2019-12-04 14:23:08 +00:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
set -e
|
|
|
|
[[ "$TRACE" ]] && set -x
|
|
|
|
|
|
|
|
function registry_login() {
|
|
|
|
if [[ -n "$CI_REGISTRY_USER" ]]; then
|
|
|
|
echo "Logging to GitLab Container Registry with CI credentials..."
|
|
|
|
docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
|
|
|
|
echo ""
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
function external_registry_login() {
|
|
|
|
if [[ -n "$DOCKER_USER" ]]; then
|
|
|
|
echo "Logging to External Registry..."
|
|
|
|
docker login -u "$DOCKER_USER" -p "$DOCKER_PASSWORD" "$DOCKER_REGISTRY"
|
|
|
|
echo ""
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
function setup_docker() {
|
|
|
|
if ! docker info &>/dev/null; then
|
|
|
|
if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then
|
|
|
|
export DOCKER_HOST='tcp://localhost:2375'
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2021-11-30 16:52:51 +00:00
|
|
|
function setup_docker_multi_arch() {
|
|
|
|
mkdir -p ~/.docker/cli-plugins/
|
|
|
|
current_system="$(uname -s | tr '[:upper:]' '[:lower:]')"
|
|
|
|
current_arch="$(uname -m)"
|
|
|
|
case $current_arch in
|
|
|
|
armv6*) current_arch="arm-v6";;
|
|
|
|
armv7*) current_arch="arm-v7";;
|
|
|
|
aarch64) current_arch="arm64";;
|
|
|
|
x86_64) current_arch="amd64";;
|
|
|
|
esac
|
|
|
|
curl --fail --location --silent "https://github.com/docker/buildx/releases/download/${BUILDX_VERSION}/buildx-${BUILDX_VERSION}.${current_system}-${current_arch}" --output ~/.docker/cli-plugins/docker-buildx
|
|
|
|
chmod a+x ~/.docker/cli-plugins/docker-buildx
|
|
|
|
docker context create multiarch
|
|
|
|
docker run --privileged --rm tonistiigi/binfmt --install all
|
|
|
|
docker buildx create --name multibuilder --use --platform $DOCKER_MULTI_ARCH multiarch
|
|
|
|
docker buildx inspect --bootstrap
|
|
|
|
}
|
|
|
|
|
2019-12-04 14:23:08 +00:00
|
|
|
function git_tag_on_success() {
|
|
|
|
local git_tag="${1:-dev}"
|
2021-11-30 16:58:56 +00:00
|
|
|
local target_branch="${2:-${CI_MAIN_BRANCH:-main}}"
|
2019-12-04 14:23:08 +00:00
|
|
|
|
|
|
|
if (
|
|
|
|
[ "$CI_COMMIT_REF_NAME" == "$target_branch" ] &&
|
|
|
|
[ -n "$GITLAB_API_TOKEN" ] &&
|
|
|
|
[ -z "$GIT_RESET_TAG" ]
