From 0b5f38d31a095f7c06d4727a4225ee8de094a26f Mon Sep 17 00:00:00 2001
From: Drew Walters <andrew.walters@att.com>
Date: Wed, 17 Feb 2021 21:40:09 +0000
Subject: [PATCH] Add Docker image publish job

We rely on Quay.io to publish new images when commits are merged to the
SIP repository. While this has been a less error-prone approach to
publishing our Docker images, it removes control of image publishing
from the hands of SIP developers, as Airship working committee members
are the only ones who can access our Quay repositories. This change
creates a job to publish our images so that the means for doing so is
transparent to developers, reusable for operators downstream, and
introduces tags for repository commits like other Airship repositories
have.

Signed-off-by: Drew Walters <andrew.walters@att.com>
Change-Id: Idb1b405e6f71bd6a99b24b2f0cfb37d9df463ba3
---
 playbooks/publish-images.yaml | 91 +++++++++++++++++++++++++++++++++++
 zuul.d/jobs.yaml              | 10 ++++
 zuul.d/projects.yaml          |  3 +-
 zuul.d/secrets.yaml           | 25 ++++++++++
 4 files changed, 128 insertions(+), 1 deletion(-)
 create mode 100644 playbooks/publish-images.yaml

diff --git a/playbooks/publish-images.yaml b/playbooks/publish-images.yaml
new file mode 100644
index 0000000..33ac438
--- /dev/null
+++ b/playbooks/publish-images.yaml
@@ -0,0 +1,91 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+- hosts: ubuntu-bionic
+  tasks:
+    - name: Setup Docker
+      include_role:
+        name: ensure-docker
+
+    - name: Install Dependent Packages
+      apt:
+        pkg:
+          - debconf
+          - make
+          - wget
+          - snapd
+      become: yes
+
+    - name: Install python3-docker and python3-requests Modules
+      package:
+        name:
+          - python3-docker
+          - python3-requests
+        state: present
+
+    - name: List Docker Images
+      shell: docker image ls
+
+    - name: Push Images
+      block:
+        - name: Login to Image Registry
+          docker_login:
+            username: "{{ airshipctl_image_repo_credentials.username }}"
+            password: "{{ airshipctl_image_repo_credentials.password }}"
+            registry_url: "{{ image_repo }}"
+
+        - name: Build Images with Latest Tag
+          make:
+            chdir: "{{ zuul.project.src_dir }}"
+            params:
+              DOCKER_IMAGE_TAG: latest
+              DOCKER_REGISTRY: "{{ image_repo }}"
+            target: images
+
+        - name: Build Images with Commit Tag
+          make:
+            chdir: "{{ zuul.project.src_dir }}"
+            params:
+              DOCKER_IMAGE_TAG: "{{ zuul.newrev }}"
+              DOCKER_REGISTRY: "{{ image_repo }}"
+            target: images
+
+        - name: Push SIP Image with Latest Tag
+          make:
+            chdir: "{{ zuul.project.src_dir }}"
+            params:
+              DOCKER_IMAGE_TAG: latest
+              DOCKER_REGISTRY: "{{ image_repo }}"
+            target: docker-publish-controller
+
+        - name: Push SIP Image with Commit Tag
+          make:
+            chdir: "{{ zuul.project.src_dir }}"
+            params:
+              DOCKER_IMAGE_TAG: "{{ zuul.newrev }}"
+              DOCKER_REGISTRY: "{{ image_repo }}"
+            target: docker-publish-controller
+
+        - name: Push Jump Host Image with Latest Tag
+          make:
+            chdir: "{{ zuul.project.src_dir }}"
+            params:
+              DOCKER_IMAGE_TAG: latest
