forked from goharbor/harbor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathintegration.sh
executable file
·224 lines (202 loc) · 8.9 KB
/
integration.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
#!/bin/bash
# Copyright Project Harbor Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
set -x
gsutil version -l
set +x
docker-compose version
## -------------------------------------------- Pre-condition --------------------------------------------
if [[ $DRONE_REPO != "goharbor/harbor" ]]; then
echo "Only run tests again Harbor Repo."
exit 1
fi
# It won't package an new harbor build against tag, just pick up a build which passed CI and push to release.
if [[ $DRONE_BUILD_EVENT == "tag" || $DRONE_BUILD_EVENT == "pull_request" ]]; then
echo "We do nothing against 'tag' and 'pull request'."
exit 0
fi
## --------------------------------------------- Init Env -------------------------------------------------
dpkg -l > package.list
# Start Xvfb for Chrome headlesss
Xvfb -ac :99 -screen 0 1280x1024x16 & export DISPLAY=:99
export DRONE_SERVER=$DRONE_SERVER
export DRONE_TOKEN=$DRONE_TOKEN
upload_build=false
nightly_run=false
upload_latest_build=false
upload_bundle_success=false
latest_build_file='latest.build'
publish_npm=true
harbor_offline_build_bundle=""
harbor_online_build_bundle=""
harbor_logs_bucket="harbor-ci-logs"
harbor_builds_bucket="harbor-builds"
harbor_releases_bucket="harbor-releases"
harbor_ci_pipeline_store_bucket="harbor-ci-pipeline-store/latest"
harbor_target_bucket=""
if [[ $DRONE_BRANCH == "master" ]]; then
harbor_target_bucket=$harbor_builds_bucket
else
harbor_target_bucket=$harbor_releases_bucket/$DRONE_BRANCH
fi
# GC credentials
keyfile="/root/harbor-ci-logs.key"
botofile="/root/.boto"
echo -n $GS_PRIVATE_KEY > $keyfile
chmod 400 $keyfile
echo "[Credentials]" >> $botofile
echo "gs_service_key_file = $keyfile" >> $botofile
echo "gs_service_client_id = $GS_CLIENT_EMAIL" >> $botofile
echo "[GSUtil]" >> $botofile
echo "content_language = en" >> $botofile
echo "default_project_id = $GS_PROJECT_ID" >> $botofile
container_ip=`ip addr s eth0 |grep "inet "|awk '{print $2}' |awk -F "/" '{print $1}'`
echo $container_ip
## --------------------------------------------- Init Version -----------------------------------------------
buildinfo=$(drone build info goharbor/harbor $DRONE_BUILD_NUMBER)
echo $buildinfo
# the target release version is the version of next release(RC or GA). It needs to be updated on creating new release branch.
target_release_version=$(cat ./VERSION)
# the harbor package version is for both online and offline installer.
# harbor-offline-installer-v1.5.2-build.8.tgz
Harbor_Package_Version=$target_release_version-'build.'$DRONE_BUILD_NUMBER
# the harbor assets version is for tag of harbor images:
# 1, On master branch, it's same as package version.
# 2, On release branch(others), it would set to the target realese version so that we can rename the latest passed CI build to publish.
if [[ $DRONE_BRANCH == "master" ]]; then
Harbor_Assets_Version=$Harbor_Package_Version
else
Harbor_Assets_Version=$target_release_version
fi
export Harbor_Assets_Version=$Harbor_Assets_Version
# the env is for online and offline package.
export Harbor_Package_Version=$Harbor_Package_Version
export NPM_REGISTRY=$NPM_REGISTRY
# release branch must have their own base image with branch name, master and others will use the dev as base.
if [[ $DRONE_BRANCH == "release-"* ]]; then
Harbor_Build_Base_Tag=$target_release_version
else
Harbor_Build_Base_Tag=dev
fi
export Harbor_Build_Base_Tag=$Harbor_Build_Base_Tag
echo "--------------------------------------------------"
echo "Harbor Package version: $Harbor_Package_Version"
echo "Harbor Assets version: $Harbor_Assets_Version"
echo "Harbor Build Base tag: $Harbor_Build_Base_Tag"
echo "--------------------------------------------------"
# GS util
function uploader {
gsutil cp $1 gs://$2/$1
gsutil -D setacl public-read gs://$2/$1 &> /dev/null
}
function package_installer {
echo "Package Harbor offline installer."
