kie-issues#1214: Replace explicit references to quay.io images across…

… CI pipelines (#1772) * Update CI pipelines for the Apache 10 release * Create a new tag * Add git tag name and image artifact release version paramters * Fix typo * Add new apache dockerhub credentials ids
apache · Jun 20, 2024 · a4ca76d · a4ca76d
1 parent 431715c
commit a4ca76d
Show file tree

Hide file tree

Showing 5 changed files with 86 additions and 71 deletions.
diff --git a/.ci/jenkins/Jenkinsfile.build-image b/.ci/jenkins/Jenkinsfile.build-image
@@ -16,11 +16,9 @@
  */
 @Library('jenkins-pipeline-shared-libraries')_
 
-QUAY_REGISTRY = 'quay.io'
-
 pipeline {
     agent {
-        docker { 
+        docker {
             image env.AGENT_DOCKER_BUILDER_IMAGE
             args env.AGENT_DOCKER_BUILDER_ARGS
             label util.avoidFaultyNodes()
@@ -68,8 +66,8 @@ pipeline {
                         if (isDeployImageInOpenshiftRegistry()) {
                             cloud.loginOpenShift(getOpenShiftAPI(), env.OPENSHIFT_CREDS_KEY)
                             cloud.loginOpenshiftRegistry(env.CONTAINER_ENGINE, env.CONTAINER_ENGINE_TLS_OPTIONS ?: '')
-                        } else if (getDeployImageRegistryCredentials()) {
-                            cloud.loginContainerRegistry(getDeployImageRegistry(), getDeployImageRegistryCredentials(), env.CONTAINER_ENGINE, env.CONTAINER_ENGINE_TLS_OPTIONS ?: '')
+                        } else if (getDeployImageRegistryUserCredentialsId() && getDeployImageRegistryTokenCredentialsId()) {
+                            cloud.loginContainerRegistry(getDeployImageRegistry(), getDeployImageRegistryUserCredentialsId(), getDeployImageRegistryTokenCredentialsId(), env.CONTAINER_ENGINE, env.CONTAINER_ENGINE_TLS_OPTIONS ?: '')
                         }
                     }
                 }
@@ -149,18 +147,6 @@ pipeline {
             }
             steps {
                 script {
-                    // Make public if quay registry
-                    if (getDeployImageRegistry() == QUAY_REGISTRY) {
-                        String namespace = getDeployImageNamespace()
-                        String repository = getFinalImageName()
-                        echo "Check and set public if needed Quay repository ${namespace}/${repository}"
-                        try {
-                            cloud.makeQuayImagePublic(namespace, repository, [ usernamePassword: getDeployImageRegistryCredentials()])
-                        } catch (err) {
-                            echo "[ERROR] Cannot set image quay.io/${namespace}/${repository} as visible"
-                        }
-                    }
-
                     int retries = Integer.parseInt(env.MAX_REGISTRY_RETRIES)
                     String imageTag = getBuiltImageTag()
                     if (isDeployLatestTag()) {
@@ -228,15 +214,15 @@ pipeline {
             }
             steps {
                 script {
-                    def resultingFileName = "${getFinalImageName()}.tar.gz"
+                    def resultingFileName = "incubator-kie-${getImageArtifactReleaseVersion()}-${getBuildImageName()}.tar.gz"
                     def signatureFileName = "${resultingFileName}.asc"
                     sh """
                         docker pull ${getBuiltImageTag()}
                         docker save ${getBuiltImageTag()} | gzip > ${resultingFileName}
                     """
                     release.gpgImportKeyFromFileWithPassword(getReleaseGpgSignKeyCredsId(), getReleaseGpgSignPassphraseCredsId())
                     release.gpgSignFileDetachedSignatureWithPassword(resultingFileName, signatureFileName, getReleaseGpgSignPassphraseCredsId())
-                    release.svnUploadFileToRepository(getReleaseSvnRepository(), getReleaseSvnCredsId(), getReleaseVersion(), resultingFileName, signatureFileName)
+                    release.svnUploadFileToRepository(getReleaseSvnRepository(), getReleaseSvnCredsId(), getImageArtifactReleaseVersion(), resultingFileName, signatureFileName)
                 }
             }
             post {
@@ -309,8 +295,12 @@ boolean isDeployImageInOpenshiftRegistry() {
     return params.DEPLOY_IMAGE_USE_OPENSHIFT_REGISTRY
 }
 
