update to use regctl
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Jeffrey C. Ollie 2023-08-28 16:58:16 -05:00
parent de45646be1
commit c5402555a4
Signed by: jeff
GPG key ID: 6F86035A6D97044E
3 changed files with 213 additions and 26 deletions

View file

@ -21,25 +21,25 @@ steps:
commands: commands:
# - set # - set
# - nix run .#login # - nix run .#login
- echo -n "$${PLUGIN_PASSWORD}" | podman login --username $${PLUGIN_USERNAME} --password-stdin $${PLUGIN_REGISTRY} # - echo -n "$${PLUGIN_PASSWORD}" | podman login --username $${PLUGIN_USERNAME} --password-stdin $${PLUGIN_REGISTRY}
- nix build .#nixos-runner - nix build .#nixos-runner
# - nix run .#push-container -- result - nix run .#regctl-push-container -- result
- podman load --input result | sed -n -e "s/Loaded image:.\\(.*\\)/\\1/p" > loaded-image # - podman load --input result | sed -n -e "s/Loaded image:.\\(.*\\)/\\1/p" > loaded-image
- cat loaded-image # - cat loaded-image
- podman images # - podman images
- podman tag "$$(<loaded-image)" "$${PLUGIN_REGISTRY}/$${PLUGIN_REPOSITORY}:$${DRONE_BUILD_NUMBER}-$${DRONE_COMMIT_SHA:0:8}" # - podman tag "$$(<loaded-image)" "$${PLUGIN_REGISTRY}/$${PLUGIN_REPOSITORY}:$${DRONE_BUILD_NUMBER}-$${DRONE_COMMIT_SHA:0:8}"
- podman tag "$$(<loaded-image)" "$${PLUGIN_REGISTRY}/$${PLUGIN_REPOSITORY}:latest" # - podman tag "$$(<loaded-image)" "$${PLUGIN_REGISTRY}/$${PLUGIN_REPOSITORY}:latest"
- podman images # - podman images
- podman push "$${PLUGIN_REGISTRY}/$${PLUGIN_REPOSITORY}:$${DRONE_BUILD_NUMBER}-$${DRONE_COMMIT_SHA:0:8}" # - podman push "$${PLUGIN_REGISTRY}/$${PLUGIN_REPOSITORY}:$${DRONE_BUILD_NUMBER}-$${DRONE_COMMIT_SHA:0:8}"
- podman push "$${PLUGIN_REGISTRY}/$${PLUGIN_REPOSITORY}:latest" # - podman push "$${PLUGIN_REGISTRY}/$${PLUGIN_REPOSITORY}:latest"
- podman logout "$${PLUGIN_REGISTRY}" # - podman logout "$${PLUGIN_REGISTRY}"
env: # env:
REGISTRY: docker.io # REGISTRY: docker.io
REPOSITORY: jcollie/nixos-runner # REPOSITORY: jcollie/nixos-runner
USERNAME: # USERNAME:
from_secret: docker_username # from_secret: docker_username
PASSWORD: # PASSWORD:
from_secret: docker_password # from_secret: docker_password
settings: settings:
registry: docker.io registry: docker.io
repository: jcollie/nixos-runner repository: jcollie/nixos-runner

View file

@ -55,9 +55,9 @@
docker-client docker-client
self.packages.${system}.login-script
self.packages.${system}.podman-push-container self.packages.${system}.podman-push-container
self.packages.${system}.docker-push-container self.packages.${system}.docker-push-container
self.packages.${system}.regctl-push-container
]; ];
flake-registry = null; flake-registry = null;
@ -414,18 +414,36 @@
(builtins.readFile ./push-container.nu); (builtins.readFile ./push-container.nu);
executable = true; executable = true;
}; };
login-script = pkgs.writeScriptBin "login-script" '' regctl-push-container = pkgs.writeTextFile {
echo -n "''${PLUGIN_PASSWORD}" | ${pkgs.podman}/bin/podman login --username "''${PLUGIN_USERNAME}" --password-stdin "''${PLUGIN_REGISTRY}" name = "regctl-push-container";
''; destination = "/bin/regctl-push-container";
text = builtins.replaceStrings
[
"@nushell@"
"@regctl@"
"@gzip@"
]
[
"${pkgs.nushell}/bin/nu"
"${pkgs.regctl}/bin/regctl"
"${pkgs.gzip}/bin/gzip"
]
(builtins.readFile ./regctl-push-container.nu);
executable = true;
};
}; };
apps = { apps = {
push-container = { podman-push-container = {
type = "app"; type = "app";
program = "${self.packages.${system}.push-container}/bin/push-container"; program = "${self.packages.${system}.podman-push-container}/bin/podman-push-container";
}; };
login = { docker-push-container = {
type = "app"; type = "app";
program = "${self.packages.${system}.login-script}/bin/login-script"; program = "${self.packages.${system}.docker-push-container}/bin/docker-push-container";
};
regctl-push-container = {
type = "app";
program = "${self.packages.${system}.regctl-push-container}/bin/regctl-push-container";
}; };
}; };
} }

