# This can be removed if we add this functionality to Zuul directly
- name: Load information from zuul_return
  when: buildset_registry is not defined
  set_fact:
    buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}"
- name: Ensure registry cert directory exists
  file:
    path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/"
    state: directory
- name: Write registry TLS certificate
  copy:
    content: "{{ buildset_registry.cert }}"
    dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt"
- name: Pull artifact from intermediate registry
  command: >-
    skopeo --insecure-policy copy
    --src-creds={{ intermediate_registry.username }}:{{ intermediate_registry.password }}
    --dest-creds={{ buildset_registry.username }}:{{ buildset_registry.password }}
    {{ item.url }}
    docker://{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ item.metadata.repository }}:{{ item.metadata.tag }}
  when: "item.metadata.type | default('') == 'container_image'"
  loop: "{{ zuul.artifacts | default([]) }}"
  # no_log: true  TODO(corvus): replace