ci: fix

2024-05-28 19:13:38 +03:00 · 2024-05-28 19:13:38 +03:00 · de44930c2d
commit de44930c2d
parent a0cfdfa8a5
8 changed files with 128 additions and 12 deletions
--- a/.ci/envsh.common
+++ b/.ci/envsh.common
@ -37,19 +37,25 @@ image_tag_norm() {
 ## misc CI things
 # CI_COMMIT_SHORT_SHA="${CI_COMMIT_SHA:0:8}"
 CI_COMMIT_SHORT_SHA=$(printf '%s' "${CI_COMMIT_SHA}" | cut -c 1-8)
-CI_COMMIT_REF_SLUG="$(ref_slug "${CI_COMMIT_BRANCH}")"
-if [ -n "${CI_COMMIT_SOURCE_BRANCH}" ] ; then
-    CI_COMMIT_REF_SLUG="$(ref_slug "${CI_COMMIT_SOURCE_BRANCH}")"
+if [ -n "${CI_COMMIT_BRANCH}" ] ; then
+    CI_COMMIT_REF_SLUG="${CI_COMMIT_BRANCH}"
 fi
+if [ -n "${CI_COMMIT_SOURCE_BRANCH}" ] ; then
+    CI_COMMIT_REF_SLUG="${CI_COMMIT_SOURCE_BRANCH}"
+fi
+if [ -n "${CI_COMMIT_TAG}" ] ; then
+    CI_COMMIT_REF_SLUG="${CI_COMMIT_TAG}"
+fi
+CI_COMMIT_REF_SLUG="$(image_tag_norm "${CI_COMMIT_REF_SLUG}")"

 ## image tag(s)
 IMAGE_TAG="${CI_COMMIT_SHORT_SHA}-b${CI_PIPELINE_NUMBER}-${CI_COMMIT_REF_SLUG}"
 EXTRA_TAGS=$(image_tag_norm "branch-${CI_COMMIT_BRANCH}")
 if [ -n "${CI_COMMIT_TAG}" ] ; then
-    IMAGE_TAG="${CI_COMMIT_TAG}"
-    unset EXTRA_TAGS
+    IMAGE_TAG="${CI_COMMIT_SHORT_SHA}"
+    EXTRA_TAGS="${CI_COMMIT_REF_SLUG}"
    ## TODO: think about "latest" tag: it should be error-prone for "backward tag push"
-    # EXTRA_TAGS='latest'
+    # EXTRA_TAGS="${CI_COMMIT_REF_SLUG} latest"
 else
    if [ -n "${CI_COMMIT_SOURCE_BRANCH}" ] ; then
        echo "Running on branch '${CI_COMMIT_SOURCE_BRANCH}'"
--- a/.ci/image.sh
+++ b/.ci/image.sh
@ -10,6 +10,11 @@ set -ef
 ## produce _real_ BASE_IMAGE because "static-debian12:debug-nonroot" is not multiarch image (yet)
 export BASE_IMAGE="${BASE_IMAGE:?}-${GOARCH:?}"

+buildah pull \
+    --platform "${TARGET_PLATFORM}" \
+    --retry 3 --retry-delay 30s \
+"${BASE_IMAGE}"
+
 ## build image
 buildah bud \
    -t "${IMAGE_NAME}:${IMAGE_TAG}${PLATFORM_SUFFIX}" \
--- a/.ci/sync-all.sh
+++ b/.ci/sync-all.sh
@ -20,20 +20,32 @@ rm -rf "${oci_dir}" ; mkdir "${oci_dir}"

 r=0

+img_copy() {
+    for i in $(seq 1 3) ; do
+        if skopeo copy --all "$@" ; then
+            return 0
+        fi
+    done
+    return 1
+}
+
 while : ; do
-    skopeo copy --all "${image_src}:${IMAGE_TAG}" "${image_interim}" || r=$?
+    img_copy "${image_src}:${IMAGE_TAG}" "${image_interim}" || r=$?
    [ "$r" = 0 ] || break

-    skopeo copy --all "${image_interim}" "${image_dst}:${IMAGE_TAG}" || r=$?
+    echo " -> ${image_dst}:${IMAGE_TAG}"
+    img_copy "${image_interim}" "${image_dst}:${IMAGE_TAG}" || r=$?
    [ "$r" = 0 ] || break

    for tag in ${EXTRA_TAGS} ; do
        [ -n "${tag}" ] || continue

-        skopeo copy --all "${image_interim}" "${image_src}:${tag}" || r=$?
+        echo " -> ${image_src}:${tag}"
+        img_copy "${image_interim}" "${image_src}:${tag}" || r=$?
        [ "$r" = 0 ] || break

