Push multiarch manifest to gcr and quay and refactor it into a script (#100)

* Push to all repositories

* Auth to gcr.io via docker

.travis.yml

@@ -68,31 +68,7 @@ jobs:
       before_install: mkdir $HOME/.docker
       install: 'echo "{ \"experimental\": \"enabled\" }" > $HOME/.docker/config.json'
       script:
-        - |
-          if [ -n "${DOCKER_PASSWORD:-}" ]; then
-              docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD"
-          fi
-
-          # Create and merge a PR to update minideb-extras
-          CIRCLE_CI_FUNCTIONS_URL=${CIRCLE_CI_FUNCTIONS_URL:-https://raw.githubusercontent.com/bitnami/test-infra/master/circle/functions}
-          source <(curl -sSL "$CIRCLE_CI_FUNCTIONS_URL")
-          for DIST in $DISTS ; do
-            sudo docker manifest create $BASENAME:$DIST $BASENAME:$DIST-amd64 $BASENAME:$DIST-arm64
-            sudo docker manifest push $BASENAME:$DIST
-
-            if [[ "$DISTS_WITH_SNAPSHOT" =~ (^|[[:space:]])"$DIST"($|[[:space:]]) ]] ; then
-              SNAPSHOT_NAME="$DIST-snapshot-$(./snapshot_id)"
-              sudo docker manifest create $BASENAME:$SNAPSHOT_NAME $BASENAME:$SNAPSHOT_NAME-amd64 $BASENAME:$SNAPSHOT_NAME-arm64
-              sudo docker manifest push $BASENAME:$SNAPSHOT_NAME
-            fi
-            if [ -n "${DISABLE_UPDATE_DERIVED:-}" ]; then
-              echo "Disabling update_minideb_derived step per configuration"
-            else
-              # Use '.RepoDigests 0' for getting Dockerhub repo digest as it was the first pushed
-              DIST_REPO_DIGEST="$BASENAME"@$(docker manifest inspect "$BASENAME:${DIST}" | jq -r .manifests[0].digest)
-              update_minideb_derived "https://github.com/$BASENAME-runtimes" "$DIST" "$DIST_REPO_DIGEST"
-            fi
-          done
+        - bash pushmanifest
     - stage: deploy
       if: branch = master AND type = push
       env:
@@ -100,19 +76,4 @@ jobs:
       before_install: mkdir $HOME/.docker
       install: 'echo "{ \"experimental\": \"enabled\" }" > $HOME/.docker/config.json'
       script:
-        - |
-          if [ -n "${DOCKER_PASSWORD:-}" ]; then
-              docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD"
-          fi
-          # Create and merge a PR to update minideb-extras
-          CIRCLE_CI_FUNCTIONS_URL=${CIRCLE_CI_FUNCTIONS_URL:-https://raw.githubusercontent.com/bitnami/test-infra/master/circle/functions}
-          source <(curl -sSL "$CIRCLE_CI_FUNCTIONS_URL")
-          sudo docker manifest create $BASENAME:$DIST $BASENAME:$DIST-amd64
-          sudo docker manifest push $BASENAME:$DIST
-          if [ -n "${DISABLE_UPDATE_DERIVED:-}" ]; then
-              echo "Disabling update_minideb_derived step per configuration"
-          else
-              # Use '.RepoDigests 0' for getting Dockerhub repo digest as it was the first pushed
-              DIST_REPO_DIGEST="$BASENAME"@$(docker manifest inspect "$BASENAME:${DIST}" | jq -r .manifests[0].digest)
-              update_minideb_derived "https://github.com/$BASENAME-runtimes" "$DIST" "$DIST_REPO_DIGEST"
-          fi
+        - DISTS=jessie PLATFORMS=amd64 bash pushmanifest

