mirror of
1
Fork 0

[CI] split container-images-pull-verify-push in two

This commit is contained in:
Loïc Dachary 2022-12-19 19:35:42 +01:00
parent f1f495381c
commit 0e714df490
No known key found for this signature in database
GPG Key ID: 992D23B392F9E4F2
4 changed files with 81 additions and 73 deletions

View File

@ -12,10 +12,13 @@ variables:
- &buildx_image 'woodpeckerci/plugin-docker-buildx:2.0.0' - &buildx_image 'woodpeckerci/plugin-docker-buildx:2.0.0'
- &integration_image 'codeberg.org/forgejo-integration/forgejo' - &integration_image 'codeberg.org/forgejo-integration/forgejo'
- &dockerfile_root 'Dockerfile' - &dockerfile_root 'Dockerfile'
# for testing purposes
# - &dockerfile_root 'releases/Dockerfile' # - &dockerfile_root 'releases/Dockerfile'
- &dockerfile_rootless 'Dockerfile.rootless' - &dockerfile_rootless 'Dockerfile.rootless'
# for testing purposes
# - &dockerfile_rootless 'releases/Dockerfile-rootless' # - &dockerfile_rootless 'releases/Dockerfile-rootless'
- &verify 'true' - &verify 'true'
# for testing purposes
# - &verify 'false' # - &verify 'false'
- &archs 'amd64 arm64' - &archs 'amd64 arm64'
@ -27,7 +30,7 @@ pipeline:
- git config --add safe.directory '*' - git config --add safe.directory '*'
- git fetch --tags --force - git fetch --tags --force
publish-root: build-root:
image: *buildx_image image: *buildx_image
group: integration group: integration
pull: true pull: true
@ -45,7 +48,7 @@ pipeline:
username: username:
from_secret: releaseteamuser from_secret: releaseteamuser
publish-rootless: build-rootless:
image: *buildx_image image: *buildx_image
group: integration group: integration
pull: true pull: true

View File

@ -16,8 +16,8 @@ pipeline:
# arm64 would require qemu-user-static which is not available on alpline # arm64 would require qemu-user-static which is not available on alpline
# the test coverage does not change much and running the tests test locally # the test coverage does not change much and running the tests test locally
# is possible if there is a doubt # is possible if there is a doubt
- ARCHS=amd64 ./releases/container-images-pull-verify-push.sh test - ARCHS=amd64 ./releases/container-images-pull-verify-push-test.sh test
- ./releases/container-images-pull-verify-push.sh test_teardown - ./releases/container-images-pull-verify-push-test.sh test_teardown
secrets: secrets:
- releaseteamuser - releaseteamuser
- releaseteamtoken - releaseteamtoken

View File

@ -0,0 +1,74 @@
#!/bin/sh
#
# Tests are run when on a wip-ci-* branch, see .woodpecker/releases-helper.yml
# It should be changed to run it every time this file is changed when 1.18 is used because 1.17 does not have
# webhooks with the information for that filtering.
#
set -ex
image_delete() {
curl -sS -H "Authorization: token $token" -X DELETE https://$DOMAIN/v2/$1/forgejo/manifests/$2
}
#
# Create the same set of images that buildx would
#
test_setup() {
dir=$(dirname $0)
for suffix in '' '-rootless' ; do
(
cd $dir
manifests=""
for arch in $ARCHS ; do
image=$(arch_image_name $INTEGRATION_USER $arch $suffix)
docker build -f Dockerfile$suffix --platform linux/$arch -t $image .
docker push $image
images="$images $image"
done
manifest=$(image_name $INTEGRATION_USER $suffix)
docker manifest rm $manifest || true
docker manifest create $manifest $images
image_put $INTEGRATION_USER $(image_tag $suffix) $manifest
)
done
}
test_teardown() {
authenticate
for suffix in '' '-rootless' ; do
image_delete $INTEGRATION_USER $(image_tag $suffix)
image_delete $CI_REPO_OWNER $(image_tag $suffix)
image_delete $CI_REPO_OWNER $(short_image_tag $suffix)
for arch in $ARCHS ; do
image_delete $INTEGRATION_USER $(arch_image_tag $arch $suffix)
image_delete $CI_REPO_OWNER $(arch_image_tag $arch $suffix)
done
done
}
#
# Running the test locally instead of withing Woodpecker
#
# 1. Setup: obtain a token at https://codeberg.org/user/settings/applications
# 2. Run: RELEASETEAMUSER=<username> RELEASETEAMTOKEn=<apptoken> container-images-pull-verify-push.sh test
# 3. Verify: (optional) manual verification at https://codeberg.org/<username>/-/packages/container/forgejo/versions
# 4. Cleanup: RELEASETEAMUSER=<username> RELEASETEAMTOKEn=<apptoken> container-images-pull-verify-push.sh test_teardown
#
test() {
boot
test_teardown
test_setup
VERIFY_STRING=something
VERIFY_COMMAND="echo $VERIFY_STRING"
echo "================================ TEST BEGIN"
main
echo "================================ TEST END"
}
: ${CI_REPO_OWNER:=dachary}
: ${CI_COMMIT_TAG:=v17.1.42-2}
. $(dirname $0)/container-images-pull-verify-push.sh