-String getDeployImageRegistryCredentials() {
-    return params.DEPLOY_IMAGE_REGISTRY_CREDENTIALS
+String getDeployImageRegistryUserCredentialsId() {
+    return params.DEPLOY_IMAGE_REGISTRY_USER_CREDENTIALS_ID
+}
+
+String getDeployImageRegistryTokenCredentialsId() {
+    return params.DEPLOY_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID
 }
 
 String getDeployImageRegistry() {
@@ -328,9 +318,8 @@ String getDeployImageNameSuffix() {
 String getDeployImageTag() {
     if (params.DEPLOY_IMAGE_TAG != '') {
         return params.DEPLOY_IMAGE_TAG
-    } else {
-        return sh(script: 'git rev-parse --short HEAD', returnStdout: true).trim()
     }
+    return sh(script: 'git rev-parse --short HEAD', returnStdout: true).trim()
 }
 
 String getFinalImageName() {
@@ -471,3 +460,7 @@ String getReleaseSvnRepository() {
 String getReleaseSvnCredsId() {
     return env.RELEASE_SVN_CREDS_ID
 }
+
+String getImageArtifactReleaseVersion() {
+    return env.IMAGE_ARTIFACT_RELEASE_VERSION
+}
diff --git a/.ci/jenkins/Jenkinsfile.deploy b/.ci/jenkins/Jenkinsfile.deploy
@@ -213,6 +213,11 @@ pipeline {
                         }
                         String prLink = githubscm.createPR(commitMsg, prBody, getBuildBranch(), getGitAuthorPushCredsId())
                         deployProperties["${getRepoName()}.pr.link"] = prLink
+
+                        // Create a new tag
+                        githubscm.setUserConfigFromCreds(getGitAuthorPushCredsId())
+                        githubscm.tagRepository(getGitTagName())
+                        githubscm.pushRemoteTag('origin', getGitTagName(), getGitAuthorPushCredsId())
                     }
                 }
             }
@@ -223,10 +228,12 @@ pipeline {
                         setDeployPropertyIfNeeded("${getRepoName()}.pr.source.ref", getPRBranch())
                         setDeployPropertyIfNeeded("${getRepoName()}.pr.target.uri", "https://github.com/${getGitAuthor()}/${getRepoName()}")
                         setDeployPropertyIfNeeded("${getRepoName()}.pr.target.ref", getBuildBranch())
+                        setDeployPropertyIfNeeded("${getRepoName()}.tag.name", getGitTagName())
                     }
                 }
             }
         }
+
         stage('Finalize') {
             steps {
                 script {
@@ -302,12 +309,14 @@ void createBuildAndTestStageClosure(String image) {
 
             buildParams.add(booleanParam(name: 'DEPLOY_IMAGE', value: isDeployImage()))
             buildParams.add(booleanParam(name: 'DEPLOY_IMAGE_USE_OPENSHIFT_REGISTRY', value: isDeployImageInOpenshiftRegistry()))
-            buildParams.add(string(name: 'DEPLOY_IMAGE_REGISTRY_CREDENTIALS', value: getDeployImageRegistryCredentials()))
+            buildParams.add(string(name: 'DEPLOY_IMAGE_REGISTRY_USER_CREDENTIALS_ID', value: getDeployImageRegistryUserCredentialsId()))
+            buildParams.add(string(name: 'DEPLOY_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID', value: getDeployImageRegistryTokenCredentialsId()))
             buildParams.add(string(name: 'DEPLOY_IMAGE_REGISTRY', value: getDeployImageRegistry()))
             buildParams.add(string(name: 'DEPLOY_IMAGE_NAMESPACE', value: getDeployImageNamespace()))
             buildParams.add(string(name: 'DEPLOY_IMAGE_NAME_SUFFIX', value: getDeployImageNameSuffix()))
             buildParams.add(string(name: 'DEPLOY_IMAGE_TAG', value: getDeployImageTag()))
             buildParams.add(booleanParam(name: 'DEPLOY_WITH_LATEST_TAG', value: isDeployLatestTag()))
+            buildParams.add(string(name: 'IMAGE_ARTIFACT_RELEASE_VERSION', value: getGitTagName()))
 
             def job = build(job: 'kogito-images.build-image', wait: true, parameters: buildParams, propagate: false)
             if (job.result != 'SUCCESS') {
@@ -362,8 +371,12 @@ boolean isDeployImageInOpenshiftRegistry() {
     return params.IMAGE_USE_OPENSHIFT_REGISTRY
 }
 
