Ubuntu Docker Images

Merge ~ubuntu-docker-images/ubuntu-docker-images/+git/utils:multi-arch-tagger into ~ubuntu-docker-images/ubuntu-docker-images/+git/utils:master

Git
lp:~ubuntu-docker-images/ubuntu-docker-images/+git/utils
multi-arch-tagger
Merge into master

Proposed by Sergio Durigan Junior on 2021-03-15

Status:	Merged
Merged at revision:	75a4c7e37ead57073f4020eb71df9c053724650f
Proposed branch:	~ubuntu-docker-images/ubuntu-docker-images/+git/utils:multi-arch-tagger
Merge into:	~ubuntu-docker-images/ubuntu-docker-images/+git/utils:master
Diff against target:	1196 lines (+1148/-0) 8 files modified README.multi-arch-tagger.md (+67/-0) helpers/log.sh (+49/-0) helpers/registry-login.sh (+122/-0) helpers/validate-args.sh (+85/-0) list-all-images.sh (+129/-0) list-tags-for-image.sh (+141/-0) multi-arch-tagger.sh (+220/-0) tag-images.sh (+335/-0)
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Paride Legovini	2021-03-15	Approve on 2021-03-18
Bryce Harrington	2021-03-15	Approve on 2021-03-17
Review via email: mp+399681@code.launchpad.net

Description of the change

Implement a multi-architecture tagger framework.

This MP consists of a series of scripts that work together to implement the multi-architecture tagging, which is one of the "missing pieces" for our OCI work.

The scripts are a bit complex, and they all work independently. The main script here is the "tag-images.sh", which encapsulates all the logic needed to properly create the "latest" and the "M.N-XX.YY_beta" tags (not to mention the special "ubuntu" base image).

I've tested this on some images and it's working OK, but most of my test was done using "echo" statements to make sure that the right commands would be invoked. We're still not ready to mass-tag everything, but I don't foresee any problems.

The aws-cli tool needs to be installed and configured locally in order to communicate with the AWS service. I've written some instructions on how to configure it in the README file.

Revision history for this message

Bryce Harrington (bryce) wrote on 2021-03-15:

Initial pass of mostly just stylistic comments. I also looked for typos or coding errors but didn't find any! So nothing that actually "needs" fixed, but more just suggestions.

I haven't tried actually running the code and studying its execution, but will give that a shot for the next pass, but that'll have be for tomorrow.

I like that you broke out the log.sh to be a sourced file. I had already been thinking of breaking them out so I could use them, so that's cool.

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2021-03-16:

Thanks for the initial review, Bryce. Comments inline, and new version force-pushed.

Revision history for this message

Bryce Harrington (bryce) wrote on 2021-03-17:

Download full text (3.7 KiB)

Ok, I've had a chance to play with the script in earnest for a bit (just enough to be usefully confused), and have some usage suggestions.

Before I get too far into it, I'll mention upfront that if this is going to be used entirely non-interactively, then a lot of the remarks in this comment are probably going to be irrelevant. However, if you anticipate anyone might be running this by hand, then they may be worthwhile.

And first, here's how I'm running things:

stirling:~/pkg/Oci/utils$ ./list-all-images.sh -r docker -n ubuntu
Username: bryceharrington
Password:
ubuntu/nginx
ubuntu/redis
ubuntu/postgres
ubuntu/mysql
ubuntu/apache2
ubuntu/memcached
ubuntu/grafana
ubuntu/prometheus
ubuntu/cortex
ubuntu/telegraf
ubuntu/prometheus-alertmanager

$ ./list-tags-for-image.sh -r docker -n ubuntu -i redis
Username: bryceharrington
Password:
ubuntu/redis:latest
ubuntu/redis:6.0-21.04_beta
ubuntu/redis:edge
ubuntu/redis:6.0-21.04_edge
ubuntu/redis:5.0-20.04_beta
ubuntu/redis:5.0-20.04_edge

One thing that's a bit confusing is after running ./list-all-images.sh, I figured I could just cut and paste a line from its input to pass to ./list-tags-for-image.sh, however, that's wrong:

stirling:~/pkg/Oci/utils$ ./list-tags-for-image.sh -r docker -n ubuntu -i ubuntu/redis
Username: bryceharrington
Password:
E: Invalid image name 'ubuntu/redis'.

I'd probably just chalk that up to user error, but wouldn't be surprised if other rookie users make the same mistake. Again, if this is mainly intended to be used in an automated workflow, it's probably better to not have too many smarts in the argument parsing logic. You've got the --no-prefix argument if someone really needs the bare image name.

stirling:~/pkg/Oci/utils$ ./multi-arch-tagger.sh -t foobar -n ubuntu -r docker -b 20.04 -u bryceharrington -p <my-docker-password> -i redis
Username: bryceharrington
Password:
I: Tagging ubuntu/redis:20.04 as ubuntu/redis:foobar (on docker)
ERROR: Image tagging failed with status code 400

So first comment is I'm not entirely certain this is the right way to be calling this tool. Given the large number of required parameters it would help a lot to have an example or two in the help text (or in a man page). For this tool, maybe one cut-and-paste command line to test it, and then one real-world usage.

Second, I'd kind of like to be able to run this against a throwaway image in my own namespace, just to test it, but passing '-n bryceharrington' gives an error. If that's intended/desired then a --dry-run parameter might be handy to add.

Third, I was initially a bit confused why there are --username and --password arguments, yet it still prompts me for username and password. From the help text I got the impression they were two different sets of usernames and passwords, but still a bit confusing what they might be. Also, taking a password on the command line might have some security implications, although I gather this is just for testing convenience and the auth token is used more in practice?

And fourth, the error message with status code 400 is a bit cryptic. That said, I'll bet it's not really going to be possible to give a better error message since that c...

Ok, I've had a chance to play with the script in earnest for a bit (just enough to be usefully confused), and have some usage suggestions.

Before I get too far into it, I'll mention upfront that if this is going to be used entirely non-interactively, then a lot of the remarks in this comment are probably going to be irrelevant.  However, if you anticipate anyone might be running this by hand, then they may be worthwhile.

And first, here's how I'm running things:

stirling:~/pkg/Oci/utils$ ./list-all-images.sh -r docker -n ubuntu
Username: bryceharrington
Password: 
ubuntu/nginx
ubuntu/redis
ubuntu/postgres
ubuntu/mysql
ubuntu/apache2
ubuntu/memcached
ubuntu/grafana
ubuntu/prometheus
ubuntu/cortex
ubuntu/telegraf
ubuntu/prometheus-alertmanager

$ ./list-tags-for-image.sh -r docker -n ubuntu -i redis
Username: bryceharrington
Password: 
ubuntu/redis:latest
ubuntu/redis:6.0-21.04_beta
ubuntu/redis:edge
ubuntu/redis:6.0-21.04_edge
ubuntu/redis:5.0-20.04_beta
ubuntu/redis:5.0-20.04_edge

One thing that's a bit confusing is after running ./list-all-images.sh, I figured I could just cut and paste a line from its input to pass to ./list-tags-for-image.sh, however, that's wrong:

stirling:~/pkg/Oci/utils$ ./list-tags-for-image.sh -r docker -n ubuntu -i ubuntu/redis
Username: bryceharrington
Password: 
E: Invalid image name 'ubuntu/redis'.

