[Buildkite] Fix issues with releases in CD pipeline (#617)

* [Buildkite] Fix changelog output for github releases Fetch is required to grab the latest tag, this will ensure the correct data is generated * [Buildkite] Only clean tags on pushes to master Also ensure that master tag is not removed on github API failures. * [Buildkite] Fix tag publishing for releases * [Buildkite] Minor tweaks to github changelog output
2020-02-05 23:24:19 +11:00 · 2020-02-05 23:24:19 +11:00 · 27b8a1b0fe
parent 9b99420ca0
commit 27b8a1b0fe
3 changed files with 28 additions and 27 deletions
--- a/.buildkite/hooks/post-command
+++ b/.buildkite/hooks/post-command
@ -25,15 +25,15 @@ if [[ $BUILDKITE_LABEL == ":docker: Deploy Manifests" ]] && [[ $BUILDKITE_PULL_R
  fi
 fi

-if [[ $BUILDKITE_LABEL == ":docker: Deploy Manifests" ]] && [[ $BUILDKITE_BRANCH == "master" ]] || [[ $BUILDKITE_BRANCH =~ ^v.* ]] && [[ $BUILDKITE_PULL_REQUEST == "false" ]]; then
+if [[ $BUILDKITE_LABEL == ":docker: Deploy Manifests" ]] && [[ $BUILDKITE_BRANCH == "master" ]] && [[ $BUILDKITE_PULL_REQUEST == "false" ]]; then
  echo "--- :docker: Removing tags for deleted branches"
-  for BRANCH_TAG in $(dockerbranchtags=$(anontoken=$(curl -fsL --retry 3 'https://auth.docker.io/token?service=registry.docker.io&scope=repository:authelia/authelia:pull' | jq -r .token) && \
-  curl -fsL --retry 3 -H "Authorization: Bearer ${anontoken}" https://registry-1.docker.io/v2/authelia/authelia/tags/list | jq -r '.tags[] | select(startswith("PR") | not)' | \
-  sed -r '/^(latest|develop|v.*|([[:digit:]]+)\.?([[:digit:]]+)?\.?([[:digit:]]+)?)/d' | sort) && \
+  anontoken=$(curl -fsL --retry 3 'https://auth.docker.io/token?service=registry.docker.io&scope=repository:authelia/authelia:pull' | jq -r .token)
+  authtoken=$(curl -fs --retry 3 -H "Content-Type: application/json" -X "POST" -d '{"username": "'${DOCKER_USERNAME}'", "password": "'${DOCKER_PASSWORD}'"}' https://hub.docker.com/v2/users/login/ | jq -r .token)
+  for BRANCH_TAG in $(dockerbranchtags=$(curl -fsL --retry 3 -H "Authorization: Bearer ${anontoken}" https://registry-1.docker.io/v2/authelia/authelia/tags/list | jq -r '.tags[] | select(startswith("PR") | not)' | \
+  sed -r '/^(latest|master|develop|v.*|([[:digit:]]+)\.?([[:digit:]]+)?\.?([[:digit:]]+)?)/d' | sort) && \
  githubbranches=$(curl -fs --retry 3 https://api.github.com/repos/authelia/authelia/branches | jq -r '.[].name' | sort) && \
  comm -23 <(echo "${dockerbranchtags}") <(echo "${githubbranches}")); do
    echo "Removing tag ${BRANCH_TAG}"
-    authtoken=$(curl -fs --retry 3 -H "Content-Type: application/json" -X "POST" -d '{"username": "'${DOCKER_USERNAME}'", "password": "'${DOCKER_PASSWORD}'"}' https://hub.docker.com/v2/users/login/ | jq -r .token) && \
    curl -fsL --retry 3 -o /dev/null -X "DELETE" -H "Authorization: JWT ${authtoken}" https://hub.docker.com/v2/repositories/authelia/authelia/tags/${BRANCH_TAG}/
  done
  echo "--- :docker: Removing tags for merged or closed pull requests"
--- a/.buildkite/steps/ghartifacts.sh
+++ b/.buildkite/steps/ghartifacts.sh
@ -12,4 +12,5 @@ do
 done