|
|
|
|
); then
|
2020-01-08 14:58:53 +00:00
|
|
|
# wget from alpine:3.10 or docker:stable is buggy with SSL and proxy.
|
|
|
|
# So we install curl instead, if it isn't already installed
|
|
|
|
local curl_is_installed=$(which curl || true)
|
|
|
|
if [ -z "$curl_is_installed" ]; then
|
|
|
|
apk add --no-cache curl
|
|
|
|
fi
|
|
|
|
|
2019-12-04 14:23:08 +00:00
|
|
|
# (re)write Protected Tag
|
2020-01-08 14:58:53 +00:00
|
|
|
curl --silent --fail --output /dev/null --request DELETE --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "$CI_API_V4_URL/projects/$CI_PROJECT_ID/protected_tags/$git_tag" || true
|
|
|
|
curl --silent --fail --output /dev/null --request DELETE --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "$CI_API_V4_URL/projects/$CI_PROJECT_ID/repository/tags/$git_tag" || true
|
|
|
|
curl --silent --show-error --fail --output /dev/null --data "tag_name=$git_tag" --data "ref=$CI_COMMIT_SHA" --fail --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "$CI_API_V4_URL/projects/$CI_PROJECT_ID/repository/tags"
|
|
|
|
curl --silent --show-error --fail --output /dev/null --data "name=$git_tag" --data "create_access_level=0" --fail --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "$CI_API_V4_URL/projects/$CI_PROJECT_ID/protected_tags"
|
2019-12-04 14:23:08 +00:00
|
|
|
else
|
|
|
|
echo WARNING: \$GITLAB_API_TOKEN variable is missing
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
function registry_tag_on_success() {
|
|
|
|
local current_registry_tag="${1:-$CI_COMMIT_SHA}"
|
|
|
|
local target_registry_tag="${2:-dev}"
|
2021-11-30 16:58:56 +00:00
|
|
|
local target_branch="${3:-${CI_MAIN_BRANCH:-main}}"
|
2019-12-04 14:23:08 +00:00
|
|
|
local current_registry_image="${4:-$CI_REGISTRY_IMAGE/builds}"
|
|
|
|
local target_registry_image="${5:-$CI_REGISTRY_IMAGE}"
|
|
|
|
local target_external_registry_image="${6:-$DOCKER_REGISTRY_IMAGE}"
|
|
|
|
|
|
|
|
if [ "$CI_COMMIT_REF_NAME" == "$target_branch" ]; then
|
2021-11-30 16:52:51 +00:00
|
|
|
echo -e "FROM --platform=\$BUILDPLATFORM $current_registry_image:$current_registry_tag
|
|
|
|
" > Dockerfile.tmp
|
|
|
|
docker buildx build --compress --push --platform $DOCKER_MULTI_ARCH --tag "$target_registry_image:$target_registry_tag" $(if [ -n "$DOCKER_REGISTRY" ] && [ -n "$target_external_registry_image" ]; then echo "--tag $target_external_registry_image:$target_registry_tag"; fi) --file Dockerfile.tmp .
|
|
|
|
rm -f Dockerfile.tmp
|
2019-12-04 14:23:08 +00:00
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
# Reset the git repository to the target tag
|
|
|
|
#
|
|
|
|
# First argument pass to this function or the `GIT_RESET_TAG` CI variable
|
|
|
|
# must be set
|
|
|
|
# git_reset_from_tag dev
|
|
|
|
# or:
|
|
|
|
# GIT_RESET_TAG=dev
|
|
|
|
# git_reset_from_tag
|
|
|
|
function git_reset_from_tag() {
|
|
|
|
local git_target_tag="${1:-$GIT_RESET_TAG}"
|
|
|
|
|
|
|
|
if (
|
|
|
|
[ "$CI_PIPELINE_SOURCE" == "schedule" ] &&
|
|
|
|
[ -n "$git_target_tag" ] && [ "$GIT_STRATEGY" != "none" ] &&
|
|
|
|
[ -z "$CI_COMMIT_TAG" ]
|
|
|
|
); then
|
|
|
|
# Get specific tag
|
|
|
|
git reset --hard $git_target_tag
|
|
|
|
export CI_COMMIT_SHA=$(git rev-parse HEAD)
|
|
|
|
export CI_COMMIT_SHORT_SHA=$(git rev-parse --short HEAD)
|
|
|
|
else
|
|
|
|
echo NOTICE: Not a Scheduling Pipeline, skip the git tag reset stuff... # debug
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
# Get latest stable semantic versioning git tag
|
|
|
|
# from a specific git branch
|
|
|
|
#
|
|
|
|
# First argument pass to this function or the `CI_COMMIT_REF_NAME` CI variable
|
|
|
|
# must be set
|
|
|
|
# get_git_last_stable_tag 1-0-stable
|
|
|
|
# -> "v1.0.3"
|
|
|
|
# or:
|
|
|
|
# CI_COMMIT_REF_NAME=1-0-stable
|
|
|
|
# get_git_last_stable_tag
|
|
|
|
# -> "v1.0.3"
|
|
|
|
#
|
|
|
|
# see: https://semver.org
|
|
|
|
function get_git_last_stable_tag() {
|
|
|
|
local target_branch="${1:-$CI_COMMIT_REF_NAME}"
|
|
|
|
|
|
|
|
git fetch origin $target_branch
|
|
|
|
git checkout -f -q $target_branch
|
|
|
|
echo "$(git tag --merged $target_branch | grep -w '^v[0-9]\+\.[0-9]\+\.[0-9]\+$' | sort -r -V | head -n 1)"
