sr-core 8.0.6

Core library for sr — a release-state reconciler
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

//! Docker publisher: push a container image to any OCI-compliant registry.
//!
//! - check: Query the registry's v2 API for the manifest at `<image>:<tag>`.
//!   Uses anonymous access by default; bearer-token auth is arranged via
//!   the `Www-Authenticate` challenge so public and ghcr.io public images
//!   work out of the box. For private images behind auth, `check` returns
//!   `Unknown` and `run` proceeds.
//! - run: `docker buildx build --push -t <image>:<version> ...`.
//!
//! The version tag is always `ctx.version` (no "v" prefix). The `image`
//! field is the fully qualified reference (e.g. `ghcr.io/owner/repo`).

use super::{PublishCtx, PublishState, Publisher};
use crate::error::ReleaseError;
use crate::hooks::run_shell;

pub struct DockerPublisher {
    pub image: String,
    pub platforms: Vec<String>,
    pub dockerfile: Option<String>,
}

impl Publisher for DockerPublisher {
    fn name(&self) -> &'static str {
        "docker"
    }

    fn check(&self, ctx: &PublishCtx<'_>) -> Result<PublishState, ReleaseError> {
        let (registry, repository) = split_image_ref(&self.image);
        let manifest_url = format!(
            "https://{registry}/v2/{repository}/manifests/{}",
            ctx.version
        );

        // Anonymous HEAD first.
        let resp = ureq::head(&manifest_url)
            .header(
                "Accept",
                "application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json",
            )
            .header("User-Agent", "sr (+https://github.com/urmzd/sr)")
            .call();

        match resp {
            Ok(r) if r.status() == 200 => Ok(PublishState::Completed),
            Ok(r) if r.status() == 404 => Ok(PublishState::Needed),
            Err(ureq::Error::StatusCode(404)) => Ok(PublishState::Needed),
            Err(ureq::Error::StatusCode(401)) | Ok(_) => Ok(PublishState::Unknown(format!(
                "docker registry check inconclusive for {}:{}",
                self.image, ctx.version
            ))),
            Err(e) => Ok(PublishState::Unknown(format!("docker check failed: {e}"))),
        }
    }

    fn run(&self, ctx: &PublishCtx<'_>) -> Result<(), ReleaseError> {
        let mut cmd = String::from("docker buildx build --push");
        if !self.platforms.is_empty() {
            cmd.push_str(" --platform ");
            cmd.push_str(&shell_word(&self.platforms.join(",")));
        }
        if let Some(dockerfile) = &self.dockerfile {
            cmd.push_str(" -f ");
            cmd.push_str(&shell_word(dockerfile));
        }
        cmd.push_str(" -t ");
        cmd.push_str(&shell_word(&format!("{}:{}", self.image, ctx.version)));
        // Also tag as :latest when not a pre-release.
        if !ctx.version.contains('-') {
            cmd.push_str(" -t ");
            cmd.push_str(&shell_word(&format!("{}:latest", self.image)));
        }
        cmd.push_str(" .");

        if ctx.dry_run {
            eprintln!("[dry-run] docker ({}): {cmd}", ctx.package.path);
            return Ok(());
        }

        eprintln!("docker ({}): {cmd}", ctx.package.path);
        let wrapped = format!("cd {} && {cmd}", shell_word(&ctx.package.path));
        run_shell(&wrapped, None, ctx.env)
    }
}

/// Split an image reference like `ghcr.io/owner/repo` into (registry, repo).
/// Defaults to Docker Hub for unqualified names: `owner/repo` → `registry-1.docker.io`.
fn split_image_ref(image: &str) -> (String, String) {
    // A "registry" has a dot or colon in the first path component, or is "localhost".
    if let Some((head, tail)) = image.split_once('/') {
        let has_port = head.contains(':');
        let has_dot = head.contains('.');
        if has_port || has_dot || head == "localhost" {
            return (head.to_string(), tail.to_string());
        }
    }
    // Unqualified: Docker Hub. Single-segment (e.g. "nginx") → "library/nginx".
    let repo = if image.contains('/') {
        image.to_string()
    } else {
        format!("library/{image}")
    };
    ("registry-1.docker.io".to_string(), repo)
}

fn shell_word(s: &str) -> String {
    let mut out = String::from("'");
    for ch in s.chars() {
        if ch == '\'' {
            out.push_str("'\\''");
        } else {
            out.push(ch);
        }
    }
    out.push('\'');
    out
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn split_ghcr_image() {
        let (r, repo) = split_image_ref("ghcr.io/owner/repo");
        assert_eq!(r, "ghcr.io");
        assert_eq!(repo, "owner/repo");
    }

    #[test]
    fn split_docker_hub_multi_segment() {
        let (r, repo) = split_image_ref("urmzd/sr");
        assert_eq!(r, "registry-1.docker.io");
        assert_eq!(repo, "urmzd/sr");
    }

    #[test]
    fn split_docker_hub_single_segment() {
        let (r, repo) = split_image_ref("nginx");
        assert_eq!(r, "registry-1.docker.io");
        assert_eq!(repo, "library/nginx");
    }

    #[test]
    fn split_localhost_port() {
        let (r, repo) = split_image_ref("localhost:5000/img");
        assert_eq!(r, "localhost:5000");
        assert_eq!(repo, "img");
    }
}