/
registry-push.yml
104 lines (95 loc) · 3.82 KB
/
registry-push.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
---
- name: Login to registry
shell: |
docker login -u {{ registry.username }} -p {{ registry.password }} {{ registry.host }}
no_log: true
when: "registry.auth_url is defined and registry.auth_url != 'unused'"
# Workaround for https://github.com/ansible/ansible/issues/32868
- name: Validate target registry login
block:
- name: attempt a push to the logged in registry
shell: >
docker build -t {{ registry.host }}/{{ registry.namespace }}/nop - &&
docker push {{ registry.host }}/{{ registry.namespace }}/nop
args:
stdin: |
FROM scratch
CMD touch foo
ENTRYPOINT ""
rescue:
- debug:
msg: |
The workaround to test login failed, but we've seen it failing before and other push operation passing.
We'll leave this rescue branch until the workaround is fixed, so we don't fail but we don't forget
always:
- name: locally remove validation container
shell: |
docker rmi {{ registry.host }}/{{ registry.namespace }}/nop || true
- name: Create public empty repositories on registry
uri:
url: "https://{{ registry.host }}/api/v1/repository"
method: POST
body_format: json
body:
namespace: "{{ registry.namespace }}"
repository: "{{ container_name_prefix }}-{{ item }}"
description: "TripleO container for {{ container_name_prefix }}-{{ item }}"
visibility: public
headers:
Authorization: "Bearer {{ registry.token }}"
Content-Type: "application/json"
status_code:
- 400
- 201
loop: "{{ built_images.stdout_lines }}"
register: image_result
until: image_result is success
retries: 2
when: registry.create_repo|default(false)|bool
# Nested loop order here is on purpose, so we push first all the images with the full hash, then we tag with the named label.
- name: Tag and push images to registry
no_log: true
docker_image:
name: "{{ source_registry.host }}/{{ source_registry.namespace }}/{{ item[1] }}"
tag: "{{ item[0] }}"
repository: "{{ registry.host }}/{{ registry.namespace }}/{{ item[1] }}"
push: yes
source: local
# This force-tag is absolutely needed, if image exists with this tag,
# docker_image will not try a push without this flag
force_tag: yes
with_nested:
- ["{{ full_hash }}", "{{ named_label }}"]
- "{{ built_images.stdout_lines }}"
register: pushed
retries: 3
tags:
- dockerhub_push
# Create and push container manifests to registry.host with _x86_64 and ppc64le
# tagged containers. Disabled by default https://tree.taiga.io/project/tripleo-ci-board/task/1394
# Multi arch manifest is only compatible with v2_s2 API schema
- name: 'Push {{ x86_tag }} {{ ppc_tag }} containers and manifests to {{ registry.host }}'
include_tasks: manifest-push.yml
when:
- "manifest_push|default(false)|bool"
- "registry.schema|default('v2_s1') == 'v2_s2'"
- name: Check if images were pushed # noqa 301
vars:
containers_file: "{{- tmp_file_root -}}/containers_pushed_list.txt"
missing_containers_file: "{{- tmp_file_root -}}/containers_missed_list.txt"
command: "bash {{ tmp_file_root }}/generate_list.sh target {{ containers_file }} {{ missing_containers_file }}"
- name: Check if images are not pushed
stat:
path: '{{- tmp_file_root -}}/containers_missed_list.txt'
register: missing_containers_stat
- name: "Fail if there are missing containers"
fail:
msg: "There are missing containers"
when: "missing_containers_stat.stat.size > 0"
- name: Add pushed containers to the cleanup list
no_log: true
set_fact:
pushed_containers: "{{ pushed_containers + [item.invocation.module_args.repository + ':' + item.invocation.module_args.tag] }}"
loop: "{{ pushed.results }}"
loop_control:
label: "{{ item.invocation.module_args.repository + ':' + item.invocation.module_args.tag }}"