diff options
Diffstat (limited to 'hooks/push')
| -rwxr-xr-x | hooks/push | 41 |
1 files changed, 41 insertions, 0 deletions
@@ -53,3 +53,44 @@ for manifest_list in "${manifest_lists[@]}"; do # Push the manifest list. docker manifest push --purge ${manifest_list} done + +# Avoid logging credentials and tokens. +set +ex + +# Delete the arch-specific tags, if credentials for doing so are available. +# Note that `DOCKER_PASSWORD` must be the actual user password. Passing a JWT +# obtained using a personal access token results in a 403 error with +# {"detail": "access to the resource is forbidden with personal access token"} +if [[ -z "${DOCKER_USERNAME}" || -z "${DOCKER_PASSWORD}" ]]; then + exit 0 +fi + +# Given a JSON input on stdin, extract the string value associated with the +# specified key. This avoids an extra dependency on a tool like `jq`. +extract() { + local key="$1" + # Extract "<key>":"<val>" (assumes key/val won't contain double quotes). + # The colon may have whitespace on either side. + grep -o "\"${key}\"[[:space:]]*:[[:space:]]*\"[^\"]\+\"" | + # Extract just <val> by deleting the last '"', and then greedily deleting + # everything up to '"'. + sed -e 's/"$//' -e 's/.*"//' +} + +echo ">>> Getting API token..." +jwt=$(curl -sS -X POST \ + -H "Content-Type: application/json" \ + -d "{\"username\":\"${DOCKER_USERNAME}\",\"password\": \"${DOCKER_PASSWORD}\"}" \ + "https://hub.docker.com/v2/users/login" | + extract 'token') + +# Strip the registry portion from `index.docker.io/user/repo`. +repo="${DOCKER_REPO#*/}" + +for arch in ${arches[@]}; do + tag="${DOCKER_TAG}-${arch}" + echo ">>> Deleting '${repo}:${tag}'..." + curl -sS -X DELETE \ + -H "Authorization: Bearer ${jwt}" \ + "https://hub.docker.com/v2/repositories/${repo}/tags/${tag}/" +done |