From 3ae49b86d767c98cd77b3ccd9ec04f91352b4ead Mon Sep 17 00:00:00 2001 From: Alberto Rodriguez Peon <alberto.rodriguez.peon@cern.ch> Date: Fri, 15 Jun 2018 17:24:09 +0200 Subject: [PATCH 1/3] Promote image to latest in master and when all test pass --- .gitlab-ci.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 915974b..c04fad6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -110,3 +110,13 @@ test_override_from_dockerfile: script: - grep -qi CentOS /etc/redhat-release - test $(cat /tmp/test) == "simple_dockerfile" + +# As we cannot retag images unless we have privileged runners, rebuild the image with a different tag. +# This should be OK as the binary is the same one that was tested (passed as an artifact) +build_stable_image: + stage: promote_tested_image_to_latest + only: + - master + tags: + - docker-image-build + script: "echo 'Building image ...'" \ No newline at end of file -- GitLab From 03312c8b1f2af162c5e763fbdfd6c42e80f76cc9 Mon Sep 17 00:00:00 2001 From: Alberto Rodriguez Peon <alberto.rodriguez.peon@cern.ch> Date: Wed, 27 Jun 2018 14:40:07 +0200 Subject: [PATCH 2/3] Correct typo in comment --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c04fad6..c4ab80a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -95,7 +95,7 @@ test_build_args_dockerfile: - test $(cat /tmp/test1) == "test_arg1" - test $(cat /tmp/test2) == "test_arg2" -# Test for image by overriding the FROM firewalld +# Test for image by overriding the FROM build_override_from_dockerfile: <<: *build_test_image variables: -- GitLab From ecccdc1f74fd0604df166e182cea4e146e99a03c Mon Sep 17 00:00:00 2001 From: Alberto Rodriguez Peon <alberto.rodriguez.peon@cern.ch> Date: Wed, 27 Jun 2018 14:40:32 +0200 Subject: [PATCH 3/3] Retag image instead of rebuilding --- .gitlab-ci.yml | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c4ab80a..8f7a4e6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -111,12 +111,22 @@ test_override_from_dockerfile: - grep -qi CentOS /etc/redhat-release - test $(cat /tmp/test) == "simple_dockerfile" -# As we cannot retag images unless we have privileged runners, rebuild the image with a different tag. -# This should be OK as the binary is the same one that was tested (passed as an artifact) +# If all tests pass and we are running on master, retag the image to latest. This image will be used for user docker builds from now on. build_stable_image: stage: promote_tested_image_to_latest only: - master - tags: - - docker-image-build - script: "echo 'Building image ...'" \ No newline at end of file + script: + - echo "Obtain token to authenticate with the gitlab registry" + - JWT_PULL_PUSH_TOKEN=$(curl -q -u gitlab-ci-token:${CI_JOB_TOKEN} "https://${GITLAB_HOST}/jwt/auth?service=container_registry&scope=repository:${CI_PROJECT_PATH}:pull,push" | cut -d\" -f4 ) + - 'curl "https://${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/tags/list" -H "Authorization: Bearer ${JWT_PULL_PUSH_TOKEN}"' + - echo "Pulling the manifest of tag:${OLDTAG}" + - 'curl "https://${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/manifests/${OLDTAG}" -H "Authorization: Bearer ${JWT_PULL_PUSH_TOKEN}" -H "accept: application/vnd.docker.distribution.manifest.v2+json" > manifest.json' + - 'echo "Pushing new tag: ${NEWTAG}"' + - 'curl -XPUT "https://${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/manifests/${NEWTAG}" -H "Authorization: Bearer ${JWT_PULL_PUSH_TOKEN}" -H "content-type: application/vnd.docker.distribution.manifest.v2+json" -d "@manifest.json" -v' + - echo "List of tags in registry" + - 'curl "https://${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/tags/list" -H "Authorization: Bearer ${JWT_PULL_PUSH_TOKEN}"' + variables: + GITLAB_HOST: gitlab.cern.ch + OLDTAG: "test_${CI_COMMIT_REF_NAME}" + NEWTAG: "latest" \ No newline at end of file -- GitLab