From 93e61865acf870536fffd2eeaab24413d43a443c Mon Sep 17 00:00:00 2001 From: Suhal Vemu Date: Thu, 7 May 2026 15:22:04 +0530 Subject: [PATCH 1/3] EP-92435: Hide develop-uv-python3.8 and develop-pipcompile-python3.8 in registry UI These python3.8-based develop images are deprecated/EOL and should not be visible to consumers in the docker registry UI. Co-Authored-By: Claude Opus 4.6 --- src/components/catalog/catalog.riot | 2 + test-all-hidden-images.sh | 189 ++++++++++++++++++++++++++++ 2 files changed, 191 insertions(+) create mode 100755 test-all-hidden-images.sh diff --git a/src/components/catalog/catalog.riot b/src/components/catalog/catalog.riot index b8540f5d..d195e30f 100644 --- a/src/components/catalog/catalog.riot +++ b/src/components/catalog/catalog.riot @@ -58,6 +58,8 @@ along with this program. If not, see . "ns-builder/clickhousedev-goboring-current", "ns-builder/clickhousedev-xray-current", "ns-builder/develop-pigar-python3.10-ubuntu2004-current", + "ns-builder/develop-pipcompile-python3.8-ubuntu2004-current", + "ns-builder/develop-uv-python3.8-ubuntu2004-current", "ns-builder/gha-runner-current", "ns-builder/gradle8.13-jdk23-alpine-current", "ns-builder/ims-release-incimgmtsvc-docker-ims-base-current", diff --git a/test-all-hidden-images.sh b/test-all-hidden-images.sh new file mode 100755 index 00000000..52e38284 --- /dev/null +++ b/test-all-hidden-images.sh @@ -0,0 +1,189 @@ +#!/bin/bash + +# Script to pull, retag, and push all hidden images to localhost:5000 for manual testing +# Tests image hiding functionality across org-base-release-docker and org-tool-release-docker repos + +set -e + +echo "==========================================" +echo "Docker Hidden Images - Manual Test Script" +echo "==========================================" +echo "" + +# Arrays of hidden images by source repo +declare -a BASE_RELEASE_IMAGES=( + 'ns-dataprocessor/dragonfly-operator-current' + 'ns-dataprocessor/dragonflydb-current' + 'ns-dataprocessor/memcached-current' + 'ns-dataprocessor/minio-current' + 'ns-dataprocessor/minio-operator-current' + 'ns-dataprocessor/puppygraph-current' + 'ns-dataprocessor/puppygraph-demo-ui-current' + 'ns-dataprocessor/minio-operator-sidecar-current' + 'ns-dataprocessor/mongo-current' + +) + +declare -a TOOL_RELEASE_IMAGES=( + 'ns-builder/develop-pigar-python3.10-ubuntu2004-current' + 'ns-builder/develop-pigar-python3.8-ubuntu2004-current' + 'ns-builder/develop-pipcompile-python3.8-ubuntu2004-current' + 'ns-builder/develop-uv-python3.8-ubuntu2004-current' +) + +ARTIFACTORY_BASE="artifactory-rd.netskope.io" +LOCAL_REGISTRY="localhost:5000" + +# Track results +SUCCESSFUL=0 +FAILED=0 +SKIPPED=0 + +# Function to get the latest tag using regctl +get_latest_tag() { + local image_url=$1 + local tag + + tag=$(regctl tag ls "$image_url" 2>/dev/null | tail -1) + + if [ -z "$tag" ]; then + return 1 + fi + + echo "$tag" +} + +echo "This script will attempt to pull, retag, and push all hidden images." +echo "Using regctl to fetch latest tags from Artifactory..." +echo "" +echo "Images from org-base-release-docker:" +for img in "${BASE_RELEASE_IMAGES[@]}"; do + echo " - $img" +done +echo "" +echo "Images from org-tool-release-docker:" +for img in "${TOOL_RELEASE_IMAGES[@]}"; do + echo " - $img" +done +echo "" +echo "==========================================" +echo "" + +# Process org-base-release-docker images +echo "Processing repo: org-base-release-docker" +echo "----------------------------------------" + +for image in "${BASE_RELEASE_IMAGES[@]}"; do + IMAGE_REPO="org-base-release-docker/$image" + IMAGE_URL="$ARTIFACTORY_BASE/$IMAGE_REPO" + + echo "" + echo "Testing: $image" + + # Get the latest tag using regctl + TAG=$(get_latest_tag "$IMAGE_URL") + if [ -z "$TAG" ]; then + echo " ⊘ No tags found for $image (skipped)" + ((SKIPPED++)) + continue + fi + + echo " Found tag: $TAG" + + SOURCE_IMAGE="$IMAGE_URL:$TAG" + LOCAL_IMAGE="$LOCAL_REGISTRY/$IMAGE_REPO:$TAG" + + # Try to pull the image + if docker pull "$SOURCE_IMAGE" 2>/dev/null; then + echo " ✓ Pulled successfully" + + # Retag for local registry + if docker tag "$SOURCE_IMAGE" "$LOCAL_IMAGE"; then + echo " ✓ Retagged" + + # Push to local registry + if docker push "$LOCAL_IMAGE"; then + echo " ✓ Pushed to $LOCAL_REGISTRY" + ((SUCCESSFUL++)) + else + echo " ✗ Failed to push" + ((FAILED++)) + fi + else + echo " ✗ Failed to retag" + ((FAILED++)) + fi + else + echo " ✗ Failed to pull $SOURCE_IMAGE" + ((FAILED++)) + fi +done + +echo "" + +# Process org-tool-release-docker images +echo "Processing repo: org-tool-release-docker" +echo "----------------------------------------" + +for image in "${TOOL_RELEASE_IMAGES[@]}"; do + IMAGE_REPO="org-tool-release-docker/$image" + IMAGE_URL="$ARTIFACTORY_BASE/$IMAGE_REPO" + + echo "" + echo "Testing: $image" + + # Get the latest tag using regctl + TAG=$(get_latest_tag "$IMAGE_URL") + if [ -z "$TAG" ]; then + echo " ⊘ No tags found for $image (skipped)" + ((SKIPPED++)) + continue + fi + + echo " Found tag: $TAG" + + SOURCE_IMAGE="$IMAGE_URL:$TAG" + LOCAL_IMAGE="$LOCAL_REGISTRY/$IMAGE_REPO:$TAG" + + # Try to pull the image + if docker pull "$SOURCE_IMAGE" 2>/dev/null; then + echo " ✓ Pulled successfully" + + # Retag for local registry + if docker tag "$SOURCE_IMAGE" "$LOCAL_IMAGE"; then + echo " ✓ Retagged" + + # Push to local registry + if docker push "$LOCAL_IMAGE"; then + echo " ✓ Pushed to $LOCAL_REGISTRY" + ((SUCCESSFUL++)) + else + echo " ✗ Failed to push" + ((FAILED++)) + fi + else + echo " ✗ Failed to retag" + ((FAILED++)) + fi + else + echo " ✗ Failed to pull $SOURCE_IMAGE" + ((FAILED++)) + fi +done + +echo "" +echo "==========================================" +echo "Summary" +echo "==========================================" +echo "Successful: $SUCCESSFUL" +echo "Failed: $FAILED" +echo "Skipped: $SKIPPED" +echo "" +echo "Next steps:" +echo "1. Ensure Docker Registry UI is running and pointing to localhost:5000" +echo "2. Open Docker Registry UI in your browser" +echo "3. Check the catalogs for 'org-base-release-docker' and 'org-tool-release-docker' repos" +echo "4. Verify that ALL images listed above are NOT visible (they should be hidden by image-policy)" +echo "" +echo "If all pushed images are hidden, the test PASSES ✓" +echo "==========================================" From d0ec3d39c8cc955489340623eb55ad97aa5746fc