lcarva/check-it.sh

## check-it.sh
#!/bin/bash

set -euo pipefail

function debug() {
    >&2 echo "DEBUG: ${1}"
}

function get_labels() {
    skopeo inspect --no-tags --config "docker://${1}" | jq '.config.Labels'
}

function process() {
    image="$1"
    result_f="$2"

    image_labels="$(get_labels $image)"
    image_name_label="$(echo "${image_labels}" | jq -r '.name')"
    image_component_label="$(echo "${image_labels}" | jq -r '.["com.redhat.component"]')"

    # skopeo doesn't allow querying an image when its reference includes a tag and a digest 😭
    # strip off the tag if there's one.
    parent_image="$(skopeo inspect --raw "docker://${image}" | \
        jq -r '.annotations | "\(.["org.opencontainers.image.base.name"])@\(.["org.opencontainers.image.base.digest"])"' | \
        sed 's/:.*@sha/@sha/'
    )"

    if [[ "$parent_image" == 'null@null' || "$parent_image" == '@' ]]; then
        printf "{\"image\": \"${image}\"}" > $result_f
        return
    fi

    parent_image_labels="$(get_labels $parent_image)"
    parent_image_name_label="$(echo "${parent_image_labels}" | jq -r '.name')"
    parent_image_component_label="$(echo "${parent_image_labels}" | jq -r '.["com.redhat.component"]')"

    failures=()
    if [[ "$image_name_label" == "$parent_image_name_label" && "$image_name_label" != 'null' ]]; then
        failures+=( 'name-label-not-unique' )
    fi

    if [[ "$image_component_label" == "$parent_image_component_label" && "$parent_image_name_label" != 'null' ]]; then
        failures+=( 'component-label-not-unique' )
    fi

    failures_json="$(jq --compact-output --null-input '$ARGS.positional' --args -- "${failures[@]}")"

    printf "{\"image\": \"${image}\", \"parent_image\": \"${parent_image}\", \"failures\": ${failures_json}}" > $result_f
}

results_dir="$(mktemp -d)"
while read image; do
    debug "Processing ${image}"
    result_file="${results_dir}/${image#*@sha256:}.json"
    process ${image} ${result_file} &
done

debug "Waiting for jobs to complete"
wait

cat "${results_dir}"/*.json | jq --slurp
	#!/bin/bash

	set -euo pipefail

	function debug() {
	>&2 echo "DEBUG: ${1}"
	}

	function get_labels() {
	skopeo inspect --no-tags --config "docker://${1}" \| jq '.config.Labels'
	}

	function process() {
	image="$1"
	result_f="$2"

	image_labels="$(get_labels $image)"
	image_name_label="$(echo "${image_labels}" \| jq -r '.name')"
	image_component_label="$(echo "${image_labels}" \| jq -r '.["com.redhat.component"]')"

	# skopeo doesn't allow querying an image when its reference includes a tag and a digest 😭
	# strip off the tag if there's one.
	parent_image="$(skopeo inspect --raw "docker://${image}" \| \
	jq -r '.annotations \| "\(.["org.opencontainers.image.base.name"])@\(.["org.opencontainers.image.base.digest"])"' \| \
	sed 's/:.*@sha/@sha/'
	)"

	if [[ "$parent_image" == 'null@null' \|\| "$parent_image" == '@' ]]; then
	printf "{\"image\": \"${image}\"}" > $result_f
	return
	fi

	parent_image_labels="$(get_labels $parent_image)"
	parent_image_name_label="$(echo "${parent_image_labels}" \| jq -r '.name')"
	parent_image_component_label="$(echo "${parent_image_labels}" \| jq -r '.["com.redhat.component"]')"

	failures=()
	if [[ "$image_name_label" == "$parent_image_name_label" && "$image_name_label" != 'null' ]]; then
	failures+=( 'name-label-not-unique' )
	fi

	if [[ "$image_component_label" == "$parent_image_component_label" && "$parent_image_name_label" != 'null' ]]; then
	failures+=( 'component-label-not-unique' )
	fi

	failures_json="$(jq --compact-output --null-input '$ARGS.positional' --args -- "${failures[@]}")"

	printf "{\"image\": \"${image}\", \"parent_image\": \"${parent_image}\", \"failures\": ${failures_json}}" > $result_f
	}

	results_dir="$(mktemp -d)"
	while read image; do
	debug "Processing ${image}"
	result_file="${results_dir}/${image#*@sha256:}.json"
	process ${image} ${result_file} &
	done

	debug "Waiting for jobs to complete"
	wait

	cat "${results_dir}"/*.json \| jq --slurp