WIP: add image-diff example

Signed-off-by: Jason Hall <jason@chainguard.dev>
chainguard-dev · Dec 2, 2023 · f1b7a8f · f1b7a8f
1 parent 74721dc
commit f1b7a8f
Show file tree

Hide file tree

Showing 4 changed files with 480 additions and 0 deletions.
diff --git a/image-diff/README.md b/image-diff/README.md
@@ -0,0 +1,14 @@
+# `image-diff`
+
+This demonstrates how to query diffs of Chainguard Images.
+
+Along with Tag History, you can use this to show the evolution of an image over time.
+
+### Usage
+
+
+```sh
+previous=sha256:10fe8e11120a983bce706e054a83f1ec96505bcb26fd904ed115767f4070f3f2
+current=sha256:ec687431d948ca883852762db506fa3daa155a82bee3c7452adb451adc05e15a
+go run ./cmd/app static $previous $current
+```
diff --git a/image-diff/cmd/app/main.go b/image-diff/cmd/app/main.go
@@ -0,0 +1,112 @@
+/*
+Copyright 2023 Chainguard, Inc.
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package main
+
+import (
+	"context"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+
+	common "chainguard.dev/sdk/proto/platform/common/v1"
+	registry "chainguard.dev/sdk/proto/platform/registry/v1"
+	"chainguard.dev/sdk/sts"
+	"github.com/google/go-containerregistry/pkg/name"
+)
+
+func main() {
+	ctx := context.Background()
+	flag.Parse()
+
+	if len(flag.Args()) != 3 {
+		log.Fatalf("requires 3 arguments: repo name, and previous and current image to diff")
+	}
+	if _, err := name.NewDigest("example.com/foo@" + flag.Arg(1)); err != nil {
+		log.Fatalf("invalid digest: %v", err)
+	}
+	if _, err := name.NewDigest("example.com/foo@" + flag.Arg(2)); err != nil {
+		log.Fatalf("invalid digest: %v", err)
+	}
+	repo, left, right := flag.Arg(0), flag.Arg(1), flag.Arg(2)
+
+	// Get the Chainguard auth token.
+	var tok string
+	audience := "https://console-api.enforce.dev"
+	{
+		// This group is special, since anybody can access it by assuming a
+		// broadly-assumable identity with permission to view/pull.
+
+		issuer := "https://issuer.enforce.dev"
+		resp, err := http.Get("https://justtrustme.dev/token?aud=" + issuer)
+		if err != nil {
+			log.Fatalf("getting justtrustme token: %v", err)
+		}
+		defer resp.Body.Close()
+		if resp.StatusCode != http.StatusOK {
+			log.Fatalf("getting justtrustme token: %v", resp.Status)
+		}
+		all, err := io.ReadAll(resp.Body)
+		if err != nil {
+			log.Fatalf("reading justtrustme token: %v", err)
+		}
+		var r struct {
+			Token string `json:"token"`
+		}
+		if err := json.Unmarshal(all, &r); err != nil {
+			log.Fatalf("decoding justtrustme token: %v", err)
+		}
+		tok = r.Token
+
+		tok, err = sts.New(issuer, audience,
+			sts.WithIdentity("720909c9f5279097d847ad02a2f24ba8f59de36a/a033a6fabe0bfa0d")).
+			Exchange(ctx, tok)
+		if err != nil {
+			log.Fatalf("exchanging token: %v", err)
+		}
+	}
+
+	// Set up client.
+	regc, err := registry.NewClients(ctx, audience, tok)
+	if err != nil {
+		log.Fatalf("creating Registry clients: %v", err)
+	}
+
+	// This group is special, we'll just hard-code the UIDP.
+	groupUIDP := "720909c9f5279097d847ad02a2f24ba8f59de36a"
+
+	// Get the repo UIDP.
+	var repoUIDP string
+	{
+		resp, err := regc.Registry().ListRepos(ctx, &registry.RepoFilter{
+			Uidp: &common.UIDPFilter{
+				ChildrenOf: groupUIDP,
+			},
+			Name: repo,
+		})
+		if err != nil {
+			log.Fatalf("listing repos: %v", err)
+		}
+		if len(resp.Items) != 1 {
+			log.Fatalf("expected 1 repo, got %d", len(resp.Items))
+		}
+		repoUIDP = resp.Items[0].Id
+	}
+	log.Println("repo UIDP", repoUIDP)
+
+	// Get diff for the digests.
+	resp, err := regc.Registry().DiffImage(ctx, &registry.DiffImageRequest{
+		RepoId:     repoUIDP,
+		FromDigest: left,
+		ToDigest:   right,
+	})
+	if err != nil {
+		log.Fatalf("diff: %v", err)
+	}
+	fmt.Println(resp)
+}
diff --git a/image-diff/go.mod b/image-diff/go.mod
@@ -0,0 +1,63 @@
+module github.com/chainguard-dev/enforce-events/image-diff
+
+go 1.21
+
+toolchain go1.21.0
+
+require (
+	chainguard.dev/sdk v0.1.1
+	github.com/golang-jwt/jwt v3.2.2+incompatible
+	github.com/google/go-containerregistry v0.16.1
+)
+
+require (
+	chainguard.dev/go-grpc-kit v0.17.2 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/bits-and-blooms/bitset v1.11.0 // indirect
+	github.com/blendle/zapdriver v1.3.1 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/go-logr/logr v1.3.0 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
+	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.1 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/kelseyhightower/envconfig v1.4.0 // indirect
+	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/prometheus/client_golang v1.17.0 // indirect
+	github.com/prometheus/client_model v0.5.0 // indirect
+	github.com/prometheus/common v0.45.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0 // indirect
+	go.opentelemetry.io/otel v1.20.0 // indirect
+	go.opentelemetry.io/otel/metric v1.20.0 // indirect
+	go.opentelemetry.io/otel/trace v1.20.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.26.0 // indirect
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
+	golang.org/x/net v0.18.0 // indirect
+	golang.org/x/oauth2 v0.14.0 // indirect
+	golang.org/x/sys v0.14.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto v0.0.0-20231030173426-d783a09b4405 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 // indirect
+	google.golang.org/grpc v1.59.0 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	k8s.io/api v0.28.4 // indirect
+	k8s.io/apimachinery v0.28.4 // indirect
+	k8s.io/klog/v2 v2.100.1 // indirect
+	k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect
+	knative.dev/pkg v0.0.0-20231101193506-b09d4f2a2845 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+)