(zuul) Docker image jobs

- Add check/gate jobs for image building
- Add post job for image building and publish to quay.io

Change-Id: Ia7c1f67ec4a5ae11e1fad489259f8418bac0a644

.zuul.yaml

@@ -18,7 +18,7 @@
         - airship-pegleg-lint-pep8
         - airship-pegleg-unit-py35
         - airship-pegleg-security-bandit
-
+        - airship-pegleg-docker-build-gate
     gate:
       jobs:
         - airship-pegleg-linter
@@ -26,6 +26,10 @@
         - airship-pegleg-lint-pep8
         - airship-pegleg-unit-py35
         - airship-pegleg-security-bandit
+        - airship-pegleg-docker-build-gate
+    post:
+      jobs:
+        - airship-pegleg-docker-publish
 
 - nodeset:
     name: airship-pegleg-single-node
@@ -92,3 +96,60 @@
     irrelevant-files:
       - ^src/bin/pegleg/tests/.*$
       - ^setup.cfg$
+
+- job:
+    name: airship-pegleg-docker-build-gate
+    timeout: 1800
+    run: tools/gate/playbooks/docker-image-build.yaml
+    nodeset: airship-pegleg-single-node
+    irrelevant-files:
+      - '^docs/.*'
+    vars:
+      publish: false
+      tags:
+        dynamic:
+          patch_set: true
+
+- job:
+    name: airship-pegleg-docker-publish
+    timeout: 1800
+    run: tools/gate/playbooks/docker-image-build.yaml
+    nodeset: airship-pegleg-single-node
+    secrets:
+      - airship_pegleg_quay_creds
+    irrelevant-files:
+      - '^docs/.*'
+    vars:
+      publish: true
+      tags:
+        dynamic:
+          branch: true
+          commit: true
+        static:
+          - latest
+
+- secret:
+    name: airship_pegleg_quay_creds
+    data:
+      username: !encrypted/pkcs1-oaep
+        - BI1sCnCyps8RaXf/BQ2ZtobrXn4MfnimRr5wE5Rv3U95NCCK5EoUwBEvnz7yNmQ8m99D7
+          9Gx4qA0N1ry7QL+o2Ll0D/ahb/HsaVBNU3CeVfe+3shpEVEuSi2xrA8K9LQPfIK1237vr
+          wVvN/R+y/uYm7mpPr/aEPjQwJf3wgEK8xV/ZTvqYSVCpGylbfV0tWxm6uEVdBc1kMPLJN
+          8uItJPaAaYMkFEasnVlI/DV8suiK13BLT7bNpNZBQsQ3AlcBCoq9mt50C3slV1wIneaz9
+          qK+O++z7r8OTWUDMQqWE5d1m6jz1WIp5DROmnOvb9dfS73XsTcgmXwilrQt3VSvFCToga
+          gAVHcoWbIKfxgrbOhoLFr+68id3VwVKN+NXgkoxTAJSzFCWwrs0X4n4W6D4O9buQyFTiZ
+          s9o5rB1f2bdF5iI8Npqg6YchPtWn2eR78w1hRyge2HJk2RQgN1CqjpbiQ0uiEy0QA/Ksu
+          VTtuONyV3T7FUYXaK3cHYrCwhV/idquSNRCWnKQAbs8mU8w298UbpOq4lZk1Njeg9StIs
+          0DYyG1SX2k4mBS4//9i488qBSss2CBMhZWHbesSDi/OW4fNzz/2wm2FaW1uaJJSOTXEyJ
+          E3p4+eejcYknXR+XD6BWfSvSwabsCezGSCg7wg7CRFsuTYXx5a4y/+P8Jh+Y7Y=
+      password: !encrypted/pkcs1-oaep
+        - x/0RHX1OlOfFgyb5ed0sknZQi8waSQLzWv+Aog0CziVMf9r3MtZ29LAcrqp9VUdFRYGCk
+          Hf71TJb1Zb8b+WNcUJH2JjVo//Z1smU5F5xEqzhz0gTm1HYQjMAlqd1VNDYv0IpWl2dLE
+          sGnEOT/Uq0RfH3rRt+33GagmXBUNuOIMdx41ubrMaF6ddg8IbjISRaCdfPOlNIrj24gCj
+          a16UNiSyAhvqkod2G2HO7JE7Nv2//5hI1MD1o7sip8/eub12XtHMjpDRKR+KymX81LGAS
+          PeCAn+Hw41uUKnxI/OTW47YtNvQVZZ4gRTOKTumsSNSceFfbf5ljm/JHTWx0SO6Z/kvzH
+          RAJwBmLPHg7leD2wF9vWXwcmlyWJFyeEW/K/+6gYycQ2H0OnRuRxzYaNpSa96zPWUfNsA
+          3TEKJcXjFXJSr00KnWmUZw8ZmPYAziu+pZoBXpkIhYoP1MAtggv/pvVsODDHmokP9nVE6
+          s6YbtUXzthM/TgsE5KMZ2QP4udetj11RGDC+7fz/edtLcrpL3Nrq2rkJ2tRV+yR1ElKGx
+          b2YX7cwM/vx3DPhWRBPJJfOoSRl+ZJByDM1KKWmAB91LT9vB3oVk/vq2XUsbTH2w20LcK
+          xBXFJMtVHOavHIIWM7qHvkvZzWSBON7ydspje9MbYtTS5/97ccdLxDHA0MX0wM=

