finish updates to find-images, update unit tests, begin work on find-images --update

Author: chaospuppy

src/cmd/dev.go

@@ -801,6 +801,16 @@ func (o *devFindImagesOptions) run(cmd *cobra.Command, args []string) error {
 				componentDefinition += fmt.Sprintf("      - %s\n", cosignArtifact)
 			}
 		}
+		if len(finding.ArchiveImages) > 0 {
+			componentDefinition += fmt.Sprintf("  # Archive images - %s\n", finding.ComponentName)
+			componentDefinition += fmt.Sprintf("  - name: %s\n", finding.ComponentName)
+			componentDefinition += "    imageArchives:\n"
+			componentDefinition += fmt.Sprintf("      - path: %s\n", finding.Path)
+			componentDefinition += "        images:\n"
+			for _, image := range finding.ArchiveImages {
+				componentDefinition += fmt.Sprintf("          - %s\n", image)
+			}
+		}
 	}
 	fmt.Println(componentDefinition)
 

src/pkg/images/unpack.go

@@ -59,8 +59,8 @@ func GetManifestsFromArchive(ctx context.Context, imageArchive string) ([]ocispe
 	return manifests, err
 }
 
-// FindImagesInManifests takes a list of OCI Descriptors and returns image References
-func FindImagesInManifests(manifests []ocispec.Descriptor) ([]string, error) {
+// FindImagesInOCIManifests takes a list of OCI Descriptors and returns image References
+func FindImagesInOCIManifests(manifests []ocispec.Descriptor) ([]string, error) {
 	var foundImages []string
 	for _, manifestDesc := range manifests {
 		imageName := getRefFromManifest(manifestDesc)

src/pkg/images/unpack_test.go

@@ -72,7 +72,7 @@ func TestGetRefFromManifest(t *testing.T) {
 	}
 }
 
-func TestFindImagesInManifests(t *testing.T) {
+func TestFindImagesInOCIManifests(t *testing.T) {
 	t.Parallel()
 
 	testCases := []struct {
@@ -131,7 +131,7 @@ func TestFindImagesInManifests(t *testing.T) {
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
-			images, err := FindImagesInManifests(tc.manifests)
+			images, err := FindImagesInOCIManifests(tc.manifests)
 			if tc.expectErr != nil {
 				require.ErrorContains(t, err, tc.expectErr.Error())
 				return

src/pkg/packager/find_images.go

@@ -8,8 +8,10 @@ import (
 	"errors"
 	"fmt"
 	"os"
+	"path"
 	"path/filepath"
 	"regexp"
+	"slices"
 	"sort"
 	"strings"
 	"time"
@@ -69,10 +71,14 @@ type FindImagesOptions struct {
 type ComponentImageScan struct {
 	// ComponentName is the name of the component where the images were found
 	ComponentName string
+	// ArchivePath is the path to the imageArchive
+	Path string
 	// Matches contains definitively identified container images, such as those in an image: field
 	Matches []string
 	// PotentialMatches contains potential container images found by a regex
 	PotentialMatches []string
+	// ArchiveImages contains images that are included in Matches, but are provided with an imageArchive
+	ArchiveImages []string
 	// CosignArtifacts contains found cosign artifacts for images
 	CosignArtifacts []string
 	// WhyResources contains the resources where specific images were found (when Why option is used)
@@ -231,18 +237,16 @@ func FindImages(ctx context.Context, packagePath string, opts FindImagesOptions)
 			if err != nil {
 				return nil, err
 			}
-			archivePath := pkgPath.BaseDir + archive.Path
+			archivePath := path.Join(pkgPath.BaseDir, archive.Path)
 			imageManifests, err := images.GetManifestsFromArchive(ctx, archivePath)
 			if err != nil {
 				return nil, fmt.Errorf("failed to retrieve image manifests from archive %s: %w", archive.Path, err)
 			}
-			archiveImages, err := images.FindImagesInManifests(imageManifests)
+			scan.ArchiveImages, err = images.FindImagesInOCIManifests(imageManifests)
 			if err != nil {
 				return nil, fmt.Errorf("failed to unpack image archive %s: %w", archive.Path, err)
 			}
-			for _, image := range archiveImages {
-				matchedImages[image] = true
-			}
+			scan.Path = archivePath
 		}
 
 		imgCompStart := time.Now()
@@ -255,6 +259,7 @@ func FindImages(ctx context.Context, packagePath string, opts FindImagesOptions)
 		}
 
 		sortedMatchedImages, sortedExpectedImages := getSortedImages(matchedImages, maybeImages)
+
 		scan.Matches = sortedMatchedImages
 
 		// Handle the "maybes"
@@ -308,6 +313,19 @@ func FindImages(ctx context.Context, packagePath string, opts FindImagesOptions)
 		componentImageScans = append(componentImageScans, scan)
 	}
 
