Skip to content

Commit

Permalink
Deploying to gh-pages from @ a12eebd 🚀
Browse files Browse the repository at this point in the history
  • Loading branch information
@querti
querti committed Jun 3, 2024
1 parent e971819 commit 236fb6b
Showing 1 changed file with 13 additions and 4 deletions.
17 changes: 13 additions & 4 deletions _modules/pubtools/_quay/security_manifest_pusher.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ <h1>Source code for pubtools._quay.security_manifest_pusher</h1><div class="high
<span class="kn">from</span> <span class="nn">typing</span> <span class="kn">import</span> <span class="n">Any</span><span class="p">,</span> <span class="n">cast</span><span class="p">,</span> <span class="n">List</span><span class="p">,</span> <span class="n">Dict</span><span class="p">,</span> <span class="n">Union</span><span class="p">,</span> <span class="n">Optional</span><span class="p">,</span> <span class="n">Set</span>

<span class="kn">from</span> <span class="nn">.quay_client</span> <span class="kn">import</span> <span class="n">QuayClient</span>
<span class="kn">from</span> <span class="nn">.utils.misc</span> <span class="kn">import</span> <span class="n">get_internal_container_repo_name</span><span class="p">,</span> <span class="n">log_step</span>
<span class="kn">from</span> <span class="nn">.utils.misc</span> <span class="kn">import</span> <span class="n">get_internal_container_repo_name</span><span class="p">,</span> <span class="n">log_step</span><span class="p">,</span> <span class="n">retry</span>
<span class="kn">from</span> <span class="nn">.command_executor</span> <span class="kn">import</span> <span class="n">LocalExecutor</span>
<span class="kn">from</span> <span class="nn">.quay_api_client</span> <span class="kn">import</span> <span class="n">QuayApiClient</span>
<span class="kn">from</span> <span class="nn">.exceptions</span> <span class="kn">import</span> <span class="n">ManifestTypeError</span>
Expand Down Expand Up @@ -167,6 +167,7 @@ <h1>Source code for pubtools._quay.security_manifest_pusher</h1><div class="high
<span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">_dest_quay_api_client</span>

<div class="viewcode-block" id="SecurityManifestPusher.cosign_get_security_manifest"><a class="viewcode-back" href="../../../security_manifest_pusher.html#pubtools._quay.security_manifest_pusher.SecurityManifestPusher.cosign_get_security_manifest">[docs]</a> <span class="nd">@classmethod</span>
<span class="nd">@retry</span><span class="p">(</span><span class="s2">&quot;Get security manifest&quot;</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">cosign_get_security_manifest</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">image_ref</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">output_file</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span>
<span class="w"> </span><span class="sd">&quot;&quot;&quot;</span>
<span class="sd"> Use cosign to get security manifest from an image and save it to a file.</span>
Expand All @@ -183,13 +184,17 @@ <h1>Source code for pubtools._quay.security_manifest_pusher</h1><div class="high
<span class="n">LOG</span><span class="o">.</span><span class="n">info</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;Running command &#39;</span><span class="si">{</span><span class="s1">&#39; &#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">cmd</span><span class="p">)</span><span class="si">}</span><span class="s2">&#39;&quot;</span><span class="p">)</span>
<span class="n">result</span> <span class="o">=</span> <span class="n">subprocess</span><span class="o">.</span><span class="n">run</span><span class="p">(</span><span class="n">cmd</span><span class="p">,</span> <span class="n">stdout</span><span class="o">=</span><span class="n">subprocess</span><span class="o">.</span><span class="n">PIPE</span><span class="p">,</span> <span class="n">stderr</span><span class="o">=</span><span class="n">subprocess</span><span class="o">.</span><span class="n">STDOUT</span><span class="p">,</span> <span class="n">text</span><span class="o">=</span><span class="kc">True</span><span class="p">)</span>

<span class="k">if</span> <span class="n">result</span><span class="o">.</span><span class="n">returncode</span><span class="p">:</span>
<span class="k">if</span> <span class="n">result</span><span class="o">.</span><span class="n">returncode</span> <span class="ow">and</span> <span class="s2">&quot;no sbom attached to reference&quot;</span> <span class="ow">in</span> <span class="n">result</span><span class="o">.</span><span class="n">stdout</span><span class="p">:</span>
<span class="n">LOG</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;Command </span><span class="si">{</span><span class="s1">&#39; &#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">cmd</span><span class="p">)</span><span class="si">}</span><span class="s2"> has failed: </span><span class="si">{</span><span class="n">result</span><span class="o">.</span><span class="n">stdout</span><span class="si">}</span><span class="s2">&quot;</span><span class="p">)</span>
<span class="k">return</span> <span class="kc">False</span>
<span class="c1"># If this string was not matched, the error is unexpected - raise</span>
<span class="k">elif</span> <span class="n">result</span><span class="o">.</span><span class="n">returncode</span><span class="p">:</span>
<span class="k">raise</span> <span class="ne">RuntimeError</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;Command </span><span class="si">{</span><span class="s1">&#39; &#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">cmd</span><span class="p">)</span><span class="si">}</span><span class="s2"> has failed with an error: </span><span class="si">{</span><span class="n">result</span><span class="o">.</span><span class="n">stdout</span><span class="si">}</span><span class="s2">&quot;</span><span class="p">)</span>

