150b3730ef
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
api-governance / spectral-lint (push) Has been cancelled
44 lines
1.3 KiB
Bash
44 lines
1.3 KiB
Bash
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
# DEVOPS-CONTAINERS-46-001: build air-gap bundle from existing buildx OCI archive
|
|
|
|
if [[ $# -lt 1 ]]; then
|
|
echo "Usage: $0 <image-tag> [bundle-dir]" >&2
|
|
exit 64
|
|
fi
|
|
|
|
IMAGE_TAG=$1
|
|
BUNDLE_DIR=${2:-"out/bundles/$(echo "$IMAGE_TAG" | tr '/:' '__')"}
|
|
SRC_DIR="out/buildx/$(echo "$IMAGE_TAG" | tr '/:' '__')"
|
|
OCI_ARCHIVE="${SRC_DIR}/image.oci"
|
|
|
|
if [[ ! -f "$OCI_ARCHIVE" ]]; then
|
|
echo "[airgap] OCI archive not found at $OCI_ARCHIVE. Run build-multiarch first." >&2
|
|
exit 66
|
|
fi
|
|
|
|
mkdir -p "$BUNDLE_DIR"
|
|
|
|
SBOM_FILE=""
|
|
if [[ -f "${SRC_DIR}/sbom.syft.json" ]]; then
|
|
SBOM_FILE="${SRC_DIR}/sbom.syft.json"
|
|
fi
|
|
|
|
cat > "${BUNDLE_DIR}/bundle-manifest.json" <<EOF
|
|
{
|
|
"image": "${IMAGE_TAG}",
|
|
"oci_archive": "image.oci",
|
|
"sbom": "$( [[ -n "$SBOM_FILE" ]] && echo sbom.syft.json || echo null )",
|
|
"created_at": "$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
|
|
}
|
|
EOF
|
|
|
|
cp "$OCI_ARCHIVE" "${BUNDLE_DIR}/image.oci"
|
|
[[ -n "$SBOM_FILE" ]] && cp "$SBOM_FILE" "${BUNDLE_DIR}/sbom.syft.json"
|
|
[[ -f "${SRC_DIR}/image.sha256" ]] && cp "${SRC_DIR}/image.sha256" "${BUNDLE_DIR}/image.sha256"
|
|
[[ -f "${SRC_DIR}/image.sig" ]] && cp "${SRC_DIR}/image.sig" "${BUNDLE_DIR}/image.sig"
|
|
|
|
tar -C "$BUNDLE_DIR" -czf "${BUNDLE_DIR}.tgz" .
|
|
echo "[airgap] bundle created at ${BUNDLE_DIR}.tgz"
|