50 lines
1.9 KiB
YAML
50 lines
1.9 KiB
YAML
---
|
|
- name: Set if containers should be pulled by digest
|
|
set_fact:
|
|
pull_by_digest: >-
|
|
{%- if download.sha256 is defined and download.sha256 -%}true{%- else -%}false{%- endif -%}
|
|
|
|
- name: Set pull_args
|
|
set_fact:
|
|
pull_args: >-
|
|
{%- if pull_by_digest %}{{ download.repo }}@sha256:{{ download.sha256 }}{%- else -%}{{ download.repo }}:{{ download.tag }}{%- endif -%}
|
|
|
|
- name: Register docker images info
|
|
shell: >-
|
|
{{ docker_bin_dir }}/docker images -q | xargs -r {{ docker_bin_dir }}/docker inspect -f "{{ '{{' }} if .RepoTags {{ '}}' }}{{ '{{' }} (index .RepoTags) {{ '}}' }}{{ '{{' }} end {{ '}}' }}{{ '{{' }} if .RepoDigests {{ '}}' }},{{ '{{' }} (index .RepoDigests) {{ '}}' }}{{ '{{' }} end {{ '}}' }}" | sed -e 's/^ *\[//g' -e 's/\] *$//g' -e 's/ /\n/g' | tr '\n' ','
|
|
no_log: true
|
|
register: docker_images
|
|
failed_when: false
|
|
changed_when: false
|
|
check_mode: no
|
|
when:
|
|
- not download_always_pull
|
|
- group_names | intersect(download.groups) | length
|
|
|
|
- name: Set if pull is required per container
|
|
set_fact:
|
|
pull_required: >-
|
|
{%- if pull_args in docker_images.stdout.split(',') %}false{%- else -%}true{%- endif -%}
|
|
when:
|
|
- not download_always_pull
|
|
- group_names | intersect(download.groups) | length
|
|
|
|
- name: Does any host require container pull?
|
|
vars:
|
|
hosts_pull_required: "{{ hostvars.values() | map(attribute='pull_required') | select('defined') | list }}"
|
|
set_fact:
|
|
any_pull_required: "{{ True in hosts_pull_required }}"
|
|
run_once: true
|
|
changed_when: false
|
|
when: not download_always_pull
|
|
|
|
- name: Check the local digest sha256 corresponds to the given image tag
|
|
assert:
|
|
that: "{{ download.repo }}:{{ download.tag }} in docker_images.stdout.split(',')"
|
|
when:
|
|
- group_names | intersect(download.groups) | length
|
|
- not download_always_pull
|
|
- not pull_required
|
|
- pull_by_digest
|
|
tags:
|
|
- asserts
|