pushmanifest

@@ -0,0 +1,96 @@
+#!/bin/bash
+
+set -e
+set -u
+set -o pipefail
+
+DISTS=${DISTS:-"stretch
+buster
+latest
+"}
+
+DISTS_WITH_SNAPSHOT=${DISTS_WITH_SNAPSHOT:-buster}
+BASENAME=bitnami/minideb
+GCR_BASENAME=gcr.io/bitnami-containers/minideb
+QUAY_BASENAME=quay.io/bitnami/minideb
+PLATFORMS=${PLATFORMS:-amd64 arm64}
+DRY_RUN=${DRY_RUN:-}
+
+read -r -a ARCHS <<<"$PLATFORMS"
+
+run_docker() {
+    if [[ -n "${DRY_RUN:-}" ]]; then
+        echo "DRY RUN docker ${*}"
+    else
+        docker "$@"
+    fi
+}
+
+list_includes() {
+    local list=""
+    local element=""
+    list=${1?You must provide a list}
+    element=${2:?You must provide an element}
+    for candidate in $list; do
+        if [[ "$candidate" == "$element" ]]; then
+            true
+            return
+        fi
+    done
+    false
+    return
+}
+
+if [ -n "${DOCKER_PASSWORD:-}" ]; then
+    run_docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD"
+fi
+
+if [ -n "${QUAY_PASSWORD:-}" ]; then
+    run_docker login -u "$QUAY_USERNAME" -p "$QUAY_PASSWORD" quay.io
+fi
+
+if [ -n "${GCR_KEY:-}" ]; then
+    gcloud auth activate-service-account "$GCR_EMAIL" --key-file <(echo "$GCR_KEY")
+    gcloud auth print-access-token | run_docker login -u oauth2accesstoken --password-stdin gcr.io
+fi
+
+push_manifest() {
+    local image=""
+    local archs=""
+    image="${1:?You must provide the image base to publish}"
+    archs=("${@:2}")
+    local arch_images=()
+    for arch in "${archs[@]}"; do
+        arch_images+=("$image-$arch")
+    done
+    run_docker manifest create "$image" "${arch_images[@]}"
+    run_docker manifest push "$image"
+}
+
+tags=()
+
+for DIST in $DISTS; do
+    tags+=("$DIST")
+    if list_includes "$DISTS_WITH_SNAPSHOT" "$DIST" ; then
+        tags+=("$DIST-snapshot-$(./snapshot_id)")
+    fi
+done
+
+repositories=("$BASENAME")
+
+if [[ -n "${QUAY_PASSWORD:-}" ]]; then
+    repositories+=("$QUAY_BASENAME")
+else
+    echo "Skipping repository quay.io (empty password)"
+fi
+if [[ -n "${GCR_KEY:-}" ]]; then
+    repositories+=("$GCR_BASENAME")
+else
+    echo "Skipping repository gcr.io (empty password)"
+fi
+
+for tag in "${tags[@]}"; do
+    for repo in "${repositories[@]}"; do
+        push_manifest "$repo:$tag" "${ARCHS[@]}"
+    done
+done

pushone

@@ -44,11 +44,3 @@ docker tag "${BASENAME}:${DIST}-${PLATFORM}" "${QUAY_BASENAME}:${DIST}-${PLATFOR
 docker tag "${BASENAME}:${DIST}-${PLATFORM}" "${GCR_BASENAME}:${DIST}-${PLATFORM}"
 
 push "$DIST-${PLATFORM}"
-
-# For now, tag DIST to the amd64 flavor
-if [[ "$PLATFORM" == "amd64" ]]; then
-    docker tag "${QUAY_BASENAME}:${DIST}-${PLATFORM}" "${QUAY_BASENAME}:${DIST}"
-    docker tag "${GCR_BASENAME}:${DIST}-${PLATFORM}" "${GCR_BASENAME}:${DIST}"
-    docker push "${QUAY_BASENAME}:${DIST}"
-    gcloud docker -- push "${GCR_BASENAME}:${DIST}"
-fi