From 1bd02aa398593dfd00a8323a1b5a8840e4b66e49 Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Wed, 10 May 2023 14:37:53 -0700
Subject: [PATCH] Migrate gerrit images to quay.io

Review03.o.o is running gerrit with podman which means we can now host
the gerrit images on quay and not give up speculative testing. Switch to
quay to reduce our reliance on docker hub and its limited rate limits.

Depends-On: https://review.opendev.org/c/opendev/system-config/+/947759
Change-Id: I22085b08783ad17010fae9ad008934a7144a6478
---
 docker/gerrit/bazel/Dockerfile                |  2 +-
 playbooks/roles/gerrit/defaults/main.yaml     |  2 +-
 playbooks/zuul/gerrit/run.yaml                |  4 +-
 .../host_vars/review99.opendev.org.yaml.j2    |  2 +-
 playbooks/zuul/upgrade-review.yaml            |  6 +-
 zuul.d/docker-images/gerrit.yaml              | 72 +++++++++++++------
 6 files changed, 60 insertions(+), 28 deletions(-)

diff --git a/docker/gerrit/bazel/Dockerfile b/docker/gerrit/bazel/Dockerfile
index 4031001093..01ecae72e0 100644
--- a/docker/gerrit/bazel/Dockerfile
+++ b/docker/gerrit/bazel/Dockerfile
@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM docker.io/opendevorg/gerrit-base as gerrit
+FROM quay.io/opendevorg/gerrit-base as gerrit
 
 COPY bazel-bin/release.war /var/gerrit/bin/gerrit.war
 
diff --git a/playbooks/roles/gerrit/defaults/main.yaml b/playbooks/roles/gerrit/defaults/main.yaml
index f1c3474d69..c3922f648d 100644
--- a/playbooks/roles/gerrit/defaults/main.yaml
+++ b/playbooks/roles/gerrit/defaults/main.yaml
@@ -7,7 +7,7 @@ gerrit_run_init: false
 gerrit_run_init_dev_mode: false
 gerrit_run_reindex: false
 gerrit_packed_git_open_files: 4096
-gerrit_container_image: docker.io/opendevorg/gerrit:3.10
+gerrit_container_image: quay.io/opendevorg/gerrit:3.10
 gerrit_container_volumes:
   - /home/gerrit2/.launchpadlib:/var/gerrit/.launchpadlib
   - /home/gerrit2/.ssh:/var/gerrit/.ssh
diff --git a/playbooks/zuul/gerrit/run.yaml b/playbooks/zuul/gerrit/run.yaml
index 0dd1e081fb..c43d4c8d90 100644
--- a/playbooks/zuul/gerrit/run.yaml
+++ b/playbooks/zuul/gerrit/run.yaml
@@ -55,9 +55,9 @@
             - static/usg-cla.html
             - plugins/opendev-theme-plugin.js
 
-    - name: Build docker image
+    - name: Build container image
       include_role:
-        name: build-docker-image
+        name: build-container-image
 
 - hosts: localhost
   roles:
diff --git a/playbooks/zuul/templates/host_vars/review99.opendev.org.yaml.j2 b/playbooks/zuul/templates/host_vars/review99.opendev.org.yaml.j2
index 80b36efe77..6ccae462d5 100644
--- a/playbooks/zuul/templates/host_vars/review99.opendev.org.yaml.j2
+++ b/playbooks/zuul/templates/host_vars/review99.opendev.org.yaml.j2
@@ -200,7 +200,7 @@ gerrit_run_init_dev_mode: true
 gerrit_storyboard_token: 52514e74-4b8f-4d6d-a29a-a6262f97578a
 gerrit_email_private_key: wjpkxebohgbid6rpuwpfrYsouxpgseluqir6yupppBczoezj
 gerrit_rest_token_private_key: A83fAC8x72wxcu
-gerrit_container_image: "docker.io/opendevorg/gerrit:{{ zuul_test_gerrit_version | default('3.10') }}"
+gerrit_container_image: "quay.io/opendevorg/gerrit:{{ zuul_test_gerrit_version | default('3.10') }}"
 gerrit_under_test: true
 gerrit_launchpad_auth:
   access_token: 'token'
diff --git a/playbooks/zuul/upgrade-review.yaml b/playbooks/zuul/upgrade-review.yaml
index 1f49cd94e7..c49b0b4ba1 100644
--- a/playbooks/zuul/upgrade-review.yaml
+++ b/playbooks/zuul/upgrade-review.yaml
@@ -7,7 +7,7 @@
 - name: Ensure initial gerrit state without starting Gerrit
   import_playbook: ../service-review.yaml
   vars:
-    gerrit_container_image: docker.io/opendevorg/gerrit:3.10
+    gerrit_container_image: quay.io/opendevorg/gerrit:3.10
     gerrit_run_init: false
     gerrit_run_reindex: false
     gerrit_run_compose_up: false
@@ -35,7 +35,7 @@
 - name: Start Gerrit on the old version of Gerrit
   import_playbook: ../service-review.yaml
   vars:
-    gerrit_container_image: docker.io/opendevorg/gerrit:3.10
+    gerrit_container_image: quay.io/opendevorg/gerrit:3.10
 