I'd probably just chalk that up to user error, but wouldn't be surprised if other rookie users make the same mistake.  Again, if this is mainly intended to be used in an automated workflow, it's probably better to not have too many smarts in the argument parsing logic.  You've got the --no-prefix argument if someone really needs the bare image name.

stirling:~/pkg/Oci/utils$ ./multi-arch-tagger.sh -t foobar -n ubuntu -r docker -b 20.04 -u bryceharrington -p <my-docker-password> -i redis
Username: bryceharrington
Password: 
I: Tagging ubuntu/redis:20.04 as ubuntu/redis:foobar (on docker)
ERROR: Image tagging failed with status code 400

So first comment is I'm not entirely certain this is the right way to be calling this tool.  Given the large number of required parameters it would help a lot to have an example or two in the help text (or in a man page).  For this tool, maybe one cut-and-paste command line to test it, and then one real-world usage.

Second, I'd kind of like to be able to run this against a throwaway image in my own namespace, just to test it, but passing '-n bryceharrington' gives an error.  If that's intended/desired then a --dry-run parameter might be handy to add.

Third, I was initially a bit confused why there are --username and --password arguments, yet it still prompts me for username and password.  From the help text I got the impression they were two different sets of usernames and passwords, but still a bit confusing what they might be.  Also, taking a password on the command line might have some security implications, although I gather this is just for testing convenience and the auth token is used more in practice?

And fourth, the error message with status code 400 is a bit cryptic.  That said, I'll bet it's not really going to be possible to give a better error message since that comes from the server, but if it is it would help.  I'm guessing I don't have a registry user/pass or something.

I have some additional comments on the description text for the cli options, which I'll inline below.

Since all of my comments are regarding docs, comments, or ux, and there are no functional issues (other than me not knowing how to run the master script properly) I'm marking this approved for landing.  You can thumb through my comments and pick whatever is of use, at your discretion; no real need for a subsequent round of review.

And congrats on these scripts, that's a healthy amount of code for one MP.  :-)

review: Approve

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2021-03-17:

Download full text (7.3 KiB)

On Tuesday, March 16 2021, Bryce Harrington wrote:

> Review: Approve
>
> Ok, I've had a chance to play with the script in earnest for a bit (just enough to be usefully confused), and have some usage suggestions.

Thanks for the thorough review, Bryce.

I'm replying by email because it's easier to do inline comments.

> Before I get too far into it, I'll mention upfront that if this is
> going to be used entirely non-interactively, then a lot of the remarks
> in this comment are probably going to be irrelevant. However, if you
> anticipate anyone might be running this by hand, then they may be
> worthwhile.

Yeah, I think the only script that will be "heavily" used in an
interactive way is the "tag-images.sh", and *perhaps* the
"multi-arch-tagger.sh". I'm not expecting the other scripts to be used
interactively much, although I wanted them to support that as well.

> And first, here's how I'm running things:
>
> stirling:~/pkg/Oci/utils$ ./list-all-images.sh -r docker -n ubuntu
> Username: bryceharrington
> Password:
> ubuntu/nginx
> ubuntu/redis
> ubuntu/postgres
> ubuntu/mysql
> ubuntu/apache2
> ubuntu/memcached
> ubuntu/grafana
> ubuntu/prometheus
> ubuntu/cortex
> ubuntu/telegraf
> ubuntu/prometheus-alertmanager

Cool!

> $ ./list-tags-for-image.sh -r docker -n ubuntu -i redis
> Username: bryceharrington
> Password:
> ubuntu/redis:latest
> ubuntu/redis:6.0-21.04_beta
> ubuntu/redis:edge
> ubuntu/redis:6.0-21.04_edge
> ubuntu/redis:5.0-20.04_beta
> ubuntu/redis:5.0-20.04_edge

Cool again! :-)

> One thing that's a bit confusing is after running
> ./list-all-images.sh, I figured I could just cut and paste a line from
> its input to pass to ./list-tags-for-image.sh, however, that's wrong:
>
> stirling:~/pkg/Oci/utils$ ./list-tags-for-image.sh -r docker -n ubuntu -i ubuntu/redis
> Username: bryceharrington
> Password:
> E: Invalid image name 'ubuntu/redis'.

Yeah, that doesn't work because you're already specifying the namespace
via the "-n" parameter, and that will prepended to the image name when
composing the URL used to retrieve the information. I mean, I can
understand the initial confusion, but once you have a clearer picture of
what an "image", a "namespace" and a "registry" are, I think it makes
more sense.

On a side note, I've been thinking about reversing the "--no-prefix"
option and making it the default, because that's what we usually want as
an output.

> I'd probably just chalk that up to user error, but wouldn't be
> surprised if other rookie users make the same mistake. Again, if this
> is mainly intended to be used in an automated workflow, it's probably
> better to not have too many smarts in the argument parsing logic.
> You've got the --no-prefix argument if someone really needs the bare
> image name.

I'm expecting some of these scripts to be used interactively, as I
mentioned above, so maybe it's a good idea to write a more comprehensive
documentation. I don't think nothing fancy is needed; maybe just
extending the README file will be enough.

> stirling:~/pkg/Oci/utils$ ./multi-arch-tagger.sh -t foobar -n ubuntu -r docker -b 20.04 -u bryceharrington -p <my-docker-password> -i redis
> Username: bryceharrington
...

On Tuesday, March 16 2021, Bryce Harrington wrote:

> Review: Approve
>
> Ok, I've had a chance to play with the script in earnest for a bit (just enough to be usefully confused), and have some usage suggestions.

Thanks for the thorough review, Bryce.

I'm replying by email because it's easier to do inline comments.

> Before I get too far into it, I'll mention upfront that if this is
> going to be used entirely non-interactively, then a lot of the remarks
> in this comment are probably going to be irrelevant.  However, if you
> anticipate anyone might be running this by hand, then they may be
> worthwhile.

Yeah, I think the only script that will be "heavily" used in an
interactive way is the "tag-images.sh", and *perhaps* the
"multi-arch-tagger.sh".  I'm not expecting the other scripts to be used
interactively much, although I wanted them to support that as well.

> And first, here's how I'm running things:
>
> stirling:~/pkg/Oci/utils$ ./list-all-images.sh -r docker -n ubuntu
> Username: bryceharrington
> Password: 
> ubuntu/nginx
> ubuntu/redis
> ubuntu/postgres
> ubuntu/mysql
> ubuntu/apache2
> ubuntu/memcached
> ubuntu/grafana
> ubuntu/prometheus
> ubuntu/cortex
> ubuntu/telegraf
> ubuntu/prometheus-alertmanager

Cool!

> $ ./list-tags-for-image.sh -r docker -n ubuntu -i redis
> Username: bryceharrington
> Password: 
> ubuntu/redis:latest
> ubuntu/redis:6.0-21.04_beta
> ubuntu/redis:edge
> ubuntu/redis:6.0-21.04_edge
> ubuntu/redis:5.0-20.04_beta
> ubuntu/redis:5.0-20.04_edge

Cool again!  :-)

Yeah, that doesn't work because you're already specifying the namespace
via the "-n" parameter, and that will prepended to the image name when
composing the URL used to retrieve the information.  I mean, I can
understand the initial confusion, but once you have a clearer picture of
what an "image", a "namespace" and a "registry" are, I think it makes
more sense.

