forked from cyberark/conjur
-
Notifications
You must be signed in to change notification settings - Fork 0
/
publish-images.sh
executable file
·147 lines (127 loc) · 4.5 KB
/
publish-images.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
#!/usr/bin/env bash
set -euo pipefail
. build_utils.sh
# Publishes the 'conjur' image to docker registries
# There are 3 primary flows:
# - Publish build-specific (commit SHA) based images internally
# - Publish edge and release builds images internally and to DockerHub
# - Promote an existing image to a customer release and publish to latest
#
# If no parameters are specified, no images are pushed
function print_help() {
echo "Usage: $0 [OPTION...] <version>"
echo " --internal: publish SHA tagged images internally"
echo " --edge: publish images as edge versions to registry.tld and dockerhub"
echo " --promote: publish images as a promotion (latest and less specific versions) to registry.tld and dockerhub"
echo " --redhat: publish image to redhat registry"
echo " --version=VERSION: specify version number to use"
echo " --base-version=VERSION: specify base image version number to use to apply tags to"
}
PUBLISH_EDGE=false
PUBLISH_INTERNAL=false
PROMOTE=false
REDHAT=false
DOCKERHUB=false
VERSION=$(<VERSION)
LOCAL_TAG="$(version_tag)"
for arg in "$@"; do
case $arg in
--internal )
PUBLISH_INTERNAL=true
shift
;;
--edge )
PUBLISH_EDGE=true
shift
;;
--promote )
PROMOTE=true
shift
;;
--dockerhub )
DOCKERHUB=true
shift
;;
--redhat )
REDHAT=true
shift
;;
--version=* )
VERSION="${arg#*=}"
shift
;;
--base-version=* )
LOCAL_TAG="${arg#*=}"
shift
;;
* )
echo "Unknown option: ${arg}"
print_help
exit 1
;;
esac
done
LOCAL_IMAGE="conjur:${LOCAL_TAG}"
RH_LOCAL_IMAGE="conjur-ubi:${LOCAL_TAG}"
IMAGE_NAME="cyberark/conjur"
REDHAT_CERT_PID="5f905d433a93dc782c77a0f9"
REDHAT_IMAGE="scan.connect.redhat.com/ospid-9fb7aea1-0c01-4527-8def-242f3cde7dc6/conjur"
# Normalize version number in the case of '+' included
VERSION="$(echo -n "${VERSION}" | tr "+" "_")"
# Don't publish to DockerHub unless the build is in the main conjur repo
if [[ "${JOB_NAME}" != cyberark--conjur/* ]];
then
DOCKERHUB=false
fi
# Only push SHA images on internal
if [[ "${PUBLISH_INTERNAL}" = true ]]; then
echo "Pushing ${LOCAL_TAG} tagged images to registry.tld..."
# Always push SHA versioned images internally
tag_and_push "${VERSION}-${LOCAL_TAG}" "${LOCAL_IMAGE}" "registry.tld/conjur"
tag_and_push "${VERSION}-${LOCAL_TAG}" "conjur-test:${LOCAL_TAG}" "registry.tld/conjur-test"
tag_and_push "${VERSION}-${LOCAL_TAG}" "conjur-ubi:${LOCAL_TAG}" "registry.tld/conjur-ubi"
# Push SHA only tagged images to our internal registry
tag_and_push "${LOCAL_TAG}" "${LOCAL_IMAGE}" "registry.tld/conjur"
tag_and_push "${LOCAL_TAG}" "conjur-test:${LOCAL_TAG}" "registry.tld/conjur-test"
tag_and_push "${LOCAL_TAG}" "conjur-ubi:${LOCAL_TAG}" "registry.tld/conjur-ubi"
fi
if [[ "${PUBLISH_EDGE}" = true ]]; then
echo "Pushing edge versions..."
# Publish release specific versions internally
echo "Pushing ${VERSION} to registry.tld..."
tag_and_push "${VERSION}" "${LOCAL_IMAGE}" "registry.tld/${IMAGE_NAME}"
tag_and_push "${VERSION}" "${RH_LOCAL_IMAGE}" "registry.tld/conjur-ubi"
# Push image to internal registry
tag_and_push "edge" "${LOCAL_IMAGE}" "registry.tld/${IMAGE_NAME}"
tag_and_push "edge" "${RH_LOCAL_IMAGE}" "registry.tld/conjur-ubi"
# Publish release specific and edge tags to dockerhub
if [[ "${DOCKERHUB}" = true ]]; then
tag_and_push "${VERSION}" "${LOCAL_IMAGE}" "${IMAGE_NAME}"
tag_and_push "edge" "${LOCAL_IMAGE}" "${IMAGE_NAME}"
fi
fi
if [[ "${PROMOTE}" = true ]]; then
echo "Promoting image to ${VERSION}"
# Push latest, 1.x.y, 1.x, and 1 images
readarray -t prefix_versions < <(gen_versions "${VERSION}")
for version in latest "${prefix_versions[@]}"; do
tag_and_push "${version}" "${LOCAL_IMAGE}" "registry.tld/${IMAGE_NAME}"
tag_and_push "${version}" "${RH_LOCAL_IMAGE}" "registry.tld/conjur-ubi"
if [[ "${DOCKERHUB}" ]]; then
tag_and_push "${version}" "${LOCAL_IMAGE}" "${IMAGE_NAME}"
fi
done
fi
if [[ "${REDHAT}" = true ]]; then
echo "Publishing ${VERSION} to RedHat registry..."
# Publish only the tag version to the Redhat container registry
if docker login scan.connect.redhat.com -u unused -p "${REDHAT_API_KEY}"; then
# push image to red hat
tag_and_push "${VERSION}" "${RH_LOCAL_IMAGE}" "${REDHAT_IMAGE}"
# scan image with preflight tool
scan_redhat_image "${REDHAT_IMAGE}:${VERSION}" "${REDHAT_CERT_PID}"
else
echo 'Failed to log in to scan.connect.redhat.com'
exit 1
fi
fi