From 27b8a1b0fec58649942adb6386cd6d057d53f488 Mon Sep 17 00:00:00 2001 From: Amir Zarrinkafsh Date: Wed, 5 Feb 2020 23:24:19 +1100 Subject: [PATCH] [Buildkite] Fix issues with releases in CD pipeline (#617) * [Buildkite] Fix changelog output for github releases Fetch is required to grab the latest tag, this will ensure the correct data is generated * [Buildkite] Only clean tags on pushes to master Also ensure that master tag is not removed on github API failures. * [Buildkite] Fix tag publishing for releases * [Buildkite] Minor tweaks to github changelog output --- .buildkite/hooks/post-command | 10 +++---- .buildkite/steps/ghartifacts.sh | 3 ++- cmd/authelia-scripts/cmd_docker.go | 42 +++++++++++++++--------------- 3 files changed, 28 insertions(+), 27 deletions(-) diff --git a/.buildkite/hooks/post-command b/.buildkite/hooks/post-command index 566118f97..ded7ef89a 100755 --- a/.buildkite/hooks/post-command +++ b/.buildkite/hooks/post-command @@ -25,15 +25,15 @@ if [[ $BUILDKITE_LABEL == ":docker: Deploy Manifests" ]] && [[ $BUILDKITE_PULL_R fi fi -if [[ $BUILDKITE_LABEL == ":docker: Deploy Manifests" ]] && [[ $BUILDKITE_BRANCH == "master" ]] || [[ $BUILDKITE_BRANCH =~ ^v.* ]] && [[ $BUILDKITE_PULL_REQUEST == "false" ]]; then +if [[ $BUILDKITE_LABEL == ":docker: Deploy Manifests" ]] && [[ $BUILDKITE_BRANCH == "master" ]] && [[ $BUILDKITE_PULL_REQUEST == "false" ]]; then echo "--- :docker: Removing tags for deleted branches" - for BRANCH_TAG in $(dockerbranchtags=$(anontoken=$(curl -fsL --retry 3 'https://auth.docker.io/token?service=registry.docker.io&scope=repository:authelia/authelia:pull' | jq -r .token) && \ - curl -fsL --retry 3 -H "Authorization: Bearer ${anontoken}" https://registry-1.docker.io/v2/authelia/authelia/tags/list | jq -r '.tags[] | select(startswith("PR") | not)' | \ - sed -r '/^(latest|develop|v.*|([[:digit:]]+)\.?([[:digit:]]+)?\.?([[:digit:]]+)?)/d' | sort) && \ + anontoken=$(curl -fsL --retry 3 'https://auth.docker.io/token?service=registry.docker.io&scope=repository:authelia/authelia:pull' | jq -r .token) + authtoken=$(curl -fs --retry 3 -H "Content-Type: application/json" -X "POST" -d '{"username": "'${DOCKER_USERNAME}'", "password": "'${DOCKER_PASSWORD}'"}' https://hub.docker.com/v2/users/login/ | jq -r .token) + for BRANCH_TAG in $(dockerbranchtags=$(curl -fsL --retry 3 -H "Authorization: Bearer ${anontoken}" https://registry-1.docker.io/v2/authelia/authelia/tags/list | jq -r '.tags[] | select(startswith("PR") | not)' | \ + sed -r '/^(latest|master|develop|v.*|([[:digit:]]+)\.?([[:digit:]]+)?\.?([[:digit:]]+)?)/d' | sort) && \ githubbranches=$(curl -fs --retry 3 https://api.github.com/repos/authelia/authelia/branches | jq -r '.[].name' | sort) && \ comm -23 <(echo "${dockerbranchtags}") <(echo "${githubbranches}")); do echo "Removing tag ${BRANCH_TAG}" - authtoken=$(curl -fs --retry 3 -H "Content-Type: application/json" -X "POST" -d '{"username": "'${DOCKER_USERNAME}'", "password": "'${DOCKER_PASSWORD}'"}' https://hub.docker.com/v2/users/login/ | jq -r .token) && \ curl -fsL --retry 3 -o /dev/null -X "DELETE" -H "Authorization: JWT ${authtoken}" https://hub.docker.com/v2/repositories/authelia/authelia/tags/${BRANCH_TAG}/ done echo "--- :docker: Removing tags for merged or closed pull requests" diff --git a/.buildkite/steps/ghartifacts.sh b/.buildkite/steps/ghartifacts.sh index c8412d812..c4d8de468 100755 --- a/.buildkite/steps/ghartifacts.sh +++ b/.buildkite/steps/ghartifacts.sh @@ -12,4 +12,5 @@ do done echo "--- :github: Deploy artifacts for release: ${BUILDKITE_TAG}" -hub release create "${artifacts[@]}" -m "${BUILDKITE_TAG}\n\n## Changelog\n$(git log --oneline --pretty='* %h %s' $(git describe --abbrev=0 --tags $(git rev-list --tags --skip=1 --max-count=1))...