CI: reworked using creds helper

2024-11-27 18:48:12 +03:00 · 2024-11-27 18:48:12 +03:00 · 54eafe8709
commit 54eafe8709
parent 570f636aef
6 changed files with 31 additions and 37 deletions
--- a/.ci/image.sh
+++ b/.ci/image.sh
@ -5,14 +5,14 @@ set -a
 . .ci/lib.sh
 set +a
-echo "Setting authentication for $HARBOR_REGISTRY"
+echo && echo "Setting authentication for $HARBOR_REGISTRY"
-setRegistryAuth "$KANIKO_AUTH_FILE" "$HARBOR_REGISTRY" "$HARBOR_CREDS"
+authfile='/kaniko/.docker/config.json'
 setRegistryAuth "$authfile" "$HARBOR_REGISTRY" "$HARBOR_CREDS"
 image="$APP_NAME/$APP_COMPONENT:$APP_VERSION"
 dockerfile="./Dockerfile"
-echo "Building $image image"
+echo && echo "Building $image image"
 executor -c ./ -f "$dockerfile" -d "$HARBOR_REGISTRY/$image"
-echo 'Done'
+echo && echo 'Done'
--- a/.ci/lib.sh
+++ b/.ci/lib.sh
@ -66,6 +66,16 @@ setRegistryAuth () {
    unset auth auths
 }
 # $1 - configuration file
 # $2 - registry
 # $3 - creds helper
 setRegistryCredHelper () {
    helpers=$(printf '{"credHelpers":{"%s":"%s"}}' "$2" "$3")
    printf '%s' "$helpers" > "$1"
    unset helpers
 }
 # AWS_ACCESS_KEY_ID - login
 # AWS_SECRET_ACCESS_KEY - password
 # $1 - file with token
--- a/.ci/login-ecr.sh
+++ b/.ci/login-ecr.sh
@ -1,12 +0,0 @@
 #!/bin/sh
 set -eu
 set -a
 . .ci/lib.sh
 set +a
 echo Obtaining AWS Public ECR credentials
 setAwsEcrCreds "$AWS_CREDS_FILE"
 echo Done
--- a/.ci/publish-external.sh
+++ b/.ci/publish-external.sh
@ -7,13 +7,17 @@ set +a
 src_image="$HARBOR_REGISTRY/$APP_NAME/$APP_COMPONENT:$APP_VERSION"
 dst_image="$DEST_REGISTRY/$EXTERNAL_REGISTRY_NAMESPACE/$APP_NAME-$APP_COMPONENT:$APP_VERSION"
 dst_authfile="$HOME/auth.json"
 echo && echo "Setting authentication for $DEST_REGISTRY"
 if printf '%s' "$DEST_REGISTRY" | grep -q "ecr.aws"; then
  setRegistryCredHelper "$dst_authfile" "$DEST_REGISTRY" 'ecr-login'
  dst_image="$DEST_REGISTRY/$EXTERNAL_REGISTRY_NAMESPACE/$APP_NAME/$APP_COMPONENT:$APP_VERSION"
-  DEST_CREDS=$(cat "$AWS_CREDS_FILE")
+else
  setRegistryAuth "$dst_authfile" "$DEST_REGISTRY" "$DEST_CREDS"
 fi
-echo "Pushing $dst_image"
+echo && echo "Pushing $dst_image"
-retry 2 skopeo copy --dest-creds="$DEST_CREDS" "docker://$src_image" "docker://$dst_image"
+retry 2 skopeo copy "docker://$src_image" "docker://$dst_image" --dest-authfile="$dst_authfile"
-echo 'Done'
+echo && echo 'Done'
--- a/.ci/set-env.sh
+++ b/.ci/set-env.sh
@ -5,7 +5,7 @@ set -a
 . .ci/lib.sh
 set +a
-echo Setting up environment
+echo && echo 'Setting up environment'
 app_name='mongodb'
 printf 'APP_NAME=%s\n' "$app_name" >> "$CI_ENV_FILE"
@ -18,9 +18,6 @@ printf 'APP_VERSION=%s\n' "$(getAppVersion)" >> "$CI_ENV_FILE"
 printf 'HARBOR_REGISTRY=%s\n' 'harbor.flakybit.net' >> "$CI_ENV_FILE"
 printf 'EXTERNAL_REGISTRY_NAMESPACE=%s\n' 'flakybitnet' >> "$CI_ENV_FILE"
 printf 'KANIKO_AUTH_FILE=%s\n' '/kaniko/.docker/config.json' >> "$CI_ENV_FILE"
 printf 'AWS_CREDS_FILE=%s\n' '.ci/aws-ecr-creds' >> "$CI_ENV_FILE"
 cat "$CI_ENV_FILE"
-echo Done
+echo && echo 'Done'
--- a/.woodpecker.yaml
+++ b/.woodpecker.yaml
@ -5,8 +5,7 @@
 variables:
  - &debian_image 'public.ecr.aws/docker/library/debian:bookworm-slim'
  - &kaniko_image "gcr.io/kaniko-project/executor:v1.23.2-debug"
-  - &skopeo_image "quay.io/containers/skopeo:v1.15.2"
+  - &skopeo_image "public.ecr.aws/flakybitnet/skopeo:1.16.1-fb1"
  - &awscli_image "public.ecr.aws/aws-cli/aws-cli:2.17.42"
 when:
  - branch: main
@ -40,6 +39,7 @@ steps:
  publish-quay:
    when:
      evaluate: '(RUN_PHASES == "" || "publish-quay" in split(RUN_PHASES, ",")) && (CI_COMMIT_TAG != "" || CI_MANUAL_TAG != "")'
    failure: ignore
    image: *skopeo_image
    environment:
      DEST_REGISTRY: quay.io
@ -50,6 +50,7 @@ steps:
  publish-ghcr:
    when:
      evaluate: '(RUN_PHASES == "" || "publish-ghcr" in split(RUN_PHASES, ",")) && (CI_COMMIT_TAG != "" || CI_MANUAL_TAG != "")'
    failure: ignore
    image: *skopeo_image
    environment:
      DEST_REGISTRY: ghcr.io
@ -57,22 +58,16 @@ steps:
        from_secret: fb_ghcr_creds
    commands:
      - .ci/publish-external.sh
-  login-ecr:
+  publish-ecr:
    when:
      evaluate: '(RUN_PHASES == "" || "publish-ecr" in split(RUN_PHASES, ",")) && (CI_COMMIT_TAG != "" || CI_MANUAL_TAG != "")'
-    image: *awscli_image
+    failure: ignore
    environment:
      DEST_REGISTRY: public.ecr.aws
      AWS_ACCESS_KEY_ID:
        from_secret: fb_ecr_key_id
      AWS_SECRET_ACCESS_KEY:
        from_secret: fb_ecr_key
    commands:
      - .ci/login-ecr.sh
  publish-ecr:
    environment:
      DEST_REGISTRY: public.ecr.aws
    when:
      evaluate: '(RUN_PHASES == "" || "publish-ecr" in split(RUN_PHASES, ",")) && (CI_COMMIT_TAG != "" || CI_MANUAL_TAG != "")'
    image: *skopeo_image
    commands:
      - .ci/publish-external.sh