 - hosts: "review:!disabled"
   name: "Wait for gerrit to be up and running"
@@ -84,7 +84,7 @@
 - name: Perform gerrit upgrade
   import_playbook: ../service-review.yaml
   vars:
-    gerrit_container_image: docker.io/opendevorg/gerrit:3.11
+    gerrit_container_image: quay.io/opendevorg/gerrit:3.11
     gerrit_run_init: true
     # Gerrit 3.10 -> 3.11 upgrade does not require an offline reindex
     gerrit_run_reindex: false
diff --git a/zuul.d/docker-images/gerrit.yaml b/zuul.d/docker-images/gerrit.yaml
index 6df238bf2b..fc9c3f050a 100644
--- a/zuul.d/docker-images/gerrit.yaml
+++ b/zuul.d/docker-images/gerrit.yaml
@@ -2,7 +2,7 @@
 - job:
     name: system-config-build-image-gerrit-base
     description: Build a gerrit-base image.
-    parent: system-config-build-image
+    parent: system-config-build-container-image
     required-projects: &gerrit_base_projects
       - opendev/jeepyb
       - opendev/system-config
@@ -13,10 +13,18 @@
     pre-run: &gerrit-base_prerun
       - playbooks/zuul/gerrit/base.yaml
     vars: &gerrit-base_vars
-      docker_images:
+      promote_container_image_job: system-config-upload-image-gerrit-base
+      container_images:
         - context: docker/gerrit/base
-          repository: opendevorg/gerrit-base
+          registry: quay.io
+          repository: quay.io/opendevorg/gerrit-base
+          namespace: opendevorg
+          repo_shortname: gerrit-base
+          repo_description: >
+            A base image used by the OpenDev collaboratory to build its
+            production Gerrit image
           path: /home/zuul/src/opendev.org/opendev/jeepyb
+          container_filename: Dockerfile
     files: &gerrit-base_files
       - docker/gerrit/base/
       - roles/bazelisk-build/
@@ -26,7 +34,7 @@
 - job:
     name: system-config-upload-image-gerrit-base
     description: Build and upload a gerrit-base image.
-    parent: system-config-upload-image
+    parent: system-config-upload-container-image
     requires:
       - python-builder-3.11-bookworm-container-image
       - python-base-3.11-bookworm-container-image
@@ -39,7 +47,7 @@
 - job:
     name: system-config-promote-image-gerrit-base
     description: Promote a previously published gerrit-base image to latest.
-    parent: system-config-promote-image
+    parent: system-config-promote-container-image
     required-projects: *gerrit_base_projects
     vars: *gerrit-base_vars
     files: *gerrit-base_files
@@ -48,7 +56,7 @@
 - job:
     name: system-config-build-image-gerrit-3.10
     description: Build a gerrit image.
-    parent: system-config-build-image
+    parent: system-config-build-container-image
     pre-run:
       - playbooks/zuul/gerrit/repos.yaml
       - playbooks/zuul/gerrit/submodules.yaml
@@ -100,11 +108,19 @@
       - name: gerrit.googlesource.com/polymer-bridges
         override-checkout: v3.10.5
     vars: &gerrit_vars_3_10
-      docker_images:
+      promote_container_image_job: system-config-upload-image-gerrit-3.10
+      container_images:
         - context: docker/gerrit/bazel
-          repository: opendevorg/gerrit
+          registry: quay.io
+          repository: quay.io/opendevorg/gerrit
+          namespace: opendevorg
+          repo_shortname: gerrit
+          repo_description: >
+            A Gerrit image used by the OpenDev collaboratory to run its
+            production instance of Gerrit
           target: gerrit
           path: /home/zuul/src/gerrit.googlesource.com/gerrit
+          container_filename: Dockerfile
           tags:
             - '3.10'
     files: &gerrit_files_3_10
@@ -119,7 +135,7 @@
 - job:
     name: system-config-upload-image-gerrit-3.10
     description: Build and upload a gerrit image.
-    parent: system-config-upload-image
+    parent: system-config-upload-container-image
     pre-run:
       - playbooks/zuul/gerrit/repos.yaml
       - playbooks/zuul/gerrit/submodules.yaml
@@ -133,7 +149,7 @@
 - job:
     name: system-config-promote-image-gerrit-3.10
     description: Promote a previously published gerrit image to latest.
-    parent: system-config-promote-image
+    parent: system-config-promote-container-image
     vars: *gerrit_vars_3_10
     files: *gerrit_files_3_10
 
