Enable TC builds with dockerhub uploads

The dockerhub credentials are stored in a tc secret repo:github.com/mozilla-releng/funsize-balrogworker:branch:master
mozilla-releng · Jul 13, 2016 · c5f951b · c5f951b · TaskClusterRobot · Jul 13, 2016
1 parent cc412d9
commit c5f951b
Show file tree

Hide file tree

Showing 6 changed files with 76 additions and 15 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,3 @@
-Dockerfile
+my_Dockerfile
 .idea/*
 scriptworker/*
diff --git a/.taskcluster.yml b/.taskcluster.yml
@@ -17,8 +17,10 @@ tasks:
       command:
         - "/bin/bash"
         - "-c"
-        - "git clone $GITHUB_HEAD_REPO_URL && cd funsize-balrog-scriptworker && git checkout $GITHUB_HEAD_BRANCH && \
-           make update_pubkeys && make build"
+        - "git clone $GITHUB_HEAD_REPO_URL && cd funsize-balrogworker && git checkout $GITHUB_HEAD_BRANCH && \
+           ./tc_build.sh"
+    scopes:
+      - secrets:get:repo:github.com/mozilla-releng/funsize-balrogworker:branch:master
     extra:
       github:
         env: true

diff --git a/sample_Dockerfile → Dockerfile b/sample_Dockerfile → Dockerfile
@@ -34,12 +34,12 @@ ENV         USER                        app
 ENV         LOGNAME                     app
 
 # ENVVARS for authentication
-ENV         TASKCLUSTER_CLIENT_ID       *clientId
-ENV         TASKCLUSTER_ACCESS_TOKEN    *AccessToken
-ENV         SCRIPTWORKER_WORKER_ID      *dummy-worker-francis3
-ENV         BALROG_API_ROOT             *not-balrog-vpn-proxy
-ENV         BALROG_USERNAME             *username
-ENV         BALROG_PASSWORD             *password
-ENV         S3_BUCKET                   *bucketwalrus
-ENV         AWS_ACCESS_KEY_ID           *awskeyid
-ENV         AWS_SECRET_ACCESS_KEY       *awssecret
+#ENV         TASKCLUSTER_CLIENT_ID       *clientId
+#ENV         TASKCLUSTER_ACCESS_TOKEN    *AccessToken
+#ENV         SCRIPTWORKER_WORKER_ID      *dummy-worker-francis3
+#ENV         BALROG_API_ROOT             *not-balrog-vpn-proxy
+#ENV         BALROG_USERNAME             *username
+#ENV         BALROG_PASSWORD             *password
+#ENV         S3_BUCKET                   *bucketwalrus
+#ENV         AWS_ACCESS_KEY_ID           *awskeyid
+#ENV         AWS_SECRET_ACCESS_KEY       *awssecret
diff --git a/README.md b/README.md
@@ -2,6 +2,9 @@
 
 ## Installation
 
+The application is dockerized and can be built and run with the following
+commands. 
+
 ```bash
 make update_pubkeys
 make build
@@ -12,12 +15,14 @@ Note, currently scriptworker is installed from the head of the
 [github repo](https://github.com/escapewindow/scriptworker). 
 
 ## Configuration
-In the dockerfile, the following environment variables need to be set:
-(They can be found in the sample_Dockerfile)
+At runtime, the following environment variables need to be set:
 
+Scriptworker Specfic:
 - TASKCLUSTER_CLIENT_ID
 - TASKCLUSTER_ACCESS_TOKEN
 - SCRIPTWORKER_WORKER_ID
+
+Balrog Specific:
 - BALROG_API_ROOT
 - BALROG_USERNAME
 - BALROG_PASSWORD
@@ -36,6 +41,6 @@ The task schema that the program expects is:
 ```json
 "payload": {
     "parent_task_artifacts_url": "https://queue.taskcluster.net/v1/task/<taskID>/artifacts/public/env",
-    "signing_cert": ("nightly","release","dep")
+    "signing_cert": ["nightly","release","dep"] # (Pick one)
 }
 ```
diff --git a/tc_build.sh b/tc_build.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+
+set -e
+
+echo "Setting up credentials"
+password_url="taskcluster/secrets/v1/secret/repo:github.com/mozilla-releng/funsize-balrogworker:branch:master"
+artifact_url="taskcluster/queue/v1/task/${TASK_ID}/runs/${RUN_ID}/artifacts/public/docker-image-shasum256.txt"
+artifact_expiry=$(date -d "+1 year" -u +%FT%TZ)
+dockerhub_email=fkang@mozilla.com
+dockerhub_username=fkang
+dockerhub_password=$(curl ${password_url} | python -c 'import json, sys; a = json.load(sys.stdin); print a["secret"]["dockerhub_password"]')
+
+
+if [ -z $dockerhub_password ]; then
+    echo "Dockerhub password not set, can't continue!"
+    exit 1
+fi
+
+echo "Retrieving version info"
+commit=$(git rev-parse HEAD)
+version=$(cat version.txt)
+branch=$(git rev-parse --abbrev-ref HEAD)
+date=$(date --utc +%Y-%m-%d-%H-%M)
+
+echo "{
+    \"commit\": \"${commit}\",
+    \"version\": \"${version}\",
+    \"source\": \"https://github.com/mozilla-releng/funsize-balrogworker\",
+    \"build\": \"https://tools.taskcluster.net/task-inspector/#${TASK_ID}\"
+}" > version.json
+
+
+branch_tag="${branch}"
+if [ "$branch" == "master" ]; then
+    branch_tag="latest"
+fi
+date_tag="${branch}-${date}"
+
+echo "Building Docker image"
+docker build -t fkang/funsize-balrogworker:${branch_tag} .
+echo "Tagging Docker image with date tag"
+docker tag fkang/funsize-balrogworker:${branch_tag} "fkang/funsize-balrogworker:${date_tag}"
+echo "Logging into Dockerhub"
+docker login -e $dockerhub_email -u $dockerhub_username -p $dockerhub_password
+echo "Pushing Docker image"
+docker push fkang/funsize-balrogworker:${branch_tag}
+docker push fkang/funsize-balrogworker:${date_tag}
+
+sha256=$(docker images --no-trunc fkang/funsize-balrogworker | grep "${date_tag}" | awk '/^fkang/ {print $3}')
+echo "SHA256 is ${sha256}, creating artifact for it"
+put_url=$(curl --retry 5 --retry-delay 5 --data "{\"storageType\": \"s3\", \"contentType\": \"text/plain\", \"expires\": \"${artifact_expiry}\"}" ${artifact_url} | python -c 'import json; import sys; print json.load(sys.stdin)["putUrl"]')
+curl --retry 5 --retry-delay 5 -X PUT -H "Content-Type: text/plain" --data "${sha256}" "${put_url}"
+echo 'Artifact created, all done!'
diff --git a/version.txt b/version.txt
@@ -0,0 +1 @@
+0.0.1