Add tape pull command

docker · Sep 19, 2023 · 3101f21 · 3101f21
1 parent 751acca
commit 3101f21
Show file tree

Hide file tree

Showing 8 changed files with 149 additions and 2 deletions.
diff --git a/go.mod b/go.mod
@@ -68,6 +68,7 @@ require (
 	github.com/felixge/httpsnoop v1.0.3 // indirect
 	github.com/fluxcd/pkg/sourceignore v0.3.4 // indirect
 	github.com/fluxcd/pkg/tar v0.2.0 // indirect
+	github.com/fluxcd/pkg/untar v0.3.0 // indirect
 	github.com/fluxcd/pkg/version v0.2.2 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.5.0 // indirect

diff --git a/go.sum b/go.sum
@@ -150,6 +150,8 @@ github.com/fluxcd/pkg/sourceignore v0.3.4 h1:0cfS2Pj7xp2qpaerMjYqOBr82LC+/mGHl6v
 github.com/fluxcd/pkg/sourceignore v0.3.4/go.mod h1:ejLx+/uIrPUgqVzMTR5JiWuUnzs+zTkoEf9gS92LqaE=
 github.com/fluxcd/pkg/tar v0.2.0 h1:HEUHgONQYsJGeZZ4x6h5nQU9Aox1I4T3bOp1faWTqf8=
 github.com/fluxcd/pkg/tar v0.2.0/go.mod h1:w0/TOC7kwBJhnSJn7TCABkc/I7ib1f2Yz6vOsbLBnhw=
+github.com/fluxcd/pkg/untar v0.3.0 h1:FOGc69nBvasLjFu5Imdc7Kl/U/gRdIyyF2ZkD9gKuXI=
+github.com/fluxcd/pkg/untar v0.3.0/go.mod h1:ClGpWYeDidYETkl048vCgHlsNtn5BHYHvMmQdadRGKs=
 github.com/fluxcd/pkg/version v0.2.2 h1:ZpVXECeLA5hIQMft11iLp6gN3cKcz6UNuVTQPw/bRdI=
 github.com/fluxcd/pkg/version v0.2.2/go.mod h1:NGnh/no8S6PyfCDxRFrPY3T5BUnqP48MxfxNRU0z8C0=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=

diff --git a/oci/artefact.go b/oci/artefact.go
@@ -147,9 +147,9 @@ func newArtifcatInfoFromLayerDescriptor(image v1.Image, layerDecriptor v1.Descri
 		return nil, fmt.Errorf("fetching artefact image failed: %w", err)
 	}
 
-	blob, err := layer.Uncompressed()
+	blob, err := layer.Compressed()
 	if err != nil {
-		return nil, fmt.Errorf("extracting uncompressed aretefact image failed: %w", err)
+		return nil, fmt.Errorf("extracting compressed aretefact image failed: %w", err)
 	}
 	info := &ArtefactInfo{
 		ReadCloser:  blob,

diff --git a/tape/app/app.go b/tape/app/app.go
@@ -74,6 +74,14 @@ func Run() int {
 				tape:                    tape,
 				InputManifestDirOptions: InputManifestDirOptions{}},
 		},
+		{
+			name:  "pull",
+			short: "Pull an artefact",
+			options: &TapePullCommand{
+				tape:                     tape,
+				OutputManifestDirOptions: OutputManifestDirOptions{},
+			},
+		},
 	}
 
 	for _, c := range commands {

diff --git a/tape/app/pull.go b/tape/app/pull.go
@@ -0,0 +1,86 @@
+package app
+
+import (
+	"compress/gzip"
+	"context"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+
+	"github.com/docker/labs-brown-tape/oci"
+	"github.com/fluxcd/pkg/tar"
+)
+
+type TapePullCommand struct {
+	tape *TapeCommand
+	OutputManifestDirOptions
+
+	Image        string `short:"I" long:"image" description:"Name of the image to pull" required:"true"`
+	Attestations string `short:"a" long:"attestations" description:"Path to wrtie attestations file"`
+}
+
+const regularFileMode = 0o640
+
+func (c *TapePullCommand) Execute(args []string) error {
+	ctx := context.WithValue(c.tape.ctx, "command", "pull")
+	if len(args) != 0 {
+		return fmt.Errorf("unexpected arguments: %v", args)
+	}
+
+	if err := c.tape.Init(); err != nil {
+		return err
+	}
+
+	client := oci.NewClient(nil)
+
+	artefacts, err := client.SelectArtefacts(ctx, c.Image, oci.ContentMediaType, oci.AttestMediaType)
+	if err != nil {
+		return err
+	}
+
+	for i := range artefacts {
+		artefact := artefacts[i]
+		switch artefact.MediaType {
+		case oci.ContentMediaType:
+			if err := tar.Untar(artefact, c.OutputManifestDirOptions.ManifestDir, tar.WithMaxUntarSize(-1)); err != nil {
+				return fmt.Errorf("failed to exatract manifests: %w", err)
+			}
+			c.tape.log.Infof("extracted manifest to %q", c.OutputManifestDirOptions.ManifestDir)
+			// TODO: add mode to just dump the tarball
+		case oci.AttestMediaType:
+			if c.Attestations == "" {
+				break
+			}
+
+			r, w := io.ReadCloser(nil), io.WriteCloser(nil)
+
+			if filepath.Ext(c.Attestations) == ".gz" {
+				r = artefact
+			} else {
+				r, err = gzip.NewReader(artefact)
+				if err != nil {
+					return fmt.Errorf("failed to decompress attestations file: %w", err)
+				}
+				defer r.Close()
+			}
+
+			if c.Attestations == "-" {
+				w = os.Stdout
+			} else {
+				w, err = os.OpenFile(c.Attestations, os.O_RDWR|os.O_CREATE|os.O_EXCL, regularFileMode)
+				if err != nil {
+					return fmt.Errorf("failed to create attestations file: %w", err)
+				}
+				defer w.Close()
+			}
+
+			if _, err := io.Copy(w, r); err != nil {
+				return fmt.Errorf("failed to write attestations file: %w", err)
+			}
+			c.tape.log.Infof("extracted attestations to %q", c.Attestations)
+		}
+
+	}
+	return nil
+}
diff --git a/vendor/github.com/fluxcd/pkg/untar/LICENSE b/vendor/github.com/fluxcd/pkg/untar/LICENSE
diff --git a/vendor/github.com/fluxcd/pkg/untar/untar.go b/vendor/github.com/fluxcd/pkg/untar/untar.go
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -331,6 +331,9 @@ github.com/fluxcd/pkg/sourceignore
 # github.com/fluxcd/pkg/tar v0.2.0
 ## explicit; go 1.18
 github.com/fluxcd/pkg/tar
+# github.com/fluxcd/pkg/untar v0.3.0
+## explicit; go 1.18
+github.com/fluxcd/pkg/untar
 # github.com/fluxcd/pkg/version v0.2.2
 ## explicit; go 1.18
 github.com/fluxcd/pkg/version