|
|
|
@ -53,3 +53,44 @@ for manifest_list in "${manifest_lists[@]}"; do |
|
|
|
# Push the manifest list. |
|
|
|
docker manifest push --purge ${manifest_list} |
|
|
|
done |
|
|
|
|
|
|
|
# Avoid logging credentials and tokens. |
|
|
|
set +ex |
|
|
|
|
|
|
|
# Delete the arch-specific tags, if credentials for doing so are available. |
|
|
|
# Note that `DOCKER_PASSWORD` must be the actual user password. Passing a JWT |
|
|
|
# obtained using a personal access token results in a 403 error with |
|
|
|
# {"detail": "access to the resource is forbidden with personal access token"} |
|
|
|
if [[ -z "${DOCKER_USERNAME}" || -z "${DOCKER_PASSWORD}" ]]; then |
|
|
|
exit 0 |
|
|
|
fi |
|
|
|
|
|
|
|
# Given a JSON input on stdin, extract the string value associated with the |
|
|
|
# specified key. This avoids an extra dependency on a tool like `jq`. |
|
|
|
extract() { |
|
|
|
local key="$1" |
|
|
|
# Extract "<key>":"<val>" (assumes key/val won't contain double quotes). |
|
|
|
# The colon may have whitespace on either side. |
|
|
|
grep -o "\"${key}\"[[:space:]]*:[[:space:]]*\"[^\"]\+\"" | |
|
|
|
# Extract just <val> by deleting the last '"', and then greedily deleting |
|
|
|
# everything up to '"'. |
|
|
|
sed -e 's/"$//' -e 's/.*"//' |
|
|
|
} |
|
|
|
|
|
|
|
echo ">>> Getting API token..." |
|
|
|
jwt=$(curl -sS -X POST \ |
|
|
|
-H "Content-Type: application/json" \ |
|
|
|
-d "{\"username\":\"${DOCKER_USERNAME}\",\"password\": \"${DOCKER_PASSWORD}\"}" \ |
|
|
|
"https://hub.docker.com/v2/users/login" | |
|
|
|
extract 'token') |
|
|
|
|
|
|
|
# Strip the registry portion from `index.docker.io/user/repo`. |
|
|
|
repo="${DOCKER_REPO#*/}" |
|
|
|
|
|
|
|
for arch in ${arches[@]}; do |
|
|
|
tag="${DOCKER_TAG}-${arch}" |
|
|
|
echo ">>> Deleting '${repo}:${tag}'..." |
|
|
|
curl -sS -X DELETE \ |
|
|
|
-H "Authorization: Bearer ${jwt}" \ |
|
|
|
"https://hub.docker.com/v2/repositories/${repo}/tags/${tag}/" |
|
|
|
done |
|
|
|
|
Jeremy Lin
5 years ago