 echo "--- :github: Deploy artifacts for release: ${BUILDKITE_TAG}"
-hub release create "${artifacts[@]}" -m "${BUILDKITE_TAG}\n\n## Changelog\n$(git log --oneline --pretty='* %h %s' $(git describe --abbrev=0 --tags $(git rev-list --tags --skip=1 --max-count=1))...$(git describe --abbrev=0 --tags))\n\n## Docker images\n* docker pull authelia/authelia:${BUILDKITE_TAG//v}" "${BUILDKITE_TAG}"
+git fetch
+hub release create "${artifacts[@]}" -m $(echo -e "${BUILDKITE_TAG}\n\n## Changelog\n$(git log --oneline --pretty='* %h %s' $(git describe --abbrev=0 --tags $(git rev-list --tags --skip=1 --max-count=1))...$(git describe --abbrev=0 --tags))\n\n## Docker Container\n* \`docker pull authelia/authelia:${BUILDKITE_TAG//v}\`") "${BUILDKITE_TAG}"
--- a/cmd/authelia-scripts/cmd_docker.go
+++ b/cmd/authelia-scripts/cmd_docker.go
@ -198,16 +198,7 @@ func deployManifest(docker *Docker, tag string, amd64tag string, arm32v7tag stri
 func publishDockerImage(arch string) {
 	docker := &Docker{}

-	if ciBranch != "master" && !publicRepo.MatchString(ciBranch) {
-		login(docker)
-		deploy(docker, ciBranch+"-"+arch)
-	} else if ciBranch != "master" && publicRepo.MatchString(ciBranch) {
-		login(docker)
-		deploy(docker, "PR"+ciPullRequest+"-"+arch)
-	} else if ciBranch == "master" && ciPullRequest == "false" {
-		login(docker)
-		deploy(docker, "master-"+arch)
-	} else if ciTag != "" {
+	if ciTag != "" {
 		if len(tags) == 4 {
 			log.Infof("Detected tags: '%s' | '%s' | '%s'", tags[1], tags[2], tags[3])

@ -221,6 +212,15 @@ func publishDockerImage(arch string) {
 		} else {
 			log.Fatal("Docker image will not be published, the specified tag does not conform to the standard")
 		}
+	} else if ciBranch != "master" && !publicRepo.MatchString(ciBranch) {
+		login(docker)
+		deploy(docker, ciBranch+"-"+arch)
+	} else if ciBranch != "master" && publicRepo.MatchString(ciBranch) {
+		login(docker)
+		deploy(docker, "PR"+ciPullRequest+"-"+arch)
+	} else if ciBranch == "master" && ciPullRequest == "false" {
+		login(docker)
+		deploy(docker, "master-"+arch)
 	} else {
 		log.Info("Docker image will not be published")
 	}
@ -229,17 +229,7 @@ func publishDockerImage(arch string) {
 func publishDockerManifest() {
 	docker := &Docker{}

-	if ciBranch != "master" && !publicRepo.MatchString(ciBranch) {
-		login(docker)
-		deployManifest(docker, ciBranch, ciBranch+"-amd64", ciBranch+"-arm32v7", ciBranch+"-arm64v8")
-	} else if ciBranch != "master" && publicRepo.MatchString(ciBranch) {
-		login(docker)
-		deployManifest(docker, "PR"+ciPullRequest, "PR"+ciPullRequest+"-amd64", "PR"+ciPullRequest+"-arm32v7", "PR"+ciPullRequest+"-arm64v8")
-	} else if ciBranch == "master" && ciPullRequest == "false" {
-		login(docker)
-		deployManifest(docker, "master", "master-amd64", "master-arm32v7", "master-arm64v8")
-		publishDockerReadme(docker)
-	} else if ciTag != "" {
+	if ciTag != "" {
 		if len(tags) == 4 {
 			log.Infof("Detected tags: '%s' | '%s' | '%s'", tags[1], tags[2], tags[3])

@ -257,6 +247,16 @@ func publishDockerManifest() {
 		} else {
 			log.Fatal("Docker manifest will not be published, the specified tag does not conform to the standard")
 		}
+	} else if ciBranch != "master" && !publicRepo.MatchString(ciBranch) {
+		login(docker)
+		deployManifest(docker, ciBranch, ciBranch+"-amd64", ciBranch+"-arm32v7", ciBranch+"-arm64v8")
+	} else if ciBranch != "master" && publicRepo.MatchString(ciBranch) {
+		login(docker)
+		deployManifest(docker, "PR"+ciPullRequest, "PR"+ciPullRequest+"-amd64", "PR"+ciPullRequest+"-arm32v7", "PR"+ciPullRequest+"-arm64v8")
+	} else if ciBranch == "master" && ciPullRequest == "false" {
+		login(docker)
+		deployManifest(docker, "master", "master-amd64", "master-arm32v7", "master-arm64v8")
+		publishDockerReadme(docker)
 	} else {
 		log.Info("Docker manifest will not be published")
 	}