|
|
@@ -53,3 +53,44 @@ for manifest_list in "${manifest_lists[@]}"; do
|
|
|
# Push the manifest list.
|
|
|
docker manifest push --purge ${manifest_list}
|
|
|
done
|
|
|
+
|
|
|
+# Avoid logging credentials and tokens.
|
|
|
+set +ex
|
|
|
+
|
|
|
+# Delete the arch-specific tags, if credentials for doing so are available.
|
|
|
+# Note that `DOCKER_PASSWORD` must be the actual user password. Passing a JWT
|
|
|
+# obtained using a personal access token results in a 403 error with
|
|
|
+# {"detail": "access to the resource is forbidden with personal access token"}
|
|
|
+if [[ -z "${DOCKER_USERNAME}" || -z "${DOCKER_PASSWORD}" ]]; then
|
|
|
+ exit 0
|
|
|
+fi
|
|
|
+
|
|
|
+# Given a JSON input on stdin, extract the string value associated with the
|
|
|
+# specified key. This avoids an extra dependency on a tool like `jq`.
|
|
|
+extract() {
|
|
|
+ local key="$1"
|
|
|
+ # Extract "<key>":"<val>" (assumes key/val won't contain double quotes).
|
|
|
+ # The colon may have whitespace on either side.
|
|
|
+ grep -o "\"${key}\"[[:space:]]*:[[:space:]]*\"[^\"]\+\"" |
|
|
|
+ # Extract just <val> by deleting the last '"', and then greedily deleting
|
|
|
+ # everything up to '"'.
|
|
|
+ sed -e 's/"$//' -e 's/.*"//'
|
|
|
+}
|
|
|
+
|
|
|
+echo ">>> Getting API token..."
|
|
|
+jwt=$(curl -sS -X POST \
|
|
|
+ -H "Content-Type: application/json" \
|
|
|
+ -d "{\"username\":\"${DOCKER_USERNAME}\",\"password\": \"${DOCKER_PASSWORD}\"}" \
|
|
|
+ "https://hub.docker.com/v2/users/login" |
|
|
|
+ extract 'token')
|
|
|
+
|
|
|
+# Strip the registry portion from `index.docker.io/user/repo`.
|
|
|
+repo="${DOCKER_REPO#*/}"
|
|
|
+
|
|
|
+for arch in ${arches[@]}; do
|
|
|
+ tag="${DOCKER_TAG}-${arch}"
|
|
|
+ echo ">>> Deleting '${repo}:${tag}'..."
|
|
|
+ curl -sS -X DELETE \
|
|
|
+ -H "Authorization: Bearer ${jwt}" \
|
|
|
+ "https://hub.docker.com/v2/repositories/${repo}/tags/${tag}/"
|
|
|
+done
|
Jeremy Lin