UNCLASSIFIED - NO CUI

Skip to content

Docker tag sha validation

Nicolas Anderson requested to merge docker-tag-sha-validation into master

Description

https://repo1.dso.mil/ironbank-tools/infra/ironbank-bootstrap/-/issues/2091

This MR supports https://repo1.dso.mil/ironbank-tools/infra/ironbank-bootstrap/-/issues/2091 by making a change to the validate_checksum function in the abstract_artifacts.py to get the get the raw skopeo output, save it to the cache and later compare that raw inspect to cache.

Risk

Unsure.

Rollback Plan

Can revert changes and go back to manually disabling cache on tag based manifests

Testing

https://code-ib-mario.staging.dso.mil/dsop/nicolas.anderson/boxship/-/pipelines/90670 tag based url test

https://code-ib-mario.staging.dso.mil/dsop/nicolas.anderson/alpine/-/pipelines/90668 sha based url test

Edited by Nicolas Anderson

Merge request reports

Loading