On a side note, I've been thinking about reversing the "--no-prefix"
option and making it the default, because that's what we usually want as
an output.

> I'd probably just chalk that up to user error, but wouldn't be
> surprised if other rookie users make the same mistake.  Again, if this
> is mainly intended to be used in an automated workflow, it's probably
> better to not have too many smarts in the argument parsing logic.
> You've got the --no-prefix argument if someone really needs the bare
> image name.

I'm expecting some of these scripts to be used interactively, as I
mentioned above, so maybe it's a good idea to write a more comprehensive
documentation.  I don't think nothing fancy is needed; maybe just
extending the README file will be enough.

> stirling:~/pkg/Oci/utils$ ./multi-arch-tagger.sh -t foobar -n ubuntu -r docker -b 20.04 -u bryceharrington -p <my-docker-password> -i redis
> Username: bryceharrington
> Password: 
> I: Tagging ubuntu/redis:20.04 as ubuntu/redis:foobar (on docker)
> ERROR: Image tagging failed with status code 400
>
> So first comment is I'm not entirely certain this is the right way to
> be calling this tool.

This is the right way to call it, *except* for the "-b" argument, which
is wrong: it should be the tag name that will be used to create the
desired tag.  I called it "base tag", but maybe "source tag" would be
clearer?

Anyway, if you provide a correct base tag name there, you should see the
"foobar" tag be created.

>  Given the large number of required parameters
> it would help a lot to have an example or two in the help text (or in
> a man page).  For this tool, maybe one cut-and-paste command line to
> test it, and then one real-world usage.

OK.

> Second, I'd kind of like to be able to run this against a throwaway
> image in my own namespace, just to test it, but passing '-n
> bryceharrington' gives an error.  If that's intended/desired then a
> --dry-run parameter might be handy to add.

That's intended: the tool only supports our official images, so it
checks to see if the registry is docker|aws, and if the namespace is
ubuntu|lts.

It should be possible to extend it and make it support other namespaces,
but I'd file it under "wishlist" for now :-).

> Third, I was initially a bit confused why there are --username and
> --password arguments, yet it still prompts me for username and
> password.  From the help text I got the impression they were two
> different sets of usernames and passwords, but still a bit confusing
> what they might be.  Also, taking a password on the command line might
> have some security implications, although I gather this is just for
> testing convenience and the auth token is used more in practice?

The reason we have the -u/-p options given that we also have the prompts
is because of the way Dockerhub works: it has two APIs.

https://hub.docker.com/ is the API we use to obtain information about
images; that's where we go when we need to obtain the list of images
from a namespace, or the list of tags of an image.  When a script needs
to login into this API, it prompts the user for the username/password, and
the API generates the authorization token (that gets passed around via
the "-a" parameter).

https://registry-1.docker.io/ is the API we use to actually push/pull
something, i.e., to modify images.  The username/password used here are
exactly the same as the ones used in the previous API, but we cannot use
the same authentication token: we have to login again.

Given that the multi-arch-tagger.sh script will likely be called from
inside other scripts (tag-images.sh), and that it will need to perform
its own login when using the registry-1.docker.io API, I needed a way to
pass the user credentials (otherwise multi-arch-tagger.sh would prompt
the user every time, which is bothersome), so I opted for to implement
-u/-p.

Having said that, and given that the username/password are the same for
both APIs, I can make multi-arch-tagger.sh smarter and use the
credentials provided via -u/-p in order to prevent the prompt.

> And fourth, the error message with status code 400 is a bit cryptic.
> That said, I'll bet it's not really going to be possible to give a
> better error message since that comes from the server, but if it is it
> would help.  I'm guessing I don't have a registry user/pass or
> something.

Yeah, I could try to generate a customized message based on the HTTP
status code.

> I have some additional comments on the description text for the cli options, which I'll inline below.
>
> Since all of my comments are regarding docs, comments, or ux, and
> there are no functional issues (other than me not knowing how to run
> the master script properly) I'm marking this approved for landing.
> You can thumb through my comments and pick whatever is of use, at your
> discretion; no real need for a subsequent round of review.
>
> And congrats on these scripts, that's a healthy amount of code for one MP.  :-)

Thanks!

I will reply to your other inline comments via web, because I don't
think it works via email.

Cheers,

-- 
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0  EB2F 106D A1C8 C3CB BF14

Revision history for this message

Sergio Durigan Junior (sergiodj) on 2021-03-18:

Revision history for this message

Bryce Harrington (bryce) on 2021-03-18:

Revision history for this message

Paride Legovini (paride) wrote on 2021-03-18:

Great work with these scripts Sergio! I did a shellcheck run and they're almost clean, just with some nits like:

SC2086: Double quote to prevent globbing and word splitting.

here and there, mostly about "safe" variables known to have no spaces. There are also some false positives I think . Given the high quality of the scripts it may be worth to make shellcheck fully happy, and test future MPs (possibly in CI) to keep quality high.

review: Approve

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2021-03-18:

Thanks for the review, Paride :-).

I have silenced everything that shellcheck flagged, and I have also addressed most (if not all) of the comments that Bryce has made.

I am merging the script now, because it is ready to be used. We can always come back and improve it if needed.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Canonical Server

