add md5 checksum of dockerfiles to image labels

[dklimpel]

Checklist

• make test-all (UNIX) passes. CI will also test this
• unit and/or integration tests are included (if applicable)
• documentation is changed or added (if applicable)

Description of change

Add m5 checksums to a an image label.
This can be directly compared later and is also available in the image in the long term.

[aelsabbahy]

Awesome, curious on the commands to use this for comparison.

[dklimpel]

Awesome, curious on the commands to use this for comparison.

I know two options.

curl:

$ repo=stavalfi/k8test-monitoring                                                                                                                                                                                 

$ token=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${repo}:pull" \
        | jq -r '.token')

$ digest=$(curl -s -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -H "Authorization: Bearer $token" "https://registry-1.docker.io/v2/${repo}/manifests/latest" \
  | jq .config.digest -r)

$ curl -s -L -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -H "Authorization: Bearer $token" "https://registry-1.docker.io/v2/${repo}/blobs/$digest" \
  | jq .config.Labels
{
  "latest-hash": "dc971f310bd0b172fd0379cc9a1810f209c9a9604a28da14cef36457",
  "latest-tag": "1.3.4"
}

or docker pull:

if [ "${INPUT_REGISTRY_PASSWORD}" != "" ]; then
    echo "${INPUT_REGISTRY_PASSWORD}" | docker login -u "${INPUT_REGISTRY_USERNAME}" --password-stdin "${INPUT_REGISTRY_ENDPOINT}"
fi

docker pull "${INPUT_IMAGE}"
value=$(docker inspect "${INPUT_IMAGE}" | jq -r ".[0].Config.Labels[\"${INPUT_LABEL}\"]")

I prefer the way with curl, as the image does not have to be downloaded.