This uses the generic tag removal role added with
I7f2d9d00024e34451e2d20b2c2f8171ecd151943 to cleanup the promote tag
and any leaked tags.
Change-Id: I3f1b82d63874ee886048b9ccabe616a60dc09434
After recent conversations, we've come to the conclusion it will be
good to have two models of promotion
- using tags, where gate directly uploads to the final repository and
promote retags the image.
- from an intermediate-registry, where upload stores the built image
in an i-r and the promote step uploads to the final registry.
To facilitate this, we add a "promote_container_image_method" flag to
the promote roles.
The documentation is expanded to explain how all this is intended to
work together.
These roles haven't been publicised yet, but this should be a no-op as
it defaults to tags, which is the current operation.
c.f. Ia24bbd101e01ab371ceacfed006b5ff806418a97
Change-Id: I1c25f60f835b1cab983bcdd169eeffc0e250a56c
As noted inline, currently promote-image-container uses skopeo to
delete tags which is not the semantics we want. This results in the
whole image being removed.
For safety we remove this call; we have two solutions in follow-ons
(deleting tags directly from the registry with a generic tag, and
promoting images from the intermediate registry).
Change-Id: I4b257f593275413da9a50a0cc64e13638e7f94cb
We don't seem to have a policy file available in zuul-bwrap, but
we also don't really need it for this operation, so just tell skopeo
to skip it.
Also, fix the registry logout command.
Change-Id: I18ad59ffa8e8e80a720e798ab2bb81ea5d19619a
The docker roles perform permission checks to verify that the
owner of the credential is okay with a job uploading to a given
repo. The container roles document that they perform the same
check, but that wasn't implemented. This change implements it.
Change-Id: I1fa7ad985664688de76f0fcc280fbfea4f02fb7c
This role uses skopeo to perform image operations.
Also update the container roles docs to add missing documentation
for the already existing upload-container-image role. Clarify
some ambiguity about the registry and repository attributes of
the container images data structure.
Change-Id: Ib66c85daf0edacf0dd797ab34b0d629f99c7111b
Co-Authored-By: James E. Blair <jim@acmegating.com>