robot --removekeywords TAG:secret --include Bundle tests/robot-cases/Group0-Distro-Harbor
harbor_offline_build_bundle=$(basename harbor-offline-installer-*.tgz)
harbor_online_build_bundle=$(basename harbor-online-installer-*.tgz)
upload_build=true
echo "Package name is: $harbor_offline_build_bundle"
du -ks $harbor_offline_build_bundle | awk '{print $1 / 1024}' | { read x; echo $x MB; }
}
# publish images to Docker Hub
function publishImage {
echo "Publishing images to Docker Hub..."
echo "The images on the host:"
# for master, will use 'dev' as the tag name
# for release-*, will use 'release-*-dev' as the tag name, like release-v1.8.0-dev
if [[ $DRONE_BRANCH == "master" ]]; then
image_tag=dev
fi
if [[ $DRONE_BRANCH == "release-"* ]]; then
image_tag=$Harbor_Assets_Version-dev
fi
# rename the images with tag "dev" and push to Docker Hub
docker images
docker login -u $DOCKER_HUB_USERNAME -p $DOCKER_HUB_PASSWORD
docker images | grep goharbor | grep -v "\-base" | sed -n "s|\(goharbor/[-._a-z0-9]*\)\s*\(.*$Harbor_Assets_Version\).*|docker tag \1:\2 \1:$image_tag;docker push \1:$image_tag|p" | bash
echo "Images are published successfully"
docker images
}
echo "--------------------------------------------------"
echo "Running CI for $DRONE_BUILD_EVENT on $DRONE_BRANCH"
echo "--------------------------------------------------"
##
# Any merge code(PUSH) on branch master, release-* will trigger package offline installer.
#
# Put code here is because that it needs clean code to build installer.
##
if [[ $DRONE_BRANCH == "master" || $DRONE_BRANCH == *"refs/tags"* || $DRONE_BRANCH == "release-"* ]]; then
if [[ $DRONE_BUILD_EVENT == "push" ]]; then
package_installer
upload_latest_build=true
echo -en "$HARBOR_SIGN_KEY" | gpg --import
gpg -v -ab -u $HARBOR_SIGN_KEY_ID $harbor_offline_build_bundle
gpg -v -ab -u $HARBOR_SIGN_KEY_ID $harbor_online_build_bundle
fi
fi
## --------------------------------------------- Upload Harbor Bundle File ---------------------------------------
#
# Build storage structure:
#
# 1(master), harbor-builds/harbor-offline-installer-*.tgz
# latest.build
# harbor-offline-installer-latest.tgz
# 2(others), harbor-releases/${branch}/harbor-offline-installer-*.tgz
# latest.build
# harbor-offline-installer-latest.tgz
#
set -e
if [ $upload_build == true ]; then
cp ${harbor_offline_build_bundle} harbor-offline-installer-latest.tgz
cp ${harbor_offline_build_bundle}.asc harbor-offline-installer-latest.tgz.asc
uploader ${harbor_offline_build_bundle} $harbor_target_bucket
uploader ${harbor_offline_build_bundle}.asc $harbor_target_bucket
uploader ${harbor_online_build_bundle} $harbor_target_bucket
uploader ${harbor_online_build_bundle}.asc $harbor_target_bucket
uploader harbor-offline-installer-latest.tgz $harbor_target_bucket
uploader harbor-offline-installer-latest.tgz.asc $harbor_target_bucket
upload_bundle_success=true
fi
## --------------------------------------------- Upload Harbor Dev Images ---------------------------------------
#
# Any merge code(PUSH) on branch master, release-* will trigger push dev images.
#
##
if [[ $DRONE_BRANCH == "master" || $DRONE_BRANCH == "release-"* ]]; then
if [[ $DRONE_BUILD_EVENT == "push" ]]; then
publishImage
fi
fi
## --------------------------------------------- Upload Harbor Latest Build File ----------------------------------
#
# latest.build file holds the latest offline installer url, it must be sure that the installer has been uploaded successfull.
#
if [ $upload_latest_build == true ] && [ $upload_bundle_success == true ]; then
echo 'https://storage.googleapis.com/'$harbor_target_bucket/$harbor_offline_build_bundle > $latest_build_file
uploader $latest_build_file $harbor_target_bucket
fi
## --------------------------------------------- Upload securego results ------------------------------------------
#if [ $DRONE_BUILD_EVENT == "push" ]; then
# go get github.com/securego/gosec/cmd/gosec
# go get github.com/dghubble/sling
# make gosec -e GOSECRESULTS=harbor-gosec-results-latest.json
# echo $git_commit > ./harbor-gosec-results-latest-version
# uploader harbor-gosec-results-latest.json $harbor_target_bucket
# uploader harbor-gosec-results-latest-version $harbor_target_bucket
#fi
## ------------------------------------------------ Tear Down -----------------------------------------------------
if [ -f "$keyfile" ]; then
rm -f $keyfile
fi