From ae78a80ab7c49b7383667360bf83f6baa2efcff4 Mon Sep 17 00:00:00 2001
From: Christian Erhardt <mail@mojo2k.de>
Date: Fri, 8 Nov 2024 14:21:12 +0100
Subject: [PATCH 1/3] fix: directly referenced images via digest get deleted
 even if running

This fix adds images to the list of running shas if they are directly referenced by the sha digest and not by tag
---
 main.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/main.py b/main.py
index 458a1e4..7948c26 100644
--- a/main.py
+++ b/main.py
@@ -118,6 +118,14 @@ def discover_delete_images(regionname):
                     if imageurl == runningimages:
                         if imageurl not in running_sha:
                             running_sha.append(image['imageDigest'])
+            # check for directly referenced sha
+            for running_image in running_containers:
+                running_digest_match = re.search(r"[^@]+$", running_image)
+                if running_digest_match:
+                    running_digest = running_digest_match.group()
+                    if running_digest == running_image:
+                        if image['imageDigest'] not in running_sha:
+                            running_sha.append(image['imageDigest'])
 
         print("Number of running images found {}".format(len(running_sha)))
         ignore_tags_regex = re.compile(IGNORE_TAGS_REGEX)

From 7929fbc0833a7aa340ad5dd82366608a272ab8e5 Mon Sep 17 00:00:00 2001
From: Christian Erhardt <mail@mojo2k.de>
Date: Mon, 11 Nov 2024 14:13:52 +0100
Subject: [PATCH 2/3] fix: wrong check for running images

fixed the check for running images
---
 main.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/main.py b/main.py
index 7948c26..4ddaae2 100644
--- a/main.py
+++ b/main.py
@@ -118,14 +118,14 @@ def discover_delete_images(regionname):
                     if imageurl == runningimages:
                         if imageurl not in running_sha:
                             running_sha.append(image['imageDigest'])
+
             # check for directly referenced sha
-            for running_image in running_containers:
-                running_digest_match = re.search(r"[^@]+$", running_image)
-                if running_digest_match:
-                    running_digest = running_digest_match.group()
-                    if running_digest == running_image:
-                        if image['imageDigest'] not in running_sha:
-                            running_sha.append(image['imageDigest'])
+            running_digest_match = re.search(r"[^@]+$", runningimages)
+            if running_digest_match:
+                running_digest = running_digest_match.group()
+                if image['imageDigest'] == running_digest:
+                    if running_digest not in running_sha:
+                        running_sha.append(running_digest)
 
         print("Number of running images found {}".format(len(running_sha)))
         ignore_tags_regex = re.compile(IGNORE_TAGS_REGEX)

From aded8a81f5459d0c1defd7f27dabaf4d12d1e02e Mon Sep 17 00:00:00 2001
From: Christian Erhardt <mail@mojo2k.de>
Date: Tue, 12 Nov 2024 09:19:19 +0100
Subject: [PATCH 3/3] fix: reworked logic to retrieve image digest

There was an flaw in my logic.
---
 main.py | 41 +++++++++++++++++++++++++++--------------
 1 file changed, 27 insertions(+), 14 deletions(-)

diff --git a/main.py b/main.py
index 4ddaae2..029d61c 100644
--- a/main.py
+++ b/main.py
@@ -111,21 +111,34 @@ def discover_delete_images(regionname):
 
         # Get ImageDigest from ImageURL for running images. Do this for every repository
         running_sha = []
-        for image in tagged_images:
-            for tag in image['imageTags']:
-                imageurl = repository['repositoryUri'] + ":" + tag
-                for runningimages in running_containers:
-                    if imageurl == runningimages:
-                        if imageurl not in running_sha:
-                            running_sha.append(image['imageDigest'])
-
-            # check for directly referenced sha
-            running_digest_match = re.search(r"[^@]+$", runningimages)
+        for running_image in running_containers:
+            repository_uri = repository['repositoryUri']
+            
+            # get uri from running image - cut off the tag and digest
+            uri = re.search(r"^[^@:]+", running_image).group(0)
+            if not uri == repository_uri:
+                continue
+            
+            # Get the digest of the running image        
+            digest = None
+
+            # check if image is directly referenced by digest e.g. @sha256:1234567890abcdef
+            running_digest_match = re.search(r"@([^@]+)$", running_image)
             if running_digest_match:
-                running_digest = running_digest_match.group()
-                if image['imageDigest'] == running_digest:
-                    if running_digest not in running_sha:
-                        running_sha.append(running_digest)
+                digest = running_digest_match.group(1)
+            else:
+                # the image is referenced by tag - lookup the digest for this tag
+                tag = running_image.split(":")[1]        
+                try:
+                    image = [x for x in tagged_images if tag in x['imageTags']]
+                    digest = image[0]['imageDigest']
+                except:
+                    # A container is using an image that is not existend anymore?
+                    print("Error: Image tag '{}' not found in tagged images".format(tag))
+                    continue
+
+            if digest is not None and digest not in running_sha:
+                running_sha.append(digest)
 
         print("Number of running images found {}".format(len(running_sha)))
         ignore_tags_regex = re.compile(IGNORE_TAGS_REGEX)