def execute_dockerfile(args): '''Execution path if given a dockerfile''' check_docker_daemon() logger.debug('Setting up...') setup(dockerfile=args.dockerfile) # attempt to build the image logger.debug('Building Docker image...') # placeholder to check if we can analyze the full image completed = True build, msg = docker.is_build() if build: # attempt to get built image metadata image_tag_string = docker.get_dockerfile_image_tag() full_image = load_full_image(image_tag_string) if full_image.origins.is_empty(): # image loading was successful # Add an image origin here full_image.origins.add_notice_origin( formats.dockerfile_image.format(dockerfile=args.dockerfile)) # analyze image analyze_docker_image(full_image, True) else: # we cannot load the full image logger.warning('Cannot retrieve full image metadata') completed = False # clean up image container.remove_image(full_image.repotag) if not args.keep_working_dir: clean_image_tars(full_image) else: # cannot build the image logger.warning('Cannot build image') completed = False # check if we have analyzed the full image or not if not completed: # get the base image logger.debug('Loading base image...') base_image = load_base_image() if base_image.origins.is_empty(): # image loading was successful # add a notice stating failure to build image base_image.origins.add_notice_to_origins( args.dockerfile, Notice( formats.image_build_failure, 'warning')) # analyze image analyze_docker_image(base_image) else: # we cannot load the base image logger.warning('Cannot retrieve base image metadata') # run through commands in the Dockerfile logger.debug('Parsing Dockerfile to generate report...') stub_image = get_dockerfile_packages() # clean up image container.remove_image(base_image.repotag) if not args.keep_working_dir: clean_image_tars(base_image) # generate report based on what images were created if completed: generate_report(args, full_image) else: generate_report(args, base_image, stub_image) logger.debug('Teardown...') teardown() if not args.keep_working_dir: shutil.rmtree(os.path.abspath(constants.temp_folder))
def execute_dockerfile(args): '''Execution path if given a dockerfile''' logger.debug('Setting up...') setup(args.dockerfile) dockerfile_parse = False # try to get Docker base image metadata logger.debug('Loading base image...') base_image = load_base_image() logger.debug('Base image loaded...') # check if the base image added any notices if base_image.origins.is_empty(): # load any packages from cache logger.debug('Looking up cache for base image layers...') if not common.load_from_cache(base_image): # load any packages using the command library logger.debug('Retrieving metadata using scripts from base.yml') container.start_container(base_image.repotag) common.add_base_packages(base_image) container.remove_container() logger.debug('Saving base image layers...') common.save_to_cache(base_image) cache.save() # attempt to get the packages for the rest of the image # since we only have a dockerfile, we will attempt to build the # image first # This step actually needs to go to the beginning but since # there is no way of tracking imported images from within # the docker image history, we build after importing the base image shell, msg = cmdlib.get_image_shell( cmdlib.get_base_listing(base_image.name, base_image.tag)) if not shell: shell = constants.shell logger.debug('Building image...') build, msg = docker.is_build() if build: # attempt to get built image metadata full_image = load_full_image() if full_image.origins.is_empty(): # link layer to imported base image full_image.set_image_import(base_image) if not common.load_from_cache(full_image): # find packages per layer container.start_container(full_image.repotag) logger.debug('Retrieving metadata using scripts from ' 'snippets.yml') docker.add_packages_from_history(full_image, shell) container.remove_container() # record missing layers in the cache common.save_to_cache(full_image) cache.save() logger.debug('Cleaning up...') container.remove_image(full_image.repotag) container.remove_image(base_image.repotag) generate_report(args, full_image) else: # we cannot extract the built image's metadata dockerfile_parse = True else: # we cannot build the image common.save_to_cache(base_image) dockerfile_parse = True else: # something went wrong in getting the base image dockerfile_parse = True # check if the dockerfile needs to be parsed if dockerfile_parse: cache.save() logger.debug('Cleaning up...') container.remove_image(base_image.repotag) logger.debug('Parsing Dockerfile to generate report...') stub_image = get_dockerfile_packages() generate_report(args, base_image, stub_image)