From 81eea83e141c630385afff02fc10ddc867663fb9 Mon Sep 17 00:00:00 2001 From: Gareth Clay Date: Fri, 19 Jul 2024 15:28:02 +0100 Subject: [PATCH] Migrate to new image repositories (#252) --- ci/scripts/build-project.sh | 20 +++++++++++++++++- ci/scripts/generate-docker-credentials.sh | 10 +++++++++ ci/tasks/build-oci-image.yml | 25 +++++++++++++++++++++++ ci/tasks/build-project.yml | 9 +++++--- ci/tasks/generate-docker-credentials.yml | 25 +++++++++++++++++++++++ ci/tasks/promote.yml | 4 +++- ci/tasks/stage.yml | 6 +++--- ci/tasks/sync-to-maven-central.yml | 4 +++- 8 files changed, 94 insertions(+), 9 deletions(-) create mode 100755 ci/scripts/generate-docker-credentials.sh create mode 100644 ci/tasks/build-oci-image.yml create mode 100644 ci/tasks/generate-docker-credentials.yml diff --git a/ci/scripts/build-project.sh b/ci/scripts/build-project.sh index 0838af3..23dfbae 100755 --- a/ci/scripts/build-project.sh +++ b/ci/scripts/build-project.sh @@ -2,15 +2,33 @@ set -euo pipefail +readonly DOCKERHUB_MIRROR_REGISTRY="${DOCKERHUB_MIRROR_REGISTRY:?must be set}" +readonly DOCKERHUB_MIRROR_REGISTRY_USERNAME="${DOCKERHUB_MIRROR_REGISTRY_USERNAME:?must be set}" +readonly DOCKERHUB_MIRROR_REGISTRY_PASSWORD="${DOCKERHUB_MIRROR_REGISTRY_PASSWORD:?must be set}" + # shellcheck source=common.sh source "$(dirname "$0")/common.sh" repository=$(pwd)/distribution-repository start_docker() { pushd credhub-server >/dev/null - echo '{"registry-mirrors": ["https://harbor-mirror.spring.vmware.com"]}' > /etc/docker/daemon.json + echo "{\"registry-mirrors\": [\"https://$DOCKERHUB_MIRROR_REGISTRY\"]}" > /etc/docker/daemon.json service cgroupfs-mount start service docker start + + # Work around https://github.com/moby/moby/issues/30880 + cat >> /etc/hosts << EOF +127.0.0.1 index.docker.io +127.0.0.1 registry-1.docker.io +127.0.0.1 docker.io +EOF + mkdir -p "$HOME/.docker" + jq --arg username "$DOCKERHUB_MIRROR_REGISTRY_USERNAME" \ + --arg password "$DOCKERHUB_MIRROR_REGISTRY_PASSWORD" \ + 'reduce .[] as $registry ({"auths": {}}; .auths += {($registry): {"auth": [$username, $password] | join(":") | @base64}})' \ + <<< "[\"index.docker.io\", \"$DOCKERHUB_MIRROR_REGISTRY\"]" \ + > "$HOME/.docker/config.json" + docker-compose up --detach trap "stop_docker" EXIT popd >/dev/null diff --git a/ci/scripts/generate-docker-credentials.sh b/ci/scripts/generate-docker-credentials.sh new file mode 100755 index 0000000..5522b4e --- /dev/null +++ b/ci/scripts/generate-docker-credentials.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +set -eu + +export TERM="xterm-256color" + +readonly DOCKER_CONFIG_OUTPUT="${DOCKER_CONFIG_OUTPUT:?must be set}" + +printf "%s" "$REGISTRY_PASSWORD" | docker login "$REGISTRY" --username "$REGISTRY_USERNAME" --password-stdin +cp -v ~/.docker/config.json "$DOCKER_CONFIG_OUTPUT/" diff --git a/ci/tasks/build-oci-image.yml b/ci/tasks/build-oci-image.yml new file mode 100644 index 0000000..31572fb --- /dev/null +++ b/ci/tasks/build-oci-image.yml @@ -0,0 +1,25 @@ +--- +platform: linux + +image_resource: + type: registry-image + source: + repository: ((spring-credhub-virtual-docker-registry))/concourse/oci-build-task + tag: 0.11.1 + username: ((broadcom-jfrog-artifactory-robot-account.username)) + password: ((broadcom-jfrog-artifactory-robot-account.password)) + +inputs: + - name: git-repo + - name: docker-config + +outputs: + - name: image + +run: + path: build + +params: + CONTEXT: + DEBUG: true + DOCKER_CONFIG: docker-config diff --git a/ci/tasks/build-project.yml b/ci/tasks/build-project.yml index abb94e8..1f258b5 100644 --- a/ci/tasks/build-project.yml +++ b/ci/tasks/build-project.yml @@ -3,9 +3,9 @@ platform: linux image_resource: type: