From 9dcc0ae9375342287122a3a895ef033de44e0df3 Mon Sep 17 00:00:00 2001 From: Roman Gorshunov Date: Sat, 6 Oct 2018 00:45:59 +0200 Subject: [PATCH] Adding image tags on every commit Added container image tagging on quay.io with commit id on every merge, when certain files but not the code are changed (docs, charts, etc.). Previously we were building updated container images, adding tags and uploading images onto quay.io only when the code has been changed. The main reason for not re-building images for every single merged commit was a long waiting time in Zuul `post` queue for a node (VM) assignment for the job to run on. With this change we will have image tag for every merged commit, including documentation commits, and those tags would be added almost immediately (within ~1 min), as job runs directly on Zuul and does not wait in Zuul queue for a node (VM) assignment. Change-Id: I9692947b74a16de0eb3e8100d30cd4310069abfe --- .zuul.yaml | 44 ++++++++++++++---- tools/gate/playbooks/docker-image-tag.yaml | 54 ++++++++++++++++++++++ 2 files changed, 90 insertions(+), 8 deletions(-) create mode 100644 tools/gate/playbooks/docker-image-tag.yaml diff --git a/.zuul.yaml b/.zuul.yaml index 80ef86ef..a6e2fdfa 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -35,6 +35,7 @@ - airship-deckhand-docker-build-gate post: jobs: + - airship-deckhand-docker-tag - airship-deckhand-docker-publish - nodeset: @@ -168,7 +169,7 @@ timeout: 1800 run: tools/gate/playbooks/docker-image-build.yaml nodeset: airship-deckhand-single-node - irrelevant-files: + irrelevant-files: &non-code-files-template - ^.*\.rst$ - ^doc/.*$ - ^charts/.*$ @@ -183,18 +184,16 @@ - job: name: airship-deckhand-docker-publish + description: | + Runs on every merge, unless files in a dictionary below are changed. + Builds and publishes container images on quay.io with a set of tags + listed in vars section. Waits in Zuul queue for a node (VM) assignment. timeout: 1800 run: tools/gate/playbooks/docker-image-build.yaml nodeset: airship-deckhand-single-node secrets: - airship_deckhand_quay_creds - irrelevant-files: - - ^.*\.rst$ - - ^doc/.*$ - - ^charts/.*$ - - ^etc/.*$ - - ^releasenotes/.*$ - - ^setup.cfg$ + irrelevant-files: *non-code-files-template vars: publish: true tags: @@ -203,6 +202,23 @@ commit: true static: - latest +- job: + name: airship-deckhand-docker-tag + description: | + Runs on every merge when files in a dictionalry below are changed, and + adds git commit id tag onto the container image published on quay.io, + which has `latest` tag set. Does not wait in queue for a node (VM) + assignment, runs almost immediately. + timeout: 1800 + run: tools/gate/playbooks/docker-image-tag.yaml + nodeset: + nodes: [] + secrets: + - airship_deckhand_quay_creds +# file pattern here must be exactly the same as in +# airship-deckhand-docker-publish job above, +# job will be executed on merge only when any of this files get changed + files: *non-code-files-template - secret: name: airship_deckhand_quay_creds @@ -229,3 +245,15 @@ Lfpty/EyKOJJpOXoBiJlsGHFLi/8gdMAAtMDf72yrQH6KxdNxdRGs5oALkUQ1IcuLbXng ySP8WG+DBiwjt4IAtwd/sF+jyVBzDaywxdbS6RJycI+lRThvibQ5UFpr349yOhUdETB6p yzFswIVmx1tHM7NhD80zwdSEj4EjG0AL3GXuwfLHGbr5WIeCaVEuCMW+XUwQpw= + # Token is valid for 10 years, expires on 10/10/2028 + token: !encrypted/pkcs1-oaep + - Can0JzCSPRnujg8fZBtSXvLuGVRNaaoVkvCm8EKlqohnUmaryU7ColJxWYjPBxEEePxhB + mzkM5pD9o8PVkkUj5wxxUXlFDO73AMiwStmh2r/p+sd7bkgw5a2jzhYpBmVtn/qmEemsm + iIxQi0kz81qrU0H6w3r58lgskIIbD4yOYgu4DeoWmBU+yZ1V1E5RoumVQBdxB1fyenaKG + zR4Y6ebek31+VAlqSN0HUIYMgbc6Mt7ErEn2wjj9MxNvvP52pWDyxr5U2kKpOYdJpZt9h + EZgM2cF2zfuG+4KnpdONap54uVRnRcJCf6poI/l4UVYO5Z+EvlF3Xawp3jiPCMCGGy3dd + lEeEkvNzJppwAj5bEWT1NoFi7PigkK91znppVHu17jBEKkcl2S6LK87RTjfqnBsAmE30d + ibxqS7pCoSCGuUCP4XrW8QfI70Ml4Gb636bZUqZFi1WxzhfNKSO8LBPHekVQnwrmhhv2Z + CN9JZdtqR49JpHajubfYrtWxPHuiwnTwgsnpkpM0+5Z1nss/nQhW70uCBXvJkYUtenV87 + c4Exr6ncOjgtqtjheW16hAGLtm2o36ZvBoLD7yqwYAjwb0bfuzDrw8oWa2yAgOcWnHPO6 + w0lNv46YTHiJK9hezHqI0hgn5wifVI8avRZmHwaArVvX4LUXD2N/Tk7mxi7r2U= diff --git a/tools/gate/playbooks/docker-image-tag.yaml b/tools/gate/playbooks/docker-image-tag.yaml new file mode 100644 index 00000000..eaa90e49 --- /dev/null +++ b/tools/gate/playbooks/docker-image-tag.yaml @@ -0,0 +1,54 @@ +# Copyright 2018 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This job runs on Zuul node itself, thus it's only localhost here +- hosts: localhost + vars: + latest_tag: latest + org: airshipit + image: deckhand + new_tag: "{{ zuul.newrev }}" + token: "{{ airship_deckhand_quay_creds.token }}" + quay_repo_api_url: "https://quay.io/api/v1/repository" + tasks: + - name: Debug Zuul vars + debug: + var: zuul + + - block: + - name: Get id of the container image currently tagged as latest + uri: + url: "{{ quay_repo_api_url }}/{{ org }}/{{ image }}/tag/?specificTag={{ latest_tag }}&limit=1" + return_content: yes + register: response_1 + - name: Debug response + debug: + var: response_1 + + - block: + - name: Add latest commit id tag onto the image currently tagged as latest + uri: + url: "{{ quay_repo_api_url }}/{{ org }}/{{ image }}/tag/{{ new_tag }}" + method: PUT + headers: + Authorization: "Bearer {{ token }}" + body_format: json + body: + image: "{{ response_1.json.tags[0].docker_image_id }}" + status_code: 201 + return_content: yes + register: response_2 + - name: Debug response + debug: + var: response_2