[RFC,XEN,6/7] automation: Push container been tested

Commit Message

Anthony PERARD March 2, 2023, 5:53 p.m. UTC

Now, we can run a pipeline and set two variables to have a container
been rebuilt, tested, and pushed.

Variables:
    DO_REBUILD_CONTAINER = "ubuntu/xenial"
    PUSH_CONTAINER = 1

Or if PUSH_CONTAINER is set on a gitlab project "xen-project/xen", a
change on the dockerfile can result in a container been rebuild when
the change is pushed to staging.

The push-containers stage pull the container been tested and retag it
before pushing it. So both tagged container with and without "-test"
suffix are the same.

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
---

Notes:
    Something that could be added is to check that the container that we are
    going to push is the same one that have been tested. Maybe by comparing
    "digest", or maybe by using a suffix that is only generated by the
    current pipeline.

 .gitlab-ci.yml                            |  2 ++
 automation/build/Makefile                 | 12 +++++++++
 automation/gitlab-ci/push-containers.yaml | 30 +++++++++++++++++++++++
 3 files changed, 44 insertions(+)
 create mode 100644 automation/gitlab-ci/push-containers.yaml

Patch

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ed5383ab50..0cd45ad001 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -3,9 +3,11 @@  stages:
   - test
   - containers
   - test-containers
+  - push-containers
 
 include:
   - 'automation/gitlab-ci/build.yaml'
   - 'automation/gitlab-ci/test.yaml'
   - 'automation/gitlab-ci/containers.yaml'
   - 'automation/gitlab-ci/test-containers.yaml'
+  - 'automation/gitlab-ci/push-containers.yaml'
diff --git a/automation/build/Makefile b/automation/build/Makefile
index 5515938878..14d1320b23 100644
--- a/automation/build/Makefile
+++ b/automation/build/Makefile
@@ -21,6 +21,18 @@  include yocto/yocto.inc
 		$(DOCKER_CMD) push $(REGISTRY)/$(@D):$(@F)$(BUILD_CONTAINER_SUFFIX); \
 	fi
 
+# rule used by GitLab CI jobs, to push a container that as just been built and
+# tested. It override the rule used to build a container.
+ifdef PUSH_TEST_CONTAINER_SUFFIX
+%: %.dockerfile
+	$(if $(BUILD_CONTAINER_SUFFIX),$(error BUILD_CONTAINER_SUFFIX should not be set anymore))
+	$(DOCKER_CMD) pull $(REGISTRY)/$(@D):$(@F)$(PUSH_TEST_CONTAINER_SUFFIX)
+	$(DOCKER_CMD) image tag $(REGISTRY)/$(@D):$(@F)$(PUSH_TEST_CONTAINER_SUFFIX) $(REGISTRY)/$(@D):$(@F)
+	@if [ ! -z $${PUSH+x} ]; then \
+		$(DOCKER_CMD) push $(REGISTRY)/$(@D):$(@F); \
+	fi
+endif
+
 .PHONY: all clean
 all: $(CONTAINERS)
 
diff --git a/automation/gitlab-ci/push-containers.yaml b/automation/gitlab-ci/push-containers.yaml
new file mode 100644
index 0000000000..d7e7e2b9e2
--- /dev/null
+++ b/automation/gitlab-ci/push-containers.yaml
@@ -0,0 +1,30 @@ 
+.push-container-build-tmpl:
+  stage: push-containers
+  image: docker:stable
+  tags:
+    - container-builder
+  rules:
+    - if: $PUSH_CONTAINER != "1"
+      when: never
+    - !reference [.container-build-tmpl, rules]
+  services:
+    - docker:dind
+  before_script:
+    - apk add make
+    - docker info
+    - docker login -u $CI_DEPLOY_USER -p $CI_DEPLOY_PASSWORD $CI_REGISTRY
+  script:
+    - make -C automation/build ${BUILD_CONTAINER} PUSH=1 PUSH_TEST_CONTAINER_SUFFIX=-test
+  after_script:
+    - docker logout
+
+push-ubuntu-xenial-container:
+  variables:
+    BUILD_CONTAINER: ubuntu/xenial
+  extends:
+    - .push-container-build-tmpl
+  needs:
+    - test-ubuntu-xenial-clang
+    - test-ubuntu-xenial-clang-debug
+    - test-ubuntu-xenial-gcc
+    - test-ubuntu-xenial-gcc-debug