Browse Source

Merge "docker: add ability to restrict repository names"

changes/63/632163/1
Zuul 5 months ago
parent
commit
cb54c59577

+ 10
- 1
roles/build-docker-image/common.rst View File

@@ -54,7 +54,16 @@ using this role.
54 54
 
55 55
    .. zuul:rolevar:: password
56 56
 
57
-      The Docker Hub password
57
+      The Docker Hub password.
58
+
59
+   .. zuul:rolevar:: repository
60
+
61
+      Optional; if supplied this is a regular expression which
62
+      restricts to what repositories the image may be uploaded.  The
63
+      following example allows projects to upload images to
64
+      repositories within an organization based on their own names::
65
+
66
+        repository: "^myorgname/{{ zuul.project.short_name }}.*"
58 67
 
59 68
 .. zuul:rolevar:: docker_images
60 69
    :type: list

+ 7
- 0
roles/promote-docker-image/tasks/main.yaml View File

@@ -1,3 +1,10 @@
1
+- name: Verify repository names
2
+  when: |
3
+    docker_credentials.repository is defined
4
+    and not item.repository | regex_search(docker_credentials.repository)
5
+  loop: "{{ docker_images }}"
6
+  fail:
7
+    msg: "{{ item.repository }} not permitted by {{ docker_credentials.repository }}"
1 8
 # This is used by the delete tasks
2 9
 - name: Get dockerhub JWT token
3 10
   no_log: true

+ 7
- 0
roles/upload-docker-image/tasks/main.yaml View File

@@ -1,3 +1,10 @@
1
+- name: Verify repository names
2
+  when: |
3
+    docker_credentials.repository is defined
4
+    and not item.repository | regex_search(docker_credentials.repository)
5
+  loop: "{{ docker_images }}"
6
+  fail:
7
+    msg: "{{ item.repository }} not permitted by {{ docker_credentials.repository }}"
1 8
 - name: Log in to dockerhub
2 9
   command: "docker login -u {{ docker_credentials.username }} -p {{ docker_credentials.password }}"
3 10
   no_log: true

Loading…
Cancel
Save