ansible-edda/playbooks/filesystem/common/usr/local/sbin/pod-service-auto-update

#!/usr/bin/env python3

"""This script replaces `podman auto-update`. If a digest in a registry has been updated, `podman
pull` may not necessarily pull the image for quite some time. However, `auto-update` will still try
every day, but since it doesn't check if the new digest has actually been pulled it will restart the
service again and again. This script attempts to solve the problem by explicitly checking the digest
after the pull. However, it assumes that there is only service that needs restarting on updates and
that its called <username>.service so it is not (yet) a drop-in replacement for `podman
auto-update`.

"""

import getpass
import json
import subprocess


def podman_ps():
    out = subprocess.run(["podman", "ps", "--format", "json"], capture_output=True, check=True)
    return json.loads(out.stdout)


def podman_image_inspect(image):
    out = subprocess.run(["podman", "image", "inspect", "--format", "json", image],
                         capture_output=True, check=True)
    inspect = json.loads(out.stdout)
    assert inspect
    if len(inspect) > 1:
        raise ValueError("podman image inspect returned multiple entries")
    return inspect[0]


def podman_pull(image):
    subprocess.run(["podman", "pull", image], capture_output=True, check=True)


if __name__ == "__main__":
    containers = podman_ps()

    images = set()
    for container in containers:
        labels = container.get("Labels", None)
        if labels is None:
            continue
        autoupdate = labels.get("io.containers.autoupdate", None)
        if (autoupdate is None) or (autoupdate == "disabled"):
            continue
        if autoupdate != "image":
            raise ValueError(f"unrecognised autopdate label: {autoupdate}")
        images.add(container["Image"])

    updated = []
    for image in images:
        inspect = podman_image_inspect(image)
        original_digest = inspect["Digest"]

        podman_pull(image)

        inspect = podman_image_inspect(image)
        new_digest = inspect["Digest"]

        if new_digest != original_digest:
            updated.append(image)

    if updated:
        print(f"The following images have been updated: {updated}")
        subprocess.run(["systemctl", "--user", "restart", f"{getpass.getuser()}.service"],
                       check=True)
Use custom script for podman auto-update 2022-11-26 14:13:13 +01:00			`#!/usr/bin/env python3`

			"""This script replaces `podman auto-update`. If a digest in a registry has been updated, `podman
			pull` may not necessarily pull the image for quite some time. However, `auto-update` will still try
			`every day, but since it doesn't check if the new digest has actually been pulled it will restart the`
			`service again and again. This script attempts to solve the problem by explicitly checking the digest`
			`after the pull. However, it assumes that there is only service that needs restarting on updates and`
			that its called <username>.service so it is not (yet) a drop-in replacement for `podman
			auto-update`.

			`"""`

			`import getpass`
			`import json`
			`import subprocess`

Use the autoupdate label for image updates 2022-11-28 23:12:03 +01:00
			`def podman_ps():`
			`out = subprocess.run(["podman", "ps", "--format", "json"], capture_output=True, check=True)`
			`return json.loads(out.stdout)`


			`def podman_image_inspect(image):`
			`out = subprocess.run(["podman", "image", "inspect", "--format", "json", image],`
			`capture_output=True, check=True)`
			`inspect = json.loads(out.stdout)`
			`assert inspect`
			`if len(inspect) > 1:`
			`raise ValueError("podman image inspect returned multiple entries")`
			`return inspect[0]`

Formatting 2022-11-28 23:19:49 +01:00
Use the autoupdate label for image updates 2022-11-28 23:12:03 +01:00			`def podman_pull(image):`
			`subprocess.run(["podman", "pull", image], capture_output=True, check=True)`

Formatting 2022-11-28 23:19:49 +01:00
Use custom script for podman auto-update 2022-11-26 14:13:13 +01:00			`if __name__ == "__main__":`
Use the autoupdate label for image updates 2022-11-28 23:12:03 +01:00			`containers = podman_ps()`

			`images = set()`
			`for container in containers:`
			`labels = container.get("Labels", None)`
			`if labels is None:`
			`continue`
			`autoupdate = labels.get("io.containers.autoupdate", None)`
			`if (autoupdate is None) or (autoupdate == "disabled"):`
			`continue`
			`if autoupdate != "image":`
			`raise ValueError(f"unrecognised autopdate label: {autoupdate}")`
			`images.add(container["Image"])`
Use custom script for podman auto-update 2022-11-26 14:13:13 +01:00
			`updated = []`
			`for image in images:`
Use the autoupdate label for image updates 2022-11-28 23:12:03 +01:00			`inspect = podman_image_inspect(image)`
			`original_digest = inspect["Digest"]`
Use custom script for podman auto-update 2022-11-26 14:13:13 +01:00
Use the autoupdate label for image updates 2022-11-28 23:12:03 +01:00			`podman_pull(image)`
Use custom script for podman auto-update 2022-11-26 14:13:13 +01:00
Use the autoupdate label for image updates 2022-11-28 23:12:03 +01:00			`inspect = podman_image_inspect(image)`
			`new_digest = inspect["Digest"]`
Use custom script for podman auto-update 2022-11-26 14:13:13 +01:00
Use the autoupdate label for image updates 2022-11-28 23:12:03 +01:00			`if new_digest != original_digest:`
Fix pod-service-auto-update script 2022-12-07 20:34:40 +01:00			`updated.append(image)`
Use custom script for podman auto-update 2022-11-26 14:13:13 +01:00
			`if updated:`
			`print(f"The following images have been updated: {updated}")`
			`subprocess.run(["systemctl", "--user", "restart", f"{getpass.getuser()}.service"],`
			`check=True)`