 diff --git a/README.multi-arch-tagger.md b/README.multi-arch-tagger.md
 new file mode 100644
 index 0000000..dd33eee
 --- /dev/null
 +++ b/README.multi-arch-tagger.md
@@ -0,0 +1,67 @@
++Multi-arch tagger
++=================
++
++The following scripts are part of the multi-architecture tagger
++application.  They are used to tag multiple architectures of an OCI
++image without having to actually run `docker tag` in those
++architectures.
++
++- `list-all-images.sh`: This script can be used to list all images
++  from a certain registry/namespace combination.
++
++- `list-tags-for-image.sh`: This script can be used to list all tags
++  pertaining to a certain image from a registry/namespace.
++
++- `multi-arch-tagger.sh`: This script can be used to perform the
++  multi-architecture tagging of a certain image from a
++  registry/namespace.
++
++- `tag-images.sh`: This script is a wrapper on top of
++  `multi-arch-tagger.sh`; it iterates over the available images from a
++  certain registry/namespace combination and tags them.
++
++All of these scripts accept a `--help` argument and print their
++usages, so it should not be hard to understand how to use them.
++
++Most of the time, you will actually just use the `tag-images.sh`
++script, which invokes all the other scripts in order to do its job.
++
++Requirements to run these scripts
++---------------------------------
++
++You have to have the following programs installed in your system in
++order to run the scripts:
++
++- jq
++- curl
++- awscli
++
++You don't need `docker` installed, since we use API endpoints when
++communicating with Dockerhub.  AWS doesn't support most of the API
++endpoints yet, so that is why you need `awscli`.
++
++Configuring awscli for tag-images.sh
++-------------------------------------
++
++The tag-images.sh script requires that you install and configure
++`awscli` in order to tag images on AWS.
++
++To install the package:
++
++```
++  $ apt install awscli
++```
++
++To configure the software, you will need to create two profiles in
++order to use the tagger.
++
++```
++  $ aws configure --profile ubuntu
++  ...
++
++  $ aws configure --profile lts
++  ...
++```
++
++Each profile needs to be properly configured using the corresponding
++access keys, of course.
 diff --git a/helpers/log.sh b/helpers/log.sh
 new file mode 100644
 index 0000000..e3e6b9b
 --- /dev/null
 +++ b/helpers/log.sh
@@ -0,0 +1,49 @@
++#!/bin/bash
++
++# Generic logging function.
++_log ()
++{
++    local type="$1"
++    local msg="$2"
++    local redir=/dev/stdout
++
++    case "$type" in
++	"E"|"D")
++	    redir=/dev/stderr
++	    ;;
++	"I"|"W")
++	    :
++	    ;;
++	*)
++	    # Can't call error here, can we?
++	    echo "E: Internal error in the '_log' function!" \
++		 > /dev/stderr
++	    ;;
++    esac
++
++    printf "%s: %s\n" "$type" "$msg" > $redir
++}
++
++# Error logging.
++error ()
++{
++    _log "E" "$1"
++}
++
++# Warn logging.
++warn ()
++{
++    _log "W" "$1"
++}
++
++# Info logging.
++info ()
++{
++    _log "I" "$1"
++}
++
++# Debug logging.
++debug ()
++{
++    _log "D" "$1"
++}
 diff --git a/helpers/registry-login.sh b/helpers/registry-login.sh
 new file mode 100644
 index 0000000..fa68362
 --- /dev/null
 +++ b/helpers/registry-login.sh
@@ -0,0 +1,122 @@
++#!/bin/bash
++
++# Log into a registry.
++
++set -e
++
++readonly AWS_URL="https://public.ecr.aws"
++readonly AWS_REGISTRY_URL="https://public.ecr.aws"
++export AWS_URL AWS_REGISTRY_URL
++
++readonly DOCKERHUB_URL="https://hub.docker.com"
++readonly DOCKERHUB_REGISTRY_URL="https://registry-1.docker.io"
++export DOCKERHUB_URL DOCKERHUB_REGISTRY_URL
++
++# Log into dockerhub, asking the user and the password.
++#
++# This function doesn't take arguments.  It sets the AUTH_TOKEN
++# environment variable to the Authentication Token that can be used on
++# further requests.
++_login_docker ()
++{
++    if [ -z "$USERNAME" ]; then
++	read -rp "Username: " USERNAME
++    fi
++    if [ -z "$PASSWORD" ]; then
++	read -rsp "Password: " PASSWORD
++	echo > /dev/stderr
++    fi
++
++    AUTH_TOKEN=$(curl -s \
++		      -H "Content-Type: application/json" \
++		      -X POST -d '{"username": "'"${USERNAME}"'", "password": "'"${PASSWORD}"'"}' \
++		      "${DOCKERHUB_URL}/v2/users/login/" | jq -r .token)
++
++    if [ -z "$AUTH_TOKEN" ]; then
++	error "There was an error while logging into the service."
++	exit 1
++    fi
++
++    if [ -n "$DEBUG" ]; then
++	debug "This is the Dockerhub authentication token I got, in case you want to reuse it:"
++	printf 'AUTH_TOKEN=%s\n' "$AUTH_TOKEN" > /dev/stderr
++    fi
++
++    REGISTRY_USERNAME="$USERNAME"
++    REGISTRY_PASSWORD="$PASSWORD"
++}
++
++# Log into dockerhub's registry1, asking the user and the password.
++#
++# It takes the list of images to be used as the scope as argument.  It
++# assumes that the image names are not prefixed with "$NAMESPACE/"
++_login_docker_registry1 ()
++{
++    local IMAGES_FOR_SCOPE="$1"
++    local REGISTRY_USERNAME="$2"
++    local REGISTRY_PASSWORD="$3"
++    local URL="https://auth.docker.io/token?service=registry.docker.io"
++
++    if [ -z "$REGISTRY_USERNAME" ] || [ -z "$REGISTRY_PASSWORD" ]; then
++	error "You must specify the registry username and password."
++	exit 1
++    fi
++
++    for image in $IMAGES_FOR_SCOPE; do
++	URL+="&scope=repository:${NAMESPACE}/${image}:pull,push"
++    done
++
++    REGISTRY_AUTH_TOKEN=$(curl -s \
++			       -u "${REGISTRY_USERNAME}:${REGISTRY_PASSWORD}" \
++			       "$URL" | jq -r .token)
++    export REGISTRY_AUTH_TOKEN
++
++    if [ -z "$REGISTRY_AUTH_TOKEN" ]; then
++	error "There was an error while logging into the registry."
++	exit 1
++    fi
++
++    export REGISTRY_URL="$DOCKERHUB_REGISTRY_URL"
++}
++
++_login_aws ()
++{
++    # No need to login with aws since we will be using aws-cli.
++    if ! command -v aws >& /dev/null; then
++	error "You must have the aws-cli program installed."
++	exit 1
++    fi
++
++    if ! aws configure list --profile "$NAMESPACE" >& /dev/null; then
++	error "You must configure aws-cli with a profile named '$NAMESPACE'."
++	error "Please refer to the README file for instructions."