View File

@ -1,22 +1,13 @@
#!/bin/sh #!/bin/sh
#
# Tests are run when on a wip-ci-* branch, see .woodpecker/releases-helper.yml
# It should be changed to run it every time this file is changed when 1.18 is used because 1.17 does not have
# webhooks with the information for that filtering.
#
set -ex set -ex
: ${DOCKER_HOST:=unix:///var/run/docker.sock} : ${DOCKER_HOST:=unix:///var/run/docker.sock}
: ${ARCHS:=amd64 arm64} : ${ARCHS:=amd64 arm64}
: ${INTEGRATION_USER:=forgejo-integration} : ${INTEGRATION_USER:=forgejo-integration}
: ${INTEGRATION_IMAGE:=codeberg.org/$INTEGRATION_USER/forgejo} : ${INTEGRATION_IMAGE:=codeberg.org/$INTEGRATION_USER/forgejo}
: ${CI_REPO_OWNER:=dachary}
: ${CI_COMMIT_TAG:=v17.1.42-2}
: ${TAG:=${CI_COMMIT_TAG##v}} : ${TAG:=${CI_COMMIT_TAG##v}}
: ${SHORT_TAG=${TAG%.*-*}} : ${SHORT_TAG=${TAG%.*-*}}
: ${CI_REPO_LINK:=https://codeberg.org/dachary/forgejo}
: ${DOMAIN:=codeberg.org} : ${DOMAIN:=codeberg.org}
: ${VERIFY:=true} : ${VERIFY:=true}
@ -86,10 +77,6 @@ authenticate() {
token=$(curl -u$RELEASETEAMUSER:$RELEASETEAMTOKEN -sS https://$DOMAIN/v2/token | jq --raw-output .token) token=$(curl -u$RELEASETEAMUSER:$RELEASETEAMTOKEN -sS https://$DOMAIN/v2/token | jq --raw-output .token)
} }
image_delete() {
curl -sS -H "Authorization: token $token" -X DELETE https://$DOMAIN/v2/$1/forgejo/manifests/$2
}
image_put() { image_put() {
docker manifest inspect $3 > /tmp/manifest.json docker manifest inspect $3 > /tmp/manifest.json
curl -sS -H "Authorization: token $token" -X PUT --data-binary @/tmp/manifest.json https://$DOMAIN/v2/$1/forgejo/manifests/$2 curl -sS -H "Authorization: token $token" -X PUT --data-binary @/tmp/manifest.json https://$DOMAIN/v2/$1/forgejo/manifests/$2
@ -125,60 +112,4 @@ arch_image_tag() {
echo $TAG-$1$2 echo $TAG-$1$2
} }
#
# Create the same set of images that buildx would
#
test_setup() {
dir=$(dirname $0)
for suffix in '' '-rootless' ; do
(
cd $dir
manifests=""
for arch in $ARCHS ; do
image=$(arch_image_name $INTEGRATION_USER $arch $suffix)
docker build -f Dockerfile$suffix --platform linux/$arch -t $image .
docker push $image
images="$images $image"
done
manifest=$(image_name $INTEGRATION_USER $suffix)
docker manifest rm $manifest || true
docker manifest create $manifest $images
image_put $INTEGRATION_USER $(image_tag $suffix) $manifest
)
done
}
test_teardown() {
authenticate
for suffix in '' '-rootless' ; do
image_delete $INTEGRATION_USER $(image_tag $suffix)
image_delete $CI_REPO_OWNER $(image_tag $suffix)
image_delete $CI_REPO_OWNER $(short_image_tag $suffix)
for arch in $ARCHS ; do
image_delete $INTEGRATION_USER $(arch_image_tag $arch $suffix)
image_delete $CI_REPO_OWNER $(arch_image_tag $arch $suffix)
done
done
}
#
# Running the test locally instead of withing Woodpecker
#
# 1. Setup: obtain a token at https://codeberg.org/user/settings/applications
# 2. Run: RELEASETEAMUSER=<username> RELEASETEAMTOKEn=<apptoken> container-images-pull-verify-push.sh test
# 3. Verify: (optional) manual verification at https://codeberg.org/<username>/-/packages/container/forgejo/versions
# 4. Cleanup: RELEASETEAMUSER=<username> RELEASETEAMTOKEn=<apptoken> container-images-pull-verify-push.sh test_teardown
#
test() {
boot
test_teardown
test_setup
VERIFY_STRING=something
VERIFY_COMMAND="echo $VERIFY_STRING"
echo "================================ TEST BEGIN"
main
echo "================================ TEST END"
}
${@:-main} ${@:-main}