registry-image source: - repository: ((corporate-harbor-registry))/((dockerhub-organization))/spring-credhub-ci - username: ((corporate-harbor-robot-account.username)) - password: ((corporate-harbor-robot-account.password)) + repository: ((spring-credhub-dev-docker-registry))/ci/spring-credhub-ci + username: ((broadcom-jfrog-artifactory-robot-account.username)) + password: ((broadcom-jfrog-artifactory-robot-account.password)) tag: ((ci-image-tag)) inputs: - name: git-repo @@ -19,6 +19,9 @@ run: params: ARTIFACTORY_USERNAME: ((artifactory-username)) ARTIFACTORY_PASSWORD: ((artifactory-password)) + DOCKERHUB_MIRROR_REGISTRY: ((spring-credhub-virtual-docker-registry)) + DOCKERHUB_MIRROR_REGISTRY_USERNAME: ((broadcom-jfrog-artifactory-robot-account.username)) + DOCKERHUB_MIRROR_REGISTRY_PASSWORD: ((broadcom-jfrog-artifactory-robot-account.password)) GRADLE_ENTERPRISE_CACHE_USERNAME: ((gradle-enterprise-cache-user)) GRADLE_ENTERPRISE_CACHE_PASSWORD: ((gradle-enterprise-cache-password)) GRADLE_ENTERPRISE_ACCESS_KEY: ((gradle-enterprise-secret-access-key)) diff --git a/ci/tasks/generate-docker-credentials.yml b/ci/tasks/generate-docker-credentials.yml new file mode 100644 index 0000000..55ea08d --- /dev/null +++ b/ci/tasks/generate-docker-credentials.yml @@ -0,0 +1,25 @@ +platform: linux + +image_resource: + type: registry-image + source: + repository: ((spring-credhub-virtual-docker-registry))/docker + tag: 26-cli + username: ((broadcom-jfrog-artifactory-robot-account.username)) + password: ((broadcom-jfrog-artifactory-robot-account.password)) + +inputs: + - name: git-repo + +outputs: + - name: docker-config + +run: + path: ci/scripts/generate-docker-credentials.sh + dir: git-repo + +params: + DOCKER_CONFIG_OUTPUT: ../docker-config + REGISTRY: ((registry)) + REGISTRY_USERNAME: ((registry-username)) + REGISTRY_PASSWORD: ((registry-password)) diff --git a/ci/tasks/promote.yml b/ci/tasks/promote.yml index ef4a016..2645e00 100644 --- a/ci/tasks/promote.yml +++ b/ci/tasks/promote.yml @@ -3,7 +3,9 @@ platform: linux image_resource: type: registry-image source: - repository: ((dockerhub-mirror-registry))/springio/concourse-release-scripts + repository: ((spring-credhub-virtual-docker-registry))/springio/concourse-release-scripts + username: ((broadcom-jfrog-artifactory-robot-account.username)) + password: ((broadcom-jfrog-artifactory-robot-account.password)) tag: '0.3.4' inputs: - name: git-repo diff --git a/ci/tasks/stage.yml b/ci/tasks/stage.yml index e7b903f..5102cea 100644 --- a/ci/tasks/stage.yml +++ b/ci/tasks/stage.yml @@ -3,9 +3,9 @@ platform: linux image_resource: type: registry-image source: - repository: ((corporate-harbor-registry))/((dockerhub-organization))/spring-credhub-ci - username: ((corporate-harbor-robot-account.username)) - password: ((corporate-harbor-robot-account.password)) + repository: ((spring-credhub-dev-docker-registry))/ci/spring-credhub-ci + username: ((broadcom-jfrog-artifactory-robot-account.username)) + password: ((broadcom-jfrog-artifactory-robot-account.password)) tag: ((ci-image-tag)) inputs: - name: git-repo diff --git a/ci/tasks/sync-to-maven-central.yml b/ci/tasks/sync-to-maven-central.yml index 0b5d009..c8a36d5 100644 --- a/ci/tasks/sync-to-maven-central.yml +++ b/ci/tasks/sync-to-maven-central.yml @@ -3,7 +3,9 @@ platform: linux image_resource: type: registry-image source: - repository: ((dockerhub-mirror-registry))/springio/concourse-release-scripts + repository: ((spring-credhub-virtual-docker-registry))/springio/concourse-release-scripts + username: ((broadcom-jfrog-artifactory-robot-account.username)) + password: ((broadcom-jfrog-artifactory-robot-account.password)) tag: '0.3.4' inputs: - name: git-repo