mirror of
https://github.com/bitnami/minideb.git
synced 2026-06-04 10:13:55 +08:00
James Westby
9eea538c29
Previously we were tagging for all registries as we built the images and then pushing all registries blindly. Now if an image hasn't changed it wouldn't tag with the other registry tags, and then the push would fail as the gcr/quay tags didn't exist. Rather than taking care to tag in the case where the image hasn't changed, instead change the pushall script to only assume that `bitnami/minideb` tags are correct, and tag the other registries based on that one before pushing. This ensures that the tags will always exist, and also makes sure we are pushing the same image to each registry (excluding race conditions.)
59 lines
2.1 KiB
Bash
Executable File
59 lines
2.1 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
set -e
|
|
set -u
|
|
set -o pipefail
|
|
|
|
DISTS="jessie
|
|
stretch
|
|
buster
|
|
unstable
|
|
latest
|
|
"
|
|
BASENAME=bitnami/minideb
|
|
GCR_BASENAME=gcr.io/bitnami-containers/minideb
|
|
QUAY_BASENAME=quay.io/bitnami/minideb
|
|
|
|
if [ -n "${DOCKER_PASSWORD:-}" ]; then
|
|
docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD"
|
|
fi
|
|
|
|
if [ -n "${QUAY_PASSWORD:-}" ]; then
|
|
docker login -u "$QUAY_USERNAME" -p "$QUAY_PASSWORD" quay.io
|
|
fi
|
|
|
|
if [ -n "${GCR_KEY:-}" ]; then
|
|
gcloud auth activate-service-account "$GCR_EMAIL" --key-file <(echo "$GCR_KEY")
|
|
fi
|
|
|
|
ENABLE_DOCKER_CONTENT_TRUST=0
|
|
if [ -n "${DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE:-}" ] && [ -n "${DOCKER_CONTENT_TRUST_REPOSITORY_KEY:-}" ]; then
|
|
tmpdir=$(mktemp -d)
|
|
(cd "${tmpdir}" && bash -c 'echo -n "${DOCKER_CONTENT_TRUST_REPOSITORY_KEY}" | base64 -d > key')
|
|
chmod 400 "${tmpdir}/key"
|
|
docker trust key load "${tmpdir}/key"
|
|
rm -rf "${tmpdir}"
|
|
export ENABLE_DOCKER_CONTENT_TRUST=1
|
|
fi
|
|
|
|
for DIST in $DISTS; do
|
|
DOCKER_CONTENT_TRUST=${ENABLE_DOCKER_CONTENT_TRUST} docker push "${BASENAME}:${DIST}"
|
|
docker tag "${BASENAME}:${DIST}" "${QUAY_BASENAME}:${DIST}"
|
|
docker tag "${BASENAME}:${DIST}" "${GCR_BASENAME}:${DIST}"
|
|
docker push "${QUAY_BASENAME}:${DIST}"
|
|
gcloud docker -- push "${GCR_BASENAME}:${DIST}"
|
|
done
|
|
|
|
# Create and merge a PR to update minideb-extras
|
|
CIRCLE_CI_FUNCTIONS_URL=${CIRCLE_CI_FUNCTIONS_URL:-https://raw.githubusercontent.com/bitnami/test-infra/master/circle/functions}
|
|
# sc can't follow source as it is a remote file
|
|
# shellcheck disable=SC1090
|
|
source <(curl -sSL "$CIRCLE_CI_FUNCTIONS_URL")
|
|
for DIST in $DISTS; do
|
|
# Use '.RepoDigests 0' for getting Dockerhub repo digest as it was the first pushed
|
|
DIST_REPO_DIGEST=$(docker image inspect --format '{{index .RepoDigests 0}}' "${BASENAME}:${DIST}")
|
|
update_minideb_derived "https://github.com/bitnami/minideb-extras" "$DIST" "$DIST_REPO_DIGEST"
|
|
update_minideb_derived "https://github.com/bitnami/minideb-extras-base" "$DIST" "$DIST_REPO_DIGEST"
|
|
update_minideb_derived "https://github.com/bitnami/minideb-runtimes" "$DIST" "$DIST_REPO_DIGEST"
|
|
done
|