Add promotion step to drone pipeline for pushing to quay #466
Conversation
logand22
requested review from
klizhentas,
russjones,
r0mant,
Joerger and
tcsc
as code owners
How do you plan to test this after merge? I'd like to make sure we've done end-to-end testing before the next 9.0.x release, when these would go live. |
|
My current plan is to walk through an entire release process with a dummy tag and dummy promote. I will only be promoting the publish-images target and plan on cleaning up the tags afterwards. For example: |
This sounds great! The one addendum I'd add is: Use a tag like Why? Russell asks folks not to delete any tags (including testing ones) from core product repos. A long time ago, an engineer re-pushed a git tag our customers had all ready pulled, and it spooked a customer. After that incident then we've treated tags as immutable for teleport -- even testing tags. I wish we could enforce that immutability it via github, but it isn't possible currently. We can play a bit more fast and loose with tags in non-customer-facing or non-product repos. |
That sounds good. Just to clarify though, leave the git tag alone but clean up the production images in quay? |
Yeah -- thats probably what I'd do. I don't think leaving test images around is harmful, but nor is it particularly helpful to our customers. |
As a part of #438, this PR adds additional pipelines to
.drone.ymlfile in order to promote internally staged docker images to their public registry with quay.io.The current promotion workflow occurs on a per tag basis. This means that for every tag created by the
make update-tagtarget, a teleport employee triggers a promotion step for this tag.This workflow is reflected in the additional promotion steps added in this PR. Therefore, no change to the procedure in which a tag is promoted will occur in order for the images to be promoted to Quay.io.
Testing
The promotion step was confirmed through local manual testing.