diff --git a/roles/build-docker-image/tasks/main.yaml b/roles/build-docker-image/tasks/main.yaml index 653dc54c1..73156e159 100644 --- a/roles/build-docker-image/tasks/main.yaml +++ b/roles/build-docker-image/tasks/main.yaml @@ -1,3 +1,9 @@ +# This can be removed if we add this functionality to Zuul directly +- name: Load information from zuul_return + when: buildset_registry is not defined + set_fact: + buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}" + ignore_errors: true - name: Build a docker image command: >- docker build {{ item.path | default('.') }} -f {{ item.dockerfile | default(docker_dockerfile) }} @@ -14,3 +20,9 @@ args: chdir: "{{ zuul_work_dir }}/{{ item.context }}" loop: "{{ docker_images }}" +- name: Push image to buildset registry + when: buildset_registry is defined + include_tasks: push.yaml + loop: "{{ docker_images }}" + loop_control: + loop_var: image diff --git a/roles/build-docker-image/tasks/push.yaml b/roles/build-docker-image/tasks/push.yaml new file mode 100644 index 000000000..ed41714bb --- /dev/null +++ b/roles/build-docker-image/tasks/push.yaml @@ -0,0 +1,7 @@ +- name: Push tag to buildset registry + command: >- + docker tag {{ image.repository }}:{{ image_tag }} {{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} + docker push {{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} + loop: "{{ image.tags | default(['latest']) }}" + loop_control: + loop_var: image_tag diff --git a/roles/pull-from-intermediate-registry/tasks/main.yaml b/roles/pull-from-intermediate-registry/tasks/main.yaml index e5591add9..dabe36767 100644 --- a/roles/pull-from-intermediate-registry/tasks/main.yaml +++ b/roles/pull-from-intermediate-registry/tasks/main.yaml @@ -1,3 +1,11 @@ +- name: Ensure registry cert directory exists + file: + path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/" + state: directory +- name: Write registry TLS certificate + copy: + content: "{{ buildset_registry.cert }}" + dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt" - name: Pull artifact from intermediate registry command: >- skopeo --insecure-policy copy diff --git a/roles/push-to-intermediate-registry/tasks/main.yaml b/roles/push-to-intermediate-registry/tasks/main.yaml index 42b328828..740d88acc 100644 --- a/roles/push-to-intermediate-registry/tasks/main.yaml +++ b/roles/push-to-intermediate-registry/tasks/main.yaml @@ -3,6 +3,14 @@ when: buildset_registry is not defined set_fact: buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}" +- name: Ensure registry cert directory exists + file: + path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/" + state: directory +- name: Write registry TLS certificate + copy: + content: "{{ buildset_registry.cert }}" + dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt" - name: Push image to intermediate registry include_tasks: push.yaml loop: "{{ docker_images }}" diff --git a/roles/push-to-intermediate-registry/tasks/push.yaml b/roles/push-to-intermediate-registry/tasks/push.yaml index 94038fc2b..a8736af90 100644 --- a/roles/push-to-intermediate-registry/tasks/push.yaml +++ b/roles/push-to-intermediate-registry/tasks/push.yaml @@ -4,7 +4,7 @@ --src-creds={{ buildset_registry.username }}:{{ buildset_registry.password }} --dest-creds={{ intermediate_registry.username }}:{{ intermediate_registry.password }} docker://{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} - docker://{{ intermediate_registry.host }}:{{ intermediate_registry.port}}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag}} + docker://{{ intermediate_registry.host }}:{{ intermediate_registry.port}}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag }} loop: "{{ image.tags | default(['latest']) }}" loop_control: loop_var: image_tag