169
regctl-push-container.nu Normal file
View file

@ -0,0 +1,169 @@
#!@nushell@
def main [
input: string # tar.gz file containing container image to be pushed to repository
...tags: string # Tags to be added to pushed container image
--username: string = "" # username
--password: string = "" # password
--registry: string = "" # container registry
--repository: string = "" # container repository
--no-latest-tag # Don't add "latest" tag to list of tags
--no-drone-tag # Don't add tag calculated from DRONE_BUILD_NUMBER and DRONE_COMMIT_SHA
--no-github-tag # Don't add tag calculated from GITHUB_RUN_NUMBER and GITHUB_SHA
] {
if not ($input | path exists) {
print $"($input) does not exist!"
exit 1
}
let tags = if not ($env | get -i PLUGIN_TAGS | is-empty) {
$tags | append ($env.PLUGIN_TAGS | split row ',' | str trim)
} else {
$tags
}
let tags = if (
(not $no_github_tag)
and
(not ($env | get -i GITHUB_RUN_NUMBER | is-empty))
and
(not ($env | get -i GITHUB_SHA | is-empty))
) {
$tags | append $"($env.GITHUB_RUN_NUMBER)-($env.GITHUB_SHA | str substring 0..8)"
} else {
$tags
}
let tags = if (
(not $no_drone_tag)
and
(not ($env | get -i DRONE_BUILD_NUMBER | is-empty))
and
(not ($env | get -i DRONE_COMMIT_SHA | is-empty))
) {
$tags | append $"($env.DRONE_BUILD_NUMBER)-($env.DRONE_COMMIT_SHA | str substring 0..8)"
} else {
$tags
}
let tags = if (not $no_latest_tag) {
$tags | append "latest"
} else {
$tags
}
let auth = {username: null, password: null}
let auth = (
if not ($username | is-empty) and ($password | is-empty) {
print "Got username and password from command line"
{username: $username, password: $password}
} else if (
(not ($env | get -i USERNAME | is-empty))
and
(not ($env | get -i PASSWORD | is-empty))
) {
print "Got username and password from USERNAME and PASSWORD"
{username: $env.USERNAME, password: $env.PASSWORD}
} else if (
(not ($env | get -i PLUGIN_USERNAME | is-empty))
and
(not ($env | get -i PLUGIN_PASSWORD | is-empty))
) {
print "Got username and password from PLUGIN_USERNAME and PLUGIN_PASSWORD"
{username: $env.PLUGIN_USERNAME, password: $env.PLUGIN_PASSWORD}
} else if (
(not ($env | get -i GITHUB_ACTOR | is-empty))
and
(not ($env | get -i GITHUB_TOKEN | is-empty))
) {
print "Got username and password from GITHUB_ACTOR and GITHUB_TOKEN"
{username: $env.GITHUB_ACTOR, password: $env.GITHUB_TOKEN}
} else {
print "Unable to determine authentication parameters!"
exit 1
}
)
let registry = (
if ($registry | is-empty) {
if not ($env | get -i PLUGIN_REGISTRY | is-empty) {
$env.PLUGIN_REGISTRY
} else if not ($env | get -i REGISTRY | is-empty) {
$env.REGISTRY
} else if (
(not ($env | get -i GITHUB_SERVER_URL | is-empty))
and
(not ($env | get -i GITHUB_ACTOR | is-empty))
) {
$"($env.GITHUB_SERVER_URL)/($env.GITHUB_ACTOR)"
} else {
print "No registry specified!"
exit 1
}
} else {
$registry
}
) | parse --regex "(?:https?://)?(?P<rest>.*)" | get 0.rest
let repository = (
if ($repository | is-empty) {
if not ($env | get -i PLUGIN_REPOSITORY | is-empty) {
$env.PLUGIN_REPOSITORY
} else if not ($env | get -i REPOSITORY | is-empty) {
$env.REPOSITORY
} else {
print "No repository specified!"
exit 1
}
} else {
$repository
}
)
alias regctl = ^@regctl@ --verbosity info
alias gzip = ^@gzip@
regctl registry login $registry --user $auth.username --pass $auth.password
print "decompressing image: start"
open $input | gzip --decompress | save --force --progress $"($input).tar"
print "decompressing image: stop"
# let load_result = (do { regctl load --input $input } | complete)
# if $load_result.exit_code != 0 {
# print $load_result.stderr
# exit 1
# }
# let old_image = ($load_result.stdout | str trim | parse "Loaded image: {image}" | get 0.image)
$tags | enumerate | each {
|item|
if $item.index == 0 {
let new_image = $"($registry)/($repository):($item.item)"
print $"Pushing ($new_image)"
regctl image import $new_image $"($input).tar"
# let tag_result = (do { regctl image import $new_image $"($input).tar" } | complete)
# if $tag_result.exit_code != 0 {
# print $tag_result.stderr
# exit 1
# }
print $"Pushed ($new_image)"
} else {
let old_image = $"($registry)/($repository):($tags | get 0)"
let new_image = $"($registry)/($repository):($item.item)"
print $"Copying ($old_image) ($new_image)"
regctl image copy $old_image $new_image
# let tag_result = (do { regctl image copy $old_image $new_image } | complete)
# if $tag_result.exit_code != 0 {
# print $tag_result.stderr
# exit 1
# }
print $"Copied ($old_image) ($new_image)"
}
}
regctl registry logout $registry
}