From c0ea5606d1fbb25aef26dddabf6afa95d8f7574c Mon Sep 17 00:00:00 2001
From: Scott Hussey <sh8121@att.com>
Date: Fri, 8 Jun 2018 09:40:55 -0500
Subject: [PATCH] (zuul) Docker image jobs

- Gate/check jobs to build docker images
- Post jobs to build and publish docker images

Change-Id: Ia1c19689ed5f6c4fee4277f66b512205306ebffa
---
 .zuul.yaml                                   |  64 ++++++++++
 tools/gate/playbooks/docker-image-build.yaml |  96 ++++++++++++++
 tools/image_tags.py                          | 126 +++++++++++++++++++
 3 files changed, 286 insertions(+)
 create mode 100644 tools/gate/playbooks/docker-image-build.yaml
 create mode 100644 tools/image_tags.py

diff --git a/.zuul.yaml b/.zuul.yaml
index 13467f43..5eecef2e 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -23,6 +23,7 @@
         - airship-deckhand-functional-docker-py35
         - airship-deckhand-functional-uwsgi-py35
         - airship-deckhand-integration-uwsgi-py35
+        - airship-deckhand-docker-build-gate
     gate:
       jobs:
         - airship-deckhand-tox-py27-postgresql
@@ -37,6 +38,10 @@
         - airship-deckhand-functional-docker-py35
         - airship-deckhand-functional-uwsgi-py35
         - airship-deckhand-integration-uwsgi-py35
+        - airship-deckhand-docker-build-gate
+    post:
+      jobs:
+        - airship-deckhand-docker-publish
 
 - job:
     name: airship-deckhand-tox-py27-postgresql
@@ -138,3 +143,62 @@
     timeout: 3600
     run: tools/gate/playbooks/run-integration-tests-uwsgi.yaml
     nodeset: openstack-helm-single-node
+
+- job:
+    name: airship-deckhand-docker-build-gate
+    timeout: 1800
+    run: tools/gate/playbooks/docker-image-build.yaml
+    nodeset: openstack-helm-single-node
+    irrelevant-files:
+      - '^doc/.*'
+      - '^charts/.*'
+    vars:
+      publish: false
+      tags:
+        dynamic:
+          patch_set: true
+
+- job:
+    name: airship-deckhand-docker-publish
+    timeout: 1800
+    run: tools/gate/playbooks/docker-image-build.yaml
+    nodeset: openstack-helm-single-node
+    secrets:
+      - airship_deckhand_quay_creds
+    irrelevant-files:
+      - '^doc/.*'
+      - '^charts/.*'
+    vars:
+      publish: true
+      tags:
+        dynamic:
+          branch: true
+          commit: true
+        static:
+          - latest
+
+- secret:
+    name: airship_deckhand_quay_creds
+    data:
+      username: !encrypted/pkcs1-oaep
+        - eC+ZaBS1TN37yuvL2WoGkJQ8OFBSLiXxV0wAkH+2l9wLNjmT3QxwnjXTNSw883zEkE9C/
+          XPDUxgv7RMLO/Bfs7uXKH1QjCbIJREPJ7Vk6WY9BUvn6olT/JCafpRcsmAkIS4W8p0l7J
+          ZxelQnGm/Z2zcq4eWeKzKsFLGiAHyoFASXqlDf93NesR+lZ4xnZkO24+oPMpZq6o2Xr2D
+          eWrxEcEsn817o7bA5d9mHb3u2e4tgyxhRevz43VD+0p1bK1thjRnUVpmOvHNjGI+jphAT
+          Vf2+Zqys0+xJ4yJ62bhnayvLZeaKD96rLIXCsbm4xYWsyrzCYvJQ4nESY7McYoDEG6PgL
+          3Gr/6oyNUzobQNAxuwo0GpecaBVy5Z1/8Ihlb8r1nNM3J0a7oz1PyPS4O7WRlQmXgHJ/x
+          jJJmh66ruDxi1bcarmn4AR6lWmfyFqHwIlptsvX9AcJd4FWII9ZYdTUiidJ9ob4KmchIY
+          G0wdqGDaekNR01VgB+JD05IM4UMLjwRnFmLUKIvo0H9YU5X253rv/GXNks1Ov2OevIlch
+          RnnnpCESNso+xup0IztfWBkcGPGBpgmIh6T5s5bfg0n9CYEzsJMGiJuMKgeZcBvnif6Qb
+          y1mzFxQiyEUUPzngF6ger7sBdXSrkCv8cqWsxdeVf2xEXLCDl/x2rhfj7fa5C8=
