chore(#199): migrate from devshift registry to quay.io#218
Conversation
|
Can one of the admins verify this patch? |
|
[test] |
| $(DOCKER) build --build-arg BINARY=hook -t $(REGISTRY)/$(DOCKER_REPO)/hook -f $(DEPLOY_DOCKERFILE) . | ||
| $(DOCKER) tag $(REGISTRY)/$(DOCKER_REPO)/hook $(REGISTRY)/$(DOCKER_REPO)/hook:$(TAG) | ||
| $(DOCKER) build --build-arg BINARY=hook -t $(REGISTRY)/$(DOCKER_REPO)-hook -f $(DEPLOY_DOCKERFILE) . | ||
| $(DOCKER) tag $(REGISTRY)/$(DOCKER_REPO)-hook $(REGISTRY)/$(DOCKER_REPO)-hook:$(TAG) |
There was a problem hiding this comment.
Why is it - instead of / now?
There was a problem hiding this comment.
Maybe we can also change DOCKER_REPO -> IMG_REPO?
There was a problem hiding this comment.
Because it changed from prod.registry.devshift.net/osio-prod/ike-prow-plugins/test-keeper to quay.io/openshiftio/ike-prow-plugins-test-keeper as per the new repositories.
Here's the discussion - https://chat.openshift.io/developers/pl/tqzbcjx5f3nmdg7co9fn5kay5a
There was a problem hiding this comment.
Thanks for the link. In such a case I think we should improve the naming here, as $(REGISTRY)/$(DOCKER_REPO)-hook is not really correct.
In our case this should be:
quay.io/openshiftio/rhel-ike-prow-plugins-work-in-progress
so
REGISTRY = quay.ioIMG_REPO = openshiftioike-prow-plugins-is a prefix of the plugin image name in such case.
| if [ -n "${DEVSHIFT_USERNAME}" -a -n "${DEVSHIFT_PASSWORD}" ]; then | ||
| docker login -u ${DEVSHIFT_USERNAME} -p ${DEVSHIFT_PASSWORD} ${REGISTRY} | ||
| if [ -n "${QUAY_USERNAME}" -a -n "${QUAY_PASSWORD}" ]; then | ||
| docker login -u ${QUAY_USERNAME} -p ${QUAY_PASSWORD} ${REGISTRY} |
There was a problem hiding this comment.
I would suggest using IMG_REPO prefix instead of QUAY. This will then have a proper meaning for any repo we use.
There was a problem hiding this comment.
I like the idea for IMG_REPO but it's difficult for QUAY_USERNAME and QUAY_PASSWORD. Note that this come directly from credentials in CICO, so if we want to rename them, we should do it in these scripts.
| containers: | ||
| - name: hook | ||
| image: ${REGISTRY}/${DOCKER_REPO}/hook:${IMAGE_TAG} | ||
| image: ${REGISTRY}/${DOCKER_REPO}-hook:${IMAGE_TAG} |
There was a problem hiding this comment.
I don't think this is correct now. What is the value here for the generated yaml file?
| $(DOCKER) build --build-arg BINARY=hook -t $(REGISTRY)/$(DOCKER_REPO)/hook -f $(DEPLOY_DOCKERFILE) . | ||
| $(DOCKER) tag $(REGISTRY)/$(DOCKER_REPO)/hook $(REGISTRY)/$(DOCKER_REPO)/hook:$(TAG) | ||
| $(DOCKER) build --build-arg BINARY=hook -t $(REGISTRY)/$(DOCKER_REPO)-hook -f $(DEPLOY_DOCKERFILE) . | ||
| $(DOCKER) tag $(REGISTRY)/$(DOCKER_REPO)-hook $(REGISTRY)/$(DOCKER_REPO)-hook:$(TAG) |
There was a problem hiding this comment.
Thanks for the link. In such a case I think we should improve the naming here, as $(REGISTRY)/$(DOCKER_REPO)-hook is not really correct.
In our case this should be:
quay.io/openshiftio/rhel-ike-prow-plugins-work-in-progress
so
REGISTRY = quay.ioIMG_REPO = openshiftioike-prow-plugins-is a prefix of the plugin image name in such case.
|
@jmelis can you please verify this PR mainly from the centos-ci publishing point of view? |
| $(DOCKER) build --build-arg BINARY=hook -t $(REGISTRY)/$(DOCKER_REPO)/hook -f $(DEPLOY_DOCKERFILE) . | ||
| $(DOCKER) tag $(REGISTRY)/$(DOCKER_REPO)/hook $(REGISTRY)/$(DOCKER_REPO)/hook:$(TAG) | ||
| $(DOCKER) build --build-arg BINARY=hook -t $(REGISTRY)/$(IMG_REPO)/$(OC_PROJECT_NAME)-hook -f $(DEPLOY_DOCKERFILE) . | ||
| $(DOCKER) tag $(REGISTRY)/$(IMG_REPO)-hook $(REGISTRY)/$(IMG_REPO)/$(OC_PROJECT_NAME)-hook:$(TAG) |
There was a problem hiding this comment.
