEADER" --data-urlencode full_description@$DESCRIPTION $URL) +URL="https://hub.docker.com/v2/repositories/$IMAGE/" +STATUS=$(curl -s -o /dev/null -w '%{http_code}' -X PATCH -H "$HEADER" -H 'Content-type: application/json' --data "{\"full_description\": $(jq -Rs '.' $DESCRIPTION)}" $URL) if [ $STATUS -ne 200 ]; then echo "Could not update image description"