From 4cdb0e96d1632abfdae59babc18a8f00a47df3a3 Mon Sep 17 00:00:00 2001
From: Guilhem Bonnefille <guilhem.bonnefille@csgroup.eu>
Date: Thu, 14 Aug 2025 09:03:57 +0000
Subject: [PATCH 1/2] fix(skopeo): active debug when TRACE is set

---
 templates/gitlab-ci-docker.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml
index 0964e3d..588e2e3 100644
--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -932,7 +932,7 @@ stages:
       do
         log_info "... pushing extra tag: \\e[33;1m${extra_tag}\\e[0m..."
         # shellcheck disable=SC2086,SC2154
-        skopeo copy --src-authfile "$BUILDTOOL_HOME/skopeo/.docker/dest-config.json" --dest-authfile "$BUILDTOOL_HOME/skopeo/.docker/dest-config.json" ${DOCKER_PUBLISH_ARGS} "docker://$DOCKER_RELEASE_IMAGE" "docker://$docker_repository:$extra_tag"
+        skopeo copy ${TRACE+--debug} --src-authfile "$BUILDTOOL_HOME/skopeo/.docker/dest-config.json" --dest-authfile "$BUILDTOOL_HOME/skopeo/.docker/dest-config.json" ${DOCKER_PUBLISH_ARGS} "docker://$DOCKER_RELEASE_IMAGE" "docker://$docker_repository:$extra_tag"
       done
     else
       log_info "Extra tags configured, but the released tag (\\e[33;1m${docker_tag}\\e[0m) doesn't match \$DOCKER_RELEASE_EXTRA_TAGS_PATTERN..."
@@ -1375,7 +1375,7 @@ docker-publish:
     - BUILDTOOL_HOME=${BUILDTOOL_HOME:-$HOME}
     # 1: push main image
     - log_info "Copying ${DOCKER_SNAPSHOT_IMAGE} to ${DOCKER_RELEASE_IMAGE}..."
-    - skopeo copy --src-authfile "$BUILDTOOL_HOME/skopeo/.docker/src-config.json" --dest-authfile "$BUILDTOOL_HOME/skopeo/.docker/dest-config.json" ${DOCKER_PUBLISH_ARGS} "docker://$DOCKER_SNAPSHOT_IMAGE" "docker://$DOCKER_RELEASE_IMAGE"
+    - skopeo copy ${TRACE+--debug} --src-authfile "$BUILDTOOL_HOME/skopeo/.docker/src-config.json" --dest-authfile "$BUILDTOOL_HOME/skopeo/.docker/dest-config.json" ${DOCKER_PUBLISH_ARGS} "docker://$DOCKER_SNAPSHOT_IMAGE" "docker://$DOCKER_RELEASE_IMAGE"
     - |
       if [[ ${DOCKER_COSIGN_STRATEGY} == "onrelease" ]] || [[ ${DOCKER_COSIGN_STRATEGY} == "always" ]]
       then
@@ -1383,14 +1383,14 @@ docker-publish:
         release_repository=${DOCKER_RELEASE_IMAGE%:*}
         tag=$(echo "${docker_digest}" | tr ':' '-')
         log_info "Copying image signature to ${release_repository}:${tag}.sig..."
-        skopeo copy --src-authfile "$BUILDTOOL_HOME/skopeo/.docker/src-config.json" --dest-authfile "$BUILDTOOL_HOME/skopeo/.docker/dest-config.json" ${DOCKER_PUBLISH_ARGS} "docker://${snapshot_repository}:${tag}.sig" "docker://${release_repository}:${tag}.sig"
+        skopeo copy ${TRACE+--debug} --src-authfile "$BUILDTOOL_HOME/skopeo/.docker/src-config.json" --dest-authfile "$BUILDTOOL_HOME/skopeo/.docker/dest-config.json" ${DOCKER_PUBLISH_ARGS} "docker://${snapshot_repository}:${tag}.sig" "docker://${release_repository}:${tag}.sig"
         log_info "Copying image attestation to ${release_repository}:${tag}.att..."
-        skopeo copy --src-authfile "$BUILDTOOL_HOME/skopeo/.docker/src-config.json" --dest-authfile "$BUILDTOOL_HOME/skopeo/.docker/dest-config.json" ${DOCKER_PUBLISH_ARGS} "docker://${snapshot_repository}:${tag}.att" "docker://${release_repository}:${tag}.att"
+        skopeo copy ${TRACE+--debug} --src-authfile "$BUILDTOOL_HOME/skopeo/.docker/src-config.json" --dest-authfile "$BUILDTOOL_HOME/skopeo/.docker/dest-config.json" ${DOCKER_PUBLISH_ARGS} "docker://${snapshot_repository}:${tag}.att" "docker://${release_repository}:${tag}.att"
       fi
     - |
       log_info "Well done your image is pushed and can be pulled with: docker pull $DOCKER_RELEASE_IMAGE"
     # 2: extract info and generate output dotenv
-    - docker_digest=$(skopeo inspect --authfile "$BUILDTOOL_HOME/skopeo/.docker/dest-config.json" --format='{{ .Digest }}' "docker://$DOCKER_RELEASE_IMAGE")
+    - docker_digest=$(skopeo inspect ${TRACE+--debug} --authfile "$BUILDTOOL_HOME/skopeo/.docker/dest-config.json" --format='{{ .Digest }}' "docker://$DOCKER_RELEASE_IMAGE")
     - docker_repository=${DOCKER_RELEASE_IMAGE%:*}
     - docker_tag=${DOCKER_RELEASE_IMAGE##*:}
     - |
-- 
GitLab


From 8946da09650b713369dd74e64c653a85b41a041d Mon Sep 17 00:00:00 2001
From: Guilhem Bonnefille <guilhem.bonnefille@csgroup.eu>
Date: Thu, 14 Aug 2025 09:19:52 +0000
Subject: [PATCH 2/2] fix: log all configured registries

When snapshot and release registries are different and a single one is logged as configured,
one can think it has misconfigured something.
---
 templates/gitlab-ci-docker.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml
index 588e2e3..bff9a77 100644
--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -783,7 +783,12 @@ stages:
       merge_json "$BUILDTOOL_HOME/skopeo/.docker/src-config.json" "$BUILDTOOL_HOME/skopeo/.docker/release-only.json" > "$BUILDTOOL_HOME/skopeo/.docker/dest-config.json"
     fi
 
-    log_info "Docker authentication configured for \\e[33;1m${docker_snapshot_registry_host}\\e[0m"
+    if [ "$docker_snapshot_registry_host" = "$docker_release_registry_host" ]
+    then
+      log_info "Docker authentication configured for \\e[33;1m${docker_snapshot_registry_host}\\e[0m ${docker_mirror_registry_host+and \\e[33;1m${docker_mirror_registry_host}\\e[0m}"
+    else
+      log_info "Docker authentication configured for \\e[33;1m${docker_snapshot_registry_host}\\e[0m and \\e[33;1m${docker_release_registry_host}\\e[0m ${docker_mirror_registry_host+and \\e[33;1m${docker_mirror_registry_host}\\e[0m}"
+    fi
   }
 
   # autodetects whether there is an hadolint config file
-- 
GitLab