forgejo/releases/container-images-pull-verify-push.sh

123 lines
3 KiB
Bash
Raw Normal View History

[CI] Woodpecker based releases process (cherry picked from commit c2a7aaeee82293793b2740251dc5fd27dfb32ddb) (cherry picked from commit 6b6007fbced1cecb15aeb09e709b23855c43177e) (cherry picked from commit 63608a221e551a0e1822901be62f37a557622edd) (cherry picked from commit 5cfe60baa7a3d250458a8b562976f605357c806b) (cherry picked from commit 2af4c73d12a13ac5e0cd9bb02ff4195e3d88c47c) (cherry picked from commit 1985959bfea6df1cb965dc0a963d8fb49eddc2f3) (cherry picked from commit 880424c77ee46f7cfabccbf8eb546a66e05c0e1c) (cherry picked from commit c78a861d1bccc92df94ef01157ee3828b960063e) (cherry picked from commit 25c122701130c3cfce1e11e88ba0d0de8bc32dad) (cherry picked from commit 7195e894ee0dd348b02b034a0821c52f055c0eb9) (cherry picked from commit cf15153873f6007d233811faf171d0828461152b) (cherry picked from commit 9bee773c95298a65ad0df2e17eb11270b61191b6) (cherry picked from commit 581c3060da3561569c9b03c6931064b55438944c) (cherry picked from commit bf550f9b2c6fb09fba02c5884cf1206024780149) (cherry picked from commit b570eca0b950e94dc78a91b57391ed031dccefd4) [CI] implementation: Woodpecker based CI (squash) Upgrade xgo to Go v1.20 for building binaries (cherry picked from commit 6308c776b6e8fb8a904d08b178f61a7dab1ef971) [CI] v1.20: switch PR check from Woodpecker CI to Forgejo Actions The PR checks for v1.19 still rely on Woodpecker CI. Keeping .woodpecker in v1.20 while both Woodpecker CI & Forgejo Actions are enabled would dupicate the checks. The release process in releases remains Woodpecker CI. (cherry picked from commit 93e42f3f53da1084db21b354994449a32e4abca4) (cherry picked from commit 599c5162ad069fa5cb239a91486152cd47c77bf7) (cherry picked from commit 6f8b723a55277c1e15827dcdfaa9a0ffe3ea42b4)
2022-11-04 23:00:07 +00:00
#!/bin/sh
set -ex
: ${DOCKER_HOST:=unix:///var/run/docker.sock}
: ${ARCHS:=amd64 arm64}
: ${PULL_USER:=forgejo-integration}
if test "$CI_REPO" = "forgejo/release" ; then
: ${PUSH_USER:=forgejo}
else
: ${PUSH_USER:=forgejo-experimental}
fi
: ${INTEGRATION_IMAGE:=codeberg.org/$PULL_USER/forgejo}
: ${TAG:=${CI_COMMIT_TAG##v}}
: ${SHORT_TAG=${TAG%.*-*}}
: ${DOMAIN:=codeberg.org}
: ${TOKEN_HEADER:=/tmp/token$$}
trap "rm -f ${TOKEN_HEADER}" EXIT
: ${VERIFY:=true}
VERIFY_COMMAND='gitea --version'
VERIFY_STRING='built with'
publish() {
for suffix in '' '-rootless' ; do
images=""
for arch in $ARCHS ; do
#
# Get the image from the integration user
#
image=$(image_name $PULL_USER $suffix)
docker pull --platform linux/$arch $image
#
# Verify it is usable
#
if $VERIFY ; then
docker run --platform linux/$arch --rm $image $VERIFY_COMMAND | grep "$VERIFY_STRING"
fi
#
# Push the image with a tag reflecting the architecture to the repo owner
#
arch_image=$(arch_image_name $PUSH_USER $arch $suffix)
docker tag $image $arch_image
docker push $arch_image
images="$images $arch_image"
done
#
# Push a manifest with all the architectures to the repo owner
#
manifest=$(image_name $PUSH_USER $suffix)
docker manifest rm $manifest || true
docker manifest create $manifest $images
image_put $PUSH_USER $(image_tag $suffix) $manifest
image_put $PUSH_USER $(short_image_tag $suffix) $manifest
#
# Sanity check to ensure the manifest that are published can actualy
# be used.
#
for arch in $ARCHS ; do
docker pull --platform linux/$arch $(image_name $PUSH_USER $suffix)
docker pull --platform linux/$arch $(short_image_name $PUSH_USER $suffix)
done
done
}
boot() {
if docker version ; then
return
fi
apk --update --no-cache add coredns jq curl
( echo ".:53 {" ; echo " forward . /etc/resolv.conf"; echo "}" ) > /etc/coredns/Corefile
coredns -conf /etc/coredns/Corefile &
/usr/local/bin/dockerd --data-root /var/lib/docker --host=$DOCKER_HOST --dns 172.17.0.3 &
for i in $(seq 60) ; do
docker version && break
sleep 1
done
docker version || exit 1
}
authenticate() {
echo "$RELEASETEAMTOKEN" | docker login --password-stdin --username "$RELEASETEAMUSER" $DOMAIN
curl -u$RELEASETEAMUSER:$RELEASETEAMTOKEN -sS https://$DOMAIN/v2/token | jq --raw-output '"Authorization: token \(.token)"' > $TOKEN_HEADER
}
image_put() {
docker manifest inspect $3 > /tmp/manifest.json
curl -sS -H @$TOKEN_HEADER -X PUT --data-binary @/tmp/manifest.json https://$DOMAIN/v2/$1/forgejo/manifests/$2
}
main() {
boot
authenticate
publish
}
image_name() {
echo $DOMAIN/$1/forgejo:$(image_tag $2)
}
image_tag() {
echo $TAG$1
}
short_image_name() {
echo $DOMAIN/$1/forgejo:$(short_image_tag $2)
}
short_image_tag() {
echo $SHORT_TAG$1
}
arch_image_name() {
echo $DOMAIN/$1/forgejo:$(arch_image_tag $2 $3)
}
arch_image_tag() {
echo $TAG-$1$2
}
${@:-main}