diff --git a/.drone.yml b/.drone.yml index dda4b673e1844..ca0a997ec6372 100644 --- a/.drone.yml +++ b/.drone.yml @@ -5028,6 +5028,10 @@ steps: GOPATH: /go OS: linux ARCH: amd64 + QUAY_USERNAME: + from_secret: QUAYIO_DOCKER_USERNAME + QUAY_PASSWORD: + from_secret: QUAYIO_DOCKER_PASSWORD AWS_ACCESS_KEY_ID: from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY AWS_SECRET_ACCESS_KEY: @@ -5038,6 +5042,7 @@ steps: commands: - apk add --no-cache make bash aws-cli - chown -R $UID:$GID /go + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" quay.io - aws ecr get-login-password --region us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - cd /go/src/github.com/gravitational/teleport - make image-ci publish-ci @@ -5561,12 +5566,14 @@ steps: commands: - apk add --no-cache aws-cli - export VERSION=${DRONE_TAG##v} + - docker login -u="$STAGING_QUAY_USERNAME" -p="$STAGING_QUAY_PASSWORD" quay.io - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - echo "---> Pulling images for $${VERSION}" - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$${VERSION} - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION} - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}-fips + - docker pull quay.io/gravitational/teleport-operator-ci:$${VERSION} - echo "---> Tagging images for $${VERSION}" - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$${VERSION} quay.io/gravitational/teleport:$${VERSION} @@ -5574,12 +5581,15 @@ steps: quay.io/gravitational/teleport-ent:$${VERSION} - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}-fips quay.io/gravitational/teleport-ent:$${VERSION}-fips + - docker tag quay.io/gravitational/teleport-operator-ci:$${VERSION} quay.io/gravitational/teleport-operator:$${VERSION} + - docker logout quay.io - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" quay.io - echo "---> Pushing images for $${VERSION}" - docker push quay.io/gravitational/teleport:$${VERSION} - docker push quay.io/gravitational/teleport-ent:$${VERSION} - docker push quay.io/gravitational/teleport-ent:$${VERSION}-fips + - docker push quay.io/gravitational/teleport-operator:$${VERSION} environment: AWS_ACCESS_KEY_ID: from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY @@ -5589,6 +5599,10 @@ steps: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + STAGING_QUAY_PASSWORD: + from_secret: QUAYIO_DOCKER_PASSWORD + STAGING_QUAY_USERNAME: + from_secret: QUAYIO_DOCKER_USERNAME volumes: - name: dockersock path: /var/run @@ -6077,6 +6091,6 @@ volumes: name: drone-s3-debrepo-pvc --- kind: signature -hmac: e3a5814199a0d80fff258945dc968a32fa0d6380fe235ea4f0cfcc506b0e881c +hmac: cfe9263c545d10b26f27dc10b8b5e5b833d0fca4333860550dae28113cef681a ... diff --git a/dronegen/promote.go b/dronegen/promote.go index 7af8ce7cbe3e5..fe5db5b9abeaa 100644 --- a/dronegen/promote.go +++ b/dronegen/promote.go @@ -97,28 +97,34 @@ func buildDockerPromotionPipelineQuay() pipeline { Name: "Pull/retag Docker images", Image: "docker", Environment: map[string]value{ - "AWS_ACCESS_KEY_ID": {fromSecret: "STAGING_TELEPORT_DRONE_USER_ECR_KEY"}, - "AWS_SECRET_ACCESS_KEY": {fromSecret: "STAGING_TELEPORT_DRONE_USER_ECR_SECRET"}, + "STAGING_QUAY_USERNAME": {fromSecret: "QUAYIO_DOCKER_USERNAME"}, + "STAGING_QUAY_PASSWORD": {fromSecret: "QUAYIO_DOCKER_PASSWORD"}, "QUAY_USERNAME": {fromSecret: "PRODUCTION_QUAYIO_DOCKER_USERNAME"}, "QUAY_PASSWORD": {fromSecret: "PRODUCTION_QUAYIO_DOCKER_PASSWORD"}, + "AWS_ACCESS_KEY_ID": {fromSecret: "STAGING_TELEPORT_DRONE_USER_ECR_KEY"}, + "AWS_SECRET_ACCESS_KEY": {fromSecret: "STAGING_TELEPORT_DRONE_USER_ECR_SECRET"}, }, Volumes: dockerVolumeRefs(), Commands: []string{ "apk add --no-cache aws-cli", "export VERSION=${DRONE_TAG##v}", // authenticate with staging credentials + `docker login -u="$STAGING_QUAY_USERNAME" -p="$STAGING_QUAY_PASSWORD" ` + ProductionRegistryQuay, "aws ecr get-login-password --region=us-west-2 | docker login -u=\"AWS\" --password-stdin " + StagingRegistry, // pull staging images "echo \"---> Pulling images for $${VERSION}\"", fmt.Sprintf("docker pull %s/gravitational/teleport:$${VERSION}", StagingRegistry), fmt.Sprintf("docker pull %s/gravitational/teleport-ent:$${VERSION}", StagingRegistry), fmt.Sprintf("docker pull %s/gravitational/teleport-ent:$${VERSION}-fips", StagingRegistry), + fmt.Sprintf("docker pull %s/gravitational/teleport-operator-ci:$${VERSION}", ProductionRegistryQuay), // retag images to production naming "echo \"---> Tagging images for $${VERSION}\"", fmt.Sprintf("docker tag %s/gravitational/teleport:$${VERSION} %s/gravitational/teleport:$${VERSION}", StagingRegistry, ProductionRegistryQuay), fmt.Sprintf("docker tag %s/gravitational/teleport-ent:$${VERSION} %s/gravitational/teleport-ent:$${VERSION}", StagingRegistry, ProductionRegistryQuay), fmt.Sprintf("docker tag %s/gravitational/teleport-ent:$${VERSION}-fips %s/gravitational/teleport-ent:$${VERSION}-fips", StagingRegistry, ProductionRegistryQuay), + fmt.Sprintf("docker tag %s/gravitational/teleport-operator-ci:$${VERSION} %s/gravitational/teleport-operator:$${VERSION}", ProductionRegistryQuay, ProductionRegistryQuay), // authenticate with production credentials + "docker logout " + ProductionRegistryQuay, "docker logout " + StagingRegistry, "docker login -u=\"$QUAY_USERNAME\" -p=\"$QUAY_PASSWORD\" " + ProductionRegistryQuay, // push production images @@ -126,6 +132,7 @@ func buildDockerPromotionPipelineQuay() pipeline { fmt.Sprintf("docker push %s/gravitational/teleport:$${VERSION}", ProductionRegistryQuay), fmt.Sprintf("docker push %s/gravitational/teleport-ent:$${VERSION}", ProductionRegistryQuay), fmt.Sprintf("docker push %s/gravitational/teleport-ent:$${VERSION}-fips", ProductionRegistryQuay), + fmt.Sprintf("docker push %s/gravitational/teleport-operator:$${VERSION}", ProductionRegistryQuay), }, })