This commit is contained in:
parent
de45646be1
commit
c5402555a4
3 changed files with 213 additions and 26 deletions
36
.drone.yml
36
.drone.yml
|
@ -21,25 +21,25 @@ steps:
|
|||
commands:
|
||||
# - set
|
||||
# - nix run .#login
|
||||
- echo -n "$${PLUGIN_PASSWORD}" | podman login --username $${PLUGIN_USERNAME} --password-stdin $${PLUGIN_REGISTRY}
|
||||
# - echo -n "$${PLUGIN_PASSWORD}" | podman login --username $${PLUGIN_USERNAME} --password-stdin $${PLUGIN_REGISTRY}
|
||||
- nix build .#nixos-runner
|
||||
# - nix run .#push-container -- result
|
||||
- podman load --input result | sed -n -e "s/Loaded image:.\\(.*\\)/\\1/p" > loaded-image
|
||||
- cat loaded-image
|
||||
- podman images
|
||||
- podman tag "$$(<loaded-image)" "$${PLUGIN_REGISTRY}/$${PLUGIN_REPOSITORY}:$${DRONE_BUILD_NUMBER}-$${DRONE_COMMIT_SHA:0:8}"
|
||||
- podman tag "$$(<loaded-image)" "$${PLUGIN_REGISTRY}/$${PLUGIN_REPOSITORY}:latest"
|
||||
- podman images
|
||||
- podman push "$${PLUGIN_REGISTRY}/$${PLUGIN_REPOSITORY}:$${DRONE_BUILD_NUMBER}-$${DRONE_COMMIT_SHA:0:8}"
|
||||
- podman push "$${PLUGIN_REGISTRY}/$${PLUGIN_REPOSITORY}:latest"
|
||||
- podman logout "$${PLUGIN_REGISTRY}"
|
||||
env:
|
||||
REGISTRY: docker.io
|
||||
REPOSITORY: jcollie/nixos-runner
|
||||
USERNAME:
|
||||
from_secret: docker_username
|
||||
PASSWORD:
|
||||
from_secret: docker_password
|
||||
- nix run .#regctl-push-container -- result
|
||||
# - podman load --input result | sed -n -e "s/Loaded image:.\\(.*\\)/\\1/p" > loaded-image
|
||||
# - cat loaded-image
|
||||
# - podman images
|
||||
# - podman tag "$$(<loaded-image)" "$${PLUGIN_REGISTRY}/$${PLUGIN_REPOSITORY}:$${DRONE_BUILD_NUMBER}-$${DRONE_COMMIT_SHA:0:8}"
|
||||
# - podman tag "$$(<loaded-image)" "$${PLUGIN_REGISTRY}/$${PLUGIN_REPOSITORY}:latest"
|
||||
# - podman images
|
||||
# - podman push "$${PLUGIN_REGISTRY}/$${PLUGIN_REPOSITORY}:$${DRONE_BUILD_NUMBER}-$${DRONE_COMMIT_SHA:0:8}"
|
||||
# - podman push "$${PLUGIN_REGISTRY}/$${PLUGIN_REPOSITORY}:latest"
|
||||
# - podman logout "$${PLUGIN_REGISTRY}"
|
||||
# env:
|
||||
# REGISTRY: docker.io
|
||||
# REPOSITORY: jcollie/nixos-runner
|
||||
# USERNAME:
|
||||
# from_secret: docker_username
|
||||
# PASSWORD:
|
||||
# from_secret: docker_password
|
||||
settings:
|
||||
registry: docker.io
|
||||
repository: jcollie/nixos-runner
|
||||
|
|
34
flake.nix
34
flake.nix
|
@ -55,9 +55,9 @@
|
|||
|
||||
docker-client
|
||||
|
||||
self.packages.${system}.login-script
|
||||
self.packages.${system}.podman-push-container
|
||||
self.packages.${system}.docker-push-container
|
||||
self.packages.${system}.regctl-push-container
|
||||
];
|
||||
|
||||
flake-registry = null;
|
||||
|
@ -414,18 +414,36 @@
|
|||
(builtins.readFile ./push-container.nu);
|
||||
executable = true;
|
||||
};
|
||||
login-script = pkgs.writeScriptBin "login-script" ''
|
||||
echo -n "''${PLUGIN_PASSWORD}" | ${pkgs.podman}/bin/podman login --username "''${PLUGIN_USERNAME}" --password-stdin "''${PLUGIN_REGISTRY}"
|
||||
'';
|
||||
regctl-push-container = pkgs.writeTextFile {
|
||||
name = "regctl-push-container";
|
||||
destination = "/bin/regctl-push-container";
|
||||
text = builtins.replaceStrings
|
||||
[
|
||||
"@nushell@"
|
||||
"@regctl@"
|
||||
"@gzip@"
|
||||
]
|
||||
[
|
||||
"${pkgs.nushell}/bin/nu"
|
||||
"${pkgs.regctl}/bin/regctl"
|
||||
"${pkgs.gzip}/bin/gzip"
|
||||
]
|
||||
(builtins.readFile ./regctl-push-container.nu);
|
||||
executable = true;
|
||||
};
|
||||
};
|
||||
apps = {
|
||||
push-container = {
|
||||
podman-push-container = {
|
||||
type = "app";
|
||||