+              DOCKER_REGISTRY: "{{ image_repo }}"
+            target: docker-publish-jump-host
+
+        - name: Push Jump Host Image with Commit Tag
+          make:
+            chdir: "{{ zuul.project.src_dir }}"
+            params:
+              DOCKER_IMAGE_TAG: "{{ zuul.newrev }}"
+              DOCKER_REGISTRY: "{{ image_repo }}"
+            target: docker-publish-jump-host
diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml
index 83985ee..d183ea5 100644
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@@ -18,3 +18,13 @@
     description: Install kube-builder and tests make functionality.
     run: playbooks/test-sip.yaml
     timeout: 9600
+- job:
+    name: airship-sip-publish-images
+    description: Publishes SIP Docker images to image repository.
+    run: playbooks/publish-images.yaml
+    timeout: 9600
+    secrets:
+      - name: sip_image_repo_credentials
+        secret: sip_image_repo_credentials
+    vars:
+      image_repo: quay.io
diff --git a/zuul.d/projects.yaml b/zuul.d/projects.yaml
index 62ea218..06135c9 100644
--- a/zuul.d/projects.yaml
+++ b/zuul.d/projects.yaml
@@ -9,4 +9,5 @@
         - airship-sip-test-suite
     post:
       jobs:
-        - airship-sip-upload-git-mirror
\ No newline at end of file
+        - airship-sip-publish-images
+        - airship-sip-upload-git-mirror
diff --git a/zuul.d/secrets.yaml b/zuul.d/secrets.yaml
index fba0f59..3e480d6 100644
--- a/zuul.d/secrets.yaml
+++ b/zuul.d/secrets.yaml
@@ -45,3 +45,28 @@
           hiFp93xx8y4JkXDYlkso1RCgcM3TFR/i0DsNac6k5lLlmG/uQ8u493At9ZmjsiZ+YqwSA
           wFw1wor/kEt5gnqop9I6Eivwf5dfCMz+ylbfXBaAwXSXhm+wmr00oFwyqgukiG+eHbiBt
           cgtmYEkZk8i4xl5yUwWuJ5r5DGQy3/pJ+XU4m1GUniZRBiLNPOoR6ShtAF3OEg=
+- secret:
+    name: sip_image_repo_credentials
+    data:
+      username: !encrypted/pkcs1-oaep
+        - q/cqiOgzME2G225yXtvgFrmVxjKM24qxbG20o1o6DwMCmIFE093L7JQzPKV4KOj17C/i3
+          fXzKYj+t/Ji7VvFeClZcVD/o9Nhti4UY2kTSGmCmlDIerzIzLSj0kfGU8GP8Fz2xRYBpx
+          CIo04GczeNdCssKJGLi+M84/iNQoYmKTwf7mA6I5sz+RVZOIplKP9khoAGfIyEdy3ckVg
+          bI2MOx6pZpNbi59JJkw46eZ4793sTo5yyjpJp8QHCBf3YxO31NiymOGtF0HKxOwZcmNKu
+          Lwysig/M1jJVBTg41+jDqSkmM+1YqQEytgcuq7q2GQSVJS24ZHmm+SDVLRci1b6dgoBbU
+          vkrtb1SzMbk3ElEGhTx4A+BHeUXR2pkl9SrCCTCEq+5DALSYaPNee3cfFTHGaZtiBf8PR
+          KLmmB8OuT917tQETK86bLAlUemcFhh5dDhS04NDIB7j79adDS5Hp2ioMv7lm/qtOjsRET
+          fWC71ehLxU3I1sIkYL5NBCfAhLFMvpmHE8cer4KynEDw39yKbWdr4U0NVJKVyKgc+6/T4
+          k3UvJ0dVXSHwNxHwcJ3o9tZZdZoNQNy6xhiYHMCQisLxhEB5KNnN7x/J0+a/ASnuROqPj
+          wgmtk4iZaCm94PlIufi+s08hfg1r31LcTn/d2sRfw1M/4CoVTshFDSUunaWjFk=
+      password: !encrypted/pkcs1-oaep
+        - jVQWZus+Q6dXJR7il66rIE27o8lliEZ+kR3CCQi1t4ShojDrPNMrcAQl525qJmDTOMJOm
+          ehEhOZdJ2BhOT/2ezRXljVRkKKwgcDeOgT9ADA0N4R7c3uJRtF4ezrVm0uUMxZGsGbiij
+          Ugfz1e0mVu3GAXI1gacm1mBSomt9ywvLlKWpQUvRB7FMyFO2qX33f2ISwB6voHB7DAgy2
+          AMXHxd4PI1kHqxt7pR/2xH/fl7lbyq9x9Gqctp/S6TOabE4bHBSq9lb7lycaqSQ175H79
+          U5bw35c0vnuwFO9D9HU3DtBIYw+13NJSx7XGgdJE+lmRJwea9K1AUhN+U26uIQInsvbHn
+          xagJsszVNTTvbl/1Ie9Wr98WSlGugAioUcXFtqeWTZ88nHvtq8rOnPRMjSD3I8HJc1BHU
+          0y+cUr1vC1nfTUd9merV0QEp1hadhUu4e7DVA53kVt+Pfbcc1ALl0mHPC7LdBhMN5Tcgq
+          hsSDkrN++z8VLk0Mft7Ar9b6TC7Uuzxj0pnQl8BD553gSIRIuk1GkhTM9DsPckgwNyfyN
+          pdiW7Nk7s69alrK7TsrKU7IxgfdI628+GAjQSr7UWv1GqziEDS28LfEAwcYShAjYr6Fr3
+          7aVipJ6Q4nVLXoERnO9UtldgwzzYyq37f+KmlmsKs7IilmAawImQCbFNM/XKmY=