devops: mark Docker images as EOL (#29847)

As per https://github.com/microsoft/playwright-dotnet/pull/2879.
2024-03-07 20:18:24 +01:00 · 2024-03-07 20:18:24 +01:00 · 40b8bcb6ad
parent 591d327eac
commit 40b8bcb6ad
2 changed files with 23 additions and 0 deletions
--- a/utils/docker/.gitignore
+++ b/utils/docker/.gitignore
@ -0,0 +1,2 @@
+oras/
+
--- a/utils/docker/publish_docker.sh
+++ b/utils/docker/publish_docker.sh
@ -53,6 +53,27 @@ tag_and_push() {
  echo "-- tagging: $target"
  docker tag $source $target
  docker push $target
+  attach_eol_manifest $target
+}
+
+attach_eol_manifest() {
+  local image="$1"
+  local today=$(date -u +'%Y-%m-%d')
+  install_oras_if_needed
+  # oras is re-using Docker credentials, so we don't need to login.
+  # Following the advice in https://portal.microsofticm.com/imp/v3/incidents/incident/476783820/summary
+  ./oras/oras attach --artifact-type application/vnd.microsoft.artifact.lifecycle --annotation "vnd.microsoft.artifact.lifecycle.end-of-life.date=$today" $image
+}
+
+install_oras_if_needed() {
+  if [[ -x oras/oras ]]; then
+    return
+  fi
+  local version="1.1.0"
+  curl -sLO "https://github.com/oras-project/oras/releases/download/v${version}/oras_${version}_linux_amd64.tar.gz"
+  mkdir -p oras
+  tar -zxf oras_${version}_linux_amd64.tar.gz -C oras
+  rm oras_${version}_linux_amd64.tar.gz
 }

 publish_docker_images_with_arch_suffix() {