collab/docker-with-digest-id-deploy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
docker-with-digest-id-deploy/build.yml
Andreas Martin 4bbffd8a3d init Commit
2026-01-19 12:27:03 +01:00

123 lines
4.3 KiB
YAML
Raw Permalink Blame History

---
- name: Lese Docker-Compose Images und erstelle Digest-Datei
hosts: localhost
gather_facts: false
vars:
compose_file: "files/docker-compose.yml"
digest_file: "files/image_digests.yml"
target_arch: "amd64"
tasks:
- name: Prüfe, ob docker-compose.yml existiert
ansible.builtin.stat:
path: "{{ compose_file }}"
register: compose_stat
failed_when: not compose_stat.stat.exists
- name: Lese docker-compose.yml
ansible.builtin.include_vars:
file: "{{ compose_file }}"
name: compose_data
- name: Extrahiere Service-Namen und Images
ansible.builtin.set_fact:
service_images: "{{ compose_data.services | dict2items }}"
- name: Zeige gefundene Services und Images
ansible.builtin.debug:
msg: "Service: {{ item.key }} → Image: {{ item.value.image }}"
loop: "{{ service_images }}"
when: item.value.image is defined
- name: Hole Manifest-Liste für jedes Image
ansible.builtin.command: >
skopeo inspect docker://{{ item.value.image }} --raw
register: manifests
loop: "{{ service_images }}"
when: item.value.image is defined
changed_when: false
failed_when: false
- name: Extrahiere amd64-Digest für jedes Image
ansible.builtin.set_fact:
service_digests: "{{ service_digests | default({}) | combine({item.item.key: digest_info}) }}"
loop: "{{ manifests.results }}"
when:
- item.item.value.image is defined
- item.rc == 0
- digest != 'N/A'
vars:
manifest_json: "{{ item.stdout | from_json }}"
image_name: "{{ item.item.value.image.split(':')[0] }}"
digest: >-
{%- if manifest_json.manifests is defined -%}
{%- set ns = namespace(found='') -%}
{%- for m in manifest_json.manifests -%}
{%- if m.platform.architecture == target_arch and m.platform.os == 'linux' -%}
{%- set ns.found = m.digest -%}
{%- endif -%}
{%- endfor -%}
{{ ns.found if ns.found else 'N/A' }}
{%- elif manifest_json.config is defined and manifest_json.config.digest is defined -%}
{{ manifest_json.config.digest }}
{%- else -%}
N/A
{%- endif -%}
digest_info:
image: "{{ image_name }}@{{ digest }}"
- name: Zeige Service-Digest-Mapping
ansible.builtin.debug:
msg: "Service: {{ item.key }} → Image mit Digest: {{ item.value.image }}"
loop: "{{ service_digests | dict2items }}"
when: service_digests is defined
- name: Erstelle image_digests.yml
ansible.builtin.copy:
content: |
# Automatisch generiert von Ansible
# Verwendung: docker-compose -f docker-compose.yml -f image_digests.yml up -d
services:
{% for service_name, service_config in service_digests.items() %}
{{ service_name }}:
image: {{ service_config.image }}
{% endfor %}
dest: "{{ digest_file }}"
when: service_digests is defined and service_digests | length > 0
- name: Zeige Erfolgsmeldung
ansible.builtin.debug:
msg: |
✅ Digest-Datei wurde erstellt: {{ digest_file }}
Verwendung:
docker-compose -f {{ compose_file }} -f {{ digest_file }} up -d
Services mit Digests:
{% for service_name, service_config in service_digests.items() %}
- {{ service_name }}: {{ service_config.image }}
{% endfor %}
when: service_digests is defined and service_digests | length > 0
- name: Warnung, falls keine Digests gefunden wurden
ansible.builtin.debug:
msg: "⚠️ Keine gültigen Digests für {{ target_arch }} gefunden!"
when: service_digests is not defined or service_digests | length == 0
# create compose config
- name: Erstelle Docker Compose Konfigurationsdatei
ansible.builtin.shell: |
test -d build || mkdir build &&
docker compose -f files/docker-compose.yml -f files/image_digests.yml config
register: compose_config
- name: Speichere Docker Compose Konfigurationsdatei
ansible.builtin.copy:
content: "{{ compose_config.stdout }}"
dest: build/docker-compose.yml
backup: true
mode: '0644'
...
Reference in New Issue View Git Blame Copy Permalink