zuul-jobs/test-playbooks/registry/test-registry.yaml

# Run the intermediate registry on this host, and also build an image
# and place it in the registry to simulate an artifact from a previous
# build which has been passed to this one (so that we can test pulling
# from the intermediate registry in the correct order).

- hosts: intermediate-registry
  name: Set up the intermediate registry and add a build
  tasks:
    - name: Include intermediate registry vars
      include_vars: vars/intermediate-registry-auth.yaml
    - name: Include previous build vars
      include_vars: vars/previous-build.yaml
    - name: Run the intermediate registry
      include_role:
        name: run-test-intermediate-registry
        apply:
          become: true
    - name: Install the intermediate registry cert
      include_role:
        name: install-registry-cert
      vars:
        registry_host: localhost
        registry_port: 5000
        registry_cert: "{{ intermediate_registry_tls_cert }}"
    - name: Set up user credentials for the intermediate registry
      include_role:
        name: intermediate-registry-user-config
    - name: Build a docker image for the previous build
      include_role:
        name: build-docker-image
      vars:
        docker_images:
          - context: test-playbooks/registry/docker
            repository: "{{ previous_build_repository }}"
    - name: Tag the previous build
      command: "docker tag {{ previous_build_repository }}:latest localhost:5000/{{ previous_build_repository }}:{{ previous_build_uuid }}_latest"
    - name: Push the previous build to the intermediate registry
      command: "docker push localhost:5000/{{ previous_build_repository }}:{{ previous_build_uuid }}_latest"

# This is also essentially pre-configuration for the real test of the
# roles.  This sets up a fake executor (since we can't run the
# necessary commands untrusted on the real one).

- hosts: executor
  name: Set up a simulated executor
  tasks:
    - name: Include intermediate registry vars
      include_vars: vars/intermediate-registry-auth.yaml
    - name: Create simulated zuul work directory
      become: true
      file:
        state: directory
        path: "{{ zuul.executor.work_root }}"
        owner: "{{ ansible_user }}"
        group: "{{ ansible_user }}"
    - name: Install the intermediate registry cert
      include_role:
        name: install-registry-cert
      vars:
        registry_host: "{{ intermediate_registry.host }}"
        registry_port: "{{ intermediate_registry.port }}"
        registry_cert: "{{ intermediate_registry_tls_cert }}"
    - name: Make /etc/docker directory zuul-owned
      become: true
      file:
        state: directory
        path: "/etc/docker"
        owner: "{{ ansible_user }}"
        group: "{{ ansible_user }}"
        recurse: true
    - name: Configure /etc/hosts for intermediate registry
      become: true
      lineinfile:
        path: /etc/hosts
        state: present
        regex: "^{{ hostvars['intermediate-registry'].nodepool.private_ipv4 }}\t{{ intermediate_registry.host }}$"
        line: "{{ hostvars['intermediate-registry'].nodepool.private_ipv4 }}\t{{ intermediate_registry.host }}"
        insertafter: EOF

# This begins the simulation of what we would expect to happen in a
# normal job.

- hosts: builder
  name: Test the buildset registry roles
  roles:
    - run-buildset-registry
    - use-buildset-registry

- hosts: executor
  name: Test pulling from the intermediate registry
  tasks:
    - name: Include intermediate registry vars
      include_vars: vars/intermediate-registry-auth.yaml
    - name: Include previous build vars
      include_vars: vars/previous-build.yaml
    - name: Prepare a replacement zuul variable
      set_fact:
        test_zuul: "{{ previous_build_zuul }}"
    - name: Run pull-from-intermediate-registry role
      include_role:
        name: pull-from-intermediate-registry
      vars:
        zuul: "{{ test_zuul }}"

# This simulates a build actually using the previous build.

- hosts: builder
  name: Test that the previous build is available
  tasks:
    - name: Include intermediate registry vars
      include_vars: vars/intermediate-registry-auth.yaml
    - name: Include previous build vars
      include_vars: vars/previous-build.yaml
    - name: Pull the previous build from buildset registry to the builder host
      command: "docker pull {{ previous_build_repository }}:latest"
    - name: Show local docker images for debugging
      command: "docker image ls"
    - name: Verify previously built image is in buildset registry
      command: "docker image inspect {{ previous_build_repository }}:latest"

# Back to straightforward use of the roles under test.

- hosts: builder
  name: Test building a docker image
  roles:
    - role: build-docker-image
      vars:
        docker_images:
          - context: test-playbooks/registry/docker
            repository: downstream/image

- hosts: executor
  name: Test pushing to the intermediate registry
  tasks:
    - name: Include intermediate registry vars
      include_vars: vars/intermediate-registry-auth.yaml
    - name: Run push-to-intermediate-registry role
      include_role:
        name: push-to-intermediate-registry
      vars:
        docker_images:
          - context: playbooks/registry/docker
            repository: downstream/image

# And finally an external verification step.

- hosts: executor
  name: Test that the newly built image was pushed to the intermediate registry
  tasks:
    - name: Include intermediate registry vars
      include_vars: vars/intermediate-registry-auth.yaml
    - name: Fetch intermediate registry catalog
      uri:
        url: "https://{{ intermediate_registry.host }}:{{ intermediate_registry.port }}/v2/_catalog"
        validate_certs: false
        user: "{{ intermediate_registry.username }}"
        password: "{{ intermediate_registry.password }}"
      register: catalog
    - name: Verify newly built image is in intermediate registry catalog
      assert:
        that: "'downstream/image' in catalog.json.repositories"