airship/sip
Code Issues Proposed changes

Add Docker image publish job

Browse Source 
We rely on Quay.io to publish new images when commits are merged to the
SIP repository. While this has been a less error-prone approach to
publishing our Docker images, it removes control of image publishing
from the hands of SIP developers, as Airship working committee members
are the only ones who can access our Quay repositories. This change
creates a job to publish our images so that the means for doing so is
transparent to developers, reusable for operators downstream, and
introduces tags for repository commits like other Airship repositories
have.

Signed-off-by: Drew Walters <andrew.walters@att.com>
Change-Id: Idb1b405e6f71bd6a99b24b2f0cfb37d9df463ba3
This commit is contained in:
Drew Walters 2021-02-17 21:40:09 +00:00
parent 845ff65d85
commit 0b5f38d31a
4 changed files with 128 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
playbooks/publish-images.yaml Normal file
View File

@ -0,0 +1,91 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: ubuntu-bionic
tasks:
- name: Setup Docker
include_role:
name: ensure-docker
- name: Install Dependent Packages
apt:
pkg:
- debconf
- make
- wget
- snapd
become: yes
- name: Install python3-docker and python3-requests Modules
package:
name:
- python3-docker
- python3-requests
state: present
- name: List Docker Images
shell: docker image ls
- name: Push Images
block:
- name: Login to Image Registry
docker_login:
username: "{{ airshipctl_image_repo_credentials.username }}"
password: "{{ airshipctl_image_repo_credentials.password }}"
registry_url: "{{ image_repo }}"
- name: Build Images with Latest Tag
make:
chdir: "{{ zuul.project.src_dir }}"
params:
DOCKER_IMAGE_TAG: latest
DOCKER_REGISTRY: "{{ image_repo }}"
target: images
- name: Build Images with Commit Tag
make:
chdir: "{{ zuul.project.src_dir }}"
params:
DOCKER_IMAGE_TAG: "{{ zuul.newrev }}"
DOCKER_REGISTRY: "{{ image_repo }}"
target: images
- name: Push SIP Image with Latest Tag
make:
chdir: "{{ zuul.project.src_dir }}"
params:
DOCKER_IMAGE_TAG: latest
DOCKER_REGISTRY: "{{ image_repo }}"
target: docker-publish-controller
- name: Push SIP Image with Commit Tag
make:
chdir: "{{ zuul.project.src_dir }}"
params:
DOCKER_IMAGE_TAG: "{{ zuul.newrev }}"
DOCKER_REGISTRY: "{{ image_repo }}"
target: docker-publish-controller
- name: Push Jump Host Image with Latest Tag
make:
chdir: "{{ zuul.project.src_dir }}"
params:
DOCKER_IMAGE_TAG: latest
DOCKER_REGISTRY: "{{ image_repo }}"
target: docker-publish-jump-host
- name: Push Jump Host Image with Commit Tag
make:
chdir: "{{ zuul.project.src_dir }}"
params:
DOCKER_IMAGE_TAG: "{{ zuul.newrev }}"
DOCKER_REGISTRY: "{{ image_repo }}"
target: docker-publish-jump-host

10
zuul.d/jobs.yaml
View File

@ -18,3 +18,13 @@
description: Install kube-builder and tests make functionality.
run: playbooks/test-sip.yaml
timeout: 9600
- job:
name: airship-sip-publish-images
description: Publishes SIP Docker images to image repository.
run: playbooks/publish-images.yaml
timeout: 9600
secrets:
- name: sip_image_repo_credentials
secret: sip_image_repo_credentials
vars:
image_repo: quay.io

3
zuul.d/projects.yaml
View File

@ -9,4 +9,5 @@
- airship-sip-test-suite
post:
jobs:
- airship-sip-upload-git-mirror
- airship-sip-publish-images
- airship-sip-upload-git-mirror

