Merge "Delete change tags from docker image repos"

docker/gitea/Dockerfile

@@ -112,4 +112,4 @@ EXPOSE 22
 VOLUME ["/data"]
 ENTRYPOINT ["/usr/bin/entrypoint"]
 CMD ["/usr/sbin/sshd", "-D"]
-# this comment is here to perform a test run of the job...
+# this comment is here to perform a test run of the job....

playbooks/zuul/build-image/promote-delete-tag.yaml

@@ -0,0 +1,20 @@
+- name: List tags
+  uri:
+    url: "https://hub.docker.com/v2/repositories/{{ image.repository }}/tags?page_size=1000"
+    status_code: 200
+  register: tags
+- name: Set cutoff timestamp to 24 hours ago
+  command: "python3 -c \"import datetime; print((datetime.datetime.utcnow()-datetime.timedelta(days=1)).strftime('%Y-%m-%dT%H:%M:%fZ'))\""
+  register: cutoff
+- name: Delete all change tags older than the cutoff
+  no_log: true
+  loop: "{{ tags.json.results }}"
+  loop_control:
+    loop_var: docker_tag
+  when: docker_tag.last_updated < cutoff.stdout and docker_tag.name.startswith('change_')
+  uri:
+    url: "https://hub.docker.com/v2/repositories/{{ image.repository }}/tags/{{ docker_tag.name }}/"
+    method: DELETE
+    status_code: 204
+    headers:
+      Authorization: "JWT {{ jwt_token.json.token }}"

playbooks/zuul/build-image/promote-retag.yaml

@@ -1,7 +1,7 @@
 - name: Get dockerhub token
   no_log: true
   uri:
-    url: "https://auth.docker.io/token?service=registry.docker.io&scope=repository:{{image.repository}}:pull,push"
+    url: "https://auth.docker.io/token?service=registry.docker.io&scope=repository:{{ image.repository }}:pull,push"
     user: "{{ credentials.username }}"
     password: "{{ credentials.password }}"
     force_basic_auth: true
@@ -9,7 +9,7 @@
 - name: Get manifest
   no_log: true
   uri:
-    url: "https://registry.hub.docker.com/v2/{{image.repository}}/manifests/change_{{zuul.change}}"
+    url: "https://registry.hub.docker.com/v2/{{ image.repository }}/manifests/change_{{ zuul.change }}"
     status_code: 200
     headers:
       Accept: "application/vnd.docker.distribution.manifestv2+json"
@@ -22,10 +22,18 @@
   loop_control:
     loop_var: new_tag
   uri:
-    url: "https://registry.hub.docker.com/v2/{{image.repository}}/manifests/{{ new_tag }}"
+    url: "https://registry.hub.docker.com/v2/{{ image.repository }}/manifests/{{ new_tag }}"
     method: PUT
     status_code: 201
     body: "{{ manifest.content | string }}"
     headers:
       Content-Type: "application/vnd.docker.distribution.manifestv2+json"
       Authorization: "Bearer {{ token.json.token }}"
+- name: Delete the current change tag
+  no_log: true
+  uri:
+    url: "https://hub.docker.com/v2/repositories/{{ image.repository }}/tags/change_{{ zuul.change }}/"
+    method: DELETE
+    status_code: 204
+    headers:
+      Authorization: "JWT {{ jwt_token.json.token }}"

playbooks/zuul/build-image/promote.yaml

@@ -1,10 +1,22 @@
 - hosts: localhost
   tasks:
-    - name: Promote dockerhub image
-      when: credentials is defined
-      block:
-        - name: Promote image
-          loop: "{{ images }}"
-          loop_control:
-            loop_var: image
-          include_tasks: promote-retag.yaml
+    # This is used by the delete tasks
+    - name: Get dockerhub JWT token
+      no_log: true
+      uri:
+        url: "https://hub.docker.com/v2/users/login/"
+        body_format: json
+        body:
+          username: "{{ credentials.username }}"
+          password: "{{ credentials.password }}"
+      register: jwt_token
+    - name: Promote image
+      loop: "{{ images }}"
+      loop_control:
+        loop_var: image
+      include_tasks: promote-retag.yaml
+    - name: Delete obsolete tags
+      loop: "{{ images }}"
+      loop_control:
+        loop_var: image
+      include_tasks: promote-delete-tag.yaml