[CI] split container-images-pull-verify-push in two
This commit is contained in:
parent
f1f495381c
commit
0e714df490
|
@ -12,10 +12,13 @@ variables:
|
||||||
- &buildx_image 'woodpeckerci/plugin-docker-buildx:2.0.0'
|
- &buildx_image 'woodpeckerci/plugin-docker-buildx:2.0.0'
|
||||||
- &integration_image 'codeberg.org/forgejo-integration/forgejo'
|
- &integration_image 'codeberg.org/forgejo-integration/forgejo'
|
||||||
- &dockerfile_root 'Dockerfile'
|
- &dockerfile_root 'Dockerfile'
|
||||||
|
# for testing purposes
|
||||||
# - &dockerfile_root 'releases/Dockerfile'
|
# - &dockerfile_root 'releases/Dockerfile'
|
||||||
- &dockerfile_rootless 'Dockerfile.rootless'
|
- &dockerfile_rootless 'Dockerfile.rootless'
|
||||||
|
# for testing purposes
|
||||||
# - &dockerfile_rootless 'releases/Dockerfile-rootless'
|
# - &dockerfile_rootless 'releases/Dockerfile-rootless'
|
||||||
- &verify 'true'
|
- &verify 'true'
|
||||||
|
# for testing purposes
|
||||||
# - &verify 'false'
|
# - &verify 'false'
|
||||||
- &archs 'amd64 arm64'
|
- &archs 'amd64 arm64'
|
||||||
|
|
||||||
|
@ -27,7 +30,7 @@ pipeline:
|
||||||
- git config --add safe.directory '*'
|
- git config --add safe.directory '*'
|
||||||
- git fetch --tags --force
|
- git fetch --tags --force
|
||||||
|
|
||||||
publish-root:
|
build-root:
|
||||||
image: *buildx_image
|
image: *buildx_image
|
||||||
group: integration
|
group: integration
|
||||||
pull: true
|
pull: true
|
||||||
|
@ -45,7 +48,7 @@ pipeline:
|
||||||
username:
|
username:
|
||||||
from_secret: releaseteamuser
|
from_secret: releaseteamuser
|
||||||
|
|
||||||
publish-rootless:
|
build-rootless:
|
||||||
image: *buildx_image
|
image: *buildx_image
|
||||||
group: integration
|
group: integration
|
||||||
pull: true
|
pull: true
|
||||||
|
|
|
@ -16,8 +16,8 @@ pipeline:
|
||||||
# arm64 would require qemu-user-static which is not available on alpline
|
# arm64 would require qemu-user-static which is not available on alpline
|
||||||
# the test coverage does not change much and running the tests test locally
|
# the test coverage does not change much and running the tests test locally
|
||||||
# is possible if there is a doubt
|
# is possible if there is a doubt
|
||||||
- ARCHS=amd64 ./releases/container-images-pull-verify-push.sh test
|
- ARCHS=amd64 ./releases/container-images-pull-verify-push-test.sh test
|
||||||
- ./releases/container-images-pull-verify-push.sh test_teardown
|
- ./releases/container-images-pull-verify-push-test.sh test_teardown
|
||||||
secrets:
|
secrets:
|
||||||
- releaseteamuser
|
- releaseteamuser
|
||||||
- releaseteamtoken
|
- releaseteamtoken
|
||||||
|
|
|
@ -0,0 +1,74 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#
|
||||||
|
# Tests are run when on a wip-ci-* branch, see .woodpecker/releases-helper.yml
|
||||||
|
# It should be changed to run it every time this file is changed when 1.18 is used because 1.17 does not have
|
||||||
|
# webhooks with the information for that filtering.
|
||||||
|
#
|
||||||
|
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
image_delete() {
|
||||||
|
curl -sS -H "Authorization: token $token" -X DELETE https://$DOMAIN/v2/$1/forgejo/manifests/$2
|
||||||
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Create the same set of images that buildx would
|
||||||
|
#
|
||||||
|
test_setup() {
|
||||||
|
dir=$(dirname $0)
|
||||||
|
|
||||||
|
for suffix in '' '-rootless' ; do
|
||||||
|
(
|
||||||
|
cd $dir
|
||||||
|
manifests=""
|
||||||
|
for arch in $ARCHS ; do
|
||||||
|
image=$(arch_image_name $INTEGRATION_USER $arch $suffix)
|
||||||
|
docker build -f Dockerfile$suffix --platform linux/$arch -t $image .