tools/gate/playbooks/docker-image-build.yaml

@@ -0,0 +1,96 @@
+# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- hosts: primary
+  tasks:
+    - name: Debug tag generation inputs
+      block:
+        - debug:
+            var: publish
+        - debug:
+            var: tags
+        - debug:
+            var: zuul
+        - debug:
+            msg: "{{ tags | to_json }}"
+
+    - name: Determine tags
+      shell: echo '{{ tags | to_json }}' | python {{ zuul.project.src_dir }}/tools/image_tags.py
+      environment:
+        BRANCH: "{{ zuul.branch }}"
+        CHANGE: "{{ zuul.change }}"
+        COMMIT: "{{ zuul.newrev }}"
+        PATCHSET: "{{ zuul.patchset }}"
+      register: image_tags
+
+    - name: Debug computed tags
+      debug:
+        var: image_tags
+
+    - name: Install Docker (Debian)
+      block:
+        - apt:
+            name: "{{ item }}"
+          with_items:
+            - docker.io
+            - python-pip
+          when: ansible_os_family == 'Debian'
+        - pip:
+            name: docker
+            version: 2.7.0
+      become: True
+
+    - name: Make images
+      when: not publish
+      block:
+        - make:
+            chdir: "{{ zuul.project.src_dir }}"
+            target: images
+            params:
+              IMAGE_TAG: "{{ item }}"
+          with_items: "{{ image_tags.stdout_lines }}"
+
+        - shell: "docker images"
+          register: docker_images
+
+        - debug:
+            var: docker_images
+
+      become: True
+
+    - name: Publish images
+      block:
+        - docker_login:
+            username: "{{ airship_pegleg_quay_creds.username }}"
+            password: "{{ airship_pegleg_quay_creds.password }}"
+            registry_url: "https://quay.io/api/v1/"
+
+        - make:
+            chdir: "{{ zuul.project.src_dir }}"
+            target: images
+            params:
+              DOCKER_REGISTRY: "quay.io"
+              IMAGE_PREFIX: "airshipit"
+              IMAGE_TAG: "{{ item }}"
+              PUSH_IMAGE: "true"
+          with_items: "{{ image_tags.stdout_lines }}"
+
+        - shell: "docker images"
+          register: docker_images
+
+        - debug:
+            var: docker_images
+
+      when: publish
+      become: True

tools/image_tags.py

@@ -0,0 +1,126 @@
+#!/bin/python
+# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import json
+import logging
+import os
+import sys
+
+LOG = logging.getLogger(__name__)
+
+LOG_FORMAT = '%(asctime)s %(levelname)-8s %(name)s:%(funcName)s [%(lineno)3d] %(message)s'  # noqa
+
+
+class TagGenExeception(Exception):
+    pass
+
+
+def read_config(stream, env):
+    config = {}
+    try:
+        config['tags'] = json.load(stream)
+    except ValueError:
+        LOG.exception('Failed to decode JSON from input stream')
+        config['tags'] = {}
+
+    LOG.debug('Configuration after reading stream: %s', config)
+
+    config['context'] = {
+        'branch': env.get('BRANCH'),
+        'change': env.get('CHANGE'),
+        'commit': env.get('COMMIT'),
+        'ps': env.get('PATCHSET'),
+    }
+
+    LOG.info('Final configuration: %s', config)
+
+    return config
+
+
+def build_tags(config):
+    tags = config.get('tags', {}).get('static', [])
+    LOG.debug('Dynamic tags: %s', tags)
+    tags.extend(build_dynamic_tags(config))
+    LOG.info('All tags: %s', tags)
+    return tags
+
+
+def build_dynamic_tags(config):
+    dynamic_tags = []
+
+    dynamic_tags.extend(_build_branch_tag(config))
+    dynamic_tags.extend(_build_commit_tag(config))
+    dynamic_tags.extend(_build_ps_tag(config))
+
+    return dynamic_tags
+
+
+def _build_branch_tag(config):
+    if _valid_dg(config, 'branch'):
+        return [config['context']['branch']]
+    else:
+        return []
+
+
+def _build_commit_tag(config):
+    if _valid_dg(config, 'commit'):
+        return [config['context']['commit']]
+    else:
+        return []
+
+
+def _build_ps_tag(config):
+    if _valid_dg(config, 'patch_set', 'change') and _valid_dg(
+            config, 'patch_set', 'ps'):
+        return [
+            '%s-%s' % (config['context']['change'], config['context']['ps'])
+        ]
+    else:
+        return []
+
+
+def _valid_dg(config, dynamic_tag, context_name=None):
+    if context_name is None:
+        context_name = dynamic_tag
+
+    if config.get('tags', {}).get('dynamic', {}).get(dynamic_tag):
+        if config.get('context', {}).get(context_name):
+            return True
+        else:
+            raise TagGenExeception('Dynamic tag "%s" requested, but "%s"'
+                                   ' not found in context' % (dynamic_tag,
+                                                              context_name))
+    else:
+        return False
+
+
+def main():
+    config = read_config(sys.stdin, os.environ)
+    tags = build_tags(config)
+
+    for tag in tags:
+        print(tag)
+
+
+if __name__ == '__main__':
+    logging.basicConfig(format=LOG_FORMAT, level=logging.WARNING)
+    try:
+        main()
+    except TagGenExeception:
+        LOG.exception('Failed to generate tags')
+        sys.exit(1)
+    except Exception:
+        LOG.exception('Unexpected exception')
+        sys.exit(2)