Patrick Gniza
61adca7361
All checks were successful
continuous-integration/drone/push Build is passing
87 lines
2.9 KiB
Bash
87 lines
2.9 KiB
Bash
#!/bin/sh
|
||
set -e
|
||
|
||
echo "=== 🚀 Drone Publish Tool ==="
|
||
echo "Image: ${IMAGE_FULL:-<unset>}"
|
||
echo "Version: ${VERSION_TAG:-<unset>}"
|
||
echo "--------------------------------------"
|
||
|
||
# --- 🧩 0️⃣ Prüfung der Umgebungsvariablen ---
|
||
REQUIRED_VARS="REGISTRY_URL DOCKER_USER DOCKER_PASS IMAGE_FULL VERSION_TAG"
|
||
MISSING_VARS=""
|
||
|
||
for VAR in $REQUIRED_VARS; do
|
||
eval "VAL=\$$VAR"
|
||
if [ -z "$VAL" ]; then
|
||
MISSING_VARS="$MISSING_VARS $VAR"
|
||
fi
|
||
done
|
||
|
||
if [ -n "$MISSING_VARS" ]; then
|
||
echo "❌ Fehlende Umgebungsvariablen:$MISSING_VARS"
|
||
exit 1
|
||
fi
|
||
|
||
# --- 🔐 1️⃣ Login zur Registry ---
|
||
echo "🔐 Logging in to registry $REGISTRY_URL ..."
|
||
echo "$DOCKER_PASS" | docker login "$REGISTRY_URL" -u "$DOCKER_USER" --password-stdin >/dev/null
|
||
echo "✅ Login successful."
|
||
echo "--------------------------------------"
|
||
|
||
# --- 📦 2️⃣ Digest ermitteln (wenn nicht vorhanden) ---
|
||
if [ -z "$IMAGE_DIGEST" ]; then
|
||
echo "🔍 Kein Digest übergeben – versuche, aktuellen Digest aus Registry zu holen..."
|
||
IMAGE_NAME=$(echo "$IMAGE_FULL" | awk -F'/' '{print $NF}' | awk -F':' '{print $1}')
|
||
DIGEST=$(curl -s -u "$DOCKER_USER:$DOCKER_PASS" -I \
|
||
-H "Accept: application/vnd.oci.image.manifest.v1+json" \
|
||
"$REGISTRY_URL/v2/public/$IMAGE_NAME/manifests/$VERSION_TAG" | \
|
||
grep -i Docker-Content-Digest | awk '{print $2}' | tr -d '\r')
|
||
|
||
if [ -n "$DIGEST" ]; then
|
||
IMAGE_DIGEST="$REGISTRY_URL/public/$IMAGE_NAME@$DIGEST"
|
||
echo "✅ Digest gefunden: $IMAGE_DIGEST"
|
||
else
|
||
echo "❌ Konnte Digest nicht abrufen – bitte prüfen, ob Image in Registry vorhanden ist."
|
||
exit 1
|
||
fi
|
||
else
|
||
echo "🔖 Digest bereits gesetzt: $IMAGE_DIGEST"
|
||
fi
|
||
echo "--------------------------------------"
|
||
|
||
# --- ✍️ 3️⃣ Signieren ---
|
||
if [ -n "$COSIGN_KEY" ]; then
|
||
echo "🔏 Signing image using Cosign..."
|
||
export COSIGN_PASSWORD="${COSIGN_PASSWORD:-}"
|
||
|
||
cosign sign --yes --key env://COSIGN_KEY "$IMAGE_DIGEST"
|
||
|
||
echo "✅ Image successfully signed."
|
||
else
|
||
echo "⚠️ Skipping signing step (no COSIGN_KEY provided)"
|
||
fi
|
||
echo "--------------------------------------"
|
||
|
||
# --- 🏷️ 4️⃣ Gitea Release erstellen ---
|
||
if [ -n "$GITEA_TOKEN" ] && [ -n "$GITEA_REPO" ] && [ -n "$GITEA_URL" ]; then
|
||
echo "🏷️ Creating Gitea release for $VERSION_TAG..."
|
||
|
||
RELEASE_BODY="Automatischer Release für $VERSION_TAG\n\nImage: $IMAGE_FULL\n\nDigest: $IMAGE_DIGEST"
|
||
curl -sf -X POST "$GITEA_URL/api/v1/repos/$GITEA_REPO/releases" \
|
||
-H "Authorization: token $GITEA_TOKEN" \
|
||
-H "Content-Type: application/json" \
|
||
-d "{
|
||
\"tag_name\": \"$VERSION_TAG\",
|
||
\"name\": \"Release $VERSION_TAG\",
|
||
\"body\": \"$RELEASE_BODY\",
|
||
\"draft\": false,
|
||
\"prerelease\": false
|
||
}" \
|
||
&& echo "✅ Gitea release created." \
|
||
|| echo "⚠️ Fehler beim Erstellen des Gitea-Releases."
|
||
else
|
||
echo "⚠️ Skipping Gitea release creation (missing GITEA vars)"
|
||
fi
|
||
|
||
echo "=== ✅ Done ==="
|