|
||||||
|
docker push $image
|
||||||
|
images="$images $image"
|
||||||
|
done
|
||||||
|
manifest=$(image_name $INTEGRATION_USER $suffix)
|
||||||
|
docker manifest rm $manifest || true
|
||||||
|
docker manifest create $manifest $images
|
||||||
|
image_put $INTEGRATION_USER $(image_tag $suffix) $manifest
|
||||||
|
)
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
test_teardown() {
|
||||||
|
authenticate
|
||||||
|
for suffix in '' '-rootless' ; do
|
||||||
|
image_delete $INTEGRATION_USER $(image_tag $suffix)
|
||||||
|
image_delete $CI_REPO_OWNER $(image_tag $suffix)
|
||||||
|
image_delete $CI_REPO_OWNER $(short_image_tag $suffix)
|
||||||
|
for arch in $ARCHS ; do
|
||||||
|
image_delete $INTEGRATION_USER $(arch_image_tag $arch $suffix)
|
||||||
|
image_delete $CI_REPO_OWNER $(arch_image_tag $arch $suffix)
|
||||||
|
done
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Running the test locally instead of withing Woodpecker
|
||||||
|
#
|
||||||
|
# 1. Setup: obtain a token at https://codeberg.org/user/settings/applications
|
||||||
|
# 2. Run: RELEASETEAMUSER=<username> RELEASETEAMTOKEn=<apptoken> container-images-pull-verify-push.sh test
|
||||||
|
# 3. Verify: (optional) manual verification at https://codeberg.org/<username>/-/packages/container/forgejo/versions
|
||||||
|
# 4. Cleanup: RELEASETEAMUSER=<username> RELEASETEAMTOKEn=<apptoken> container-images-pull-verify-push.sh test_teardown
|
||||||
|
#
|
||||||
|
test() {
|
||||||
|
boot
|
||||||
|
test_teardown
|
||||||
|
test_setup
|
||||||
|
VERIFY_STRING=something
|
||||||
|
VERIFY_COMMAND="echo $VERIFY_STRING"
|
||||||
|
echo "================================ TEST BEGIN"
|
||||||
|
main
|
||||||
|
echo "================================ TEST END"
|
||||||
|
}
|
||||||
|
|
||||||
|
: ${CI_REPO_OWNER:=dachary}
|
||||||
|
: ${CI_COMMIT_TAG:=v17.1.42-2}
|
||||||
|
|
||||||
|
. $(dirname $0)/container-images-pull-verify-push.sh
|
|
@ -1,22 +1,13 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
#
|
|
||||||
# Tests are run when on a wip-ci-* branch, see .woodpecker/releases-helper.yml
|
|
||||||
# It should be changed to run it every time this file is changed when 1.18 is used because 1.17 does not have
|
|
||||||
# webhooks with the information for that filtering.
|
|
||||||
#
|
|
||||||
|
|
||||||
set -ex
|
set -ex
|
||||||
|
|
||||||
: ${DOCKER_HOST:=unix:///var/run/docker.sock}
|
: ${DOCKER_HOST:=unix:///var/run/docker.sock}
|
||||||
: ${ARCHS:=amd64 arm64}
|
: ${ARCHS:=amd64 arm64}
|
||||||
: ${INTEGRATION_USER:=forgejo-integration}
|
: ${INTEGRATION_USER:=forgejo-integration}
|
||||||
: ${INTEGRATION_IMAGE:=codeberg.org/$INTEGRATION_USER/forgejo}
|
: ${INTEGRATION_IMAGE:=codeberg.org/$INTEGRATION_USER/forgejo}
|
||||||
: ${CI_REPO_OWNER:=dachary}
|
|
||||||
: ${CI_COMMIT_TAG:=v17.1.42-2}
|
|
||||||
: ${TAG:=${CI_COMMIT_TAG##v}}
|
: ${TAG:=${CI_COMMIT_TAG##v}}
|
||||||
: ${SHORT_TAG=${TAG%.*-*}}
|
: ${SHORT_TAG=${TAG%.*-*}}
|
||||||
: ${CI_REPO_LINK:=https://codeberg.org/dachary/forgejo}
|
|
||||||
: ${DOMAIN:=codeberg.org}
|
: ${DOMAIN:=codeberg.org}
|
||||||
|
|
||||||
: ${VERIFY:=true}
|
: ${VERIFY:=true}
|
||||||
|
@ -86,10 +77,6 @@ authenticate() {
|
||||||
