diff --git a/.ansible-lint b/.ansible-lint index e1f68d5..82f98ef 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -9,3 +9,5 @@ exclude_paths: - ./{{cookiecutter.project_name}}/environments/monitoring/configuration.yml - ./{{cookiecutter.project_name}}/environments/infrastructure/configuration.yml - ./{{cookiecutter.project_name}}/environments/custom/configuration.yml +mock_roles: + - ensure-docker diff --git a/.github/workflows/build-container-image.yml b/.github/workflows/build-container-image.yml deleted file mode 100644 index 2deee12..0000000 --- a/.github/workflows/build-container-image.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -name: Build container image - -"on": - workflow_dispatch: - schedule: - - cron: "0 22 * * *" - push: - branches: - - main - pull_request: - -jobs: - build-container-image: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Build container image - run: scripts/build.sh - env: - DOCKER_REGISTRY: ${{ secrets.DOCKER_REGISTRY }} - GIT_SHA: ${{ github.sha }} - REPOSITORY: osism/cookiecutter - - - name: Push container image - run: | - scripts/push.sh - env: - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - DOCKER_REGISTRY: ${{ secrets.DOCKER_REGISTRY }} - DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} - REPOSITORY: osism/cookiecutter - if: | - github.repository == 'osism/cfg-cookiecutter' && - github.ref == 'refs/heads/main' diff --git a/.zuul.yaml b/.zuul.yaml index 1eabd0e..b3c7940 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -1,4 +1,51 @@ --- +- secret: + name: SECRET_CFG_COOKIECUTTER + data: + DOCKER_USERNAME: !encrypted/pkcs1-oaep + - EG9ULS0yrJtK+4SCbnsB6t86zGowyObqUZlO2BCk3OU2FH09pMBTOTX1veJ6X46blzz7i + yI2NRht1Lf0v6WQiD+HwMFIFD3xgsCspCOpRjD1L2vAxoVl51aHLghATQXOGQfuuJ5bSE + MtTwuAwqz8XY5rs1K2GlzCOaPlwh3ROHjqk3MktwcNI9OzoTSTb59slqpULS6Mfh1Q6ed + jDqoNVGzJPPUkAKPpnewKADZ3opfYlTVJyRfPSbPwTHrIYtofEkp+7beege4Cwjq63vY9 + jprybrqzD6UiLYUyozHHQeSmsmxctiRVk1BI+YtjvWr/QfMMlQp7zPbmC6WLBhD85971s + DWS+kRNj2SgrllvS+zNHWccAJWBGWSFXuLlBOJTuqh//u4DutZunC9l302kM0GTV6MLMD + X8nrRzlc82Nx6X+fTClAZYEHmrf7KX/RYzgdW3w+9Lk/tj2bkz1a/DH2stU8RrCNaPQ+q + lnMT2kpO0lzokj/u7O6J0qVzb6arX+9etk+vWwSC/LnkqeUphVdooqHqkTDNZWlJyQOFV + XFdky+R7/X05jiHeIak/22lwF8gk2pBqempsqrRn7A+R+sOPq4SgrVrVSfSIHU3z90164 + 2DpE6vPZnk1xcX5TZwyb/WL+bVealzUqpt+E9ZSnKKiWJTU4hN+DHuLARQAnMw= + DOCKER_PASSWORD: !encrypted/pkcs1-oaep + - DxvmmhPgioBdD+kpTuHbK1G3D3rqZMeUun8vB0JR41yuGJoXZWdk+Lk+t98iWzfKcEqGA + /GgTHstlGc7akA8g2lWJv2/pt2Ud3SD7MSFEnQiyYYtZw1q90OPW0nrjvrUcJvDADzcYB + C5y71irDF2yi30EnI3FgDNoS94487jgAIKAGdP8cBkqKen+J8MeJY05WdFf7hfgFZ4Sr/ + p1aZapUnBJcorsJvRZUR9MiGz3b+1MoqpQ7Lv/xGaaJAIbzZJcpURKt4+zNSORjBsM5+m + TraFfOgYKWKRObXpJihNrPHmojUyiy38gTzFkWGWxHcklVkP46c+F8KsENtzNPV5Ieaov + UreXagwHIvCEKILJtDmuOmiKt/rMgdzmz6Oc8cpv6mbNwUMPzGiA1HG4dU6LIXcktTpsJ + 4k/Z6JrrD99XhRt2gX/Edz9xUsaqsI0QqMVWqhM7UEViYO+y+yXfdYfkQnuq54petrKPk + d1cZv5fSgLLzlCgNB8MeXw9c9Lvx8YgYcS4JS7q2jOTwDCyPZNt4vXbBwHz1XXNFUgxgO + +cP1fg2JlsM361Ibp8Vy/B5rWprv6+63aZpaz9m7EIv/5qhUztqqspAGcZaHJ+yAvJ+O/ + 8okWwkFPFPjC44wUwlKBYQ5UZE4XfuE05vUzuwGGweVNVm5VWxNPaIqhBe0BHk= + +- job: + name: container-image-cfg-cookiecutter-build + pre-run: playbooks/pre.yml + run: playbooks/build.yml + vars: + docker_namespace: osism + docker_registry: osism.harbor.regio.digital + push_image: false + +- job: + name: container-image-cfg-cookiecutter-push + pre-run: playbooks/pre.yml + run: playbooks/build.yml + vars: + docker_namespace: osism + docker_registry: osism.harbor.regio.digital + push_image: true + secrets: + - name: secret + secret: SECRET_CFG_COOKIECUTTER + - job: name: cfg-cookiecutter-tox parent: tox @@ -38,6 +85,7 @@ - cfg-cookiecutter-tox-yoga - cfg-cookiecutter-tox-zed - cfg-cookiecutter-tox-antelope + - container-image-cfg-cookiecutter-build gate: jobs: - ansible-lint @@ -56,3 +104,8 @@ - cfg-cookiecutter-tox-yoga - cfg-cookiecutter-tox-zed - cfg-cookiecutter-tox-antelope + - container-image-cfg-cookiecutter-push + post: + jobs: + - container-image-cfg-cookiecutter-push: + branches: main diff --git a/playbooks/build.yml b/playbooks/build.yml new file mode 100644 index 0000000..bc6d1c3 --- /dev/null +++ b/playbooks/build.yml @@ -0,0 +1,70 @@ +--- +- name: Build cfg-cookiecutter image + hosts: all + + environment: + registry: "{{ docker_registry }}" + repository: "{{ docker_namespace }}/osism" + version: latest + + tasks: + - name: Log into registry + community.docker.docker_login: + registry_url: "{{ docker_registry }}" + username: "{{ secret.DOCKER_USERNAME }}" + password: "{{ secret.DOCKER_PASSWORD }}" + when: push_image | bool + no_log: true + + - name: Run build script + ansible.builtin.shell: + executable: /bin/bash + chdir: "{{ zuul.project.src_dir }}" + cmd: | + set -e + set -o pipefail + set -x + + created=$(date --rfc-3339=ns) + revision=$(git rev-parse --short HEAD) + + if [[ -n $registry ]]; then + repository="$registry/$repository" + fi + + docker buildx build \ + --build-arg "VERSION=$version" \ + --label "org.opencontainers.image.created=$created" \ + --label "org.opencontainers.image.documentation=https://docs.osism.tech" \ + --label "org.opencontainers.image.licenses=ASL 2.0" \ + --label "org.opencontainers.image.revision=$revision" \ + --label "org.opencontainers.image.source=https://github.com/osism/cfg-cookiecutter" \ + --label "org.opencontainers.image.title=cookiecutter" \ + --label "org.opencontainers.image.url=https://www.osism.tech" \ + --label "org.opencontainers.image.vendor=OSISM GmbH" \ + --label "org.opencontainers.image.version=$version" \ + --load \ + --tag "$revision" \ + . # <-- there is a dot + changed_when: true + + - name: Run push script + ansible.builtin.shell: + executable: /bin/bash + chdir: "{{ zuul.project.src_dir }}" + cmd: | + set -e + set -o pipefail + set -x + + revision=$(git rev-parse --short HEAD) + + if [[ -n $registry ]]; then + repository="$registry/$repository" + fi + + docker tag "$revision" "$repository:$version" + docker push "$repository:$version" + + when: push_image | bool + changed_when: true diff --git a/playbooks/pre.yml b/playbooks/pre.yml new file mode 100644 index 0000000..5341abe --- /dev/null +++ b/playbooks/pre.yml @@ -0,0 +1,14 @@ +--- +- name: Run preparations + hosts: all + + tasks: + - name: Install required packages + become: true + ansible.builtin.apt: + name: + - python3-docker + - python3-requests + + roles: + - ensure-docker diff --git a/scripts/build.sh b/scripts/build.sh deleted file mode 100755 index d494141..0000000 --- a/scripts/build.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/env bash -set -x - -# Available environment variables -# -# BUILD_OPTS -# DOCKER_REGISTRY -# REPOSITORY -# VERSION - -# Set default values - -BUILD_OPTS=${BUILD_OPTS:-} -CREATED=$(date --rfc-3339=ns) -DOCKER_REGISTRY=${DOCKER_REGISTRY:-quay.io} -REVISION=$(git rev-parse HEAD) -VERSION=${VERSION:-latest} - -if [[ -n $DOCKER_REGISTRY ]]; then - REPOSITORY="$DOCKER_REGISTRY/$REPOSITORY" -fi - -buildah build-using-dockerfile \ - --format docker \ - --build-arg "VERSION=$VERSION" \ - --tag "$(git rev-parse --short HEAD)" \ - --label "org.opencontainers.image.created=$CREATED" \ - --label "org.opencontainers.image.revision=$REVISION" \ - --label "org.opencontainers.image.version=$VERSION" \ - $BUILD_OPTS . diff --git a/scripts/push.sh b/scripts/push.sh deleted file mode 100755 index ae0686e..0000000 --- a/scripts/push.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env bash -set -x - -# Available environment variables -# -# DOCKER_REGISTRY -# REPOSITORY -# VERSION - -# Set default values - -DOCKER_REGISTRY=${DOCKER_REGISTRY:-quay.io} -VERSION=${VERSION:-latest} - -if [[ -n $DOCKER_REGISTRY ]]; then - REPOSITORY="$DOCKER_REGISTRY/$REPOSITORY" -fi - -buildah login --password $DOCKER_PASSWORD --username $DOCKER_USERNAME $DOCKER_REGISTRY - -buildah tag "$(git rev-parse --short HEAD)" "$REPOSITORY:$VERSION" -buildah push "$REPOSITORY:$VERSION"