From 7ebba2f488237301eb2c90d0ce0fbf60607ef870 Mon Sep 17 00:00:00 2001
From: Simon Rieger <simon@rieger.app>
Date: Thu, 17 Jul 2025 03:04:35 +0200
Subject: [PATCH] fix check digest

---
 main.go | 110 ++++++++++++++++++++++----------------------------------
 1 file changed, 43 insertions(+), 67 deletions(-)

diff --git a/main.go b/main.go
index a7955c1..8b2f6f6 100644
--- a/main.go
+++ b/main.go
@@ -4,29 +4,25 @@ import (
 	"context"
 	"fmt"
 	"log"
-	"os"
 	"regexp"
+	"strings"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/image"
 	"github.com/docker/docker/client"
 	"github.com/regclient/regclient"
 	"github.com/regclient/regclient/types/ref"
 )
 
-// Zerlegt einen Image-Namen in die Form registry/repo:tag für regclient
-func parseImageName(imageName string) (string, error) {
+// Wandelt ein ImageTag in registrykompatibles Format (ggf. registry hinzufügen)
+func toRegistryImage(imageTag string) (string, error) {
 	r := regexp.MustCompile(`^(?:(?P<registry>[^/]+)/)?(?P<repo>[^:]+)(?::(?P<tag>.+))?$`)
-	match := r.FindStringSubmatch(imageName)
+	match := r.FindStringSubmatch(imageTag)
 	if len(match) == 0 {
-		return "", fmt.Errorf("Fehler beim Parsen des Image-Namens: %s", imageName)
+		return "", fmt.Errorf("Image-Tag nicht erkannt: %s", imageTag)
 	}
 	registry := match[r.SubexpIndex("registry")]
 	repo := match[r.SubexpIndex("repo")]
 	tag := match[r.SubexpIndex("tag")]
-	if repo == "" {
-		return "", fmt.Errorf("Kein Repo erkannt in %s", imageName)
-	}
 	if registry == "" {
 		registry = "registry-1.docker.io"
 	}
@@ -36,84 +32,64 @@ func parseImageName(imageName string) (string, error) {
 	return fmt.Sprintf("%s/%s:%s", registry, repo, tag), nil
 }
 
-// Digest remote ermitteln (regclient)
-func getRemoteDigest(ctx context.Context, rc *regclient.RegClient, image string) (string, error) {
-	refObj, err := ref.New(image)
-	if err != nil {
-		return "", fmt.Errorf("image-ref ungültig: %w", err)
-	}
-	desc, err := rc.ManifestHead(ctx, refObj)
-	if err != nil {
-		return "", fmt.Errorf("Fehler ManifestHead %s: %w", image, err)
-	}
-	return desc.GetDigest().String(), nil
-}
-
-// Lokalen Digest via Docker-API holen
-func getLocalDigestOfImage(ctx context.Context, cli *client.Client, imageName string) (string, error) {
-	images, err := cli.ImageList(ctx, image.ListOptions{All: true})
-	if err != nil {
-		return "", err
-	}
-	for _, img := range images {
-		for _, t := range img.RepoTags {
-			if t == imageName {
-				if len(img.RepoDigests) > 0 {
-					return img.RepoDigests[0], nil
-				}
-				return img.ID, nil
-			}
+// Extrahiert nur den reinen sha256:<...>-Digest
+func extractDigest(s string) string {
+	for _, part := range strings.Split(s, "@") {
+		if strings.HasPrefix(part, "sha256:") {
+			return part
 		}
 	}
-	return "", fmt.Errorf("Image %s nicht lokal gefunden", imageName)
+	return s // ggf. nur die ID, wenn kein Digest
 }
 
 func main() {
 	ctx := context.Background()
-
 	cli, err := client.NewClientWithOpts(client.FromEnv)
 	if err != nil {
 		log.Fatal(err)
 	}
 	defer cli.Close()
-
 	rc := regclient.New()
 
-	containers, err := cli.ContainerList(ctx, container.ListOptions{All: true})
+	images, err := cli.ImageList(ctx, image.ListOptions{All: true})
 	if err != nil {
 		log.Fatal(err)
 	}
-	if len(containers) == 0 {
-		fmt.Println("Keine laufenden Container gefunden")
-		os.Exit(0)
-	}
 
-	for _, ctr := range containers {
-		fmt.Printf("Container: %s %s (status: %s)\n", ctr.ID[:12], ctr.Image, ctr.Status)
-		imageFull, err := parseImageName(ctr.Image)
-		if err != nil {
-			fmt.Printf("   Fehler beim Parsen des Image-Namens: %v\n", err)
-			continue
-		}
+	for _, img := range images {
+		for _, tag := range img.RepoTags {
+			imageRef, err := toRegistryImage(tag)
+			if err != nil {
+				continue
+			}
 
-		localDigest, err := getLocalDigestOfImage(ctx, cli, ctr.Image)
-		if err != nil {
-			fmt.Printf("   Fehler beim lokalen Digest: %v\n", err)
-			continue
-		}
+			// Lokalen Digest extrahieren
+			var localDigest string
+			if len(img.RepoDigests) > 0 {
+				localDigest = extractDigest(img.RepoDigests[0])
+			} else {
+				localDigest = img.ID
+			}
 
-		remoteDigest, err := getRemoteDigest(ctx, rc, imageFull)
-		if err != nil {
-			fmt.Printf("   Fehler beim Remote-Digest: %v\n", err)
-			continue
-		}
+			// Remote-Digest bestimmen
+			refObj, err := ref.New(imageRef)
+			if err != nil {
+				fmt.Printf("ImageRef-Fehler bei %s: %v\n", tag, err)
+				continue
+			}
+			desc, err := rc.ManifestHead(ctx, refObj)
+			if err != nil {
+				fmt.Printf("Manifest nicht gefunden (%s): %v\n", tag, err)
+				continue
+			}
+			remoteDigest := desc.GetDigest().String()
 
-		fmt.Println("   Local Digest: ", localDigest)
-		fmt.Println("   Remote Digest:", remoteDigest)
-		if localDigest == remoteDigest {
-			fmt.Println("   -> Image ist aktuell")
-		} else {
-			fmt.Println("   -> Update verfügbar!\n")
+			fmt.Printf("Image: %s\n  Local Digest:  %s\n  Remote Digest: %s\n", tag, localDigest, remoteDigest)
+			if localDigest == remoteDigest {
+				fmt.Println("  -> Kein Update verfügbar.")
+			} else {
+				fmt.Println("  -> Update verfügbar!")
+			}
 		}
 	}
 }