25
zuul.d/secrets.yaml
View File

@ -45,3 +45,28 @@
hiFp93xx8y4JkXDYlkso1RCgcM3TFR/i0DsNac6k5lLlmG/uQ8u493At9ZmjsiZ+YqwSA
wFw1wor/kEt5gnqop9I6Eivwf5dfCMz+ylbfXBaAwXSXhm+wmr00oFwyqgukiG+eHbiBt
cgtmYEkZk8i4xl5yUwWuJ5r5DGQy3/pJ+XU4m1GUniZRBiLNPOoR6ShtAF3OEg=
- secret:
name: sip_image_repo_credentials
data:
username: !encrypted/pkcs1-oaep
- q/cqiOgzME2G225yXtvgFrmVxjKM24qxbG20o1o6DwMCmIFE093L7JQzPKV4KOj17C/i3
fXzKYj+t/Ji7VvFeClZcVD/o9Nhti4UY2kTSGmCmlDIerzIzLSj0kfGU8GP8Fz2xRYBpx
CIo04GczeNdCssKJGLi+M84/iNQoYmKTwf7mA6I5sz+RVZOIplKP9khoAGfIyEdy3ckVg
bI2MOx6pZpNbi59JJkw46eZ4793sTo5yyjpJp8QHCBf3YxO31NiymOGtF0HKxOwZcmNKu
Lwysig/M1jJVBTg41+jDqSkmM+1YqQEytgcuq7q2GQSVJS24ZHmm+SDVLRci1b6dgoBbU
vkrtb1SzMbk3ElEGhTx4A+BHeUXR2pkl9SrCCTCEq+5DALSYaPNee3cfFTHGaZtiBf8PR
KLmmB8OuT917tQETK86bLAlUemcFhh5dDhS04NDIB7j79adDS5Hp2ioMv7lm/qtOjsRET
fWC71ehLxU3I1sIkYL5NBCfAhLFMvpmHE8cer4KynEDw39yKbWdr4U0NVJKVyKgc+6/T4
k3UvJ0dVXSHwNxHwcJ3o9tZZdZoNQNy6xhiYHMCQisLxhEB5KNnN7x/J0+a/ASnuROqPj
wgmtk4iZaCm94PlIufi+s08hfg1r31LcTn/d2sRfw1M/4CoVTshFDSUunaWjFk=
password: !encrypted/pkcs1-oaep
- jVQWZus+Q6dXJR7il66rIE27o8lliEZ+kR3CCQi1t4ShojDrPNMrcAQl525qJmDTOMJOm
ehEhOZdJ2BhOT/2ezRXljVRkKKwgcDeOgT9ADA0N4R7c3uJRtF4ezrVm0uUMxZGsGbiij
Ugfz1e0mVu3GAXI1gacm1mBSomt9ywvLlKWpQUvRB7FMyFO2qX33f2ISwB6voHB7DAgy2
AMXHxd4PI1kHqxt7pR/2xH/fl7lbyq9x9Gqctp/S6TOabE4bHBSq9lb7lycaqSQ175H79
U5bw35c0vnuwFO9D9HU3DtBIYw+13NJSx7XGgdJE+lmRJwea9K1AUhN+U26uIQInsvbHn
xagJsszVNTTvbl/1Ie9Wr98WSlGugAioUcXFtqeWTZ88nHvtq8rOnPRMjSD3I8HJc1BHU
0y+cUr1vC1nfTUd9merV0QEp1hadhUu4e7DVA53kVt+Pfbcc1ALl0mHPC7LdBhMN5Tcgq
hsSDkrN++z8VLk0Mft7Ar9b6TC7Uuzxj0pnQl8BD553gSIRIuk1GkhTM9DsPckgwNyfyN
pdiW7Nk7s69alrK7TsrKU7IxgfdI628+GAjQSr7UWv1GqziEDS28LfEAwcYShAjYr6Fr3
7aVipJ6Q4nVLXoERnO9UtldgwzzYyq37f+KmlmsKs7IilmAawImQCbFNM/XKmY=