++	exit 1
++    fi
++
++    export AWS_PROFILE="$NAMESPACE"
++}
++
++_login_aws_registry1 ()
++{
++    REGISTRY_AUTH_TOKEN=$(aws ecr-public get-authorization-token \
++			      --region us-east-1 \
++			      --output=text \
++			      --query 'authorizationData.authorizationToken')
++
++
++    if [ -z "$REGISTRY_AUTH_TOKEN" ]; then
++	error "There was an error while logging into the registry."
++	exit 1
++    fi
++
++    REGISTRY_URL="$AWS_REGISTRY_URL"
++}
++
++do_login ()
++{
++    if [ -n "$AUTH_TOKEN" ]; then
++	return
++    fi
++
++    _login_"${REGISTRY}"
++}
 diff --git a/helpers/validate-args.sh b/helpers/validate-args.sh
 new file mode 100644
 index 0000000..551c6f7
 --- /dev/null
 +++ b/helpers/validate-args.sh
@@ -0,0 +1,85 @@
++#!/bin/bash
++
++progname=$(basename "${0}")
++progdir=$(dirname "$(readlink -f "${0}")")
++
++export progname progdir
++
++# shellcheck disable=SC1090
++. "${progdir}/helpers/log.sh"
++
++validate_var ()
++{
++    local varname="$1"
++    local varvalue
++
++    varvalue=$(eval "echo \$${varname}")
++
++    if [ -z "$varvalue" ]; then
++	error "You must specify the ${varname} parameter."
++	return 1
++    fi
++
++    return 0
++}
++
++validate_registry ()
++{
++    local registry="$1"
++
++    case "$registry" in
++	"docker"|"aws")
++	    :
++	    ;;
++	*)
++	    error "Invalid registry: '$registry'."
++	    return 1
++	    ;;
++    esac
++
++    return 0
++}
++
++validate_namespace ()
++{
++    local namespace="$1"
++
++    case "$namespace" in
++	"ubuntu")
++	    :
++	    ;;
++	"lts")
++	    # shellcheck disable=SC2153
++	    if [ "$REGISTRY" = "docker" ]; then
++		error "The lts namespace is not available on dockerhub yet."
++		return 1
++	    fi
++	    ;;
++	*)
++	    error "Invalid namespace: '$namespace:'."
++	    return 1
++	    ;;
++    esac
++
++    return 0
++}
++
++validate_image ()
++{
++    local image="$1"
++    local -a ALL_IMAGES
++
++    # shellcheck disable=SC2153
++    # Fill the ALL_IMAGES array.
++    readarray -t ALL_IMAGES < <("${progdir}/list-all-images.sh" \
++				    -r "$REGISTRY" \
++				    -n "$NAMESPACE" \
++				    -a "$AUTH_TOKEN")
++
++    if ! grep -Fwq "$image" <<< "${ALL_IMAGES[@]}"; then
++	error "Invalid image name '$image'."
++	return 1
++    fi
++
++    return 0
++}
 diff --git a/list-all-images.sh b/list-all-images.sh
 new file mode 100755
 index 0000000..c82b50c
 --- /dev/null
 +++ b/list-all-images.sh
@@ -0,0 +1,129 @@
++#!/bin/bash
++
++set -e
++
++progname=$(basename "${0}")
++progdir=$(dirname "$(readlink -f "${0}")")
++
++# shellcheck disable=SC1090
++. "${progdir}/helpers/validate-args.sh"
++# shellcheck disable=SC1090
++. "${progdir}/helpers/log.sh"
++# shellcheck disable=SC1090
++. "${progdir}/helpers/registry-login.sh"
++
++# Obtain the list of images for a certain repository.
++
++# Usage.
++usage ()
++{
++    cat > /dev/stderr <<EOF
++$progname -- Obtain the list of images from a certain repository.
++
++Usage:
++
++  $progname [-a <TOKEN>] -r <docker|aws> -n <ubuntu|lts> [-d]
++
++Arguments:
++
++  -a TOKEN|--auth-token TOKEN		Specify the authorization token that
++     					should be used when connecting to the
++					registry's API.  If not provided, the
++					script will ask for your user/password.
++
++  -r REGISTRY|--registry REGISTRY	Registry to consult.
++     			 		Possible values: docker, aws
++
++  -n NAMESPACE|--namespace NAMESPACE:	Namespace to consult.
++     			   		Possible values: ubuntu, lts
++
++  -d|--debug				Print debug statements.  This includes printing
++  					the authentication token if using Dockerhub.
++
++  -h|--help				Display this usage
++EOF
++}
++
++validate_args ()
++{
++    local ret=0
++
++    validate_var REGISTRY || ret=1
++    validate_var NAMESPACE || ret=1
++
++    validate_registry "$REGISTRY" || ret=1
++    validate_namespace "$NAMESPACE" || ret=1
++
++    if [ "$ret" -eq 1 ]; then
++	error "Failed to validate arguments."
++	exit 1
++    fi
++
++    do_login
++}
++
++print_list_of_images_docker ()
++{
++    for image in $(curl -s \
++			-H "Authorization: Bearer ${AUTH_TOKEN}" \
++			"${DOCKERHUB_URL}/v2/repositories/${NAMESPACE}/?page_size=10000" \
++		       | jq -r '.results|.[]|.name'); do
++	echo "$image"
++    done
++}
++
++print_list_of_images_aws ()
++{
++    aws --region us-east-1 ecr-public describe-repositories \
++	| jq -r '.repositories[].repositoryName'
++}
++
++print_list_of_images ()
++{
++    print_list_of_images_"${REGISTRY}"
++}
++
++if [ $# -lt 2 ]; then
++    error "You need to provide at least the registry (-r) and the namespace (-n) arguments."
++    usage
++    exit 1
++fi
++
++while [ -n "$1" ]; do
++    case "$1" in
++	"-a"|"--auth-token")
++	    AUTH_TOKEN="$2"
++	    shift 2
++	    ;;
++
++	"-r"|"--registry")
++	    REGISTRY="$2"
++	    shift 2
++	    ;;
++
++	"-n"|"--namespace")
++	    NAMESPACE="$2"
++	    shift 2
++	    ;;
++
++	"-d"|"--debug")
++	    export DEBUG=1
++	    shift
++	    ;;
++
++	"-h"|"--help")
++	    usage
++	    exit 0
++	    ;;
++
++	*)
++	    error "Invalid argument '$1'."
++	    usage
++	    exit 1
++	    ;;
++    esac
++done
++
++validate_args
++
++print_list_of_images
 diff --git a/list-tags-for-image.sh b/list-tags-for-image.sh
 new file mode 100755
 index 0000000..305c9be
 --- /dev/null
 +++ b/list-tags-for-image.sh
@@ -0,0 +1,141 @@
++#!/bin/bash
++
++set -e
++
++progname=$(basename "${0}")
++progdir=$(dirname "$(readlink -f "${0}")")
++
++# shellcheck disable=SC1090
++. "${progdir}/helpers/validate-args.sh"
++# shellcheck disable=SC1090
++. "${progdir}/helpers/log.sh"
++# shellcheck disable=SC1090
++. "${progdir}/helpers/registry-login.sh"
++
++# Obtain the list of tags for a certain image.
++
++# Usage.
++usage ()
++{
++    cat > /dev/stderr <<EOF
++$progname -- Obtain the list of tags from a certain image.
++
++Usage:
++
++  $progname [-a <TOKEN>] -r <docker|aws> -n <ubuntu|lts> -i <IMAGE> [-d]
++
++Arguments:
++
++  -a TOKEN|--auth-token TOKEN		Specify the authorization token that
++     					should be used when connecting to the
++					registry's API.  If not provided, the
++					script will ask for your user/password.
++
