release: Copy oscontainer to quay.io #457
Conversation
cheesesashimi
force-pushed
the
zzlotnik/pipeline-promote-oscontainer
branch
from
318bbc9
to
0d430c9
Compare
manifests/pod.yaml
Outdated
| @@ -54,6 +54,9 @@ spec: | |||
| - name: fedora-messaging-coreos-key | |||
| mountPath: /run/kubernetes/secrets/fedora-messaging-coreos-key | |||
| readOnly: true | |||
| - name: oscontainer-registry | |||
There was a problem hiding this comment.
The pod shouldn't need the secret mounted in since we're using withCredentials.
Jenkinsfile.release
Outdated
| @@ -85,9 +85,21 @@ podTemplate(cloud: 'openshift', label: pod_label, yaml: pod) { | |||
| cosa init --branch ${params.STREAM} https://github.com/coreos/fedora-coreos-config | |||
| cosa buildfetch --build=${params.VERSION} \ | |||
| --arch=all --url=s3://${s3_stream_dir}/builds | |||
| cosa buildprep --ostree --build=${params.VERSION} \ | |||
There was a problem hiding this comment.
You can add --artifact ostree to the previous buildfetch call instead.
Jenkinsfile.release
Outdated
| withCredentials([string(credentialsId: "oscontainer-secret", variable: "OSCONTAINER_SECRET")]) { | ||
| shwrap("""ociarchive=\$(cosa meta --image-path ostree) | ||
| case \${ociarchive} in | ||
| *ociarchive) skopeo copy --authfile=<($OSCONTAINER_SECRET) oci-archive://\${ociarchive} docker://quay.io/coreos-assembler/fcos:${params.STREAM};; |
There was a problem hiding this comment.
Might be good to const-ify the quay.io URL here at the beginning of the file for clarity. And also a comment there that says long-term we want quay.io/fedora/coreos as per https://fedoraproject.org/wiki/Changes/OstreeNativeContainer.
Jenkinsfile.release
Outdated
| stage('Sync oscontainer to quay.io') { | ||
| withCredentials([string(credentialsId: "oscontainer-secret", variable: "OSCONTAINER_SECRET")]) { | ||
| shwrap("""ociarchive=\$(cosa meta --image-path ostree) | ||
| case \${ociarchive} in |
There was a problem hiding this comment.
All streams use ociarchive now and at some point we'll probably rip out the old support for .tar in cosa. So I think we can just simplify this logic here.
| system: | ||
| domainCredentials: | ||
| - credentials: | ||
| - string: |
There was a problem hiding this comment.
Cool with this, though feels like a secret file would be more appropriate for this instead.
There was a problem hiding this comment.
There was a problem hiding this comment.
I was originally intending to do that, I just couldn't find the syntax for some reason. Thanks for the pointer!
There was a problem hiding this comment.
It took a bit of trial-and-error. The short version is that you have to base64-encode the file contents to make it work.
cheesesashimi
force-pushed
the
zzlotnik/pipeline-promote-oscontainer
branch
3 times, most recently
from
bcde517
to
11c641c
Compare
This is a bit hacky but should work. My initial goal here is just automated uploads of our builds, so that we can start getting a better feel for managing "ostree-in-container" releases. We should sync to `quay.io/coreos` but that needs someone to set that up. Also, I'd like to make the destination configurable in the same way as the S3 bucket, proposal PR in coreos/fedora-coreos-config#1175 Closes: coreos#359
cheesesashimi
force-pushed
the
zzlotnik/pipeline-promote-oscontainer
branch
from
11c641c
to
ffa2b9b
Compare
|
Done! |
|
This is ready for merge. Waiting until our current test runs in the new infra are over before I get it in and redeploy Jenkins. |
|
I totally missed this until now but: when I said to squash your commits I meant have a single commit on top of Colin's commit. Authorship recognition is important and you did some nice cleanups and testing for this. Sorry for not noticing earlier! |
|
In this case the Co-authored-by tag seems best but for the record I don't think this is a big deal from my PoV - just something to keep in mind elsewhere! I particularly try to preserve credit in the case of a new contributor to a project submitting a PR, and then I need to changes on top. But that's not this case really. Anyways - cool to see this landed! |
|
No worries! I thought about it almost immediately after I squashed it. |
This PR is intended to supercede and incorporates elements of: #383