diff --git a/.drone.yml b/.drone.yml index 0411563137cb3..ad5b050c80483 100644 --- a/.drone.yml +++ b/.drone.yml @@ -5023,6 +5023,10 @@ steps: GOPATH: /go OS: linux ARCH: amd64 + QUAY_USERNAME: + from_secret: QUAYIO_DOCKER_USERNAME + QUAY_PASSWORD: + from_secret: QUAYIO_DOCKER_PASSWORD AWS_ACCESS_KEY_ID: from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY AWS_SECRET_ACCESS_KEY: @@ -5033,6 +5037,7 @@ steps: commands: - apk add --no-cache make bash aws-cli - chown -R $UID:$GID /go + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" quay.io - aws ecr get-login-password --region us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - cd /go/src/github.com/gravitational/teleport - make image-ci publish-ci @@ -5556,12 +5561,14 @@ steps: commands: - apk add --no-cache aws-cli - export VERSION=${DRONE_TAG##v} + - docker login -u="$STAGING_QUAY_USERNAME" -p="$STAGING_QUAY_PASSWORD" quay.io - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - echo "---> Pulling images for $${VERSION}" - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$${VERSION} - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION} - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}-fips + - docker pull quay.io/gravitational/teleport-operator-ci:$${VERSION} - echo "---> Tagging images for $${VERSION}" - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$${VERSION} quay.io/gravitational/teleport:$${VERSION} @@ -5569,12 +5576,15 @@ steps: quay.io/gravitational/teleport-ent:$${VERSION} - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}-fips quay.io/gravitational/teleport-ent:$${VERSION}-fips + - docker tag quay.io/gravitational/teleport-operator-ci:$${VERSION} quay.io/gravitational/teleport-operator:$${VERSION} + - docker logout quay.io - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" quay.io - echo "---> Pushing images for $${VERSION}" - docker push quay.io/gravitational/teleport:$${VERSION} - docker push quay.io/gravitational/teleport-ent:$${VERSION} - docker push quay.io/gravitational/teleport-ent:$${VERSION}-fips + - docker push quay.io/gravitational/teleport-operator:$${VERSION} environment: AWS_ACCESS_KEY_ID: from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY @@ -5584,6 +5594,10 @@ steps: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + STAGING_QUAY_PASSWORD: + from_secret: QUAYIO_DOCKER_PASSWORD + STAGING_QUAY_USERNAME: + from_secret: QUAYIO_DOCKER_USERNAME volumes: - name: dockersock path: /var/run @@ -6030,6 +6044,6 @@ volumes: name: drone-s3-debrepo-pvc --- kind: signature -hmac: 98febafab4b023cc0a6cb874b976c6d1da78c371593268cec034eb6952cd8e30 +hmac: f0301ddeaf719deb638ce6d642e66123c111a501820b8a1f2bb1e6360314f3dd ... diff --git a/dronegen/promote.go b/dronegen/promote.go index 7af8ce7cbe3e5..fe5db5b9abeaa 100644 --- a/dronegen/promote.go +++ b/dronegen/promote.go @@ -97,28 +97,34 @@ func buildDockerPromotionPipelineQuay() pipeline { Name: "Pull/retag Docker images", Image: "docker", Environment: map[string]value{ - "AWS_ACCESS_KEY_ID": {fromSecret: "STAGING_TELEPORT_DRONE_USER_ECR_KEY"}, - "AWS_SECRET_ACCESS_KEY": {fromSecret: "STAGING_TELEPORT_DRONE_USER_ECR_SECRET"}, + "STAGING_QUAY_USERNAME": {fromSecret: "QUAYIO_DOCKER_USERNAME"}, + "STAGING_QUAY_PASSWORD": {fromSecret: "QUAYIO_DOCKER_PASSWORD"}, "QUAY_USERNAME": {fromSecret: "PRODUCTION_QUAYIO_DOCKER_USERNAME"}, "QUAY_PASSWORD": {fromSecret: "PRODUCTION_QUAYIO_DOCKER_PASSWORD"}, + "AWS_ACCESS_KEY_ID": {fromSecret: "STAGING_TELEPORT_DRONE_USER_ECR_KEY"}, + "AWS_SECRET_ACCESS_KEY": {fromSecret: "STAGING_TELEPORT_DRONE_USER_ECR_SECRET"}, }, Volumes: dockerVolumeRefs(), Commands: []string{ "apk add --no-cache aws-cli", "export VERSION=${DRONE_TAG##v}", // authenticate with staging credentials + `docker login -u="$STAGING_QUAY_USERNAME" -p="$STAGING_QUAY_PASSWORD" ` + ProductionRegistryQuay, "aws ecr get-login-password --region=us-west-2 | docker login -u=\"AWS\" --password-stdin " + StagingRegistry, // pull staging images "echo \"---> Pulling images for $${VERSION}\"", fmt.Sprintf("docker pull %s/gravitational/teleport:$${VERSION}", StagingRegistry), fmt.Sprintf("docker pull %s/gravitational/teleport-ent:$${VERSION}", StagingRegistry), fmt.Sprintf("docker pull %s/gravitational/teleport-ent:$${VERSION}-fips", StagingRegistry), + fmt.Sprintf("docker pull %s/gravitational/teleport-operator-ci:$${VERSION}", ProductionRegistryQuay), // retag images to production naming "echo \"---> Tagging images for $${VERSION}\"", fmt.Sprintf("docker tag %s/gravitational/teleport:$${VERSION} %s/gravitational/teleport:$${VERSION}", StagingRegistry, ProductionRegistryQuay), fmt.Sprintf("docker tag %s/gravitational/teleport-ent:$${VERSION} %s/gravitational/teleport-ent:$${VERSION}", StagingRegistry, ProductionRegistryQuay), fmt.Sprintf("docker tag %s/gravitational/teleport-ent:$${VERSION}-fips %s/gravitational/teleport-ent:$${VERSION}-fips", StagingRegistry, ProductionRegistryQuay), + fmt.Sprintf("docker tag %s/gravitational/teleport-operator-ci:$${VERSION} %s/gravitational/teleport-operator:$${VERSION}", ProductionRegistryQuay, ProductionRegistryQuay), // authenticate with production credentials + "docker logout " + ProductionRegistryQuay, "docker logout " + StagingRegistry, "docker login -u=\"$QUAY_USERNAME\" -p=\"$QUAY_PASSWORD\" " + ProductionRegistryQuay, // push production images @@ -126,6 +132,7 @@ func buildDockerPromotionPipelineQuay() pipeline { fmt.Sprintf("docker push %s/gravitational/teleport:$${VERSION}", ProductionRegistryQuay), fmt.Sprintf("docker push %s/gravitational/teleport-ent:$${VERSION}", ProductionRegistryQuay), fmt.Sprintf("docker push %s/gravitational/teleport-ent:$${VERSION}-fips", ProductionRegistryQuay), + fmt.Sprintf("docker push %s/gravitational/teleport-operator:$${VERSION}", ProductionRegistryQuay), }, })