From 3ae49b86d767c98cd77b3ccd9ec04f91352b4ead Mon Sep 17 00:00:00 2001
From: Alberto Rodriguez Peon <alberto.rodriguez.peon@cern.ch>
Date: Fri, 15 Jun 2018 17:24:09 +0200
Subject: [PATCH 1/3] Promote image to latest in master and when all test pass

---
 .gitlab-ci.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 915974b..c04fad6 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -110,3 +110,13 @@ test_override_from_dockerfile:
   script:
   - grep -qi CentOS /etc/redhat-release
   - test $(cat /tmp/test) == "simple_dockerfile"
+
+# As we cannot retag images unless we have privileged runners, rebuild the image with a different tag.
+# This should be OK as the binary is the same one that was tested (passed as an artifact)
+build_stable_image:
+  stage: promote_tested_image_to_latest
+  only:
+  - master
+  tags:
+    - docker-image-build
+  script: "echo 'Building image ...'"
\ No newline at end of file
-- 
GitLab


From 03312c8b1f2af162c5e763fbdfd6c42e80f76cc9 Mon Sep 17 00:00:00 2001
From: Alberto Rodriguez Peon <alberto.rodriguez.peon@cern.ch>
Date: Wed, 27 Jun 2018 14:40:07 +0200
Subject: [PATCH 2/3] Correct typo in comment

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c04fad6..c4ab80a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -95,7 +95,7 @@ test_build_args_dockerfile:
   - test $(cat /tmp/test1) == "test_arg1"
   - test $(cat /tmp/test2) == "test_arg2"
 
-# Test for image by overriding the FROM firewalld
+# Test for image by overriding the FROM
 build_override_from_dockerfile:
   <<: *build_test_image
   variables:
-- 
GitLab


From ecccdc1f74fd0604df166e182cea4e146e99a03c Mon Sep 17 00:00:00 2001
From: Alberto Rodriguez Peon <alberto.rodriguez.peon@cern.ch>
Date: Wed, 27 Jun 2018 14:40:32 +0200
Subject: [PATCH 3/3] Retag image instead of rebuilding

---
 .gitlab-ci.yml | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c4ab80a..8f7a4e6 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -111,12 +111,22 @@ test_override_from_dockerfile:
   - grep -qi CentOS /etc/redhat-release
   - test $(cat /tmp/test) == "simple_dockerfile"
 
-# As we cannot retag images unless we have privileged runners, rebuild the image with a different tag.
-# This should be OK as the binary is the same one that was tested (passed as an artifact)
+# If all tests pass and we are running on master, retag the image to latest. This image will be used for user docker builds from now on.
 build_stable_image:
   stage: promote_tested_image_to_latest
   only:
   - master
-  tags:
-    - docker-image-build
-  script: "echo 'Building image ...'"
\ No newline at end of file
+  script:
+  - echo "Obtain token to authenticate with the gitlab registry"
+  - JWT_PULL_PUSH_TOKEN=$(curl -q -u gitlab-ci-token:${CI_JOB_TOKEN} "https://${GITLAB_HOST}/jwt/auth?service=container_registry&scope=repository:${CI_PROJECT_PATH}:pull,push" | cut -d\" -f4 )
+  - 'curl "https://${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/tags/list" -H "Authorization: Bearer ${JWT_PULL_PUSH_TOKEN}"'
+  - echo "Pulling the manifest of tag:${OLDTAG}"
+  - 'curl "https://${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/manifests/${OLDTAG}" -H "Authorization: Bearer ${JWT_PULL_PUSH_TOKEN}" -H "accept: application/vnd.docker.distribution.manifest.v2+json" > manifest.json'
+  - 'echo "Pushing new tag: ${NEWTAG}"'
+  - 'curl -XPUT "https://${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/manifests/${NEWTAG}" -H "Authorization: Bearer ${JWT_PULL_PUSH_TOKEN}" -H "content-type: application/vnd.docker.distribution.manifest.v2+json" -d "@manifest.json" -v'
+  - echo "List of tags in registry"
+  - 'curl "https://${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/tags/list" -H "Authorization: Bearer ${JWT_PULL_PUSH_TOKEN}"'
+  variables:
+    GITLAB_HOST: gitlab.cern.ch
+    OLDTAG: "test_${CI_COMMIT_REF_NAME}"
+    NEWTAG: "latest"
\ No newline at end of file
-- 
GitLab