@@ -141,7 +157,7 @@
 - job:
     name: system-config-build-image-gerrit-3.11
     description: Build a gerrit image.
-    parent: system-config-build-image
+    parent: system-config-build-container-image
     pre-run:
       - playbooks/zuul/gerrit/repos.yaml
       - playbooks/zuul/gerrit/submodules.yaml
@@ -193,11 +209,19 @@
       - name: gerrit.googlesource.com/polymer-bridges
         override-checkout: v3.11.2
     vars: &gerrit_vars_3_11
-      docker_images:
+      promote_container_image_job: system-config-upload-image-gerrit-3.11
+      container_images:
         - context: docker/gerrit/bazel
-          repository: opendevorg/gerrit
+          registry: quay.io
+          repository: quay.io/opendevorg/gerrit
+          namespace: opendevorg
+          repo_shortname: gerrit
+          repo_description: >
+            A Gerrit image used by the OpenDev collaboratory to run its
+            production instance of Gerrit
           target: gerrit
           path: /home/zuul/src/gerrit.googlesource.com/gerrit
+          container_filename: Dockerfile
           tags:
             - '3.11'
     files: &gerrit_files_3_11
@@ -212,7 +236,7 @@
 - job:
     name: system-config-upload-image-gerrit-3.11
     description: Build and upload a gerrit image.
-    parent: system-config-upload-image
+    parent: system-config-upload-container-image
     pre-run:
       - playbooks/zuul/gerrit/repos.yaml
       - playbooks/zuul/gerrit/submodules.yaml
@@ -226,7 +250,7 @@
 - job:
     name: system-config-promote-image-gerrit-3.11
     description: Promote a previously published gerrit image to latest.
-    parent: system-config-promote-image
+    parent: system-config-promote-container-image
     vars: *gerrit_vars_3_11
     files: *gerrit_files_3_11
 
@@ -237,7 +261,7 @@
       Build a gerrit image.
 
       This job has no files matchers so it can be used in other repos.
-    parent: system-config-build-image
+    parent: system-config-build-container-image
     pre-run:
       - playbooks/zuul/gerrit/repos.yaml
       - playbooks/zuul/gerrit/submodules.yaml
@@ -271,11 +295,19 @@
       - gerrit.googlesource.com/polymer-bridges
     vars: &gerrit_vars_master
       zuul_work_dir: src/opendev.org/opendev/system-config
-      docker_images:
+      promote_container_image_job: system-config-upload-image-gerrit-master
+      container_images:
         - context: docker/gerrit/bazel
-          repository: opendevorg/gerrit
+          registry: quay.io
+          repository: quay.io/opendevorg/gerrit
+          namespace: opendevorg
+          repo_shortname: gerrit
+          repo_description: >
+            A Gerrit image used by the OpenDev collaboratory to run its
+            production instance of Gerrit
           target: gerrit
           path: /home/zuul/src/gerrit.googlesource.com/gerrit
+          container_filename: Dockerfile
           tags:
             - master
       gerrit_additional_plugins:
@@ -298,7 +330,7 @@
 - job:
     name: system-config-upload-image-gerrit-master
     description: Build and upload a gerrit image.
-    parent: system-config-upload-image
+    parent: system-config-upload-container-image
     pre-run:
       - playbooks/zuul/gerrit/repos.yaml
       - playbooks/zuul/gerrit/submodules.yaml
@@ -312,7 +344,7 @@
 - job:
     name: system-config-promote-image-gerrit-master
     description: Promote a previously published gerrit image to latest.
-    parent: system-config-promote-image
+    parent: system-config-promote-container-image
     vars: *gerrit_vars_master
     files: *gerrit_files_master