From d250e2643799e38ffb3d7d203ff9aff1fd88b7f3 Mon Sep 17 00:00:00 2001
From: Vid Bregar <vid@flare.network>
Date: Thu, 14 Nov 2024 12:18:17 +0100
Subject: [PATCH] Add push image to Flare infra pipeline

---
 .gitlab-ci.yml | 85 +++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 74 insertions(+), 11 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 7b80a8d..ad0ddf0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,5 +1,5 @@
 # templates
- 
+
 .test_template: &test
   stage: test
   variables:
@@ -25,15 +25,16 @@
 stages:
   - build
   - test
+  - release_flare_infra
 
 build_branches:
   <<: *build
   script:
-    - /kaniko/executor 
-      --context $CI_PROJECT_DIR 
-      --dockerfile $CI_PROJECT_DIR/Dockerfile 
-      --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_BRANCH 
-      --cache=true 
+    - /kaniko/executor
+      --context $CI_PROJECT_DIR
+      --dockerfile $CI_PROJECT_DIR/Dockerfile
+      --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_BRANCH
+      --cache=true
       --cache-ttl=120h
   only:
     - branches
@@ -41,11 +42,11 @@ build_branches:
 build_tags:
   <<: *build
   script:
-    - /kaniko/executor 
-      --context $CI_PROJECT_DIR 
-      --dockerfile $CI_PROJECT_DIR/docker/remote/Dockerfile 
-      --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG 
-      --cache=true 
+    - /kaniko/executor
+      --context $CI_PROJECT_DIR
+      --dockerfile $CI_PROJECT_DIR/Dockerfile
+      --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
+      --cache=true
       --cache-ttl=120h
   only:
     - tags
@@ -73,3 +74,65 @@ test_django:
       coverage_report:
         coverage_format: cobertura
         path: coverage.xml
+
+.release_flare_infra:
+  stage: release_flare_infra
+  rules:
+    - if: "$CI_COMMIT_TAG"
+
+# todo: Remove once GitHub repo is public and use images from ghcr
+release_flare_infra:auth:
+  extends: .release_flare_infra
+  image: registry.gitlab.com/flarenetwork/infra/pipeliner:latest
+  id_tokens:
+    OIDC_JOB_TOKEN:
+      aud: https://gitlab.com
+  variables:
+    GCP_PROJECT: "flare-network-shared"
+    GCP_PROJECT_NUMBER: "940168819002"
+  before_script:
+    - >
+      WORKLOAD_IDENTITY_POOL=$([ "$CI_COMMIT_REF_PROTECTED" == "true" ] &&
+      echo "cr-oidc-gitlab-protected-pool" ||
+      echo "cr-oidc-gitlab-pool")
+    - >
+      WORKLOAD_IDENTITY_POOL_PROVIDER=$([ "$CI_COMMIT_REF_PROTECTED" == "true" ] &&
+      echo "oidc-gitlab-protected" ||
+      echo "oidc-gitlab-pool-provider")
+    - >
+      SERVICE_ACCOUNT_EMAIL=$([ "$CI_COMMIT_REF_PROTECTED" == "true" ] &&
+      echo "cr-prtctd-oidc-cntnr-img-bldr@flare-network-shared.iam.gserviceaccount.com" ||
+      echo "cr-oidc-cntnr-img-bldr@flare-network-shared.iam.gserviceaccount.com")
+    - . pipeliner gcloud-setup
+  script:
+    - echo "GOOGLE_OAUTH_ACCESS_TOKEN=$GOOGLE_OAUTH_ACCESS_TOKEN" > auth.env
+  artifacts:
+    reports:
+      dotenv:
+        - auth.env
+
+release_flare_infra:
+  extends: .release_flare_infra
+  image:
+    name: gcr.io/kaniko-project/executor:v1.18.0-debug
+    entrypoint: [""]
+  needs:
+    - job: release_flare_infra:auth
+      artifacts: true
+  before_script:
+    - mkdir -p /kaniko/.docker
+    - auth_encoded=$(echo -n "oauth2accesstoken:$GOOGLE_OAUTH_ACCESS_TOKEN" | base64 | tr -d "\n")
+    - echo "{\"auths\":{\"europe-west1-docker.pkg.dev\":{\"auth\":\"$auth_encoded\",\"email\":\"not@val.id\"}}}" > /kaniko/.docker/config.json
+  script:
+    - >
+      args="--context ${CI_PROJECT_DIR}/.
+        --dockerfile ${CI_PROJECT_DIR}/Dockerfile
+        --cache=true
+        --destination europe-west1-docker.pkg.dev/flare-network-staging/containers/data-availability:latest
+        --destination europe-west1-docker.pkg.dev/flare-network-staging/containers/data-availability:${CI_COMMIT_TAG}"
+    - >-
+      if [[ $CI_COMMIT_REF_PROTECTED == "true" ]]; then
+        args="$args --destination europe-west1-docker.pkg.dev/flare-network-production/containers/data-availability:latest"
+        args="$args --destination europe-west1-docker.pkg.dev/flare-network-production/containers/data-availability:${CI_COMMIT_TAG}"
+      fi
+    - /kaniko/executor $args