token=$(curl -u$RELEASETEAMUSER:$RELEASETEAMTOKEN -sS https://$DOMAIN/v2/token | jq --raw-output .token)
|
token=$(curl -u$RELEASETEAMUSER:$RELEASETEAMTOKEN -sS https://$DOMAIN/v2/token | jq --raw-output .token)
|
||||||
}
|
}
|
||||||
|
|
||||||
image_delete() {
|
|
||||||
curl -sS -H "Authorization: token $token" -X DELETE https://$DOMAIN/v2/$1/forgejo/manifests/$2
|
|
||||||
}
|
|
||||||
|
|
||||||
image_put() {
|
image_put() {
|
||||||
docker manifest inspect $3 > /tmp/manifest.json
|
docker manifest inspect $3 > /tmp/manifest.json
|
||||||
curl -sS -H "Authorization: token $token" -X PUT --data-binary @/tmp/manifest.json https://$DOMAIN/v2/$1/forgejo/manifests/$2
|
curl -sS -H "Authorization: token $token" -X PUT --data-binary @/tmp/manifest.json https://$DOMAIN/v2/$1/forgejo/manifests/$2
|
||||||
|
@ -125,60 +112,4 @@ arch_image_tag() {
|
||||||
echo $TAG-$1$2
|
echo $TAG-$1$2
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
|
||||||
# Create the same set of images that buildx would
|
|
||||||
#
|
|
||||||
test_setup() {
|
|
||||||
dir=$(dirname $0)
|
|
||||||
|
|
||||||
for suffix in '' '-rootless' ; do
|
|
||||||
(
|
|
||||||
cd $dir
|
|
||||||
manifests=""
|
|
||||||
for arch in $ARCHS ; do
|
|
||||||
image=$(arch_image_name $INTEGRATION_USER $arch $suffix)
|
|
||||||
docker build -f Dockerfile$suffix --platform linux/$arch -t $image .
|
|
||||||
docker push $image
|
|
||||||
images="$images $image"
|
|
||||||
done
|
|
||||||
manifest=$(image_name $INTEGRATION_USER $suffix)
|
|
||||||
docker manifest rm $manifest || true
|
|
||||||
docker manifest create $manifest $images
|
|
||||||
image_put $INTEGRATION_USER $(image_tag $suffix) $manifest
|
|
||||||
)
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
test_teardown() {
|
|
||||||
authenticate
|
|
||||||
for suffix in '' '-rootless' ; do
|
|
||||||
image_delete $INTEGRATION_USER $(image_tag $suffix)
|
|
||||||
image_delete $CI_REPO_OWNER $(image_tag $suffix)
|
|
||||||
image_delete $CI_REPO_OWNER $(short_image_tag $suffix)
|
|
||||||
for arch in $ARCHS ; do
|
|
||||||
image_delete $INTEGRATION_USER $(arch_image_tag $arch $suffix)
|
|
||||||
image_delete $CI_REPO_OWNER $(arch_image_tag $arch $suffix)
|
|
||||||
done
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
|
||||||
# Running the test locally instead of withing Woodpecker
|
|
||||||
#
|
|
||||||
# 1. Setup: obtain a token at https://codeberg.org/user/settings/applications
|
|
||||||
# 2. Run: RELEASETEAMUSER=<username> RELEASETEAMTOKEn=<apptoken> container-images-pull-verify-push.sh test
|
|
||||||
# 3. Verify: (optional) manual verification at https://codeberg.org/<username>/-/packages/container/forgejo/versions
|
|
||||||
# 4. Cleanup: RELEASETEAMUSER=<username> RELEASETEAMTOKEn=<apptoken> container-images-pull-verify-push.sh test_teardown
|
|
||||||
#
|
|
||||||
test() {
|
|
||||||
boot
|
|
||||||
test_teardown
|
|
||||||
test_setup
|
|
||||||
VERIFY_STRING=something
|
|
||||||
VERIFY_COMMAND="echo $VERIFY_STRING"
|
|
||||||
echo "================================ TEST BEGIN"
|
|
||||||
main
|
|
||||||
echo "================================ TEST END"
|
|
||||||
}
|
|
||||||
|
|
||||||
${@:-main}
|
${@:-main}
|
||||||
|
|
Loading…
Reference in New Issue