$(git describe --abbrev=0 --tags))\n\n## Docker images\n* docker pull authelia/authelia:${BUILDKITE_TAG//v}" "${BUILDKITE_TAG}" \ No newline at end of file +git fetch +hub release create "${artifacts[@]}" -m $(echo -e "${BUILDKITE_TAG}\n\n## Changelog\n$(git log --oneline --pretty='* %h %s' $(git describe --abbrev=0 --tags $(git rev-list --tags --skip=1 --max-count=1))...$(git describe --abbrev=0 --tags))\n\n## Docker Container\n* \`docker pull authelia/authelia:${BUILDKITE_TAG//v}\`") "${BUILDKITE_TAG}" \ No newline at end of file diff --git a/cmd/authelia-scripts/cmd_docker.go b/cmd/authelia-scripts/cmd_docker.go index 7384130d6..fc7581717 100644 --- a/cmd/authelia-scripts/cmd_docker.go +++ b/cmd/authelia-scripts/cmd_docker.go @@ -198,16 +198,7 @@ func deployManifest(docker *Docker, tag string, amd64tag string, arm32v7tag stri func publishDockerImage(arch string) { docker := &Docker{} - if ciBranch != "master" && !publicRepo.MatchString(ciBranch) { - login(docker) - deploy(docker, ciBranch+"-"+arch) - } else if ciBranch != "master" && publicRepo.MatchString(ciBranch) { - login(docker) - deploy(docker, "PR"+ciPullRequest+"-"+arch) - } else if ciBranch == "master" && ciPullRequest == "false" { - login(docker) - deploy(docker, "master-"+arch) - } else if ciTag != "" { + if ciTag != "" { if len(tags) == 4 { log.Infof("Detected tags: '%s' | '%s' | '%s'", tags[1], tags[2], tags[3]) @@ -221,6 +212,15 @@ func publishDockerImage(arch string) { } else { log.Fatal("Docker image will not be published, the specified tag does not conform to the standard") } + } else if ciBranch != "master" && !publicRepo.MatchString(ciBranch) { + login(docker) + deploy(docker, ciBranch+"-"+arch) + } else if ciBranch != "master" && publicRepo.MatchString(ciBranch) { + login(docker) + deploy(docker, "PR"+ciPullRequest+"-"+arch) + } else if ciBranch == "master" && ciPullRequest == "false" { + login(docker) + deploy(docker, "master-"+arch) } else { log.Info("Docker image will not be published") } @@ -229,17 +229,7 @@ func publishDockerImage(arch string) { func publishDockerManifest() { docker := &Docker{} - if ciBranch != "master" && !publicRepo.MatchString(ciBranch) { - login(docker) - deployManifest(docker, ciBranch, ciBranch+"-amd64", ciBranch+"-arm32v7", ciBranch+"-arm64v8") - } else if ciBranch != "master" && publicRepo.MatchString(ciBranch) { - login(docker) - deployManifest(docker, "PR"+ciPullRequest, "PR"+ciPullRequest+"-amd64", "PR"+ciPullRequest+"-arm32v7", "PR"+ciPullRequest+"-arm64v8") - } else if ciBranch == "master" && ciPullRequest == "false" { - login(docker) - deployManifest(docker, "master", "master-amd64", "master-arm32v7", "master-arm64v8") - publishDockerReadme(docker) - } else if ciTag != "" { + if ciTag != "" { if len(tags) == 4 { log.Infof("Detected tags: '%s' | '%s' | '%s'", tags[1], tags[2], tags[3]) @@ -257,6 +247,16 @@ func publishDockerManifest() { } else { log.Fatal("Docker manifest will not be published, the specified tag does not conform to the standard") } + } else if ciBranch != "master" && !publicRepo.MatchString(ciBranch) { + login(docker) + deployManifest(docker, ciBranch, ciBranch+"-amd64", ciBranch+"-arm32v7", ciBranch+"-arm64v8") + } else if ciBranch != "master" && publicRepo.MatchString(ciBranch) { + login(docker) + deployManifest(docker, "PR"+ciPullRequest, "PR"+ciPullRequest+"-amd64", "PR"+ciPullRequest+"-arm32v7", "PR"+ciPullRequest+"-arm64v8") + } else if ciBranch == "master" && ciPullRequest == "false" { + login(docker) + deployManifest(docker, "master", "master-amd64", "master-arm32v7", "master-arm64v8") + publishDockerReadme(docker) } else { log.Info("Docker manifest will not be published") }