Last active
October 30, 2024 10:42
-
-
Save larstobi/4402d0daf4eeec28a4f0132c909faa6e to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| trigger: | |
| - main | |
| pool: | |
| vmImage: 'ubuntu-latest' | |
| variables: | |
| # Azure service principal credentials | |
| clientId: '<Your-Client-ID>' | |
| clientSecret: '<Your-Client-Secret>' # Mark this as secret | |
| tenantId: '<Your-Tenant-ID>' | |
| subscriptionId: '<Your-Subscription-ID>' | |
| # ACR and image details | |
| acrName: '<Your-ACR-Name>' | |
| imageName: '<Your-Image-Name>' | |
| imageTag: '<Your-Image-Tag>' | |
| steps: | |
| - task: Bash@3 | |
| inputs: | |
| targetType: 'inline' | |
| script: | | |
| #!/bin/bash | |
| set -e | |
| # Variables | |
| CLIENT_ID="${clientId}" | |
| CLIENT_SECRET="${clientSecret}" | |
| TENANT_ID="${tenantId}" | |
| SUBSCRIPTION_ID="${subscriptionId}" | |
| ACR_NAME="${acrName}" | |
| IMAGE_NAME="${imageName}" | |
| IMAGE_TAG="${imageTag}" | |
| # Install Podman | |
| echo "Installing Podman..." | |
| sudo apt-get update | |
| sudo apt-get -y install podman | |
| # Build the Docker image using Podman | |
| echo "Building the Docker image with Podman..." | |
| podman build -t $IMAGE_NAME:$IMAGE_TAG . | |
| # Save the image in OCI format to get the manifest | |
| echo "Saving the image in OCI format..." | |
| podman save --format oci-dir --output ./image-dir $IMAGE_NAME:$IMAGE_TAG | |
| # Compute the digest of the manifest file | |
| echo "Computing the digest of the local image..." | |
| LOCAL_IMAGE_DIGEST="sha256:$(sha256sum image-dir/manifest.json | awk '{print $1}')" | |
| echo "Local image digest: $LOCAL_IMAGE_DIGEST" | |
| # Clean up the saved image | |
| rm -rf ./image-dir | |
| # Authenticate with Azure | |
| echo "Logging into Azure..." | |
| az login --service-principal -u $CLIENT_ID -p $CLIENT_SECRET --tenant $TENANT_ID --allow-no-subscriptions | |
| az account set --subscription $SUBSCRIPTION_ID | |
| # Retrieve the digest of the image in ACR | |
| echo "Retrieving the digest of the image in ACR..." | |
| ACR_IMAGE_DIGEST=$(az acr repository show-manifests \ | |
| --name $ACR_NAME \ | |
| --repository $IMAGE_NAME \ | |
| --query "[?tags && contains(@.tags, '$IMAGE_TAG')].digest | [0]" \ | |
| --output tsv) | |
| echo "ACR image digest: $ACR_IMAGE_DIGEST" | |
| # Compare the digests | |
| if [ "$LOCAL_IMAGE_DIGEST" == "$ACR_IMAGE_DIGEST" ]; then | |
| echo "The local image and the image in ACR have the same digest." | |
| # Optionally, skip pushing the image | |
| exit 0 | |
| else | |
| echo "The local image and the image in ACR have different digests." | |
| # Proceed to push the image | |
| fi | |
| # Log in to ACR using Podman | |
| echo "Logging into ACR with Podman..." | |
| ACR_LOGIN_SERVER="$ACR_NAME.azurecr.io" | |
| ACR_USERNAME=$(az acr credential show -n $ACR_NAME --query "username" -o tsv) | |
| ACR_PASSWORD=$(az acr credential show -n $ACR_NAME --query "passwords |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment