#!/bin/sh set -e echo "=== 🚀 Drone Publish Tool ===" echo "Image: ${IMAGE_FULL:-}" echo "Version: ${VERSION_TAG:-}" echo "--------------------------------------" # --- 🧩 0️⃣ Prüfung der Umgebungsvariablen --- REQUIRED_VARS="REGISTRY_URL DOCKER_USER DOCKER_PASS IMAGE_FULL VERSION_TAG" MISSING_VARS="" for VAR in $REQUIRED_VARS; do eval "VAL=\$$VAR" if [ -z "$VAL" ]; then MISSING_VARS="$MISSING_VARS $VAR" fi done if [ -n "$MISSING_VARS" ]; then echo "❌ Fehlende Umgebungsvariablen:$MISSING_VARS" exit 1 fi # --- 🔐 1️⃣ Login zur Registry --- echo "🔐 Logging in to registry $REGISTRY_URL ..." echo "$DOCKER_PASS" | docker login "$REGISTRY_URL" -u "$DOCKER_USER" --password-stdin >/dev/null echo "✅ Login successful." echo "--------------------------------------" # --- 📦 2️⃣ Digest ermitteln (wenn nicht vorhanden) --- if [ -z "$IMAGE_DIGEST" ]; then echo "🔍 Kein Digest übergeben – versuche, aktuellen Digest aus Registry zu holen..." IMAGE_NAME=$(echo "$IMAGE_FULL" | awk -F'/' '{print $NF}' | awk -F':' '{print $1}') DIGEST=$(curl -s -u "$DOCKER_USER:$DOCKER_PASS" -I \ -H "Accept: application/vnd.oci.image.manifest.v1+json" \ "$REGISTRY_URL/v2/public/$IMAGE_NAME/manifests/$VERSION_TAG" | \ grep -i Docker-Content-Digest | awk '{print $2}' | tr -d '\r') if [ -n "$DIGEST" ]; then IMAGE_DIGEST="$REGISTRY_URL/public/$IMAGE_NAME@$DIGEST" echo "✅ Digest gefunden: $IMAGE_DIGEST" else echo "❌ Konnte Digest nicht abrufen – bitte prüfen, ob Image in Registry vorhanden ist." exit 1 fi else echo "🔖 Digest bereits gesetzt: $IMAGE_DIGEST" fi echo "--------------------------------------" # --- ✍️ 3️⃣ Signieren --- if [ -n "$COSIGN_KEY" ]; then echo "🔏 Signing image using Cosign..." export COSIGN_PASSWORD="${COSIGN_PASSWORD:-}" cosign sign --yes --key env://COSIGN_KEY "$IMAGE_DIGEST" echo "✅ Image successfully signed." else echo "⚠️ Skipping signing step (no COSIGN_KEY provided)" fi echo "--------------------------------------" # --- 🏷️ 4️⃣ Gitea Release erstellen --- if [ -n "$GITEA_TOKEN" ] && [ -n "$GITEA_REPO" ] && [ -n "$GITEA_URL" ]; then echo "🏷️ Creating Gitea release for $VERSION_TAG..." RELEASE_BODY="Automatischer Release für $VERSION_TAG\n\nImage: $IMAGE_FULL\n\nDigest: $IMAGE_DIGEST" curl -sf -X POST "$GITEA_URL/api/v1/repos/$GITEA_REPO/releases" \ -H "Authorization: token $GITEA_TOKEN" \ -H "Content-Type: application/json" \ -d "{ \"tag_name\": \"$VERSION_TAG\", \"name\": \"Release $VERSION_TAG\", \"body\": \"$RELEASE_BODY\", \"draft\": false, \"prerelease\": false }" \ && echo "✅ Gitea release created." \ || echo "⚠️ Fehler beim Erstellen des Gitea-Releases." else echo "⚠️ Skipping Gitea release creation (missing GITEA vars)" fi echo "=== ✅ Done ==="