++  -r REGISTRY|--registry REGISTRY	Registry to consult.
++     			 		Possible values: docker, aws
++
++  -n NAMESPACE|--namespace NAMESPACE	Namespace to consult.
++     			   		Possible values: ubuntu, lts
++
++  -i IMAGE|--image IMAGE		Image to obtain tags from.
++
++  -d|--debug				Print debug statements.  This includes printing
++  					the authentication token if using Dockerhub.
++
++  -h|--help				Display this usage
++EOF
++}
++
++validate_args ()
++{
++    local ret=0
++
++    validate_var REGISTRY || ret=1
++    validate_var NAMESPACE || ret=1
++    validate_var IMAGE || ret=1
++
++    validate_registry "$REGISTRY" || ret=1
++    validate_namespace "$NAMESPACE" || ret=1
++
++    if [ "$ret" -eq 1 ]; then
++	error "Failed to validate arguments."
++	exit 1
++    fi
++
++    do_login
++
++    validate_image "$IMAGE"
++}
++
++print_tags_for_image_docker ()
++{
++    for tag in $(curl -s \
++		      -H "Authorization: JWT ${AUTH_TOKEN}" \
++		      "${DOCKERHUB_URL}/v2/repositories/${NAMESPACE}/${IMAGE}/tags/?page_size=10000" \
++		     | jq -r '.results|.[]|.name'); do
++	echo "${tag}"
++    done
++}
++
++print_tags_for_image_aws ()
++{
++    for tag in $(aws --region us-east-1 ecr-public describe-image-tags --repository-name "${IMAGE}" \
++		     | jq -r '.imageTagDetails[].imageTag'); do
++	echo "${tag}"
++    done
++}
++
++print_tags_for_image ()
++{
++    print_tags_for_image_"${REGISTRY}"
++}
++
++if [ $# -lt 2 ]; then
++    error "You need to provide at least the registry (-r), the namespace (-n) and the image (-i) arguments."
++    usage
++    exit 1
++fi
++
++while [ -n "$1" ]; do
++    case "$1" in
++	"-a"|"--auth-token")
++	    AUTH_TOKEN="$2"
++	    shift 2
++	    ;;
++
++	"-r"|"--registry")
++	    REGISTRY="$2"
++	    shift 2
++	    ;;
++
++	"-n"|"--namespace")
++	    NAMESPACE="$2"
++	    shift 2
++	    ;;
++
++	"-i"|"--image")
++	    IMAGE="$2"
++	    shift 2
++	    ;;
++
++	"-d"|"--debug")
++	    export DEBUG=1
++	    shift
++	    ;;
++
++	"-h"|"--help")
++	    usage
++	    exit 0
++	    ;;
++
++	*)
++	    error "Invalid argument '$1'."
++	    usage
++	    exit 1
++	    ;;
++    esac
++done
++
++validate_args
++
++print_tags_for_image
 diff --git a/multi-arch-tagger.sh b/multi-arch-tagger.sh
 new file mode 100755
 index 0000000..a493fa2
 --- /dev/null
 +++ b/multi-arch-tagger.sh
@@ -0,0 +1,220 @@
++#!/bin/bash
++
++set -e
++
++progname=$(basename "${0}")
++progdir=$(dirname "$(readlink -f "${0}")")
++
++# shellcheck disable=SC1090
++. "${progdir}/helpers/validate-args.sh"
++# shellcheck disable=SC1090
++. "${progdir}/helpers/log.sh"
++# shellcheck disable=SC1090
++. "${progdir}/helpers/registry-login.sh"
++
++# Tag all architectures of an image.
++
++# Usage.
++usage ()
++{
++    cat > /dev/stderr <<EOF
++$progname -- Tag all architectures of an image.
++
++Due to the way docker's API works, you can provide an authentication
++token for the hub.docker.com service (if you don't, the script will
++ask for you user and password), but you *must* provide your username
++and password for the registry1.docker.io service.  This is likely the
++same username/password you use for docker.
++
++Usage (when using Dockerhub):
++
++  $progname [-a <TOKEN>] -r docker -n <ubuntu|lts> -i <IMAGE> -s <SOURCE_TAG> -t <NEW_TAG> [-u <USERNAME>] [-p <PASSWORD>] [-d]
++
++Usage (when using AWS):
++
++  $progname [-a <TOKEN>] -r aws -n <ubuntu|lts> -i <IMAGE> -s <SOURCE_TAG> -t <NEW_TAG> [-d]
++
++Arguments:
++
++  -a TOKEN|--auth-token TOKEN		Specify the authorization token that
++     					should be used when connecting to the
++					registry's API.  If not provided, the
++					script will ask for your user/password.
++					This is **NOT** the authentication token
++					for the registry (i.e., not for e.g.
++					registry1.docker.io, if you're using
++					docker).  See the -u and -p options
++					below.
++
++  -r REGISTRY|--registry REGISTRY	Registry to consult.
++     			 		Possible values: docker, aws
++
++  -n NAMESPACE|--namespace NAMESPACE	Namespace to consult.
++     			   		Possible values: ubuntu, lts
++
++  -i IMAGE|--image IMAGE		Name of an image from the repository (without
++     		   			namespace), for example 'postgres' or 'redis'.
++
++  -s SOURCE_TAG|--source-tag SOURCE_TAG	Use SOURCE_TAG as the source tag when
++     			 		tagging the image.
++
++  -t NEW_TAG|--tag NEW_TAG	       	Tag image using NEW_TAG.
++
++  -u USERNAME|--username USERNAME	This is your Dockerhub registry username.  Only
++     			 		required when using Dockerhub as the registry.
++					This will be the same as your regular Dockerhub
++					username.
++
++  -p PASSWORD|--password PASSWORD	This is your Dockerhub registry password.  Only
++     			 		required when using Dockerhub as the registry.
++					This will be the same as your Dockerhub username.
++
++  -d|--debug				Print debug statements.  This includes printing
++  					the authentication token if using Dockerhub.
++
++  -h|--help				Display this usage
++EOF
++}
++
++do_tag_image ()
++{
++    info "Tagging ${NAMESPACE}/${IMAGE}:${SOURCE_TAG} as ${NAMESPACE}/${IMAGE}:${TAG} (on ${REGISTRY})"
++
++    local tmpfile
++    local ret
++
++    tmpfile=$(mktemp)
++    trap 'rm -f ${tmpfile}' 0 INT QUIT ABRT PIPE TERM
++
++    curl -s -H "Authorization: Bearer ${REGISTRY_AUTH_TOKEN}" \
++	 -H "Accept: application/vnd.docker.distribution.manifest.list.v2+json" \
++	 "${REGISTRY_URL}/v2/${NAMESPACE}/${IMAGE}/manifests/${SOURCE_TAG}" \
++	 > "$tmpfile"
++
++    # We use "|| true" here because we want the command to complete
++    # even if it fails.  We check for the HTTP response code below.
++    ret=$(curl -X PUT -H "Authorization: Bearer ${REGISTRY_AUTH_TOKEN}" \
++	       -H "Content-Type: application/vnd.docker.distribution.manifest.list.v2+json" \
++	       "${REGISTRY_URL}/v2/${NAMESPACE}/${IMAGE}/manifests/${TAG}" \
++	       -d "@${tmpfile}" \
++	       -s -o /dev/null -w "%{http_code}" || true)
++
++    rm "$tmpfile"
++
++    if [ "$ret" -ne 201 ]; then
++	echo "ERROR: Image tagging failed with status code $ret"
++	exit 1
++    fi
++}
++
++do_registry_login ()
++{
++    _login_"${REGISTRY}"_registry1 "$IMAGE" "$REGISTRY_USERNAME" "$REGISTRY_PASSWORD"
