Last active
January 28, 2026 17:49
-
-
Save nickboldt/86f78312234d84490f1186b389235a29 to your computer and use it in GitHub Desktop.
extract RHDH plugin catalog index or some plugin to a file tree to review contents
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| unpack_oci () { | |
| local IMAGE="$1" | |
| local MEDIA="$2" | |
| DIR="${IMAGE//:/_}" | |
| DIR="/tmp/${DIR//\//-}" | |
| rm -fr "$DIR"; mkdir -p "$DIR"; | |
| oras cp --to-oci-layout "$IMAGE" "$DIR" | |
| # for a helm chart tgz | |
| BLOB=$(oras manifest fetch "$IMAGE" | jq -r '.layers[]|select(.mediaType=="'"$MEDIA"'")|.digest') | |
| BLOB=${BLOB/sha256:} | |
| if [[ "$MEDIA" == *"tar+gzip"* ]]; then | |
| mkdir -p "$DIR/unpacked" | |
| tar xzf "$DIR/blobs/sha256/$BLOB" -C "$DIR/unpacked" | |
| echo "Unpacked $IMAGE into $DIR/unpacked" | |
| cd $DIR/unpacked; tree -d -L 3 -I . | |
| elif [[ "$MEDIA" == "text/spdx+json" ]]; then | |
| cp -f "$DIR/blobs/sha256/$BLOB" "$DIR/spdx_sbom.json" | |
| echo "SBOM: $DIR/spdx_sbom.json" | |
| fi | |
| } | |
| unpack_oci "quay.io/rhdh/chart:1.9-171-CI" "application/vnd.cncf.helm.chart.content.v1.tar+gzip" | |
| unpack_oci "quay.io/rhdh/backstage-community-plugin-catalog-backend-module-scaffolder-relation-processor:sha256-85c65d6f6fbd53739be00e94315bf43e99ca38efa0a69792d23dc51910b9ed00.sbom" "text/spdx+json" | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| unpack () { | |
| local IMAGE="$1" | |
| DIR="${IMAGE//:/_}" | |
| DIR="/tmp/${DIR//\//-}" | |
| rm -fr "$DIR"; mkdir -p "$DIR"; container_id=$(podman create "${IMAGE}") | |
| podman export $container_id -o /tmp/image.tar && tar xf /tmp/image.tar -C "${DIR}/"; podman rm $container_id; rm -f /tmp/image.tar | |
| echo "Unpacked $IMAGE into $DIR" | |
| cd $DIR; tree -d -L 3 -I "usr|root|buildinfo" | |
| } | |
| unpack "quay.io/rhdh/backstage-plugin-notifications:1.9.0--0.5.8" | |
| unpack "quay.io/rhdh/plugin-catalog-index:1.9" | |
| unpack "ghcr.io/redhat-developer/rhdh-plugin-export-overlays/red-hat-developer-hub-backstage-plugin-orchestrator:bs_1.45.3__5.3.1" |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
to get an sbom (in raw json):