program = "${self.packages.${system}.push-container}/bin/push-container";
|
||||
program = "${self.packages.${system}.podman-push-container}/bin/podman-push-container";
|
||||
};
|
||||
login = {
|
||||
docker-push-container = {
|
||||
type = "app";
|
||||
program = "${self.packages.${system}.login-script}/bin/login-script";
|
||||
program = "${self.packages.${system}.docker-push-container}/bin/docker-push-container";
|
||||
};
|
||||
regctl-push-container = {
|
||||
type = "app";
|
||||
program = "${self.packages.${system}.regctl-push-container}/bin/regctl-push-container";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
169
regctl-push-container.nu
Normal file
169
regctl-push-container.nu
Normal file
|
@ -0,0 +1,169 @@
|
|||
#!@nushell@
|
||||
def main [
|
||||
input: string # tar.gz file containing container image to be pushed to repository
|
||||
...tags: string # Tags to be added to pushed container image
|
||||
--username: string = "" # username
|
||||
--password: string = "" # password
|
||||
--registry: string = "" # container registry
|
||||
--repository: string = "" # container repository
|
||||
--no-latest-tag # Don't add "latest" tag to list of tags
|
||||
--no-drone-tag # Don't add tag calculated from DRONE_BUILD_NUMBER and DRONE_COMMIT_SHA
|
||||
--no-github-tag # Don't add tag calculated from GITHUB_RUN_NUMBER and GITHUB_SHA
|
||||
] {
|
||||
if not ($input | path exists) {
|
||||
print $"($input) does not exist!"
|
||||
exit 1
|
||||
}
|
||||
|
||||
let tags = if not ($env | get -i PLUGIN_TAGS | is-empty) {
|
||||
$tags | append ($env.PLUGIN_TAGS | split row ',' | str trim)
|
||||
} else {
|
||||
$tags
|
||||
}
|
||||
|
||||
let tags = if (
|
||||
(not $no_github_tag)
|
||||
and
|
||||
(not ($env | get -i GITHUB_RUN_NUMBER | is-empty))
|
||||
and
|
||||
(not ($env | get -i GITHUB_SHA | is-empty))
|
||||
) {
|
||||
$tags | append $"($env.GITHUB_RUN_NUMBER)-($env.GITHUB_SHA | str substring 0..8)"
|
||||
} else {
|
||||
$tags
|
||||
}
|
||||
|
||||
let tags = if (
|
||||
(not $no_drone_tag)
|
||||
and
|
||||
(not ($env | get -i DRONE_BUILD_NUMBER | is-empty))
|
||||
and
|
||||
(not ($env | get -i DRONE_COMMIT_SHA | is-empty))
|
||||
) {
|
||||
$tags | append $"($env.DRONE_BUILD_NUMBER)-($env.DRONE_COMMIT_SHA | str substring 0..8)"
|
||||
} else {
|
||||
$tags
|
||||
}
|
||||
|
||||
let tags = if (not $no_latest_tag) {
|
||||
$tags | append "latest"
|
||||
} else {
|
||||
$tags
|
||||
}
|
||||
|
||||
let auth = {username: null, password: null}
|
||||
|
||||
let auth = (
|
||||
if not ($username | is-empty) and ($password | is-empty) {
|
||||
print "Got username and password from command line"
|
||||
{username: $username, password: $password}
|
||||
} else if (
|
||||
(not ($env | get -i USERNAME | is-empty))
|
||||
and
|
||||
(not ($env | get -i PASSWORD | is-empty))
|
||||
) {
|
||||
print "Got username and password from USERNAME and PASSWORD"
|
||||
{username: $env.USERNAME, password: $env.PASSWORD}
|
||||
} else if (
|
||||
(not ($env | get -i PLUGIN_USERNAME | is-empty))
|
||||
and
|
||||
(not ($env | get -i PLUGIN_PASSWORD | is-empty))
|
||||
) {
|
||||
print "Got username and password from PLUGIN_USERNAME and PLUGIN_PASSWORD"
|
||||
{username: $env.PLUGIN_USERNAME, password: $env.PLUGIN_PASSWORD}
|
||||
} else if (
|
||||
(not ($env | get -i GITHUB_ACTOR | is-empty))
|
||||
and
|
||||
(not ($env | get -i GITHUB_TOKEN | is-empty))
|
||||
) {
|
||||
print "Got username and password from GITHUB_ACTOR and GITHUB_TOKEN"
|
||||
{username: $env.GITHUB_ACTOR, password: $env.GITHUB_TOKEN}
|
||||
} else {
|
||||
print "Unable to determine authentication parameters!"
