diff --git a/taskcluster/ci/docker-image/kind.yml b/taskcluster/ci/docker-image/kind.yml index adde088b9..f82131e70 100644 --- a/taskcluster/ci/docker-image/kind.yml +++ b/taskcluster/ci/docker-image/kind.yml @@ -19,4 +19,3 @@ jobs: definition: node args: NODE_VERSION: "14" - skopeo: {} diff --git a/taskcluster/ci/push-image/kind.yml b/taskcluster/ci/push-image/kind.yml index dd2c83af9..b04f3d1e9 100644 --- a/taskcluster/ci/push-image/kind.yml +++ b/taskcluster/ci/push-image/kind.yml @@ -9,43 +9,24 @@ kind-dependencies: - k8s-image transforms: - - shipit_taskgraph.transforms.deploy_secret:transforms - - shipit_taskgraph.transforms.docker_push:transforms - - taskgraph.transforms.job:transforms + - shipit_taskgraph.transforms.cloudops_deploy:transforms - taskgraph.transforms.task:transforms job-defaults: - worker-type: b-linux - worker: - taskcluster-proxy: true - docker-image: {in-tree: skopeo} - max-run-time: 3600 dependencies: - tests-js: tests-frontend-node-14 - tests-api: tests-api-python-38 - run: - using: run-task - checkout: false - cache-dotcache: false - command: - - /usr/local/bin/push_image.sh - fetches: - k8s-image: - - artifact: image.tar.zst - extract: false + tests-js: tests-frontend-node-14 + tests-api: tests-api-python-38 + project: shipitapi + image-task-id: {task-reference: ""} jobs: shipit-admin: description: "Push to shipit-admin repository." dependencies: - k8s-image: build-docker-image-shipit-admin - worker: - env: - DOCKER_REPO: docker.io/mozilla/releng-shipit-admin + k8s-image: build-docker-image-shipit-admin + variant: admin shipit-public: description: "Push to shipit-public repository." dependencies: - k8s-image: build-docker-image-shipit-public - worker: - env: - DOCKER_REPO: docker.io/mozilla/releng-shipit-public + k8s-image: build-docker-image-shipit-public + variant: public diff --git a/taskcluster/docker/skopeo/Dockerfile b/taskcluster/docker/skopeo/Dockerfile deleted file mode 100644 index e3d18f0d4..000000000 --- a/taskcluster/docker/skopeo/Dockerfile +++ /dev/null @@ -1,60 +0,0 @@ -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. - -FROM golang:1.14 as skopeo - -WORKDIR /go/src/ -RUN ["/usr/bin/git", "clone", "--no-checkout", "--depth=1", "--branch=v1.1.0", "https://github.com/containers/skopeo", "."] -RUN ["/usr/bin/git", "checkout", "63085f5bef1131aa9ec0907a5c8d66b67de7c4b2"] -ENV GO111MODULE=on CGO_ENABLED=0 -RUN ["/usr/local/go/bin/go", "build", \ - "-mod=vendor", "-o", "out/skopeo", \ - "-tags", "exclude_graphdriver_devicemapper exclude_graphdriver_btrfs containers_image_openpgp", \ - "-ldflags", "-extldflags \"-static\" -w -s", \ - "./cmd/skopeo"] - - -FROM golang:1.14 as umoci - -WORKDIR /go/src/ -RUN ["/usr/bin/git", "clone", "--no-checkout", "--depth=1", "--branch=v0.4.6", "https://github.com/opencontainers/umoci", "."] -RUN ["/usr/bin/git", "checkout", "5efa06acfb3bb4e65d2711cf5255970948e047cf"] -ENV GO111MODULE=on CGO_ENABLED=0 -RUN ["/usr/local/go/bin/go", "build", \ - "-mod=vendor", "-o", "out/umoci", \ - "-ldflags", "-extldflags \"-static\" -w -s", \ - "./cmd/umoci"] - - -FROM debian:buster - -# %include-run-task - -ENV DEBIAN_FRONTEND=noninteractive -RUN apt-get update -qq \ - && apt-get dist-upgrade \ - && apt-get install -y jq zstd python3-minimal curl \ - && apt-get clean - -COPY push_image.sh /usr/local/bin/ -COPY policy.json /etc/containers/policy.json -RUN chmod a+x /usr/local/bin/push_image.sh -COPY --from=skopeo /go/src/out/skopeo /usr/local/bin/ -COPY --from=umoci /go/src/out/umoci /usr/local/bin/ - -# Add worker user -RUN mkdir /builds && \ - groupadd -g 1000 -o worker && \ - useradd -d /builds/worker -s /bin/bash -m worker -g 1000 -o -u 1000 && \ - mkdir /builds/worker/artifacts && \ - chown worker:worker /builds/worker/artifacts - -USER worker -ENV SHELL=/bin/bash \ - HOME=/builds/worker \ - USER=worker - -WORKDIR /builds/worker -# Set a default command useful for debugging -CMD ["/bin/bash", "--login"] diff --git a/taskcluster/docker/skopeo/policy.json b/taskcluster/docker/skopeo/policy.json deleted file mode 100644 index f00384411..000000000 --- a/taskcluster/docker/skopeo/policy.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "default": [{"type": "reject"}], - "transports": { - "oci": { - "": [{"type": "insecureAcceptAnything"}] - }, - "docker-archive": { - "": [{"type": "insecureAcceptAnything"}] - }, - "dir": { - "": [{"type": "insecureAcceptAnything"}] - } - } -} diff --git a/taskcluster/docker/skopeo/push_image.sh b/taskcluster/docker/skopeo/push_image.sh deleted file mode 100755 index e62d8f9bf..000000000 --- a/taskcluster/docker/skopeo/push_image.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh -set -e - -test $APP_VERSION -test $DEPLOYMENT_BRANCH -test $DEPLOY_SECRET_URL -test $DOCKER_REPO -test $MOZ_FETCHES_DIR -test $TASKCLUSTER_ROOT_URL -test $TASK_ID -test $VCS_HEAD_REPOSITORY -test $VCS_HEAD_REV - -echo "=== Generating dockercfg ===" -mkdir -m 700 $HOME/.docker -curl $DEPLOY_SECRET_URL | jq '.secret.docker.skopeo' > $HOME/.docker/config.json -chmod 600 $HOME/.docker/config.json - -cd $MOZ_FETCHES_DIR -unzstd image.tar.zst - -echo "=== Inserting version.json into image ===" -# Create an OCI copy of image in order umoci can patch it -skopeo copy docker-archive:image.tar oci:shipit:final - -cat > version.json <