-String getDeployImageRegistryCredentials() {
-    return params.IMAGE_REGISTRY_CREDENTIALS
+String getDeployImageRegistryUserCredentialsId() {
+    return params.IMAGE_REGISTRY_USER_CREDENTIALS_ID
+}
+
+String getDeployImageRegistryTokenCredentialsId() {
+    return params.IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID
 }
 
 String getDeployImageRegistry() {
@@ -450,4 +463,8 @@ String[] getImages() {
 
 String getQuarkusPlatformVersion() {
     return params.QUARKUS_PLATFORM_VERSION
-}
+}
+
+String getGitTagName() {
+    return params.GIT_TAG_NAME
+}
diff --git a/.ci/jenkins/Jenkinsfile.promote b/.ci/jenkins/Jenkinsfile.promote
@@ -64,15 +64,15 @@ pipeline {
                     // Login old registry
                     if (isOldImageInOpenshiftRegistry()) {
                         loginOpenshiftRegistry()
-                    } else if (getOldImageRegistryCredentials() != '') {
-                        loginContainerRegistry(getOldImageRegistry(), getOldImageRegistryCredentials())
+                    } else if (getOldImageRegistryUserCredentialsId() != '' && getOldImageRegistryTokenCredentialsId() != '') {
+                        loginContainerRegistry(getOldImageRegistry(), getOldImageRegistryUserCredentialsId(), getOldImageRegistryTokenCredentialsId())
                     }
 
                     // Login new registry
                     if (isNewImageInOpenshiftRegistry()) {
                         loginOpenshiftRegistry()
-                    } else if (getNewImageRegistryCredentials() != '') {
-                        loginContainerRegistry(getNewImageRegistry(), getNewImageRegistryCredentials())
+                    } else if (getNewImageRegistryUserCredentialsId() != '' && getNewImageRegistryTokenCredentialsId() != '') {
+                        loginContainerRegistry(getNewImageRegistry(), getNewImageRegistryUserCredentialsId(), getNewImageRegistryTokenCredentialsId())
                     }
 
                     dir(getRepoName()) {
@@ -173,20 +173,6 @@ void promoteImage(String oldImageName, String newImageName) {
     cloud.skopeoCopyRegistryImages(oldImageName, newImageName, Integer.parseInt(env.MAX_REGISTRY_RETRIES))
 }
 
-// Set images public on quay. Useful when new images are introduced.
-void makeQuayNewImagesPublic() {
-    String namespace = getNewImageNamespace()
-    for (String imageName : getImages()) {
-        String repository = getFinalImageName(imageName, getNewImageNameSuffix())
-        echo "Check and set public if needed Quay repository ${namespace}/${repository}"
-        try {
-            cloud.makeQuayImagePublic(namespace, repository, [ usernamePassword: getNewImageRegistryCredentials()])
-        } catch (err) {
-            echo "[ERROR] Cannot set image quay.io/${namespace}/${repository} as visible"
-        }
-    }
-}
-
 String getOldImageFullTag(String imageName) {
     return "${getOldImageRegistry()}/${getOldImageNamespace()}/${getFinalImageName(imageName, getOldImageNameSuffix())}:${getOldImageTag()}"
 }
@@ -226,9 +212,11 @@ void loginOpenshiftRegistry() {
     sh "set +x && ${env.CONTAINER_ENGINE} login -u anything -p \$(oc whoami -t) ${env.CONTAINER_ENGINE_TLS_OPTIONS ?: ''} ${env.OPENSHIFT_REGISTRY}"
 }
 
