Add tls-verify configuration to container-image-podman

Closes: #43486
quarkusio · Sep 27, 2024 · 6d6c800 · 6d6c800
1 parent 10ff88f
commit 6d6c800
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 8 deletions.
diff --git a/...nt/src/main/java/io/quarkus/container/image/docker/common/deployment/CommonProcessor.java b/...nt/src/main/java/io/quarkus/container/image/docker/common/deployment/CommonProcessor.java
@@ -13,7 +13,6 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
-import java.util.stream.Stream;
 
 import org.jboss.logging.Logger;
 
@@ -212,13 +211,17 @@ protected void createAdditionalTags(String image, List<String> additionalImageTa
                 });
     }
 
-    protected void pushImages(ContainerImageInfoBuildItem containerImageInfo, String executableName) {
-        Stream.concat(containerImageInfo.getAdditionalImageTags().stream(), Stream.of(containerImageInfo.getImage()))
-                .forEach(imageToPush -> pushImage(imageToPush, executableName));
+    protected void pushImages(ContainerImageInfoBuildItem containerImageInfo, String executableName, C config) {
+        List<String> imagesToPush = new ArrayList<>(1 + containerImageInfo.getAdditionalImageTags().size());
+        imagesToPush.add(containerImageInfo.getImage());
+        imagesToPush.addAll(containerImageInfo.getAdditionalImageTags());
+        for (String image : imagesToPush) {
+            pushImage(image, executableName, config);
+        }
     }
 
-    protected void pushImage(String image, String executableName) {
-        String[] pushArgs = { "push", image };
+    protected void pushImage(String image, String executableName, C config) {
+        String[] pushArgs = createPushArgs(image, config);
         var pushSuccessful = ExecUtil.exec(executableName, pushArgs);
 
         if (!pushSuccessful) {
@@ -228,6 +231,10 @@ protected void pushImage(String image, String executableName) {
         LOGGER.infof("Successfully pushed %s image %s", getProcessorImplementation(), image);
     }
 
+    protected String[] createPushArgs(String image, C config) {
+        return new String[] { "push", image };
+    }
+
     protected void buildImage(ContainerImageInfoBuildItem containerImageInfo,
             OutputTargetBuildItem out,
             String executableName,

diff --git a/...eployment/src/main/java/io/quarkus/container/image/docker/deployment/DockerProcessor.java b/...eployment/src/main/java/io/quarkus/container/image/docker/deployment/DockerProcessor.java
@@ -141,7 +141,7 @@ protected String createContainerImage(ContainerImageConfig containerImageConfig,
         if (!useBuildx && pushContainerImage) {
             // If not using buildx, push the images
             loginToRegistryIfNeeded(containerImageConfig, containerImageInfo, executableName);
-            pushImages(containerImageInfo, executableName);
+            pushImages(containerImageInfo, executableName, dockerConfig);
         }
 
         return containerImageInfo.getImage();

diff --git a/...n/deployment/src/main/java/io/quarkus/container/image/podman/deployment/PodmanConfig.java b/...n/deployment/src/main/java/io/quarkus/container/image/podman/deployment/PodmanConfig.java
@@ -7,6 +7,7 @@
 import io.quarkus.runtime.annotations.ConfigPhase;
 import io.quarkus.runtime.annotations.ConfigRoot;
 import io.smallrye.config.ConfigMapping;
+import io.smallrye.config.WithDefault;
 
 @ConfigRoot(phase = ConfigPhase.BUILD_TIME)
 @ConfigMapping(prefix = "quarkus.podman")
@@ -16,4 +17,10 @@ public interface PodmanConfig extends CommonConfig {
      * https://docs.podman.io/en/latest/markdown/podman-build.1.html#platform-os-arch-variant
      */
     Optional<List<String>> platform();
+
+    /**
+     * Require HTTPS and verify certificates when contacting registries
+     */
+    @WithDefault("true")
+    boolean tlsVerify();
 }
diff --git a/...eployment/src/main/java/io/quarkus/container/image/podman/deployment/PodmanProcessor.java b/...eployment/src/main/java/io/quarkus/container/image/podman/deployment/PodmanProcessor.java
@@ -121,13 +121,18 @@ protected String createContainerImage(ContainerImageConfig containerImageConfig,
             if (isMultiPlatformBuild) {
                 pushManifests(containerImageInfo, executableName);
             } else {
-                pushImages(containerImageInfo, executableName);
+                pushImages(containerImageInfo, executableName, podmanConfig);
             }
         }
 
         return image;
     }
 
+    @Override
+    protected String[] createPushArgs(String image, PodmanConfig config) {
+        return new String[] { "push", image, "push", image, String.format("--tls-verify=%b", config.tlsVerify()) };
+    }
+
     private String[] getPodmanBuildArgs(String image,
             DockerfilePaths dockerfilePaths,
             ContainerImageConfig containerImageConfig,