From 0e714df49001f5b777a79f70cb1990aca4154c9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Dachary?= Date: Mon, 19 Dec 2022 19:35:42 +0100 Subject: [PATCH] [CI] split container-images-pull-verify-push in two --- .woodpecker/docker-release-version.yml | 7 +- .woodpecker/releases-helper.yml | 4 +- .../container-images-pull-verify-push-test.sh | 74 +++++++++++++++++++ releases/container-images-pull-verify-push.sh | 69 ----------------- 4 files changed, 81 insertions(+), 73 deletions(-) create mode 100755 releases/container-images-pull-verify-push-test.sh diff --git a/.woodpecker/docker-release-version.yml b/.woodpecker/docker-release-version.yml index e4a61c345c..73d9874154 100644 --- a/.woodpecker/docker-release-version.yml +++ b/.woodpecker/docker-release-version.yml @@ -12,10 +12,13 @@ variables: - &buildx_image 'woodpeckerci/plugin-docker-buildx:2.0.0' - &integration_image 'codeberg.org/forgejo-integration/forgejo' - &dockerfile_root 'Dockerfile' +# for testing purposes # - &dockerfile_root 'releases/Dockerfile' - &dockerfile_rootless 'Dockerfile.rootless' +# for testing purposes # - &dockerfile_rootless 'releases/Dockerfile-rootless' - &verify 'true' +# for testing purposes # - &verify 'false' - &archs 'amd64 arm64' @@ -27,7 +30,7 @@ pipeline: - git config --add safe.directory '*' - git fetch --tags --force - publish-root: + build-root: image: *buildx_image group: integration pull: true @@ -45,7 +48,7 @@ pipeline: username: from_secret: releaseteamuser - publish-rootless: + build-rootless: image: *buildx_image group: integration pull: true diff --git a/.woodpecker/releases-helper.yml b/.woodpecker/releases-helper.yml index 6d74d23ba5..c22bf23ad9 100644 --- a/.woodpecker/releases-helper.yml +++ b/.woodpecker/releases-helper.yml @@ -16,8 +16,8 @@ pipeline: # arm64 would require qemu-user-static which is not available on alpline # the test coverage does not change much and running the tests test locally # is possible if there is a doubt - - ARCHS=amd64 ./releases/container-images-pull-verify-push.sh test - - ./releases/container-images-pull-verify-push.sh test_teardown + - ARCHS=amd64 ./releases/container-images-pull-verify-push-test.sh test + - ./releases/container-images-pull-verify-push-test.sh test_teardown secrets: - releaseteamuser - releaseteamtoken diff --git a/releases/container-images-pull-verify-push-test.sh b/releases/container-images-pull-verify-push-test.sh new file mode 100755 index 0000000000..e492c9768d --- /dev/null +++ b/releases/container-images-pull-verify-push-test.sh @@ -0,0 +1,74 @@ +#!/bin/sh + +# +# Tests are run when on a wip-ci-* branch, see .woodpecker/releases-helper.yml +# It should be changed to run it every time this file is changed when 1.18 is used because 1.17 does not have +# webhooks with the information for that filtering. +# + +set -ex + +image_delete() { + curl -sS -H "Authorization: token $token" -X DELETE https://$DOMAIN/v2/$1/forgejo/manifests/$2 +} + +# +# Create the same set of images that buildx would +# +test_setup() { + dir=$(dirname $0) + + for suffix in '' '-rootless' ; do + ( + cd $dir + manifests="" + for arch in $ARCHS ; do + image=$(arch_image_name $INTEGRATION_USER $arch $suffix) + docker build -f Dockerfile$suffix --platform linux/$arch -t $image . + docker push $image + images="$images $image" + done + manifest=$(image_name $INTEGRATION_USER $suffix) + docker manifest rm $manifest || true + docker manifest create $manifest $images + image_put $INTEGRATION_USER $(image_tag $suffix) $manifest + ) + done +} + +test_teardown() { + authenticate + for suffix in '' '-rootless' ; do + image_delete $INTEGRATION_USER $(image_tag $suffix) + image_delete $CI_REPO_OWNER $(image_tag $suffix) + image_delete $CI_REPO_OWNER $(short_image_tag $suffix) + for arch in $ARCHS ; do + image_delete $INTEGRATION_USER $(arch_image_tag $arch $suffix) + image_delete $CI_REPO_OWNER $(arch_image_tag $arch $suffix) + done + done +} + +# +# Running the test locally instead of withing Woodpecker +# +# 1. Setup: obtain a token at https://codeberg.org/user/settings/applications +# 2. Run: RELEASETEAMUSER= RELEASETEAMTOKEn= container-images-pull-verify-push.sh test +# 3. Verify: (optional) manual verification at https://codeberg.org//-/packages/container/forgejo/versions +# 4. Cleanup: RELEASETEAMUSER= RELEASETEAMTOKEn= container-images-pull-verify-push.sh test_teardown +# +test() { + boot + test_teardown + test_setup + VERIFY_STRING=something + VERIFY_COMMAND="echo $VERIFY_STRING" + echo "================================ TEST BEGIN" + main + echo "================================ TEST END" +} + +: ${CI_REPO_OWNER:=dachary} +: ${CI_COMMIT_TAG:=v17.1.42-2} + +. $(dirname $0)/container-images-pull-verify-push.sh diff --git a/releases/container-images-pull-verify-push.sh b/releases/container-images-pull-verify-push.sh index 33c333dc32..69bc2cf68a 100755 --- a/releases/container-images-pull-verify-push.sh +++ b/releases/container-images-pull-verify-push.sh @@ -1,22 +1,13 @@ #!/bin/sh -# -# Tests are run when on a wip-ci-* branch, see .woodpecker/releases-helper.yml -# It should be changed to run it every time this file is changed when 1.18 is used because 1.17 does not have -# webhooks with the information for that filtering. -# - set -ex : ${DOCKER_HOST:=unix:///var/run/docker.sock} : ${ARCHS:=amd64 arm64} : ${INTEGRATION_USER:=forgejo-integration} : ${INTEGRATION_IMAGE:=codeberg.org/$INTEGRATION_USER/forgejo} -: ${CI_REPO_OWNER:=dachary} -: ${CI_COMMIT_TAG:=v17.1.42-2} : ${TAG:=${CI_COMMIT_TAG##v}} : ${SHORT_TAG=${TAG%.*-*}} -: ${CI_REPO_LINK:=https://codeberg.org/dachary/forgejo} : ${DOMAIN:=codeberg.org} : ${VERIFY:=true} @@ -86,10 +77,6 @@ authenticate() { token=$(curl -u$RELEASETEAMUSER:$RELEASETEAMTOKEN -sS https://$DOMAIN/v2/token | jq --raw-output .token) } -image_delete() { - curl -sS -H "Authorization: token $token" -X DELETE https://$DOMAIN/v2/$1/forgejo/manifests/$2 -} - image_put() { docker manifest inspect $3 > /tmp/manifest.json curl -sS -H "Authorization: token $token" -X PUT --data-binary @/tmp/manifest.json https://$DOMAIN/v2/$1/forgejo/manifests/$2 @@ -125,60 +112,4 @@ arch_image_tag() { echo $TAG-$1$2 } -# -# Create the same set of images that buildx would -# -test_setup() { - dir=$(dirname $0) - - for suffix in '' '-rootless' ; do - ( - cd $dir - manifests="" - for arch in $ARCHS ; do - image=$(arch_image_name $INTEGRATION_USER $arch $suffix) - docker build -f Dockerfile$suffix --platform linux/$arch -t $image . - docker push $image - images="$images $image" - done - manifest=$(image_name $INTEGRATION_USER $suffix) - docker manifest rm $manifest || true - docker manifest create $manifest $images - image_put $INTEGRATION_USER $(image_tag $suffix) $manifest - ) - done -} - -test_teardown() { - authenticate - for suffix in '' '-rootless' ; do - image_delete $INTEGRATION_USER $(image_tag $suffix) - image_delete $CI_REPO_OWNER $(image_tag $suffix) - image_delete $CI_REPO_OWNER $(short_image_tag $suffix) - for arch in $ARCHS ; do - image_delete $INTEGRATION_USER $(arch_image_tag $arch $suffix) - image_delete $CI_REPO_OWNER $(arch_image_tag $arch $suffix) - done - done -} - -# -# Running the test locally instead of withing Woodpecker -# -# 1. Setup: obtain a token at https://codeberg.org/user/settings/applications -# 2. Run: RELEASETEAMUSER= RELEASETEAMTOKEn= container-images-pull-verify-push.sh test -# 3. Verify: (optional) manual verification at https://codeberg.org//-/packages/container/forgejo/versions -# 4. Cleanup: RELEASETEAMUSER= RELEASETEAMTOKEn= container-images-pull-verify-push.sh test_teardown -# -test() { - boot - test_teardown - test_setup - VERIFY_STRING=something - VERIFY_COMMAND="echo $VERIFY_STRING" - echo "================================ TEST BEGIN" - main - echo "================================ TEST END" -} - ${@:-main}