|
|
|
|
}
|
|
|
|
|
|
|
|
# Useful for updating Docker images, on release/stable branches, but not the psu code
|
|
|
|
# See: https://docs.gitlab.com/ce/workflow/gitlab_flow.html#release-branches-with-gitlab-flow
|
2021-11-30 16:58:56 +00:00
|
|
|
# You can create a scheduled pipeline with a targeted git branch ("main", "1-0-stable", ...)
|
2019-12-04 14:23:08 +00:00
|
|
|
# and the CI variables below:
|
|
|
|
# "GIT_RESET_LAST_STABLE_TAG=true"
|
|
|
|
# "DOCKER_CACHE_DISABLED=true"
|
|
|
|
# "TEST_DISABLED=" # no value to unset this variable
|
|
|
|
# See: https://gitlab.com/help/user/project/pipelines/schedules
|
|
|
|
function git_reset_from_last_stable_tag() {
|
|
|
|
if [ "$GIT_RESET_LAST_STABLE_TAG" == "true" ]; then
|
2020-01-08 15:04:46 +00:00
|
|
|
local git_last_stable_tag="$(get_git_last_stable_tag)"
|
2019-12-04 14:23:08 +00:00
|
|
|
if [ -n "$git_last_stable_tag" ]; then
|
|
|
|
export CI_COMMIT_REF_PROTECTED="true"
|
|
|
|
export GIT_RESET_TAG="$git_last_stable_tag"
|
|
|
|
git_reset_from_tag
|
2020-01-09 09:16:27 +00:00
|
|
|
# NOTE: Setting $CI_COMMIT_TAG before calling 'git_reset_from_tag' will skip the git reset stuff
|
|
|
|
# So you must keep the line below after the 'git_reset_from_tag' call
|
|
|
|
export CI_COMMIT_TAG="$git_last_stable_tag"
|
2019-12-04 14:23:08 +00:00
|
|
|
else
|
|
|
|
echo WARNING: Last stable git tag not found
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
}
|
2020-01-08 15:09:03 +00:00
|
|
|
|
|
|
|
# Remove tag names that are matching the regex (Git SHA1), keep always at least 3 and remove those who are older than 8 days
|
|
|
|
# See: https://docs.gitlab.com/12.6/ee/api/container_registry.html#delete-repository-tags-in-bulk
|
|
|
|
function cleanup_registry() {
|
|
|
|
local registry_id="$1"
|
|
|
|
if [ -z "$registry_id" ]; then
|
|
|
|
echo "ERROR: No registry id given!"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
if [ -z "$GITLAB_API_TOKEN" ]; then
|
|
|
|
echo ERROR: \$GITLAB_API_TOKEN variable is missing
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
curl --silent --show-error --fail --output /dev/null --request DELETE --data-urlencode 'name_regex=^(.+-)?[0-9a-f]{40}$' --data 'keep_n=3' --data 'older_than=8d' --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "$CI_API_V4_URL/projects/$CI_PROJECT_ID/registry/repositories/$registry_id/tags"
|
|
|
|
}
|
|
|
|
|
|
|
|
# Can be execute only one time per hour
|
|
|
|
function cleanup_registries() {
|
|
|
|
# wget from alpine:3.10 or docker:stable is buggy with SSL and proxy.
|
|
|
|
# So we install curl instead, if it isn't already installed
|
|
|
|
local curl_is_installed=$(which curl || true)
|
|
|
|
if [ -z "$curl_is_installed" ]; then
|
|
|
|
apk add --no-cache curl
|
|
|
|
fi
|
|
|
|
|
|
|
|
local jq_is_installed=$(which jq || true)
|
|
|
|
if [ -z "$jq_is_installed" ]; then
|
|
|
|
apk add --no-cache jq
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -z "$GITLAB_API_TOKEN" ]; then
|
|
|
|
echo ERROR: \$GITLAB_API_TOKEN variable is missing
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
local result=$(curl --silent --show-error --fail --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "$CI_API_V4_URL/projects/$CI_PROJECT_ID/registry/repositories?per_page=100")
|
|
|
|
local ci_registry_ids=$(echo "$result" | jq -r '.[] .id')
|
|
|
|
for ci_registry_id in $ci_registry_ids; do
|
|
|
|
echo "INFO: Cleaning registry id '$ci_registry_id' for the project id '$CI_PROJECT_ID'..."
|
|
|
|
cleanup_registry $ci_registry_id
|
|
|
|
done
|
|
|
|
}
|