71b7cb0ae5
* In the build-image role, push to the buildset registry if it is defined. * In the intermediate registry push and pull roles, ensure that the buildset registry TLS cert is in place. This is a self-signed cert, and so needs to be written for each run. This happens inside bubblewrap where we have permission to write to /etc, which is an ephemeral volume. Change-Id: I47781d8a7adb93817dfe9266e2f4ad5fd829385c
27 lines
1.1 KiB
YAML
27 lines
1.1 KiB
YAML
- name: Push tag to intermediate registry
|
|
command: >-
|
|
skopeo --insecure-policy copy
|
|
--src-creds={{ buildset_registry.username }}:{{ buildset_registry.password }}
|
|
--dest-creds={{ intermediate_registry.username }}:{{ intermediate_registry.password }}
|
|
docker://{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }}
|
|
docker://{{ intermediate_registry.host }}:{{ intermediate_registry.port}}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag }}
|
|
loop: "{{ image.tags | default(['latest']) }}"
|
|
loop_control:
|
|
loop_var: image_tag
|
|
# no_log: true TODO(corvus) replace
|
|
|
|
- name: Return artifact to Zuul
|
|
zuul_return:
|
|
data:
|
|
zuul:
|
|
artifacts:
|
|
"image_{{ image.repository }}:{{ image_tag }}":
|
|
url: "docker://{{ intermediate_registry.host }}:{{ intermediate_registry.port}}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag}}"
|
|
metadata:
|
|
type: container_image
|
|
repository: "{{ image.repository }}"
|
|
tag: "{{ image_tag }}"
|
|
loop: "{{ image.tags | default(['latest']) }}"
|
|
loop_control:
|
|
loop_var: image_tag
|