09847567ae
"shell" step doesn't support check mode, which currently leads to failures, when Ansible is being run in check mode (because Ansible doesn't run command, assuming that command might have effect, and no "rc" or "output" is registered). Setting "check_mode: no" allows to run those "shell" commands in check mode (which is safe, because those shell commands doesn't have side effects).
29 lines
1.2 KiB
YAML
29 lines
1.2 KiB
YAML
---
|
|
- set_fact:
|
|
pull_by_digest: >-
|
|
{%- if download.sha256 is defined and download.sha256 != '' -%}true{%- else -%}false{%- endif -%}
|
|
|
|
- set_fact:
|
|
pull_args: >-
|
|
{%- if pull_by_digest|bool %}{{download.repo}}@sha256:{{download.sha256}}{%- else -%}{{download.repo}}:{{download.tag}}{%- endif -%}
|
|
|
|
- name: Register docker images info
|
|
raw: >-
|
|
{{ docker_bin_dir }}/docker images -q | xargs {{ docker_bin_dir }}/docker inspect -f "{{ '{{' }} .RepoTags {{ '}}' }},{{ '{{' }} .RepoDigests {{ '}}' }}"
|
|
register: docker_images_raw
|
|
failed_when: false
|
|
check_mode: no
|
|
when: not download_always_pull|bool
|
|
|
|
- set_fact: docker_images="{{docker_images_raw.stdout|regex_replace('\[|\]|\\n]','')|regex_replace('\s',',')}}"
|
|
when: not download_always_pull|bool
|
|
|
|
- set_fact:
|
|
pull_required: >-
|
|
{%- if pull_args in docker_images.split(',') %}false{%- else -%}true{%- endif -%}
|
|
when: not download_always_pull|bool
|
|
|
|
- name: Check the local digest sha256 corresponds to the given image tag
|
|
assert:
|
|
that: "{{download.repo}}:{{download.tag}} in docker_images.split(',')"
|
|
when: not download_always_pull|bool and not pull_required|bool and pull_by_digest|bool
|