Mon Sep 17 00:00:00 2001 From: Suhal Vemu Date: Thu, 7 May 2026 15:24:06 +0530 Subject: [PATCH 2/3] EP-92435: Also hide develop-pigar-python3.8-ubuntu2004-current Co-Authored-By: Claude Opus 4.6 --- src/components/catalog/catalog.riot | 1 + 1 file changed, 1 insertion(+) diff --git a/src/components/catalog/catalog.riot b/src/components/catalog/catalog.riot index d195e30f..5b9ea8b4 100644 --- a/src/components/catalog/catalog.riot +++ b/src/components/catalog/catalog.riot @@ -58,6 +58,7 @@ along with this program. If not, see . "ns-builder/clickhousedev-goboring-current", "ns-builder/clickhousedev-xray-current", "ns-builder/develop-pigar-python3.10-ubuntu2004-current", + "ns-builder/develop-pigar-python3.8-ubuntu2004-current", "ns-builder/develop-pipcompile-python3.8-ubuntu2004-current", "ns-builder/develop-uv-python3.8-ubuntu2004-current", "ns-builder/gha-runner-current", From 97a2fec9b060df3f6759620e5435674c45fa90a4 Mon Sep 17 00:00:00 2001 From: Suhal Vemu Date: Mon, 11 May 2026 11:53:44 +0530 Subject: [PATCH 3/3] EP-92435: Remove test script per review feedback Co-Authored-By: Claude Opus 4.6 --- test-all-hidden-images.sh | 189 -------------------------------------- 1 file changed, 189 deletions(-) delete mode 100755 test-all-hidden-images.sh diff --git a/test-all-hidden-images.sh b/test-all-hidden-images.sh deleted file mode 100755 index 52e38284..00000000 --- a/test-all-hidden-images.sh +++ /dev/null @@ -1,189 +0,0 @@ -#!/bin/bash - -# Script to pull, retag, and push all hidden images to localhost:5000 for manual testing -# Tests image hiding functionality across org-base-release-docker and org-tool-release-docker repos - -set -e - -echo "==========================================" -echo "Docker Hidden Images - Manual Test Script" -echo "==========================================" -echo "" - -# Arrays of hidden images by source repo -declare -a BASE_RELEASE_IMAGES=( - 'ns-dataprocessor/dragonfly-operator-current' - 'ns-dataprocessor/dragonflydb-current' - 'ns-dataprocessor/memcached-current' - 'ns-dataprocessor/minio-current' - 'ns-dataprocessor/minio-operator-current' - 'ns-dataprocessor/puppygraph-current' - 'ns-dataprocessor/puppygraph-demo-ui-current' - 'ns-dataprocessor/minio-operator-sidecar-current' - 'ns-dataprocessor/mongo-current' - -) - -declare -a TOOL_RELEASE_IMAGES=( - 'ns-builder/develop-pigar-python3.10-ubuntu2004-current' - 'ns-builder/develop-pigar-python3.8-ubuntu2004-current' - 'ns-builder/develop-pipcompile-python3.8-ubuntu2004-current' - 'ns-builder/develop-uv-python3.8-ubuntu2004-current' -) - -ARTIFACTORY_BASE="artifactory-rd.netskope.io" -LOCAL_REGISTRY="localhost:5000" - -# Track results -SUCCESSFUL=0 -FAILED=0 -SKIPPED=0 - -# Function to get the latest tag using regctl -get_latest_tag() { - local image_url=$1 - local tag - - tag=$(regctl tag ls "$image_url" 2>/dev/null | tail -1) - - if [ -z "$tag" ]; then - return 1 - fi - - echo "$tag" -} - -echo "This script will attempt to pull, retag, and push all hidden images." -echo "Using regctl to fetch latest tags from Artifactory..." -echo "" -echo "Images from org-base-release-docker:" -for img in "${BASE_RELEASE_IMAGES[@]}"; do - echo " - $img" -done -echo "" -echo "Images from org-tool-release-docker:" -for img in "${TOOL_RELEASE_IMAGES[@]}"; do - echo " - $img" -done -echo "" -echo "==========================================" -echo "" - -# Process org-base-release-docker images -echo "Processing repo: org-base-release-docker" -echo "----------------------------------------" - -for image in "${BASE_RELEASE_IMAGES[@]}"; do - IMAGE_REPO="org-base-release-docker/$image" - IMAGE_URL="$ARTIFACTORY_BASE/$IMAGE_REPO" - - echo "" - echo "Testing: $image" - - # Get the latest tag using regctl - TAG=$(get_latest_tag "$IMAGE_URL") - if [ -z "$TAG" ]; then - echo " ⊘ No tags found for $image (skipped)" - ((SKIPPED++)) - continue - fi - - echo " Found tag: $TAG" - - SOURCE_IMAGE="$IMAGE_URL:$TAG" - LOCAL_IMAGE="$LOCAL_REGISTRY/$IMAGE_REPO:$TAG" - - # Try to pull the image - if docker pull "$SOURCE_IMAGE" 2>/dev/null; then - echo " ✓ Pulled successfully" - - # Retag for local registry - if docker tag "$SOURCE_IMAGE" "$LOCAL_IMAGE"; then - echo " ✓ Retagged" - - # Push to local registry - if docker push "$LOCAL_IMAGE"; then - echo " ✓ Pushed to $LOCAL_REGISTRY" - ((SUCCESSFUL++)) - else - echo " ✗ Failed to push" - ((FAILED++)) - fi - else - echo " ✗ Failed to retag" - ((FAILED++)) - fi - else - echo " ✗ Failed to pull $SOURCE_IMAGE" - ((FAILED++)) - fi -done - -echo "" - -# Process org-tool-release-docker images -echo "Processing repo: org-tool-release-docker" -echo "----------------------------------------" - -for image in "${TOOL_RELEASE_IMAGES[@]}"; do - IMAGE_REPO="org-tool-release-docker/$image" - IMAGE_URL="$ARTIFACTORY_BASE/$IMAGE_REPO" - - echo "" - echo "Testing: $image" - - # Get the latest tag using regctl - TAG=$(get_latest_tag "$IMAGE_URL") - if [ -z "$TAG" ]; then - echo " ⊘ No tags found for $image (skipped)" - ((SKIPPED++)) - continue - fi - - echo " Found tag: $TAG" - - SOURCE_IMAGE="$IMAGE_URL:$TAG" - LOCAL_IMAGE="$LOCAL_REGISTRY/$IMAGE_REPO:$TAG" - - # Try to pull the image - if docker pull "$SOURCE_IMAGE" 2>/dev/null; then - echo " ✓ Pulled successfully" - - # Retag for local registry - if docker tag "$SOURCE_IMAGE" "$LOCAL_IMAGE"; then - echo " ✓ Retagged" - - # Push to local registry - if docker push "$LOCAL_IMAGE"; then - echo " ✓ Pushed to $LOCAL_REGISTRY" - ((SUCCESSFUL++)) - else - echo " ✗ Failed to push" - ((FAILED++)) - fi - else - echo " ✗ Failed to retag" - ((FAILED++)) - fi - else - echo " ✗ Failed to pull $SOURCE_IMAGE" - ((FAILED++)) - fi -done - -echo "" -echo "==========================================" -echo "Summary" -echo "==========================================" -echo "Successful: $SUCCESSFUL" -echo "Failed: $FAILED" -echo "Skipped: $SKIPPED" -echo "" -echo "Next steps:" -echo "1. Ensure Docker Registry UI is running and pointing to localhost:5000" -echo "2. Open Docker Registry UI in your browser" -echo "3. Check the catalogs for 'org-base-release-docker' and 'org-tool-release-docker' repos" -echo "4. Verify that ALL images listed above are NOT visible (they should be hidden by image-policy)" -echo "" -echo "If all pushed images are hidden, the test PASSES ✓" -echo "=========================================="