blob: 2d40040ab59c2eeb77587950706c66237597f8b8 [file] [log] [blame]
#!/usr/bin/env bash
# Copyright 2023 The Flutter Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# This script is used to pull a docker image's provenance and save it to a file.
DOCKER_IMAGE_URL=$1
OUTPUT_DIRECTORY=$2
# Getting the docker image provenance can be flaky, so retry up to 3 times.
MAX_ATTEMPTS=3
# Download the jq binary in order to obtain the artifact registry url from the
# docker image provenance.
echo "Installing jq using apt..."
apt update && apt install jq -y
for attempt in $(seq 1 $MAX_ATTEMPTS)
do
echo "(Attempt $attempt) Obtaining provenance for $1"
gcloud artifacts docker images describe \
$DOCKER_IMAGE_URL --show-provenance --format json > tmp.json
COMMAND_RESULT=$?
val=$(cat tmp.json | jq -r '.provenance_summary.provenance[0].envelope.payload' | base64 -d | jq '.predicate.recipe.arguments.sourceProvenance')
cat tmp.json | jq ".provenance_summary.provenance[0].build.intotoStatement.slsaProvenance.recipe.arguments.sourceProvenance = ${val}" > $OUTPUT_DIRECTORY
if [[ $COMMAND_RESULT -eq 0 ]]
then
echo "Successfully obtained provenance and saved to $2"
break
else
echo "Failed to obtain provenance."
sleep 30
fi
done
if [[ $COMMAND_RESULT -ne 0 ]]
then
echo "Failed to download provenance." && exit $COMMAND_RESULT
fi