From 5ce506ffc53dbe0f9233c872848cfacb9267d362 Mon Sep 17 00:00:00 2001
From: Ricardo Garcia Silva <ricardo.garcia.silva@gmail.com>
Date: Mon, 19 Feb 2024 11:16:01 +0000
Subject: [PATCH] Fix docker publishing error in CI

---
 .github/workflows/ci.yaml |  2 +-
 tests/ci/main.py          | 34 +++++++++++++++++++++++++++++-----
 2 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index df92c4f4..6ebab45a 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -1,4 +1,4 @@
-name: CI
+name: ${{ github.event.schedule && 'Routine vulnerability scan' || 'Continuous Integration' }}
 
 on:
   push:
diff --git a/tests/ci/main.py b/tests/ci/main.py
index 8d5dbcf6..24afe292 100644
--- a/tests/ci/main.py
+++ b/tests/ci/main.py
@@ -1,5 +1,6 @@
 import argparse
 import asyncio
+import logging
 import os
 import shlex
 import sys
@@ -7,9 +8,30 @@
 
 import dagger
 
+logger = logging.getLogger(__name__)
 POSTGIS_IMAGE_VERSION = "postgis/postgis:16-3.4"
 
 
+def sanitize_docker_image_name(docker_image_name: str) -> str:
+    """Ensure input docker_image_name is valid.
+
+    This function sanitizes the input according to the rules described in
+    the docker docs at:
+
+    https://docs.docker.com/engine/reference/commandline/image_tag/#extended-description
+
+    Most notably, this will ensure the path portion of the image name is
+    lowercase, which may sometimes not be the case for images being pushed to
+    the github container registry.
+    """
+    host, rest = docker_image_name.partition("/")[::2]
+    path, tag = rest.partition(":")[::2]
+    if "_" in host:
+        logger.warning(
+            "Docker image name's host section cannot contain the '_' character.")
+    return f"{host}/{path.lower()}:{tag or 'latest'}"
+
+
 def get_env_variables() -> dict[str, str | None]:
     return {
         "API_COMMAND": os.getenv("API_COMMAND", "daphne"),
@@ -115,7 +137,7 @@ async def run_pipeline(
         *,
         with_tests: bool,
         with_security_scan: bool,
-        image_registry: str | None = None
+        publish_docker_image: str | None = None
 ):
     env_variables = get_env_variables()
     conf = dagger.Config(
@@ -139,8 +161,9 @@ async def run_pipeline(
             await run_security_scan(built_container)
         if with_tests:
             await run_tests(client, built_container, env_variables)
-        if image_registry is not None:
-            await built_container.publish(image_registry)
+        if publish_docker_image is not None:
+            sanitized_name = sanitize_docker_image_name(publish_docker_image)
+            await built_container.publish(sanitized_name)
 
         print("Done")
 
@@ -165,7 +188,7 @@ async def run_pipeline(
         )
     )
     parser.add_argument(
-        "--image-registry",
+        "--publish-docker-image",
         help=(
             "Full URI to an image registry where the built container image should be "
             "published, including the image tag. This assumes that logging in to the "
@@ -175,10 +198,11 @@ async def run_pipeline(
         )
     )
     args = parser.parse_args()
+    logging.basicConfig(level=logging.INFO)
     asyncio.run(
         run_pipeline(
             with_tests=args.with_tests,
             with_security_scan=args.with_security_scan,
-            image_registry=args.image_registry,
+            publish_docker_image=args.publish_docker_image,
         )
     )