Browse Source

Merge "Add intermediate registry push/pull roles"

changes/70/636870/1
Zuul 3 months ago
parent
commit
8040e3db08

+ 62
- 0
roles/pull-from-intermediate-registry/README.rst View File

@@ -0,0 +1,62 @@
1
+Pull artifacts from the intermediate registry
2
+
3
+This role will pull any artifacts built for changes ahead of this
4
+change which have been placed in an intermediate registry into the
5
+buildset registry for this buildset.
6
+
7
+Run this in a trusted pre-playbook at the start of a job (which, in
8
+the case of multiple dependent jobs in a buildset, should be at the
9
+root of the job dependency graph).
10
+
11
+This requires the :zuul:role:`run-buildset-registry` role already
12
+applied.  It also requires an externally managed "intermediate"
13
+registry operating for the use of Zuul, and it requires "skopeo" to be
14
+installed on the Zuul executors.
15
+
16
+**Role Variables**
17
+
18
+.. zuul:rolevar:: buildset_registry
19
+
20
+   Information about the registry, as returned by
21
+   :zuul:role:`run-buildset-registry`.
22
+
23
+   .. zuul:rolevar:: host
24
+
25
+      The host (IP address) of the registry.
26
+
27
+   .. zuul:rolevar:: port
28
+
29
+      The port on which the registry is listening.
30
+
31
+   .. zuul:rolevar:: username
32
+
33
+      The username used to access the registry via HTTP basic auth.
34
+
35
+   .. zuul:rolevar:: password
36
+
37
+      The password used to access the registry via HTTP basic auth.
38
+
39
+   .. zuul:rolevar:: cert
40
+
41
+      The (self-signed) certificate used by the registry.
42
+
43
+.. zuul:rolevar:: intermediate_registry
44
+
45
+   Information about the registry.  This is expected to be provided as
46
+   a secret.
47
+
48
+   .. zuul:rolevar:: host
49
+
50
+      The host (IP address) of the registry.
51
+
52
+   .. zuul:rolevar:: port
53
+
54
+      The port on which the registry is listening.
55
+
56
+   .. zuul:rolevar:: username
57
+
58
+      The username used to access the registry via HTTP basic auth.
59
+
60
+   .. zuul:rolevar:: password
61
+
62
+      The password used to access the registry via HTTP basic auth.

+ 10
- 0
roles/pull-from-intermediate-registry/tasks/main.yaml View File

@@ -0,0 +1,10 @@
1
+- name: Pull artifact from intermediate registry
2
+  command: >-
3
+    skopeo copy
4
+    --src-creds={{ intermediate_registry.username }}:{{ intermediate_registry.password }}
5
+    --dest-creds={{ buildset_registry.username }}:{{ buildset_registry.password }}
6
+    {{ item.url }}
7
+    docker://{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ item.metadata.repository }}:{{ item.metadata.tag }}
8
+  when: "item.metadata.type | default('') == 'container_image'"
9
+  loop: "{{ zuul.artifacts }}"
10
+  no_log: true

+ 75
- 0
roles/push-to-intermediate-registry/README.rst View File

@@ -0,0 +1,75 @@
1
+Push artifacts to the intermediate registry
2
+
3
+This role will push any images built by
4
+:zuul:role:`build-docker-image` into an intermediate registry.
5
+
6
+Run this in a trusted post-playbook at the end of a job after the
7
+image build.
8
+
9
+This requires the :zuul:role:`run-buildset-registry` role already
10
+applied.  It also requires an externally managed "intermediate"
11
+registry operating for the use of Zuul, and it requires "skopeo" to be
12
+installed on the Zuul executors.
13
+
14
+**Role Variables**
15
+
16
+.. zuul:rolevar:: buildset_registry
17
+
18
+   Information about the registry, as returned by
19
+   :zuul:role:`run-buildset-registry`.
20
+
21
+   .. zuul:rolevar:: host
22
+
23
+      The host (IP address) of the registry.
24
+
25
+   .. zuul:rolevar:: port
26
+
27
+      The port on which the registry is listening.
28
+
29
+   .. zuul:rolevar:: username
30
+
31
+      The username used to access the registry via HTTP basic auth.
32
+
33
+   .. zuul:rolevar:: password
34
+
35
+      The password used to access the registry via HTTP basic auth.
36
+
37
+   .. zuul:rolevar:: cert
38
+
39
+      The (self-signed) certificate used by the registry.
40
+
41
+.. zuul:rolevar:: intermediate_registry
42
+
43
+   Information about the registry.  This is expected to be provided as
44
+   a secret.
45
+
46
+   .. zuul:rolevar:: host
47
+
48
+      The host (IP address) of the registry.
49
+
50
+   .. zuul:rolevar:: port
51
+
52
+      The port on which the registry is listening.
53
+
54
+   .. zuul:rolevar:: username
55
+
56
+      The username used to access the registry via HTTP basic auth.
57
+
58
+   .. zuul:rolevar:: password
59
+
60
+      The password used to access the registry via HTTP basic auth.
61
+
62
+.. zuul:rolevar:: docker_images
63
+   :type: list
64
+
65
+   A list of images built.  Each item in the list should have:
66
+
67
+   .. zuul:rolevar:: repository
68
+
69
+      The name of the target repository for the image.
70
+
71
+   .. zuul:rolevar:: tags
72
+      :type: list
73
+      :default: ['latest']
74
+
75
+      A list of tags to be added to the image.

+ 5
- 0
roles/push-to-intermediate-registry/tasks/main.yaml View File

@@ -0,0 +1,5 @@
1
+- name: Push image to intermediate registry
2
+  include_tasks: push.yaml
3
+  loop: docker_images
4
+  loop_control:
5
+    loop_var: image

+ 26
- 0
roles/push-to-intermediate-registry/tasks/push.yaml View File

@@ -0,0 +1,26 @@
1
+- name: Push tag to intermediate registry
2
+  command: >-
3
+    skopeo copy
4
+    --src-creds={{ buildset_registry.username }}:{{ buildset_registry.password }}
5
+    --dest-creds={{ intermediate_registry.username }}:{{ intermediate_registry.password }}
6
+    docker://{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }}
7
+    docker://{{ intermediate_registry.hostname }}:{{ intermediate_registry.port}}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag}}
8
+  loop: "{{ image.tags }}"
9
+  loop_control:
10
+    loop_var: image_tag
11
+  no_log: true
12
+
13
+- name: Return artifact to Zuul
14
+  zuul_return:
15
+    data:
16
+      zuul:
17
+        artifacts:
18
+          "image_{{ image.repository }}:{{ image_tag }}":
19
+            url: "docker://{{ intermediate_registry.hostname }}:{{ intermediate_registry.port}}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag}}"
20
+            metadata:
21
+              type: container_image
22
+              repository: "{{ image.repository }}"
23
+              tag: "{{ image_tag }}"
24
+  loop: "{{ image.tags }}"
25
+  loop_control:
26
+    loop_var: image_tag

Loading…
Cancel
Save