-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathgen-html.sh
executable file
·79 lines (62 loc) · 3.5 KB
/
gen-html.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#!/usr/bin/env bash
# A simple script that reads from rumble data, gets extra info
# about the latest scanned image (size and build time), then
# uses this data to create the image-comparison-*.html files
set -ex
function epoch {
ts="$(echo "${1}" | cut -d. -f1 | sed 's|Z||')"
python3 -c "import os; os.environ['TZ'] = 'UTC'; from datetime import datetime as dt; t = dt.strptime('${ts}', '%Y-%m-%dT%H:%M:%S'); print(int((t - dt(1970, 1, 1)).total_seconds() * 1000))"
}
function epoch_now {
python3 -c "import os; os.environ['TZ'] = 'UTC'; from datetime import datetime as dt; t = dt.now(); print(int((t - dt(1970, 1, 1)).total_seconds() * 1000))"
}
# Inspired by https://gist.github.com/imjasonh/ce437a40160acab17030d024d4680fd2
function image_size {
size="$(crane manifest $1 --platform ${2:-linux/amd64} | jq '.config.size + ([.layers[].size] | add)' | numfmt --to=iec)"
echo "${size}" | sed 's|K| KB|' | sed 's|M| MB|' | sed 's|G| GB|' | sed 's|T| TB|'
}
function num_cves {
docker run --rm cgr.dev/chainguard/grype $1 -o json 2>/dev/null | jq '.matches | length'
}
function main {
for combo in \
"go|Go|cgr.dev/chainguard/go:latest|golang:latest" \
"nginx|Nginx|cgr.dev/chainguard/nginx:latest|nginx:latest" \
"php|PHP|cgr.dev/chainguard/php:latest|php:latest"; do
image_key="$(echo "${combo}" | cut -d\| -f1)"
image_name="$(echo "${combo}" | cut -d\| -f2)"
ours_ref="$(echo "${combo}" | cut -d\| -f3)"
ours_cves_num="$(num_cves "${ours_ref}")"
theirs_ref="$(echo "${combo}" | cut -d\| -f4)"
theirs_cves_num="$(num_cves "${theirs_ref}")"
ours_size="$(image_size "${ours_ref}")"
# The "created" field in the image config now represents the
# last time a package in the image was updated. Instead of looking at this
# field to determine the last time the image was rebuilt, check the latest signature.
# For more info, see https://www.chainguard.dev/unchained/designing-build-date-epoch-in-chainguard-images
#ours_crane_resp="$(crane config "${ours_ref}")"
#ours_timestamp="$(epoch "$(echo "${ours_crane_resp}" | jq -r '.created')")"
ours_timestamp="$(epoch "$(cosign download signature "${ours_ref}" | tail -n1 | jq -r .Cert.NotBefore)")"
theirs_size="$(image_size "${theirs_ref}")"
theirs_crane_resp="$(crane config "${theirs_ref}")"
theirs_timestamp="$(epoch "$(echo "${theirs_crane_resp}" | jq -r '.created')")"
ours_size_num="$(echo "${ours_size}" | awk '{print $1}')"
ours_size_unit="$(echo "${ours_size}" | awk '{print $2}')"
theirs_size_num="$(echo "${theirs_size}" | awk '{print $1}')"
theirs_size_unit="$(echo "${theirs_size}" | awk '{print $2}')"
generated_at_timestamp="$(epoch_now)"
cat comparison.template.html | \
sed "s|{{imageName}}|${image_name}|g" | \
sed "s|{{oursCvesNum}}|${ours_cves_num}|g" | \
sed "s|{{oursSizeNum}}|${ours_size_num}|g" | \
sed "s|{{oursSizeUnit}}|${ours_size_unit}|g" | \
sed "s|{{oursTimestamp}}|${ours_timestamp}|g" | \
sed "s|{{theirsCvesNum}}|${theirs_cves_num}|g" | \
sed "s|{{theirsSizeNum}}|${theirs_size_num}|g" | \
sed "s|{{theirsSizeUnit}}|${theirs_size_unit}|g" | \
sed "s|{{theirsTimestamp}}|${theirs_timestamp}|g" | \
sed "s|{{generatedAtTimestamp}}|${generated_at_timestamp}|g" > \
"comparison-${image_key}.html"
done
}
main