+	// Create slice of all archive images
+	var allArchiveImages []string
+	for _, scan := range componentImageScans {
+		allArchiveImages = append(allArchiveImages, scan.ArchiveImages...)
+	}
+
+	// Remove images matches if those images are present in any image imageArchives
+	for i := range componentImageScans {
+		componentImageScans[i].Matches = slices.DeleteFunc(componentImageScans[i].Matches, func(s string) bool {
+			return slices.Contains(allArchiveImages, s)
+		})
+	}
+
 	if opts.Why != "" {
 		var foundWhyResource bool
 		for _, componentImageScan := range componentImageScans {

src/pkg/packager/find_images_test.go

@@ -205,8 +205,17 @@ func TestFindImages(t *testing.T) {
 			},
 			expectedImages: []ComponentImageScan{
 				{
-					ComponentName: "image-archive-component",
+					ComponentName: "manifest-referencing-image-in-archive",
+				},
+				{
+					ComponentName: "manifest-referencing-image-not-in-archive",
 					Matches: []string{
+						"docker.io/library/alpine:latest",
+					},
+				},
+				{
+					ComponentName: "image-archive-component",
+					ArchiveImages: []string{
 						"docker.io/library/scratch:latest",
 					},
 				},
@@ -224,6 +233,7 @@ func TestFindImages(t *testing.T) {
 			require.Len(t, tt.expectedImages, len(imagesScans))
 			for i, expected := range tt.expectedImages {
 				require.Equal(t, expected.ComponentName, imagesScans[i].ComponentName)
+				require.ElementsMatch(t, expected.ArchiveImages, imagesScans[i].ArchiveImages)
 				require.ElementsMatch(t, expected.Matches, imagesScans[i].Matches)
 				require.ElementsMatch(t, expected.PotentialMatches, imagesScans[i].PotentialMatches)
 				require.ElementsMatch(t, expected.CosignArtifacts, imagesScans[i].CosignArtifacts)

src/pkg/packager/testdata/find-images/image-archives/deployment-alpine.yaml

@@ -0,0 +1,18 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: alpine
+spec:
+  selector:
+    matchLabels:
+      app: alpine
+  template:
+    metadata:
+      labels:
+        app: alpine
+    spec:
+      containers:
+        - name: alpine
+          image: docker.io/library/alpine:latest
+        - name: second-alpine
+          image: docker.io/library/alpine:latest

src/pkg/packager/testdata/find-images/image-archives/deployment.yaml

@@ -0,0 +1,16 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: scrach
+spec:
+  selector:
+    matchLabels:
+      app: scratch
+  template:
+    metadata:
+      labels:
+        app: scratch
+    spec:
+      containers:
+        - name: scratch
+          image: docker.io/library/scratch:latest

src/pkg/packager/testdata/find-images/image-archives/zarf.yaml

@@ -3,6 +3,20 @@ metadata:
   name: image-archive
   description: image archive
 components:
+  - name: manifest-referencing-image-in-archive
+    required: true
+    manifests:
+      - name: scratch-manifest
+        namespace: default
+        files:
+          - deployment.yaml
+  - name: manifest-referencing-image-not-in-archive
+    required: true
+    manifests:
+      - name: alpine-manifest
+        namespace: default
+        files:
+          - deployment-alpine.yaml
   - name: image-archive-component
     imageArchives:
-      - path: ./scratch.tar
+      - path: scratch.tar

src/pkg/packager/update.go

@@ -18,6 +18,19 @@ import (
 	"github.com/zarf-dev/zarf/src/pkg/packager/layout"
 )
 
+type componentImagesPatch struct {
+	Images        ImagesPatch        `yaml:"images"`
+	ImageArchives ImageArchivesPatch `yaml:"imageArchives"`
+}
+
+type ImagesPatch struct {
+	Images []string `yaml:"images"`
+}
+
+type ImageArchivesPatch struct {
+	ImageArchives ImagesPatch `yaml:"imageArchives"`
+}
+
 // UpdateImages updates the images field for components in a zarf.yaml
 func UpdateImages(ctx context.Context, packagePath string, imagesScans []ComponentImageScan) error {
 	l := logger.From(ctx)
@@ -68,7 +81,7 @@ func createUpdate(zarfPackage v1alpha1.ZarfPackage, imagesScans []ComponentImage
 	}
 
 	for _, scan := range imagesScans {
-		if len(scan.Matches)+len(scan.PotentialMatches)+len(scan.CosignArtifacts) == 0 {
+		if len(scan.Matches)+len(scan.PotentialMatches)+len(scan.CosignArtifacts)+len(scan.ArchiveImages) == 0 {
 			continue
 		}
 
@@ -82,6 +95,18 @@ func createUpdate(zarfPackage v1alpha1.ZarfPackage, imagesScans []ComponentImage
 		componentMerge := map[string]any{
 			"images": combined,
 		}
+
+		// componentMerge := ImagesPatch{
+		// 	Images: combined,
+		// }
+
+		// if len(scan.ArchiveImages) > 0 {
+		// 	patch = componentImagesPatch{
+		// 		Images:        patch,
+		// 		ImageArchives: ImagesPatch{scan.ImageArchives},
+		// 	}
+		// }
+
 		componentNode, err := yaml.ValueToNode(componentMerge, yaml.IndentSequence(true))
 		if err != nil {
 			return "", fmt.Errorf("failed to create YAML node for component %s: %w", scan.ComponentName, err)