-void loginContainerRegistry(String registry, String credsId) {
-    withCredentials([usernamePassword(credentialsId: credsId, usernameVariable: 'REGISTRY_USER', passwordVariable: 'REGISTRY_PWD')]) {
-        sh "${env.CONTAINER_ENGINE} login -u ${REGISTRY_USER} -p ${REGISTRY_PWD} ${env.CONTAINER_ENGINE_TLS_OPTIONS ?: ''} ${registry}"
+void loginContainerRegistry(String registry, String userCredsId, String tokenCredsId) {
+    withCredentials([string(credentialsId: userCredsId, variable: 'DOCKER_USER')]) {
+        withCredentials([string(credentialsId: tokenCredsId, variable: 'DOCKER_TOKEN')]) {
+            sh "${env.CONTAINER_ENGINE} login -u ${DOCKER_USER} -p ${DOCKER_TOKEN} ${env.CONTAINER_ENGINE_TLS_OPTIONS ?: ''} ${registry}"
+        }
     }
 }
 
@@ -296,10 +284,6 @@ String getGitAuthorPushCredsId() {
     return env.GIT_AUTHOR_PUSH_CREDS_ID
 }
 
-boolean isQuayRegistry(String registry) {
-    return registry == 'quay.io'
-}
-
 ////////////////////////////////////////////////////////////////////////
 // Old image information
 ////////////////////////////////////////////////////////////////////////
@@ -312,8 +296,12 @@ boolean isOldImageInOpenshiftRegistry() {
     return params.BASE_IMAGE_USE_OPENSHIFT_REGISTRY
 }
 
-String getOldImageRegistryCredentials() {
-    return params.BASE_IMAGE_REGISTRY_CREDENTIALS
+String getOldImageRegistryUserCredentialsId() {
+    return params.BASE_IMAGE_REGISTRY_USER_CREDENTIALS_ID
+}
+
+String getOldImageRegistryTokenCredentialsId() {
+    return params.BASE_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID
 }
 
 String getOldImageRegistry() {
@@ -344,8 +332,12 @@ boolean isNewImageInOpenshiftRegistry() {
     return params.PROMOTE_IMAGE_USE_OPENSHIFT_REGISTRY
 }
 
-String getNewImageRegistryCredentials() {
-    return params.PROMOTE_IMAGE_REGISTRY_CREDENTIALS
+String getNewImageRegistryUserCredentialsId() {
+    return params.PROMOTE_IMAGE_REGISTRY_USER_CREDENTIALS_ID
+}
+
+String getNewImageRegistryTokenCredentialsId() {
+    return params.PROMOTE_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID
 }
 
 String getNewImageRegistry() {

diff --git a/.ci/jenkins/Jenkinsfile.weekly.deploy b/.ci/jenkins/Jenkinsfile.weekly.deploy
@@ -206,7 +206,8 @@ void createBuildAndTestStageClosure(String image) {
 
             buildParams.add(booleanParam(name: 'DEPLOY_IMAGE', value: true))
             buildParams.add(booleanParam(name: 'DEPLOY_IMAGE_USE_OPENSHIFT_REGISTRY', value: isDeployImageInOpenshiftRegistry()))
-            buildParams.add(string(name: 'DEPLOY_IMAGE_REGISTRY_CREDENTIALS', value: getDeployImageRegistryCredentials()))
+            buildParams.add(string(name: 'DEPLOY_IMAGE_REGISTRY_USER_CREDENTIALS_ID', value: getDeployImageRegistryUserCredentialsId()))
+            buildParams.add(string(name: 'DEPLOY_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID', value: getDeployImageRegistryTokenCredentialsId()))
             buildParams.add(string(name: 'DEPLOY_IMAGE_REGISTRY', value: getDeployImageRegistry()))
             buildParams.add(string(name: 'DEPLOY_IMAGE_NAMESPACE', value: getDeployImageNamespace()))
             buildParams.add(string(name: 'DEPLOY_IMAGE_NAME_SUFFIX', value: getDeployImageNameSuffix()))
@@ -262,8 +263,12 @@ boolean isDeployImageInOpenshiftRegistry() {
     return params.IMAGE_USE_OPENSHIFT_REGISTRY
 }
 
-String getDeployImageRegistryCredentials() {
-    return params.IMAGE_REGISTRY_CREDENTIALS
+String getDeployImageRegistryUserCredentialsId() {
+    return params.IMAGE_REGISTRY_USER_CREDENTIALS_ID
+}
+
+String getDeployImageRegistryTokenCredentialsId() {
+    return params.IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID
 }
 
 String getDeployImageRegistry() {