+      password: !encrypted/pkcs1-oaep
+        - TL/cjk3UCv2QQTk/QX6ujvLpHQDgijFmBWG3r9Hg/migT1Iry/eQi/HftHhShWjF0lk6Y
+          kesdX49H8wXHkRutGxrmcb4HMde4clebtT0dIvVFU7/Ieoq5OnxVLdIPP3YBLZYLy5Ah5
+          jLtfV1FJsuRN5gVGJeOXQUhPitrEnNrcj50ke1+llvfRl7PIR1byAM/6gQLbV3oUtOgk6
+          jmpieqxq55yO+o76bXOp8YNNVr0eqI1nISfBoku2GL7nipAcfxDIeR3a5J4pdaJEEhJR7
+          qqgp1RMt/aADkBUDqw1xbF86V2Mh2l60mWtYUHm4EvOFotrzeOd6Th73K9y57cBuQRJwT
+          qP+T+3yuTtuwvzjgTG+h5deppsRb3EFtPYSI6TqWVKtH2zwRbTJCSbgdY03Tjrwn9vZJK
+          QA4O1fRLBhchBqaIcpOFj8AFNPYCtz6cvL0uzAHXfQoQ3r9icNlPg0N5W2VINxYvDIiOc
+          Lfpty/EyKOJJpOXoBiJlsGHFLi/8gdMAAtMDf72yrQH6KxdNxdRGs5oALkUQ1IcuLbXng
+          ySP8WG+DBiwjt4IAtwd/sF+jyVBzDaywxdbS6RJycI+lRThvibQ5UFpr349yOhUdETB6p
+          yzFswIVmx1tHM7NhD80zwdSEj4EjG0AL3GXuwfLHGbr5WIeCaVEuCMW+XUwQpw=
diff --git a/tools/gate/playbooks/docker-image-build.yaml b/tools/gate/playbooks/docker-image-build.yaml
new file mode 100644
index 00000000..9cd82aa0
--- /dev/null
+++ b/tools/gate/playbooks/docker-image-build.yaml
@@ -0,0 +1,96 @@
+# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- hosts: primary
+  tasks:
+    - name: Debug tag generation inputs
+      block:
+        - debug:
+            var: publish
+        - debug:
+            var: tags
+        - debug:
+            var: zuul
+        - debug:
+            msg: "{{ tags | to_json }}"
+
+    - name: Determine tags
+      shell: echo '{{ tags | to_json }}' | python {{ zuul.project.src_dir }}/tools/image_tags.py
+      environment:
+        BRANCH: "{{ zuul.branch }}"
+        CHANGE: "{{ zuul.change }}"
+        COMMIT: "{{ zuul.newrev }}"
+        PATCHSET: "{{ zuul.patchset }}"
+      register: image_tags
+
+    - name: Debug computed tags
+      debug:
+        var: image_tags
+
+    - name: Install Docker (Debian)
+      block:
+        - apt:
+            name: "{{ item }}"
+          with_items:
+            - docker.io
+            - python-pip
+          when: ansible_os_family == 'Debian'
+        - pip:
+            name: docker
+            version: 2.7.0
+      become: True
+
+    - name: Make images
+      when: not publish
+      block:
+        - make:
+            chdir: "{{ zuul.project.src_dir }}"
+            target: images
+            params:
+              IMAGE_TAG: "{{ item }}"
+          with_items: "{{ image_tags.stdout_lines }}"
+
+        - shell: "docker images"
+          register: docker_images
+
+        - debug:
+            var: docker_images
+
+      become: True
+
+    - name: Publish images
+      block:
+        - docker_login:
+            username: "{{ airship_deckhand_quay_creds.username }}"
+            password: "{{ airship_deckhand_quay_creds.password }}"
+            registry_url: "https://quay.io/api/v1/"
+
+        - make:
+            chdir: "{{ zuul.project.src_dir }}"
+            target: images
+            params:
+              DOCKER_REGISTRY: "quay.io"
+              IMAGE_PREFIX: "airshipit"
+              IMAGE_TAG: "{{ item }}"
+              PUSH_IMAGE: "true"
+          with_items: "{{ image_tags.stdout_lines }}"
+
+        - shell: "docker images"
