aa21277380
* fix: fallback to unauthenticated pull * move logger def * fixup * add import * . --------- Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
125 lines
3.2 KiB
Go
125 lines
3.2 KiB
Go
//go:build !(WITHOUT_DOCKER || !(linux || darwin || windows))
|
|
|
|
package container
|
|
|
|
import (
|
|
"context"
|
|
"encoding/base64"
|
|
"encoding/json"
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/docker/distribution/reference"
|
|
"github.com/docker/docker/api/types"
|
|
|
|
"github.com/nektos/act/pkg/common"
|
|
)
|
|
|
|
// NewDockerPullExecutor function to create a run executor for the container
|
|
func NewDockerPullExecutor(input NewDockerPullExecutorInput) common.Executor {
|
|
return func(ctx context.Context) error {
|
|
logger := common.Logger(ctx)
|
|
logger.Debugf("%sdocker pull %v", logPrefix, input.Image)
|
|
|
|
if common.Dryrun(ctx) {
|
|
return nil
|
|
}
|
|
|
|
pull := input.ForcePull
|
|
if !pull {
|
|
imageExists, err := ImageExistsLocally(ctx, input.Image, input.Platform)
|
|
logger.Debugf("Image exists? %v", imageExists)
|
|
if err != nil {
|
|
return fmt.Errorf("unable to determine if image already exists for image '%s' (%s): %w", input.Image, input.Platform, err)
|
|
}
|
|
|
|
if !imageExists {
|
|
pull = true
|
|
}
|
|
}
|
|
|
|
if !pull {
|
|
return nil
|
|
}
|
|
|
|
imageRef := cleanImage(ctx, input.Image)
|
|
logger.Debugf("pulling image '%v' (%s)", imageRef, input.Platform)
|
|
|
|
cli, err := GetDockerClient(ctx)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer cli.Close()
|
|
|
|
imagePullOptions, err := getImagePullOptions(ctx, input)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
reader, err := cli.ImagePull(ctx, imageRef, imagePullOptions)
|
|
|
|
_ = logDockerResponse(logger, reader, err != nil)
|
|
if err != nil {
|
|
if imagePullOptions.RegistryAuth != "" && strings.Contains(err.Error(), "unauthorized") {
|
|
logger.Errorf("pulling image '%v' (%s) failed with credentials %s retrying without them, please check for stale docker config files", imageRef, input.Platform, err.Error())
|
|
imagePullOptions.RegistryAuth = ""
|
|
reader, err = cli.ImagePull(ctx, imageRef, imagePullOptions)
|
|
|
|
_ = logDockerResponse(logger, reader, err != nil)
|
|
}
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func getImagePullOptions(ctx context.Context, input NewDockerPullExecutorInput) (types.ImagePullOptions, error) {
|
|
imagePullOptions := types.ImagePullOptions{
|
|
Platform: input.Platform,
|
|
}
|
|
logger := common.Logger(ctx)
|
|
|
|
if input.Username != "" && input.Password != "" {
|
|
logger.Debugf("using authentication for docker pull")
|
|
|
|
authConfig := types.AuthConfig{
|
|
Username: input.Username,
|
|
Password: input.Password,
|
|
}
|
|
|
|
encodedJSON, err := json.Marshal(authConfig)
|
|
if err != nil {
|
|
return imagePullOptions, err
|
|
}
|
|
|
|
imagePullOptions.RegistryAuth = base64.URLEncoding.EncodeToString(encodedJSON)
|
|
} else {
|
|
authConfig, err := LoadDockerAuthConfig(ctx, input.Image)
|
|
if err != nil {
|
|
return imagePullOptions, err
|
|
}
|
|
if authConfig.Username == "" && authConfig.Password == "" {
|
|
return imagePullOptions, nil
|
|
}
|
|
logger.Info("using DockerAuthConfig authentication for docker pull")
|
|
|
|
encodedJSON, err := json.Marshal(authConfig)
|
|
if err != nil {
|
|
return imagePullOptions, err
|
|
}
|
|
|
|
imagePullOptions.RegistryAuth = base64.URLEncoding.EncodeToString(encodedJSON)
|
|
}
|
|
|
|
return imagePullOptions, nil
|
|
}
|
|
|
|
func cleanImage(ctx context.Context, image string) string {
|
|
ref, err := reference.ParseAnyReference(image)
|
|
if err != nil {
|
|
common.Logger(ctx).Error(err)
|
|
return ""
|
|
}
|
|
|
|
return ref.String()
|
|
}
|