|
||||
exit 1
|
||||
}
|
||||
)
|
||||
|
||||
let registry = (
|
||||
if ($registry | is-empty) {
|
||||
if not ($env | get -i PLUGIN_REGISTRY | is-empty) {
|
||||
$env.PLUGIN_REGISTRY
|
||||
} else if not ($env | get -i REGISTRY | is-empty) {
|
||||
$env.REGISTRY
|
||||
} else if (
|
||||
(not ($env | get -i GITHUB_SERVER_URL | is-empty))
|
||||
and
|
||||
(not ($env | get -i GITHUB_ACTOR | is-empty))
|
||||
) {
|
||||
$"($env.GITHUB_SERVER_URL)/($env.GITHUB_ACTOR)"
|
||||
} else {
|
||||
print "No registry specified!"
|
||||
exit 1
|
||||
}
|
||||
} else {
|
||||
$registry
|
||||
}
|
||||
) | parse --regex "(?:https?://)?(?P<rest>.*)" | get 0.rest
|
||||
|
||||
let repository = (
|
||||
if ($repository | is-empty) {
|
||||
if not ($env | get -i PLUGIN_REPOSITORY | is-empty) {
|
||||
$env.PLUGIN_REPOSITORY
|
||||
} else if not ($env | get -i REPOSITORY | is-empty) {
|
||||
$env.REPOSITORY
|
||||
} else {
|
||||
print "No repository specified!"
|
||||
exit 1
|
||||
}
|
||||
} else {
|
||||
$repository
|
||||
}
|
||||
)
|
||||
|
||||
alias regctl = ^@regctl@ --verbosity info
|
||||
alias gzip = ^@gzip@
|
||||
|
||||
regctl registry login $registry --user $auth.username --pass $auth.password
|
||||
|
||||
print "decompressing image: start"
|
||||
|
||||
open $input | gzip --decompress | save --force --progress $"($input).tar"
|
||||
|
||||
print "decompressing image: stop"
|
||||
|
||||
# let load_result = (do { regctl load --input $input } | complete)
|
||||
# if $load_result.exit_code != 0 {
|
||||
# print $load_result.stderr
|
||||
# exit 1
|
||||
# }
|
||||
|
||||
# let old_image = ($load_result.stdout | str trim | parse "Loaded image: {image}" | get 0.image)
|
||||
|
||||
$tags | enumerate | each {
|
||||
|item|
|
||||
if $item.index == 0 {
|
||||
let new_image = $"($registry)/($repository):($item.item)"
|
||||
print $"Pushing ($new_image)"
|
||||
regctl image import $new_image $"($input).tar"
|
||||
# let tag_result = (do { regctl image import $new_image $"($input).tar" } | complete)
|
||||
# if $tag_result.exit_code != 0 {
|
||||
# print $tag_result.stderr
|
||||
# exit 1
|
||||
# }
|
||||
print $"Pushed ($new_image)"
|
||||
} else {
|
||||
let old_image = $"($registry)/($repository):($tags | get 0)"
|
||||
let new_image = $"($registry)/($repository):($item.item)"
|
||||
print $"Copying ($old_image) ($new_image)"
|
||||
regctl image copy $old_image $new_image
|
||||
# let tag_result = (do { regctl image copy $old_image $new_image } | complete)
|
||||
# if $tag_result.exit_code != 0 {
|
||||
# print $tag_result.stderr
|
||||
# exit 1
|
||||
# }
|
||||
print $"Copied ($old_image) ($new_image)"
|
||||
}
|
||||
}
|
||||
|
||||
regctl registry logout $registry
|
||||
}
|
Loading…
Reference in a new issue