-        skopeo copy --all "${image_interim}" "${image_dst}:${tag}" || r=$?
+        echo " -> ${image_dst}:${tag}"
+        img_copy "${image_interim}" "${image_dst}:${tag}" || r=$?
        [ "$r" = 0 ] || break
    done

--- a/.ci/sync-latest.sh
+++ b/.ci/sync-latest.sh
@ -0,0 +1,47 @@
+#!/bin/sh
+# SPDX-License-Identifier: Apache-2.0
+# (c) 2024, Konstantin Demin
+set -ef
+
+[ -z "${CI_DEBUG}" ] || set -xv
+
+: "${IMAGE_NAME:?}" "${EXT_IMAGE_NAME:?}" "${LATEST_TAG:?}"
+
+. .ci/envsh.registry
+
+image_src="docker://${IMAGE_NAME}"
+image_dst="docker://${EXT_IMAGE_NAME}"
+
+oci_dir="${PWD}/oci-layers"
+image_interim="oci:${oci_dir}:$(basename "${IMAGE_NAME}"):${LATEST_TAG}"
+
+rm -rf "${oci_dir}" ; mkdir "${oci_dir}"
+
+r=0
+
+img_copy() {
+    for i in $(seq 1 3) ; do
+        if skopeo copy --all "$@" ; then
+            return 0
+        fi
+    done
+    return 1
+}
+
+while : ; do
+    img_copy "${image_src}:${LATEST_TAG}" "${image_interim}" || r=$?
+    [ "$r" = 0 ] || break
+
+    echo " -> ${image_src}:latest"
+    img_copy "${image_interim}" "${image_src}:latest" || r=$?
+    [ "$r" = 0 ] || break
+
+    echo " -> ${image_dst}:latest"
+    img_copy "${image_interim}" "${image_dst}:latest" || r=$?
+    [ "$r" = 0 ] || break
+
+    break
+done
+
+rm -rf "${oci_dir}"
+exit "$r"
--- a/.dockerignore
+++ b/.dockerignore
@ -4,4 +4,3 @@ publish-nexus*
 .ci/*
 .woodpecker/*
 .woodpecker.yml
-dist/*
--- a/.woodpecker/.build.yml
+++ b/.woodpecker/.build.yml
@ -1,5 +1,6 @@
 when:
-  event: [ push, tag, cron, manual ]
+  - event: [ push, tag, cron, manual ]
+    evaluate: 'LATEST_TAG == ""'

 variables:
  - &image_name 'quay.krd.sh/krd/woodpecker-sonatype-nexus'
--- a/.woodpecker/.latest.yml
+++ b/.woodpecker/.latest.yml
@ -0,0 +1,43 @@
+when:
+  - event: [ manual ]
+    evaluate: 'LATEST_TAG != ""'
+
+variables:
+  - &image_name 'quay.krd.sh/krd/woodpecker-sonatype-nexus'
+  - &ext_image_name 'docker.io/rockdrilla/woodpecker-sonatype-nexus'
+  - &skopeo_image 'quay.krd.sh/quay_io/containers/skopeo:v1.15.0'
+
+## kind of fixup (remove in near future)
+## ref: https://github.com/woodpecker-ci/plugin-git/releases
+clone:
+  git:
+    image: quay.krd.sh/docker_io/woodpeckerci/plugin-git:2.5.0
+
+## NB: ${variable} expressions are subject to pre-processing.
+## ref: https://woodpecker-ci.org/docs/usage/environment
+
+steps:
+
+  - name: verify-registry-credentials
+    image: *skopeo_image
+    environment:
+      GOMAXPROCS: "4"
+      MALLOC_ARENA_MAX: "4"
+    secrets: [ REGISTRY_AUTH ]
+    commands:
+      - .ci/registry-login.sh quay.krd.sh docker.io
+
+  - name: image-sync-latest
+    image: *skopeo_image
+    environment:
+      GOMAXPROCS: "4"
+      MALLOC_ARENA_MAX: "4"
+      ##
+      IMAGE_NAME: *image_name
+      EXT_IMAGE_NAME: *ext_image_name
+    commands:
+      - .ci/sync-latest.sh
+
+## personal tweaks :)
+labels:
+  network: dmz
--- a/3
+++ b/3
@ -46,6 +46,9 @@ $(OUTBIN):
 	    echo "!!! git information is asbent !!!" >&2 ; \
 	    GO_BUILDFLAGS="-buildvcs=false $${GO_BUILDFLAGS}" ; \
 	fi ; \
+	for i in $$(seq 1 3) ; do \
+	    if $(GO) get ; then break ; fi ; \
+	done ; \
 	$(GO) build -o $@ \
 	  $${GO_BUILDFLAGS} \
 	  $(if $(strip $(TAGS)),-tags '$(strip $(TAGS))') \