From 982cfa8500250c9704448880a779ade06cc8f976 Mon Sep 17 00:00:00 2001
From: Nicolas Belouin <nicolas.belouin@suse.com>
Date: Thu, 3 Apr 2025 16:53:49 +0200
Subject: [PATCH] Allow slash prefixes in registry

Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
---
 container-build-checks.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/container-build-checks.py b/container-build-checks.py
index b8c873c..d862f33 100755
--- a/container-build-checks.py
+++ b/container-build-checks.py
@@ -82,13 +82,17 @@ def verify_reference(image, result, value):
         return
 
     (registry, repo, tag) = reference_match.groups()
-    allowed_registries: list[str] = config["General"].getlist("Registry")
-    if len(allowed_registries) and registry not in allowed_registries:
+    raw_allowed_registries: list[str] = config["General"].getlist("Registry")
+    allowed_registries: dict[str, str] = {v[0]: v[2] for v in map(lambda a: a.partition("/"), raw_allowed_registries)}
+
+    if len(allowed_registries) and (registry not in allowed_registries.keys() or not repo.startswith(allowed_registries[registry])):
         result.warn(
             f"The org.opensuse.reference label ({value}) does not use an "
-            f"allowed registry: {','.join(allowed_registries)}")
+            f"allowed registry: {','.join(raw_allowed_registries)}")
+
+    prefix = allowed_registries[registry]
 
-    if f"{repo}:{tag}" not in image.containerinfo["tags"]:
+    if f"{repo[len(prefix)+1:]}:{tag}" not in image.containerinfo["tags"]:
         tags = ", ".join(image.containerinfo["tags"])
         result.warn(f"The org.opensuse.reference label ({value}) does not refer to an existing tag ({tags})")
     elif "release" in image.containerinfo and image.containerinfo["release"] not in tag:
-- 
2.49.0