Add script for pushing container images via Travis (#1800)

* Add script for pushing container images via Travis Signed-off-by: Nolan Brubaker <[email protected]> * Explain the latest tag logic Signed-off-by: Nolan Brubaker <[email protected]> * Add travis integration to deployment * ensure $BRANCH is always the same value (borrowed from Sonobuoy) * get gcloud SDK installed (borrowed from Sonobuoy) * use deploy step to run GCR push script (borrowed from Sonobuoy) * use gcloud's docker to do the image building/pushing * placeholders for secure values * rename $LATEST to $HIGHEST to more accurately reflect what it is Signed-off-by: Nolan Brubaker <[email protected]> * Add encrypted GCR creds Signed-off-by: Nolan Brubaker <[email protected]> * Remove unused env section Signed-off-by: Nolan Brubaker <[email protected]> * Rearrange logic so that there's only one make call Signed-off-by: Nolan Brubaker <[email protected]> * Review feedback Signed-off-by: Nolan Brubaker <[email protected]> * Update gcloud and OS for Travis environment Signed-off-by: Nolan Brubaker <[email protected]> * Remove redundant make dependencies verify and test targets already run on the ci target, which must pass before deploy. Signed-off-by: Nolan Brubaker <[email protected]> * Re-encrypt file after testing Signed-off-by: Nolan Brubaker <[email protected]>
vmware-tanzu · Sep 5, 2019 · 275546e · 275546e
1 parent 5a77a7a
commit 275546e
Show file tree

Hide file tree

Showing 4 changed files with 96 additions and 2 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,3 +1,4 @@
+dist: xenial
 language: go
 
 go:
@@ -8,4 +9,23 @@ sudo: required
 services:
   - docker
 
-script: hack/ci-check.sh
+script:
+  - export BRANCH=$(if [ "$TRAVIS_PULL_REQUEST" == "false" ]; then echo $TRAVIS_BRANCH; else echo $TRAVIS_PULL_REQUEST_BRANCH; fi)
+  - echo "TRAVIS_BRANCH=$TRAVIS_BRANCH, PR=$TRAVIS_PULL_REQUEST, BRANCH=$BRANCH"
+  - hack/ci-check.sh
+
+# gcloud sdk is needed to upload docker images, but we want an updated version
+# Do this outside our script so that it's clearly separated in the logs
+before_deploy:
+  - sudo apt-get remove google-cloud-sdk
+  - if [ ! -d ${HOME}/google-cloud-sdk ]; then curl https://sdk.cloud.google.com | bash
+    /dev/stdin --disable-prompts; fi
+  - export PATH=${HOME}/google-cloud-sdk/bin:$PATH && echo "$PATH"
+
+deploy:
+  - provider: script
+    skip_cleanup: true
+    script: hack/gcr-push.sh
+    on:
+      repo: heptio/velero
+      all_branches: true
diff --git a/Makefile b/Makefile
@@ -152,7 +152,7 @@ all-containers:
 	$(MAKE) container BIN=velero-restic-restore-helper
 	$(MAKE) build-fsfreeze
 
-container: verify test .container-$(DOTFILE_IMAGE) container-name
+container: .container-$(DOTFILE_IMAGE) container-name
 .container-$(DOTFILE_IMAGE): _output/bin/$(GOOS)/$(GOARCH)/$(BIN) $(DOCKERFILE)
 	@cp $(DOCKERFILE) _output/.dockerfile-$(BIN)-$(GOOS)-$(GOARCH)
 	@docker build --pull -t $(IMAGE):$(VERSION) -f _output/.dockerfile-$(BIN)-$(GOOS)-$(GOARCH) _output

diff --git a/hack/gcr-push.sh b/hack/gcr-push.sh
@@ -0,0 +1,74 @@
+#!/bin/bash
+
+# Copyright 2019 the Velero contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# gcr-push is invoked by the CI/CD system to deploy docker images to Google Container Registry.
+# It will build images for all commits to master and all git tags.
+# The highest, non-prerelease semantic version will also be given the `latest` tag.
+
+set +x
+
+if [[ -z "$TRAVIS" ]]; then
+    echo "This script is intended to be run only on Travis." >&2
+    exit 1
+fi
+
+# Return value is written into HIGHEST
+HIGHEST=""
+function highest_release() {
+    # Loop through the tags since pre-release versions come before the actual versions.
+    # Iterate til we find the first non-pre-release
+
+    # This is not necessarily the most recently made tag; instead, we want it to be the highest semantic version.
+    # The most recent tag could potentially be a lower semantic version, made as a point release for a previous series.
+    # As an example, if v1.3.0 exists and we create v1.2.2, v1.3.0 should still be `latest`.
+    # `git describe --tags $(git rev-list --tags --max-count=1)` would return the most recently made tag.
+
+    for t in $(git tag -l --sort=-v:refname);
+    do
+        # If the tag has alpha, beta or rc in it, it's not "latest"
+        if [[ "$t" == *"beta"* || "$t" == *"alpha"* || "$t" == *"rc"* ]]; then
+            continue
+        fi
+        HIGHEST="$t"
+        break
+    done
+}
+
+if [ "$BRANCH" == "master" ]; then
+    VERSION="$BRANCH"
+elif [ ! -z "$TRAVIS_TAG" ]; then
+    VERSION="$TRAVIS_TAG"
+else
+    # If we're not on master and we're not building a tag, exit early.
+    exit 0
+fi
+
+# Calculate the latest release
+highest_release
+
+# Assume we're not tagging `latest` by default.
+TAG_LATEST=false
+if [[ "$TRAVIS_TAG" == "$HIGHEST" ]]; then
+    TAG_LATEST=true
+fi
+
+openssl aes-256-cbc -K $encrypted_f58ab4413c21_key -iv $encrypted_f58ab4413c21_iv -in heptio-images-fac92d2303ac.json.enc -out heptio-images-fac92d2303ac.json -d
+gcloud auth activate-service-account --key-file heptio-images-fac92d2303ac.json
+unset GIT_HTTP_USER_AGENT
+
+echo "Building and pushing container images."
+
+VERSION="$VERSION" TAG_LATEST="$TAG_LATEST" make all-containers all-push
diff --git a/heptio-images-fac92d2303ac.json.enc b/heptio-images-fac92d2303ac.json.enc