[Windows] Cleanup various scripts (#8942)

* Use Resolve-GithubReleaseAssetUrl more widely * Add the Get-ChecksumFromUrl function * Sort exported functions and add docs * Remove alias and fix typo * Fix kind checksum url and syntax * Fix checksums url for gh cli and msys2 * [Windows] Cleanup various scripts * Add spaces after type specifications * Rename the Take-Part function
2025-12-20 06:29:50 +00:00 · 2023-12-04 10:50:53 +01:00
parent ed911223ab
commit 5ed2615017
56 changed files with 770 additions and 568 deletions
--- a/images/windows/scripts/build/Install-DockerWinCred.ps1
+++ b/images/windows/scripts/build/Install-DockerWinCred.ps1
@@ -4,32 +4,19 @@
 ##  Supply chain security: checksum validation
 ################################################################################

-#region functions
-function Get-DockerWincredHash {
-    Param (
-        [Parameter(Mandatory = $True)]
-        [string] $Release
-    )
-
-    $hashURL = "https://github.com/docker/docker-credential-helpers/releases/download/${Release}/checksums.txt"
-    (Invoke-RestMethod -Uri $hashURL).ToString().Split("`n").Where({ $_ -ilike "*docker-credential-wincred-${Release}.windows-amd64.exe*" }).Split(' ')[0]
-}
-#endregion
-
 Write-Host "Install docker-wincred"
-$dockerCredLatestRelease = Invoke-RestMethod -Uri "https://api.github.com/repos/docker/docker-credential-helpers/releases/latest"
-$dockerCredDownloadUrl = $dockerCredLatestRelease.assets.browser_download_url -match "docker-credential-wincred-.+\.exe" | Select-Object -First 1
-Invoke-DownloadWithRetry -Url $dockerCredDownloadUrl -Path "C:\Windows\System32\docker-credential-wincred.exe"
+$downloadUrl = Resolve-GithubReleaseAssetUrl `
+    -Repo "docker/docker-credential-helpers" `
+    -Version "latest" `
+    -UrlMatchPattern "docker-credential-wincred-*amd64.exe"
+$binaryPath = Invoke-DownloadWithRetry -Url $downloadUrl -Path "C:\Windows\System32\docker-credential-wincred.exe"

 #region Supply chain security
-$distributor_file_hash = Get-DockerWincredHash -Release $dockerCredLatestRelease.name
-$local_file_hash = (Get-FileHash -Path 'C:\Windows\System32\docker-credential-wincred.exe' -Algorithm SHA256).Hash
-
-if ($local_file_hash -ne $distributor_file_hash) {
-    Write-Host "hash must be equal to: ${distributor_file_hash}"
-    Write-Host "actual hash is: ${local_file_hash}"
-    throw 'Checksum verification failed, please rerun install'
-}
+$binaryName = Split-Path $downloadUrl -Leaf
+$externalHash = Get-ChecksumFromUrl -Type "SHA256" `
+    -Url ($downloadUrl -replace $binaryName, "checksums.txt") `
+    -FileName $binaryName
+Test-FileChecksum -Path $binaryPath -ExpectedSHA256Sum $externalHash
 #endregion

 Invoke-PesterTests -TestFile "Docker" -TestName "DockerWinCred"