|
| 1 | +/** |
| 2 | + * Pure resolution of the deployment image reference for single-tenant installs |
| 3 | + * that set `DEPLOY_IMAGE_OVERRIDE`. Kept free of env/DB imports so it can be |
| 4 | + * unit-tested directly (mirrors the `createDeploymentWithNextVersion` helper). |
| 5 | + * |
| 6 | + * Background: the override is the opt-in switch for the "pre-built canonical |
| 7 | + * image" flow. When a caller (e.g. a self-hosted deploy hook that has already |
| 8 | + * built and pushed the image) supplies its own `imageReference`, we honor it |
| 9 | + * instead of the webapp pod's boot-time override snapshot so the stamped image |
| 10 | + * is deterministic and not a function of pod rollout timing. To bound the |
| 11 | + * supply-chain surface, the caller-supplied reference must share the override's |
| 12 | + * registry + repository; the tag (version) and/or digest may differ. |
| 13 | + */ |
| 14 | + |
| 15 | +export class ImageReferenceMismatchError extends Error { |
| 16 | + readonly name = "ImageReferenceMismatchError"; |
| 17 | + readonly clientRepository: string; |
| 18 | + readonly overrideRepository: string; |
| 19 | + |
| 20 | + constructor(args: { clientRepository: string; overrideRepository: string }) { |
| 21 | + super( |
| 22 | + `Client imageReference repository "${args.clientRepository}" does not match the configured DEPLOY_IMAGE_OVERRIDE repository "${args.overrideRepository}"` |
| 23 | + ); |
| 24 | + this.clientRepository = args.clientRepository; |
| 25 | + this.overrideRepository = args.overrideRepository; |
| 26 | + } |
| 27 | +} |
| 28 | + |
| 29 | +/** |
| 30 | + * Split an image reference into its repository (registry host + path) and its |
| 31 | + * tag/digest. Tolerates a `registry:port` host (the tag is only the segment |
| 32 | + * after the last `:` that follows the last `/`) and a trailing `@sha256:...` |
| 33 | + * digest. |
| 34 | + */ |
| 35 | +export function parseImageRef(imageRef: string): { |
| 36 | + repository: string; |
| 37 | + tag?: string; |
| 38 | + digest?: string; |
| 39 | +} { |
| 40 | + let rest = imageRef; |
| 41 | + let digest: string | undefined; |
| 42 | + |
| 43 | + const atIndex = rest.indexOf("@"); |
| 44 | + if (atIndex !== -1) { |
| 45 | + digest = rest.slice(atIndex + 1); |
| 46 | + rest = rest.slice(0, atIndex); |
| 47 | + } |
| 48 | + |
| 49 | + const lastSlash = rest.lastIndexOf("/"); |
| 50 | + const lastColon = rest.lastIndexOf(":"); |
| 51 | + |
| 52 | + // A colon denotes a tag only when it comes after the last path separator; |
| 53 | + // otherwise it is the `registry:port` host separator and there is no tag. |
| 54 | + if (lastColon > lastSlash) { |
| 55 | + return { |
| 56 | + repository: rest.slice(0, lastColon), |
| 57 | + tag: rest.slice(lastColon + 1), |
| 58 | + digest, |
| 59 | + }; |
| 60 | + } |
| 61 | + |
| 62 | + return { repository: rest, digest }; |
| 63 | +} |
| 64 | + |
| 65 | +/** |
| 66 | + * Resolve the image reference to stamp on a deployment when |
| 67 | + * `DEPLOY_IMAGE_OVERRIDE` is set. |
| 68 | + * |
| 69 | + * - No caller-supplied reference -> use the override verbatim (prior behavior). |
| 70 | + * - Caller-supplied reference -> require the same registry/repository as the |
| 71 | + * override and use it (so the tag/digest can move ahead deterministically). |
| 72 | + * |
| 73 | + * Throws {@link ImageReferenceMismatchError} when the repositories differ. |
| 74 | + */ |
| 75 | +export function resolveOverrideImageRef(args: { |
| 76 | + override: string; |
| 77 | + clientImageReference?: string; |
| 78 | +}): string { |
| 79 | + const { override, clientImageReference } = args; |
| 80 | + |
| 81 | + if (!clientImageReference) { |
| 82 | + return override; |
| 83 | + } |
| 84 | + |
| 85 | + const overrideRepository = parseImageRef(override).repository; |
| 86 | + const clientRepository = parseImageRef(clientImageReference).repository; |
| 87 | + |
| 88 | + if (overrideRepository !== clientRepository) { |
| 89 | + throw new ImageReferenceMismatchError({ clientRepository, overrideRepository }); |
| 90 | + } |
| 91 | + |
| 92 | + return clientImageReference; |
| 93 | +} |
0 commit comments