++}
++
++validate_args ()
++{
++    local ret=0
++
++    validate_var REGISTRY || ret=1
++    validate_var NAMESPACE || ret=1
++    validate_var IMAGE || ret=1
++    validate_var SOURCE_TAG || ret=1
++    validate_var TAG || ret=1
++
++    validate_registry "$REGISTRY" || ret=1
++    validate_namespace "$NAMESPACE" || ret=1
++
++    if [ "$ret" -eq 1 ]; then
++	error "Failed to validate arguments."
++	exit 1
++    fi
++
++    if [ -n "$REGISTRY_USERNAME" ]; then
++	export USERNAME="$REGISTRY_USERNAME"
++    fi
++    if [ -n "$REGISTRY_PASSWORD" ]; then
++	export PASSWORD="$REGISTRY_PASSWORD"
++    fi
++
++    do_login
++
++    validate_image "$IMAGE" || exit 1
++
++    if [ "$REGISTRY" = "docker" ]; then
++	validate_var REGISTRY_USERNAME || exit 1
++	validate_var REGISTRY_PASSWORD || exit 1
++    fi
++
++    do_registry_login
++}
++
++if [ $# -lt 2 ]; then
++    error "You need to provide arguments to the script."
++    usage
++    exit 1
++fi
++
++while [ -n "$1" ]; do
++    case "$1" in
++	"-a"|"--auth-token")
++	    export AUTH_TOKEN="$2"
++	    shift 2
++	    ;;
++
++	"-r"|"--registry")
++	    REGISTRY="$2"
++	    shift 2
++	    ;;
++
++	"-n"|"--namespace")
++	    NAMESPACE="$2"
++	    shift 2
++	    ;;
++
++	"-i"|"--image")
++	    IMAGE="$2"
++	    shift 2
++	    ;;
++
++	"-s"|"--source-tag")
++	    SOURCE_TAG="$2"
++	    shift 2
++	    ;;
++
++	"-t"|"--tag")
++	    TAG="$2"
++	    shift 2
++	    ;;
++
++	"-u"|"--username")
++	    REGISTRY_USERNAME="$2"
++	    shift 2
++	    ;;
++
++	"-p"|"--password")
++	    REGISTRY_PASSWORD="$2"
++	    shift 2
++	    ;;
++
++	"-d"|"--debug")
++	    export DEBUG=1
++	    shift
++	    ;;
++
++	"-h"|"--help")
++	    usage
++	    exit 0
++	    ;;
++
++	*)
++	    error "Invalid argument '$1'."
++	    usage
++	    exit 1
++	    ;;
++    esac
++done
++
++validate_args
++
++do_tag_image
 diff --git a/tag-images.sh b/tag-images.sh
 new file mode 100755
 index 0000000..874673a
 --- /dev/null
 +++ b/tag-images.sh
@@ -0,0 +1,335 @@
++#!/bin/bash
++
++set -e
++
++progname=$(basename "${0}")
++progdir=$(dirname "$(readlink -f "${0}")")
++
++# shellcheck disable=SC1090
++. "${progdir}/helpers/validate-args.sh"
++# shellcheck disable=SC1090
++. "${progdir}/helpers/log.sh"
++# shellcheck disable=SC1090
++. "${progdir}helpers/registry-login.sh"
++
++# Tag images from a repository.
++
++# The list of images to tag.
++IMAGES=()
++
++# The list of all available images.
++ALL_IMAGES=()
++
++# Default source tag is "edge".
++SOURCE_TAG=edge
++
++# Usage.
++usage ()
++{
++    cat > /dev/stderr <<EOF
++$progname -- Tag images from a repository (multi-architecture).
++
++This script will tag images from a repository using a certain tag the
++source tag.
++
++******************************* DISCLAIMER **************************************
++** This script will only work with the 'latest' and the 'M.N-XX.YY_beta' tags! **
++*********************************************************************************
++
++This script is needed because of a few particularities in the tagging
++policy for our OCI images.
++
++The first is the fact that Launchpad will not tag anything using the
++"latest" tag.  When it finishes a build, the only tags it will
++generate are the "edge" and the "M.N-XX.YY_edge" tags.  This means
++that we need to manually tag everything using "latest" after the
++images have been uploaded to the registries.  We also need to create
++the "M.N-XX.YY_beta" tag, since that is not automatically created by
++Launchpad either.
++
++The other problem we have to consider is that, when tagging an image,
++we must tag all of the architectures that were uploaded.  If we were
++to do that using "docker", we would need to run it on several
++machines, one for each supported architectures, which is not always
++possible/feasible.  By using API calls directly, we are able to tag
++all architectures using a single machine.
++
++Usage:
++
++  $progname [-a <TOKEN>] -r <docker|aws> -n <ubuntu|lts> -s <SOURCE_TAG> [-d] [-- IMAGE_1 IMAGE_2 ... IMAGE_N]
++
++Arguments:
++
++  -r REGISTRY|--registry REGISTRY	Registry to consult.
++     			 		Possible values: docker, aws
++
++  -n NAMESPACE|--namespace NAMESPACE	Namespace to consult.
++     			   		Possible values: ubuntu, lts
++
++  -s TAG|--source-tag SOURCE_TAG	Use SOURCE_TAG as the source tag when tagging
++     		    			the images.  If not specified, the default
++					is 'edge'.
++
++  -f|--force				Force tagging, even if the script would think
++  					that it's not needed.  This mostly applies for
++					the 'M.N-XX.YY_beta' tag, which is only created
++					if it doesn't exist.
++
++  -d|--debug				Print debug statements.  This includes printing
++  					the authentication token if using Dockerhub.
++
++  -- IMAGE_1 IMAGE_2 ... IMAGE_N	Images to tag.  If not specified,
++  	 	    			the script will obtain the list of
++					all images from REGISTRY/NAMESPACE
++					and tag them.
++
++  -h|--help				Display this usage
++EOF
++}
++
++# Tag the 'ubuntu' base image.
++#
++# We perform the tagging of '_stable', '_beta', '_candidate', 'XX.YY'
++# and 'RELEASE_NAME'.
++do_tag_base_ubuntu_image ()
++{
++    local image="ubuntu"
++    local -a TAG_SUFFIXES=( "stable" "beta" "candidate" )
++
++    if [ "$REGISTRY" != "aws" ]; then
++	error "The 'ubuntu' base image is only present in the 'aws' registry."
++	exit 1
++    fi
++
++    local -a IMAGE_TAGS EDGE_TAGS
++
++    readarray -t IMAGE_TAGS < <("${progdir}./list-tags-for-image.sh" \
++				    -a "$AUTH_TOKEN" \
++				    -r "$REGISTRY" \
++				    -n "$NAMESPACE" \
++				    -i "$image")
++
++    readarray -t EDGE_TAGS < <(printf '%s\n' "${IMAGE_TAGS[@]}" \
++				   | grep '_edge$')
++
++    for edgetag in "${EDGE_TAGS[@]}"; do
++	# We support retagging images tagged as DISTRONAME-XX.YY_edge.
++	local EDGE_TAG_PREFIX
++	EDGE_TAG_PREFIX=$(sed -ne 's@\([[:alpha:]]\+-[[:digit:]]\+\.[[:digit:]]\+\)_edge@\1@p' <<< "$edgetag")
++	if [ -z "$EDGE_TAG_PREFIX" ]; then
++	    warn "Unable to obtain prefix for tag '$edgetag'."
++	    continue
++	fi
++
++	local IMG_DISTRONAME
++	local IMG_RELEASEVER
++
