diff --git a/utils/docker/.gitignore b/utils/docker/.gitignore new file mode 100644 index 000000000..8803f25de --- /dev/null +++ b/utils/docker/.gitignore @@ -0,0 +1 @@ +oras/ diff --git a/utils/docker/publish_docker.sh b/utils/docker/publish_docker.sh index d47df4c1d..2b4e73a53 100755 --- a/utils/docker/publish_docker.sh +++ b/utils/docker/publish_docker.sh @@ -51,6 +51,27 @@ tag_and_push() { echo "-- tagging: $target" docker tag $source $target docker push $target + attach_eol_manifest $target +} + +attach_eol_manifest() { + local image="$1" + local today=$(date -u +'%Y-%m-%d') + install_oras_if_needed + # oras is re-using Docker credentials, so we don't need to login. + # Following the advice in https://portal.microsofticm.com/imp/v3/incidents/incident/476783820/summary + ./oras/oras attach --artifact-type application/vnd.microsoft.artifact.lifecycle --annotation "vnd.microsoft.artifact.lifecycle.end-of-life.date=$today" $image +} + +install_oras_if_needed() { + if [[ -x oras/oras ]]; then + return + fi + local version="1.1.0" + curl -sLO "https://github.com/oras-project/oras/releases/download/v${version}/oras_${version}_linux_amd64.tar.gz" + mkdir -p oras + tar -zxf oras_${version}_linux_amd64.tar.gz -C oras + rm oras_${version}_linux_amd64.tar.gz } publish_docker_images_with_arch_suffix() {