diff --git a/pubtools/_quay/iib_operations.py b/pubtools/_quay/iib_operations.py index 049370a2..380b5de4 100644 --- a/pubtools/_quay/iib_operations.py +++ b/pubtools/_quay/iib_operations.py @@ -79,6 +79,7 @@ def _index_image_to_sign_entries( dest_tags: list[str], signing_keys: list[str], target_settings: dict[str, Any], + internal: bool = False, ) -> list[SignEntry]: """Generate entries to sign. @@ -90,10 +91,18 @@ def _index_image_to_sign_entries( dest_tags (List[str]): Destination tags. index_stamp (str): Index stamp. signing_keys (list): List of signing keys. + internal (bool): indicates if to sign registries should be generated with iternal/external + reference """ iib_repo = target_settings["quay_operator_repository"] dest_registries = target_settings["docker_settings"]["docker_reference_registry"] dest_registries = dest_registries if isinstance(dest_registries, list) else [dest_registries] + if internal: + dest_registries = ["quay.io"] + iib_repo = ( + target_settings["quay_namespace"] + "/" + get_internal_container_repo_name(iib_repo) + ) + dest_operator_quay_client = _get_operator_quay_client(target_settings) manifest_list = cast( ManifestList, @@ -164,7 +173,7 @@ def _sign_index_image( list: List of current signatures. """ to_sign_entries = _index_image_to_sign_entries( - built_index_image, dest_tags, signing_keys, target_settings + built_index_image, dest_tags, signing_keys, target_settings, internal=not pre_push ) current_signatures: list[tuple[str, str, str]] = [ (e.reference, e.digest, e.signing_key) for e in to_sign_entries diff --git a/pubtools/_quay/item_processor.py b/pubtools/_quay/item_processor.py index 49680789..28e97bc1 100644 --- a/pubtools/_quay/item_processor.py +++ b/pubtools/_quay/item_processor.py @@ -660,6 +660,6 @@ def item_processor_for_internal_data( return ItemProcesor( extractor=extractor, reference_processor=reference_processor, - reference_registries=[], + reference_registries=["quay.io"], source_registry=internal_registry, ) diff --git a/pubtools/_quay/push_docker.py b/pubtools/_quay/push_docker.py index f13198f8..bf9c324e 100644 --- a/pubtools/_quay/push_docker.py +++ b/pubtools/_quay/push_docker.py @@ -606,7 +606,6 @@ def run(self) -> None: iib_results = None successful_iib_results = dict() index_stamp = timestamp() - item_processor = item_processor_for_external_data( self.src_quay_client, self.dest_registries, @@ -618,7 +617,6 @@ def run(self) -> None: item_processor.generate_to_sign, [FData(args=(item,), kwargs={}) for item in docker_push_items], ) - for _to_sign_entries in to_sign_map.values(): to_sign_entries.extend(_to_sign_entries) @@ -640,6 +638,20 @@ def run(self) -> None: container_pusher.push_container_images() # Sign containers with signers which requires pushed containers in destination registry + to_sign_entries = [] + item_processor = item_processor_for_internal_data( + self.src_quay_client, + self.dest_registries, + self.target_settings.get("retry_sleep_time", 5), + self.target_settings["quay_namespace"], + ) + to_sign_map = run_in_parallel( + item_processor.generate_to_sign, + [FData(args=(item,), kwargs={}) for item in docker_push_items], + ) + for _to_sign_entries in to_sign_map.values(): + to_sign_entries.extend(_to_sign_entries) + for signer in self.target_settings["signing"]: if signer["enabled"] and not SIGNER_BY_LABEL[signer["label"]].pre_push: signercls = SIGNER_BY_LABEL[signer["label"]] diff --git a/tests/test_iib_operations.py b/tests/test_iib_operations.py index c6cec054..1e72fca8 100644 --- a/tests/test_iib_operations.py +++ b/tests/test_iib_operations.py @@ -313,16 +313,12 @@ def test_task_iib_add_bundles( config_file="test-config.yml", signing_key="some-key", reference=[ - "some-registry1.com/operators/index-image:8", - "some-registry1.com/operators/index-image:8-timestamp", - "some-registry2.com/operators/index-image:8", - "some-registry2.com/operators/index-image:8-timestamp", + "quay.io/some-namespace/operators----index-image:8", + "quay.io/some-namespace/operators----index-image:8-timestamp", ], digest=[ "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", - "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", - "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", ], ), ] @@ -426,16 +422,12 @@ def test_task_iib_add_bundles_missing_manifest_list( config_file="test-config.yml", signing_key="some-key", reference=[ - "some-registry1.com/operators/index-image:8", - "some-registry1.com/operators/index-image:8-timestamp", - "some-registry2.com/operators/index-image:8", - "some-registry2.com/operators/index-image:8-timestamp", + "quay.io/some-namespace/operators----index-image:8", + "quay.io/some-namespace/operators----index-image:8-timestamp", ], digest=[ "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", - "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", - "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", ], ), ] @@ -543,16 +535,12 @@ def test_task_iib_add_bundles_operator_ns( config_file="test-config.yml", signing_key="some-key", reference=[ - "some-registry1.com/operators/index-image:8", - "some-registry1.com/operators/index-image:8-timestamp", - "some-registry2.com/operators/index-image:8", - "some-registry2.com/operators/index-image:8-timestamp", + "quay.io/some-namespace/operators----index-image:8", + "quay.io/some-namespace/operators----index-image:8-timestamp", ], digest=[ "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", - "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", - "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", ], ), ] @@ -948,20 +936,17 @@ def test_task_iib_build_from_scratch( ], task_id="1-0", ), + # cosign mock.call( config_file="test-config.yml", signing_key="some-key", reference=[ - "some-registry1.com/operators/index-image:8", - "some-registry1.com/operators/index-image:8-timestamp", - "some-registry2.com/operators/index-image:8", - "some-registry2.com/operators/index-image:8-timestamp", + "quay.io/some-namespace/operators----index-image:8", + "quay.io/some-namespace/operators----index-image:8-timestamp", ], digest=[ "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", - "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", - "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", ], ), ] @@ -1129,16 +1114,12 @@ def test_task_iib_build_from_scratch_missing_manifest_list( config_file="test-config.yml", signing_key="some-key", reference=[ - "some-registry1.com/operators/index-image:8", - "some-registry1.com/operators/index-image:8-timestamp", - "some-registry2.com/operators/index-image:8", - "some-registry2.com/operators/index-image:8-timestamp", + "quay.io/some-namespace/operators----index-image:8", + "quay.io/some-namespace/operators----index-image:8-timestamp", ], digest=[ "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", - "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", - "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", ], ), ] @@ -1272,16 +1253,12 @@ def test_task_iib_build_from_scratch_operator_ns( config_file="test-config.yml", signing_key="some-key", reference=[ - "some-registry1.com/operators/index-image:8", - "some-registry1.com/operators/index-image:8-timestamp", - "some-registry2.com/operators/index-image:8", - "some-registry2.com/operators/index-image:8-timestamp", + "quay.io/some-namespace/operators----index-image:8", + "quay.io/some-namespace/operators----index-image:8-timestamp", ], digest=[ "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", - "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", - "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6", ], ), ] diff --git a/tests/test_integration.py b/tests/test_integration.py index acf5dcfc..7da9c284 100644 --- a/tests/test_integration.py +++ b/tests/test_integration.py @@ -302,24 +302,16 @@ def test_push_docker_multiarch_merge_ml_operator( config_file="test-config.yml", signing_key="some-key", reference=[ - "some-registry1.com/target/repo:latest-test-tag", - "some-registry1.com/target/repo:latest-test-tag", - "some-registry1.com/target/repo:latest-test-tag", - "some-registry1.com/target/repo:latest-test-tag", - "some-registry2.com/target/repo:latest-test-tag", - "some-registry2.com/target/repo:latest-test-tag", - "some-registry2.com/target/repo:latest-test-tag", - "some-registry2.com/target/repo:latest-test-tag", + "quay.io/some-namespace/target----repo:latest-test-tag", + "quay.io/some-namespace/target----repo:latest-test-tag", + "quay.io/some-namespace/target----repo:latest-test-tag", + "quay.io/some-namespace/target----repo:latest-test-tag", ], digest=[ "sha256:1111111111", "sha256:2222222222", "sha256:3333333333", "sha256:5555555555", - "sha256:1111111111", - "sha256:2222222222", - "sha256:3333333333", - "sha256:5555555555", ], ), mock.call( @@ -345,20 +337,14 @@ def test_push_docker_multiarch_merge_ml_operator( mock.call( config_file="test-config.yml", signing_key="some-key", - reference=[ - "some-registry1.com/operators/index-image:v4.5", - "some-registry2.com/operators/index-image:v4.5", - ], - digest=["sha256:5555555555", "sha256:5555555555"], + reference=["quay.io/some-namespace/operators----index-image:v4.5"], + digest=["sha256:5555555555"], ), mock.call( config_file="test-config.yml", signing_key="some-key", - reference=[ - "some-registry1.com/operators/index-image:v4.6", - "some-registry2.com/operators/index-image:v4.6", - ], - digest=["sha256:5555555555", "sha256:5555555555"], + reference=["quay.io/some-namespace/operators----index-image:v4.6"], + digest=["sha256:5555555555"], ), ] ) @@ -478,24 +464,16 @@ def test_push_docker_multiarch_simple_workflow( config_file="test-config.yml", signing_key="some-key", reference=[ - "some-registry1.com/target/repo:latest-test-tag", - "some-registry1.com/target/repo:latest-test-tag", - "some-registry1.com/target/repo:latest-test-tag", - "some-registry1.com/target/repo:latest-test-tag", - "some-registry2.com/target/repo:latest-test-tag", - "some-registry2.com/target/repo:latest-test-tag", - "some-registry2.com/target/repo:latest-test-tag", - "some-registry2.com/target/repo:latest-test-tag", + "quay.io/some-namespace/target----repo:latest-test-tag", + "quay.io/some-namespace/target----repo:latest-test-tag", + "quay.io/some-namespace/target----repo:latest-test-tag", + "quay.io/some-namespace/target----repo:latest-test-tag", ], digest=[ "sha256:1111111111", "sha256:2222222222", "sha256:3333333333", "sha256:5555555555", - "sha256:1111111111", - "sha256:2222222222", - "sha256:3333333333", - "sha256:5555555555", ], ), ] @@ -1277,17 +1255,10 @@ def test_task_iib_add_bundles( config_file="test-config.yml", signing_key="some-key", reference=[ - "some-registry1.com/operators/index-image:8", - "some-registry1.com/operators/index-image:8-timestamp", - "some-registry2.com/operators/index-image:8", - "some-registry2.com/operators/index-image:8-timestamp", - ], - digest=[ - "sha256:5555555555", - "sha256:5555555555", - "sha256:5555555555", - "sha256:5555555555", + "quay.io/some-namespace/operators----index-image:8", + "quay.io/some-namespace/operators----index-image:8-timestamp", ], + digest=["sha256:5555555555", "sha256:5555555555"], ), ] ) @@ -1389,17 +1360,10 @@ def test_task_iib_remove_operators( config_file="test-config.yml", signing_key="some-key", reference=[ - "some-registry1.com/operators/index-image:8", - "some-registry1.com/operators/index-image:8-timestamp", - "some-registry2.com/operators/index-image:8", - "some-registry2.com/operators/index-image:8-timestamp", - ], - digest=[ - "sha256:5555555555", - "sha256:5555555555", - "sha256:5555555555", - "sha256:5555555555", + "quay.io/some-namespace/operators----index-image:8", + "quay.io/some-namespace/operators----index-image:8-timestamp", ], + digest=["sha256:5555555555", "sha256:5555555555"], ), ] ) @@ -1780,24 +1744,16 @@ def test_push_docker_operator_verify_bundle_fail( config_file="test-config.yml", signing_key="some-key", reference=[ - "some-registry1.com/target/repo:latest-test-tag", - "some-registry1.com/target/repo:latest-test-tag", - "some-registry1.com/target/repo:latest-test-tag", - "some-registry1.com/target/repo:latest-test-tag", - "some-registry2.com/target/repo:latest-test-tag", - "some-registry2.com/target/repo:latest-test-tag", - "some-registry2.com/target/repo:latest-test-tag", - "some-registry2.com/target/repo:latest-test-tag", + "quay.io/some-namespace/target----repo:latest-test-tag", + "quay.io/some-namespace/target----repo:latest-test-tag", + "quay.io/some-namespace/target----repo:latest-test-tag", + "quay.io/some-namespace/target----repo:latest-test-tag", ], digest=[ "sha256:1111111111", "sha256:2222222222", "sha256:3333333333", "sha256:5555555555", - "sha256:1111111111", - "sha256:2222222222", - "sha256:3333333333", - "sha256:5555555555", ], ), ]