<span class="k">return</span> <span class="kc">True</span></div>

<div class="viewcode-block" id="SecurityManifestPusher.cosign_get_existing_attestation"><a class="viewcode-back" href="../../../security_manifest_pusher.html#pubtools._quay.security_manifest_pusher.SecurityManifestPusher.cosign_get_existing_attestation">[docs]</a> <span class="k">def</span> <span class="nf">cosign_get_existing_attestation</span><span class="p">(</span>
<div class="viewcode-block" id="SecurityManifestPusher.cosign_get_existing_attestation"><a class="viewcode-back" href="../../../security_manifest_pusher.html#pubtools._quay.security_manifest_pusher.SecurityManifestPusher.cosign_get_existing_attestation">[docs]</a> <span class="nd">@retry</span><span class="p">(</span><span class="s2">&quot;Get existing attestation&quot;</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">cosign_get_existing_attestation</span><span class="p">(</span>
<span class="bp">self</span><span class="p">,</span>
<span class="n">image_ref</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span>
<span class="n">output_file</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span>
Expand Down Expand Up @@ -229,9 +234,13 @@ <h1>Source code for pubtools._quay.security_manifest_pusher</h1><div class="high
<span class="n">LOG</span><span class="o">.</span><span class="n">info</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;Running command &#39;</span><span class="si">{</span><span class="s1">&#39; &#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">cmd</span><span class="p">)</span><span class="si">}</span><span class="s2">&#39;&quot;</span><span class="p">)</span>
<span class="n">result</span> <span class="o">=</span> <span class="n">subprocess</span><span class="o">.</span><span class="n">run</span><span class="p">(</span><span class="n">cmd</span><span class="p">,</span> <span class="n">stdout</span><span class="o">=</span><span class="n">subprocess</span><span class="o">.</span><span class="n">PIPE</span><span class="p">,</span> <span class="n">stderr</span><span class="o">=</span><span class="n">subprocess</span><span class="o">.</span><span class="n">STDOUT</span><span class="p">,</span> <span class="n">text</span><span class="o">=</span><span class="kc">True</span><span class="p">)</span>

<span class="k">if</span> <span class="n">result</span><span class="o">.</span><span class="n">returncode</span><span class="p">:</span>
<span class="c1"># If no errors are displayed, it means that the attestation doesn&#39;t exist</span>
<span class="k">if</span> <span class="n">result</span><span class="o">.</span><span class="n">returncode</span> <span class="ow">and</span> <span class="s2">&quot;no matching attestations: </span><span class="se">\n</span><span class="s2">&quot;</span> <span class="ow">in</span> <span class="n">result</span><span class="o">.</span><span class="n">stdout</span><span class="p">:</span>
<span class="n">LOG</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;Command </span><span class="si">{</span><span class="s1">&#39; &#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">cmd</span><span class="p">)</span><span class="si">}</span><span class="s2"> has failed: </span><span class="si">{</span><span class="n">result</span><span class="o">.</span><span class="n">stdout</span><span class="si">}</span><span class="s2">&quot;</span><span class="p">)</span>
<span class="k">return</span> <span class="kc">False</span>
<span class="c1"># if an unexpected error is displayed, raise an error</span>
<span class="k">elif</span> <span class="n">result</span><span class="o">.</span><span class="n">returncode</span><span class="p">:</span>
<span class="k">raise</span> <span class="ne">RuntimeError</span><span class="p">(</span><span class="sa">f</span><span class="s2">&quot;Command </span><span class="si">{</span><span class="s1">&#39; &#39;</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">cmd</span><span class="p">)</span><span class="si">}</span><span class="s2"> has failed with an error: </span><span class="si">{</span><span class="n">result</span><span class="o">.</span><span class="n">stdout</span><span class="si">}</span><span class="s2">&quot;</span><span class="p">)</span>

<span class="k">return</span> <span class="kc">True</span></div>

Expand Down

0 comments on commit 236fb6b

Please sign in to comment.