++	IMG_DISTRONAME=$(cut -d'-' -f1 <<< "$EDGE_TAG_PREFIX")
++	IMG_RELEASEVER=$(cut -d'-' -f2 <<< "$EDGE_TAG_PREFIX")
++	for tagsuffix in "${TAG_SUFFIXES[@]}"; do
++	    # Tag each suffix.
++	    if [ -n "$FORCE" ] || ! grep -Fwq "${IMG_RELEASEVER}_${tagsuffix}" <<< "${IMAGE_TAGS[@]}"; then
++		info "Invoking multi-arch tagger for ${NAMESPACE}/${image}:${IMG_RELEASEVER}_${tagsuffix} (source tag: ${EDGE_TAG_PREFIX}_edge) (on ${REGISTRY})"
++		"${progdir}./multi-arch-tagger.sh" \
++			  -a "$AUTH_TOKEN" \
++			  -r "$REGISTRY" \
++			  -n "$NAMESPACE" \
++			  -i "$image" \
++			  -s "${EDGE_TAG_PREFIX}_edge" \
++			  -t "${IMG_RELEASEVER}_${tagsuffix}" \
++			  -u "$USERNAME" \
++			  -p "$PASSWORD"
++	    fi
++	done
++
++	# Tag the DISTRONAME.
++	if [ -n "$FORCE" ] || ! grep -Fwq "${IMG_DISTRONAME}" <<< "${IMAGE_TAGS[@]}"; then
++	    info "Invoking multi-arch tagger for ${NAMESPACE}/${image}:${IMG_DISTRONAME} (source tag: ${EDGE_TAG_PREFIX}_edge) (on ${REGISTRY})"
++	    "${progdir}./multi-arch-tagger.sh" \
++		      -a "$AUTH_TOKEN" \
++		      -r "$REGISTRY" \
++		      -n "$NAMESPACE" \
++		      -i "$image" \
++		      -s "${EDGE_TAG_PREFIX}_edge" \
++		      -t "${IMG_DISTRONAME}" \
++		      -u "$USERNAME" \
++		      -p "$PASSWORD"
++	fi
++
++	# Tag the RELEASEVER
++	if [ -n "$FORCE" ] || ! grep -Fwq "${IMG_RELEASEVER}" <<< "${IMAGE_TAGS[@]}"; then
++	    info "Invoking multi-arch tagger for ${NAMESPACE}/${image}:${IMG_RELEASEVER} (source tag: ${EDGE_TAG_PREFIX}_edge) (on ${REGISTRY})"
++	    "${progdir}./multi-arch-tagger.sh" \
++		      -a "$AUTH_TOKEN" \
++		      -r "$REGISTRY" \
++		      -n "$NAMESPACE" \
++		      -i "$image" \
++		      -s "${EDGE_TAG_PREFIX}_edge" \
++		      -t "${IMG_RELEASEVER}" \
++		      -u "$USERNAME" \
++		      -p "$PASSWORD"
++	fi
++    done
++}
++
++do_tag_images ()
++{
++    # Tag images using the 'latest' tag.
++    for image in "${IMAGES[@]}"; do
++	info "Invoking multi-arch tagger for ${NAMESPACE}/${image}:latest (source tag: ${SOURCE_TAG}) (on ${REGISTRY})"
++	"${progdir}./multi-arch-tagger.sh" \
++		  -a "$AUTH_TOKEN" \
++		  -r "$REGISTRY" \
++		  -n "$NAMESPACE" \
++		  -i "$image" \
++		  -s "$SOURCE_TAG" \
++		  -t "latest" \
++		  -u "$USERNAME" \
++		  -p "$PASSWORD"
++    done
++
++    # Now comes the fun part.  We have to determine whether the image
++    # needs a 'M.N-XX.YY_beta' tag, and which number should N, M, XX
++    # and YY be.
++    #
++    # Basically, if there is a tag named 'M.N-XX.YY_edge' without a
++    # corresponding '_beta' tag, then we assume that the image will
++    # need to receive the '_beta' tag.  This is the usual case
++    # (currently) with images built using Launchpad.
++    for image in "${IMAGES[@]}"; do
++	if [ "$image" = "ubuntu" ]; then
++	    # The ubuntu image is special.
++	    do_tag_base_ubuntu_image
++	    continue
++	fi
++
++	local -a IMAGE_TAGS EDGE_TAGS
++
++	readarray -t IMAGE_TAGS < <("${progdir}./list-tags-for-image.sh" \
++					-a "$AUTH_TOKEN" \
++					-r "$REGISTRY" \
++					-n "$NAMESPACE" \
++					-i "$image")
++
++	readarray -t EDGE_TAGS < <(printf '%s\n' "${IMAGE_TAGS[@]}" \
++				       | grep '_edge$' | sort -r)
++
++	for edgetag in "${EDGE_TAGS[@]}"; do
++	    local EDGE_TAG_PREFIX
++	    EDGE_TAG_PREFIX=$(sed -ne 's@\([[:digit:]]\+\(\.[[:digit:]]\+\)\?-[[:digit:]]\+\.[[:digit:]]\+\)_edge@\1@p' <<< "$edgetag")
++	    if [ -z "$EDGE_TAG_PREFIX" ]; then
++		warn "Unable to obtain prefix for tag '$edgetag'."
++		continue
++	    fi
++	    if [ -n "$FORCE" ] || ! grep -Fwq "${EDGE_TAG_PREFIX}_beta" <<< "${IMAGE_TAGS[@]}"; then
++		# If we're here, it means that there isn't a
++		# corresponding 'M.N-XX.YY_beta' tag associated with
++		# the '_edge' tag, so we need to create it.
++		info "Invoking multi-arch tagger for ${NAMESPACE}/${image}:${EDGE_TAG_PREFIX}_beta (source tag: ${EDGE_TAG_PREFIX}_edge) (on ${REGISTRY})"
++		"${progdir}./multi-arch-tagger.sh" \
++			  -a "$AUTH_TOKEN" \
++			  -r "$REGISTRY" \
++			  -n "$NAMESPACE" \
++			  -i "$image" \
++			  -s "${EDGE_TAG_PREFIX}_edge" \
++			  -t "${EDGE_TAG_PREFIX}_beta" \
++			  -u "$USERNAME" \
++			  -p "$PASSWORD"
++	    fi
++	done
++    done
++}
++
++validate_args ()
++{
++    local ret=0
++
++    validate_var REGISTRY || ret=1
++    validate_var NAMESPACE || ret=1
++    validate_var SOURCE_TAG || ret=1
++
++    validate_registry "$REGISTRY" || ret=1
++    validate_namespace "$NAMESPACE" || ret=1
++
++    if [ "$ret" -eq 1 ]; then
++	error "Failed to validate arguments."
++	exit 1
++    fi
++
++    do_login
++
++    # Fill the ALL_IMAGES array.
++    readarray -t ALL_IMAGES < <("${progdir}./list-all-images.sh" \
++					  -r "$REGISTRY" \
++					  -n "$NAMESPACE" \
++					  -a "$AUTH_TOKEN")
++
++    if [ "${#IMAGES[@]}" -eq 0 ]; then
++	# The user hasn't provided any image names, so just use all of
++	# them.
++	IMAGES=( "${ALL_IMAGES[@]}" )
++    else
++	# Validate the image names the user has provided.
++	for img in "${IMAGES[@]}"; do
++	    validate_image "$img" || exit 1
++	done
++    fi
++}
++
++if [ $# -lt 2 ]; then
++    error "You need to provide at least the registry (-r), the namespace (-n), and the source tag (-s)."
++    usage
++    exit 1
++fi
++
++while [ -n "$1" ]; do
++    case "$1" in
++	"-r"|"--registry")
++	    REGISTRY="$2"
++	    shift 2
++	    ;;
++
++	"-n"|"--namespace")
++	    NAMESPACE="$2"
++	    shift 2
++	    ;;
++
++	"-s"|"--source-tag")
++	    SOURCE_TAG="$2"
++	    shift 2
++	    ;;
++
++	"-f"|"--force")
++	    FORCE=1
++	    shift
++	    ;;
++
++	"-d"|"--debug")
++	    export DEBUG=1
++	    shift
++	    ;;
++
++	"-h"|"--help")
++	    usage
++	    exit 0
++	    ;;
++
++	"--")
++	    shift
++	    while [ -n "$1" ]; do
++		IMAGES+=( "$1" )
++		shift
++	    done
++	    ;;
++
++	*)
++	    error "Invalid argument '$1'."
++	    usage
++	    exit 1
++	    ;;
++    esac
++done
++
++validate_args
++
++do_tag_images

Ubuntu Docker Images

Merge ~ubuntu-docker-images/ubuntu-docker-images/+git/utils:multi-arch-tagger into ~ubuntu-docker-images/ubuntu-docker-images/+git/utils:master

Commit message

Description of the change

Preview Diff

Subscribers