+          register: docker_images
+
+        - debug:
+            var: docker_images
+
+      when: publish
+      become: True
diff --git a/tools/image_tags.py b/tools/image_tags.py
new file mode 100644
index 00000000..9bdab592
--- /dev/null
+++ b/tools/image_tags.py
@@ -0,0 +1,126 @@
+#!/bin/python
+# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import json
+import logging
+import os
+import sys
+
+LOG = logging.getLogger(__name__)
+
+LOG_FORMAT = '%(asctime)s %(levelname)-8s %(name)s:%(funcName)s [%(lineno)3d] %(message)s'  # noqa
+
+
+class TagGenExeception(Exception):
+    pass
+
+
+def read_config(stream, env):
+    config = {}
+    try:
+        config['tags'] = json.load(stream)
+    except ValueError:
+        LOG.exception('Failed to decode JSON from input stream')
+        config['tags'] = {}
+
+    LOG.debug('Configuration after reading stream: %s', config)
+
+    config['context'] = {
+        'branch': env.get('BRANCH'),
+        'change': env.get('CHANGE'),
+        'commit': env.get('COMMIT'),
+        'ps': env.get('PATCHSET'),
+    }
+
+    LOG.info('Final configuration: %s', config)
+
+    return config
+
+
+def build_tags(config):
+    tags = config.get('tags', {}).get('static', [])
+    LOG.debug('Dynamic tags: %s', tags)
+    tags.extend(build_dynamic_tags(config))
+    LOG.info('All tags: %s', tags)
+    return tags
+
+
+def build_dynamic_tags(config):
+    dynamic_tags = []
+
+    dynamic_tags.extend(_build_branch_tag(config))
+    dynamic_tags.extend(_build_commit_tag(config))
+    dynamic_tags.extend(_build_ps_tag(config))
+
+    return dynamic_tags
+
+
+def _build_branch_tag(config):
+    if _valid_dg(config, 'branch'):
+        return [config['context']['branch']]
+    else:
+        return []
+
+
+def _build_commit_tag(config):
+    if _valid_dg(config, 'commit'):
+        return [config['context']['commit']]
+    else:
+        return []
+
+
+def _build_ps_tag(config):
+    if _valid_dg(config, 'patch_set', 'change') and _valid_dg(
+            config, 'patch_set', 'ps'):
+        return [
+            '%s-%s' % (config['context']['change'], config['context']['ps'])
+        ]
+    else:
+        return []
+
+
+def _valid_dg(config, dynamic_tag, context_name=None):
+    if context_name is None:
+        context_name = dynamic_tag
+
+    if config.get('tags', {}).get('dynamic', {}).get(dynamic_tag):
+        if config.get('context', {}).get(context_name):
+            return True
+        else:
+            raise TagGenExeception('Dynamic tag "%s" requested, but "%s"'
+                                   ' not found in context' % (dynamic_tag,
+                                                              context_name))
+    else:
+        return False
+
+
+def main():
+    config = read_config(sys.stdin, os.environ)
+    tags = build_tags(config)
+
+    for tag in tags:
+        print(tag)
+
+
+if __name__ == '__main__':
+    logging.basicConfig(format=LOG_FORMAT, level=logging.WARNING)
+    try:
+        main()
+    except TagGenExeception:
+        LOG.exception('Failed to generate tags')
+        sys.exit(1)
+    except Exception:
+        LOG.exception('Unexpected exception')
+        sys.exit(2)