(zuul) Enable docker image jobs

- Check/gate jobs to build docker image
- Post job to publish image to quay.io

Change-Id: I44b813a5bd38965208affcee12709e097d3d1665
This commit is contained in:
Scott Hussey 2018-06-08 05:15:05 -05:00
parent 6dad448ca6
commit a577164443
3 changed files with 285 additions and 0 deletions

View File

@ -25,6 +25,8 @@
- airship-drydock-security-bandit:
files:
- ^.*\.py$
- airship-drydock-docker-build-gate
gate:
jobs:
- airship-drydock-lint-ws
@ -36,12 +38,14 @@
files:
- ^charts/.*$
- airship-drydock-unit-py35
- airship-drydock-docker-build-gate
- airship-drydock-security-bandit:
files:
- ^.*\.py$
post:
jobs:
- airship-drydock-doc-publish
- airship-drydock-docker-publish
- nodeset:
name: airship-drydock-single-node
@ -89,6 +93,39 @@
timeout: 300
nodeset: airship-drydock-single-node
- job:
name: airship-drydock-docker-build-gate
timeout: 1800
run: tools/gate/playbooks/docker-image-build.yaml
nodeset: airship-drydock-single-node
irrelevant-files:
- '^docs/.*'
- '^charts/.*'
vars:
publish: false
tags:
dynamic:
patch_set: true
- job:
name: airship-drydock-docker-publish
timeout: 1800
run: tools/gate/playbooks/docker-image-build.yaml
nodeset: airship-drydock-single-node
secrets:
- airship_drydock_quay_creds
irrelevant-files:
- '^docs/.*'
- '^charts/.*'
vars:
publish: true
tags:
dynamic:
branch: true
commit: true
static:
- latest
- job:
name: airship-drydock-doc-build
description: |
@ -107,6 +144,32 @@
timeout: 300
nodeset: airship-drydock-single-node
- secret:
name: airship_drydock_quay_creds
data:
username: !encrypted/pkcs1-oaep
- La6hrlZZdII5Vj994+Z1jULfO2/+fsbYjiF2PU5Cka9lsg7VksIPhuCXxSZVwLBoLphhb
ErNe3kvoPB8Sx1VBhkua7OOEjYVZZjJziadxwZfuvTcrOInGAM7XdK7Bks17v4HaL1dyz
6ccMuLrXJeE708ts8jaKMmyKaS8wb2A4KiBVLZQP89gS8EFvVSzxK3DWXHdAP7IezQyk4
Fi4MsNnOSEJY45Fy+ibZ07bDxYEQHL6hpBhQYht1DUQkeqAiDSnShBMb1+G3HGk3SMjae
PDGtL3fz4zixok+jU3BDbvPKoEFEz45AoQHILTL+KoPPQbRQOmrGXOh7nmEtGyFZar6be
wy+rYisXdJVaoqCGPMRPkBSkohgl/80Ary1d0U+k9vlDnFjpw62svDJ1cuAoKXKOlUWgF
qs6+GaN5ltnmYfakpgo4vrkbuXw2DdKAio3cDW+PA0O4aV9yCvDtbeFY2SfQX6WExxk25
CIu0UbL/eB/lRrb3PMElJbF7RmRrX5mf4k11YhnslHATzGMzGkQ1VkZQH/C+Q2xx5XSGP
ZFJCLNYvY/hF6IyrCx6lpsCThfRYxQd3jy1Du1qjv23mUnDueTzGvz7somBazB/ceom4z
v0T98h7JHDZhfq/HiGyliRwCh4R7J/xxf4xjLScoBwfGDZp1gPcCMAQC8NtAE8=
password: !encrypted/pkcs1-oaep
- Ae8OFJse6u76Vw6p6LqWwgFOWTdb4ACZktK9mbhUA4GSSdEOUKbDoEyuo5I9qFPLHeLA8
fK7RjUoC+gItAiWZjQQxrDoqeuqykHRLnjo2p+yd3hDTVmHXYkEw1jmMb0iP+DNNMl2qh
3beL1C6fyzjFcer+sdg7xk3vVetbHP7b8iIh6b6A6Oau1V+wQOOLYsU7gSuzxQBEbyj0/
IZFKjaedsahgPEE4XU2Qf9/aGe463u+OgJ+6tBj2I7GcDGqQlvAzDud+Z6Mbs2W1fjR9i
026rE4k5UWVZAmz0ySh8zdR4aV46+rEBV4jXKimCD+P0DAfbusG0plQGqODlJGdQ2rikK
4Gmu9XlG7j7Qm3GddPLLRkSfetn4oisI/zbKcPy1kz1tWQ3OqRmdxExJH5TiZMbo/7u4B
7X6sKjrQvwSPRH8BDdwtS4iECsJvyO1pwWar4WfApBXo73RaaERzNcq3gLR64JFmc8IMF
aknseZhtmaqM+ttv2bUL23uzYEkupY3foEUa3ILYs2qx5sofi6CBAOWd2c3t3d34Kn5ya
B1qsfXoY9lVL59lCl4jYLqyGA99Oybi5YKTP8O+IH5Xo7XLOje7K0Vfvh7v8Mcja8pZRG
sgRbPr/10a2g6+s37XofkFEeba7B8fV5h6v/A3tMy7U01rZ2qLBC/4hxrikXT8=
- secret:
name: airship_drydock_readthedocs
data:

View File

@ -0,0 +1,96 @@
# Copyright 2018 AT&T Intellectual Property. All other rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: primary
tasks:
- name: Debug tag generation inputs
block:
- debug:
var: publish
- debug:
var: tags
- debug:
var: zuul
- debug:
msg: "{{ tags | to_json }}"
- name: Determine tags
shell: echo '{{ tags | to_json }}' | python {{ zuul.project.src_dir }}/tools/image_tags.py
environment:
BRANCH: "{{ zuul.branch }}"
CHANGE: "{{ zuul.change }}"
COMMIT: "{{ zuul.newrev }}"
PATCHSET: "{{ zuul.patchset }}"
register: image_tags
- name: Debug computed tags
debug:
var: image_tags
- name: Install Docker (Debian)
block:
- apt:
name: "{{ item }}"
with_items:
- docker.io
- python-pip
when: ansible_os_family == 'Debian'
- pip:
name: docker
version: 2.7.0
become: True
- name: Make images
when: not publish
block:
- make:
chdir: "{{ zuul.project.src_dir }}"
target: images
params:
IMAGE_TAG: "{{ item }}"
with_items: "{{ image_tags.stdout_lines }}"
- shell: "docker images"
register: docker_images
- debug:
var: docker_images
become: True
- name: Publish images
block:
- docker_login:
username: "{{ airship_drydock_quay_creds.username }}"
password: "{{ airship_drydock_quay_creds.password }}"
registry_url: "https://quay.io/api/v1/"
- make:
chdir: "{{ zuul.project.src_dir }}"
target: images
params:
DOCKER_REGISTRY: "quay.io"
IMAGE_PREFIX: "airshipit"
IMAGE_TAG: "{{ item }}"
PUSH_IMAGE: "true"
with_items: "{{ image_tags.stdout_lines }}"
- shell: "docker images"
register: docker_images
- debug:
var: docker_images
when: publish
become: True

126
tools/image_tags.py Normal file
View File

@ -0,0 +1,126 @@
#!/bin/python
# Copyright 2018 AT&T Intellectual Property. All other rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import json
import logging
import os
import sys
LOG = logging.getLogger(__name__)
LOG_FORMAT = '%(asctime)s %(levelname)-8s %(name)s:%(funcName)s [%(lineno)3d] %(message)s' # noqa
class TagGenExeception(Exception):
pass
def read_config(stream, env):
config = {}
try:
config['tags'] = json.load(stream)
except ValueError:
LOG.exception('Failed to decode JSON from input stream')
config['tags'] = {}
LOG.debug('Configuration after reading stream: %s', config)
config['context'] = {
'branch': env.get('BRANCH'),
'change': env.get('CHANGE'),
'commit': env.get('COMMIT'),
'ps': env.get('PATCHSET'),
}
LOG.info('Final configuration: %s', config)
return config
def build_tags(config):
tags = config.get('tags', {}).get('static', [])
LOG.debug('Dynamic tags: %s', tags)
tags.extend(build_dynamic_tags(config))
LOG.info('All tags: %s', tags)
return tags
def build_dynamic_tags(config):
dynamic_tags = []
dynamic_tags.extend(_build_branch_tag(config))
dynamic_tags.extend(_build_commit_tag(config))
dynamic_tags.extend(_build_ps_tag(config))
return dynamic_tags
def _build_branch_tag(config):
if _valid_dg(config, 'branch'):
return [config['context']['branch']]
else:
return []
def _build_commit_tag(config):
if _valid_dg(config, 'commit'):
return [config['context']['commit']]
else:
return []
def _build_ps_tag(config):
if _valid_dg(config, 'patch_set', 'change') and _valid_dg(
config, 'patch_set', 'ps'):
return [
'%s-%s' % (config['context']['change'], config['context']['ps'])
]
else:
return []
def _valid_dg(config, dynamic_tag, context_name=None):
if context_name is None:
context_name = dynamic_tag
if config.get('tags', {}).get('dynamic', {}).get(dynamic_tag):
if config.get('context', {}).get(context_name):
return True
else:
raise TagGenExeception('Dynamic tag "%s" requested, but "%s"'
' not found in context' % (dynamic_tag,
context_name))
else:
return False
def main():
config = read_config(sys.stdin, os.environ)
tags = build_tags(config)
for tag in tags:
print(tag)
if __name__ == '__main__':
logging.basicConfig(format=LOG_FORMAT, level=logging.WARNING)
try:
main()
except TagGenExeception:
LOG.exception('Failed to generate tags')
sys.exit(1)
except Exception:
LOG.exception('Unexpected exception')
sys.exit(2)