mirror of
				https://github.com/dani-garcia/vaultwarden.git
				synced 2025-10-26 16:00:02 +02:00 
			
		
		
		
	Clean up arch-specific tags if Docker Hub credentials are provided
This commit is contained in:
		| @@ -17,3 +17,4 @@ The current multi-arch image build relies on the original bitwarden_rs Dockerfil | |||||||
| * https://docs.docker.com/docker-hub/builds/advanced/ | * https://docs.docker.com/docker-hub/builds/advanced/ | ||||||
| * https://docs.docker.com/engine/reference/commandline/manifest/ | * https://docs.docker.com/engine/reference/commandline/manifest/ | ||||||
| * https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/ | * https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/ | ||||||
|  | * https://success.docker.com/article/how-do-i-authenticate-with-the-v2-api | ||||||
|   | |||||||
							
								
								
									
										41
									
								
								hooks/push
									
									
									
									
									
								
							
							
						
						
									
										41
									
								
								hooks/push
									
									
									
									
									
								
							| @@ -53,3 +53,44 @@ for manifest_list in "${manifest_lists[@]}"; do | |||||||
|     # Push the manifest list. |     # Push the manifest list. | ||||||
|     docker manifest push --purge ${manifest_list} |     docker manifest push --purge ${manifest_list} | ||||||
| done | done | ||||||
|  |  | ||||||
|  | # Avoid logging credentials and tokens. | ||||||
|  | set +ex | ||||||
|  |  | ||||||
|  | # Delete the arch-specific tags, if credentials for doing so are available. | ||||||
|  | # Note that `DOCKER_PASSWORD` must be the actual user password. Passing a JWT | ||||||
|  | # obtained using a personal access token results in a 403 error with | ||||||
|  | # {"detail": "access to the resource is forbidden with personal access token"} | ||||||
|  | if [[ -z "${DOCKER_USERNAME}" || -z "${DOCKER_PASSWORD}" ]]; then | ||||||
|  |     exit 0 | ||||||
|  | fi | ||||||
|  |  | ||||||
|  | # Given a JSON input on stdin, extract the string value associated with the | ||||||
|  | # specified key. This avoids an extra dependency on a tool like `jq`. | ||||||
|  | extract() { | ||||||
|  |     local key="$1" | ||||||
|  |     # Extract "<key>":"<val>" (assumes key/val won't contain double quotes). | ||||||
|  |     # The colon may have whitespace on either side. | ||||||
|  |     grep -o "\"${key}\"[[:space:]]*:[[:space:]]*\"[^\"]\+\"" | | ||||||
|  |     # Extract just <val> by deleting the last '"', and then greedily deleting | ||||||
|  |     # everything up to '"'. | ||||||
|  |     sed -e 's/"$//' -e 's/.*"//' | ||||||
|  | } | ||||||
|  |  | ||||||
|  | echo ">>> Getting API token..." | ||||||
|  | jwt=$(curl -sS -X POST \ | ||||||
|  |            -H "Content-Type: application/json" \ | ||||||
|  |            -d "{\"username\":\"${DOCKER_USERNAME}\",\"password\": \"${DOCKER_PASSWORD}\"}" \ | ||||||
|  |            "https://hub.docker.com/v2/users/login" | | ||||||
|  |       extract 'token') | ||||||
|  |  | ||||||
|  | # Strip the registry portion from `index.docker.io/user/repo`. | ||||||
|  | repo="${DOCKER_REPO#*/}" | ||||||
|  |  | ||||||
|  | for arch in ${arches[@]}; do | ||||||
|  |     tag="${DOCKER_TAG}-${arch}" | ||||||
|  |     echo ">>> Deleting '${repo}:${tag}'..." | ||||||
|  |     curl -sS -X DELETE \ | ||||||
|  |          -H "Authorization: Bearer ${jwt}" \ | ||||||
|  |          "https://hub.docker.com/v2/repositories/${repo}/tags/${tag}/" | ||||||
|  | done | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user