Shouldn't $(REGISTRY)/$(IMG_REPO)-hook be $(REGISTRY)/$(IMG_REPO)/$(OC_PROJECT_NAME)-hook now?
| if [ -e "jenkins-env" ]; then | ||
| cat jenkins-env \ | ||
| | grep -E "(DEVSHIFT_TAG_LEN|DEVSHIFT_USERNAME|DEVSHIFT_PASSWORD|JENKINS_URL|GIT_BRANCH|GIT_COMMIT|BUILD_NUMBER|ghprbSourceBranch|ghprbActualCommit|BUILD_URL|ghprbPullId)=" \ | ||
| | grep -E "(IMG_REPO_TAG_LEN|IMG_REPO_USERNAME|IMG_REPO_PASSWORD|JENKINS_URL|GIT_BRANCH|GIT_COMMIT|BUILD_NUMBER|ghprbSourceBranch|ghprbActualCommit|BUILD_URL|ghprbPullId)=" \ |
There was a problem hiding this comment.
I don't know from where DEVSHIFT_* is coming. Might be env variable of Centos-CI. Can you make sure we are doing the right thing here?
There was a problem hiding this comment.
That is correct, DEVSHIFT_USERNAME and DEVSHIFT_PASSWORD are coming from CentOS-CI, however if migrating to quay, we should be using QUAY_USERNAME and QUAY_PASSWORD instead. Can you gobally replace DEVSHIFT_USERNAME and DEVSHIFT_PASSWORD with their quay counterparts? also, please keep DEVSHIFT_TAG_LEN as is, that's a special variable that contains the expected length of git commit hash and can't be renamed.
Also, I recommend you to no longer use such a mechanism to load the env, but rather use this:
function load_jenkins_vars() {
if [ -e "jenkins-env.json" ]; then
eval "$(./env-toolkit load -f jenkins-env.json \
DEVSHIFT_TAG_LEN \
QUAY_USERNAME \
QUAY_PASSWORD \
JENKINS_URL \
GIT_BRANCH \
GIT_COMMIT \
BUILD_NUMBER \
ghprbSourceBranch \
ghprbActualCommit \
BUILD_URL \
ghprbPullId)"
fi
}It's a much safer approach as it's resilient to env vars with spaces, newlines and special chars.
jmelis
left a comment
jmelis
left a comment
There was a problem hiding this comment.
I have added a few comments but the most important one is that there are two kind of quay repos, the public ones, and the private ones.
We are going to be building both CentOS based and RHEL based containers, and it's important to ensure that RHEL based containers are not pushed to public repos.
If it's a CentOS container it should be pushed to: $(REGISTRY)/$(IMG_REPO)/$(OC_PROJECT_NAME)-$<, but if it's a rhel container, it should be pushed to $(REGISTRY)/$(IMG_REPO)/rhel-$(OC_PROJECT_NAME)-$< and I don't see this logic anywhere.
You need to check for the TARGET env variable and check if $TARGET = rhel or not.
| if [ -e "jenkins-env" ]; then | ||
| cat jenkins-env \ | ||
| | grep -E "(DEVSHIFT_TAG_LEN|DEVSHIFT_USERNAME|DEVSHIFT_PASSWORD|JENKINS_URL|GIT_BRANCH|GIT_COMMIT|BUILD_NUMBER|ghprbSourceBranch|ghprbActualCommit|BUILD_URL|ghprbPullId)=" \ | ||
| | grep -E "(IMG_REPO_TAG_LEN|IMG_REPO_USERNAME|IMG_REPO_PASSWORD|JENKINS_URL|GIT_BRANCH|GIT_COMMIT|BUILD_NUMBER|ghprbSourceBranch|ghprbActualCommit|BUILD_URL|ghprbPullId)=" \ |
There was a problem hiding this comment.
That is correct, DEVSHIFT_USERNAME and DEVSHIFT_PASSWORD are coming from CentOS-CI, however if migrating to quay, we should be using QUAY_USERNAME and QUAY_PASSWORD instead. Can you gobally replace DEVSHIFT_USERNAME and DEVSHIFT_PASSWORD with their quay counterparts? also, please keep DEVSHIFT_TAG_LEN as is, that's a special variable that contains the expected length of git commit hash and can't be renamed.
Also, I recommend you to no longer use such a mechanism to load the env, but rather use this:
function load_jenkins_vars() {
if [ -e "jenkins-env.json" ]; then
eval "$(./env-toolkit load -f jenkins-env.json \
DEVSHIFT_TAG_LEN \
QUAY_USERNAME \
QUAY_PASSWORD \
JENKINS_URL \
GIT_BRANCH \
GIT_COMMIT \
BUILD_NUMBER \
ghprbSourceBranch \
ghprbActualCommit \
BUILD_URL \
ghprbPullId)"
fi
}It's a much safer approach as it's resilient to env vars with spaces, newlines and special chars.
| if [ -n "${DEVSHIFT_USERNAME}" -a -n "${DEVSHIFT_PASSWORD}" ]; then | ||
| docker login -u ${DEVSHIFT_USERNAME} -p ${DEVSHIFT_PASSWORD} ${REGISTRY} | ||
| if [ -n "${IMG_REPO_USERNAME}" -a -n "${IMG_REPO_PASSWORD}" ]; then | ||
| docker login -u ${IMG_REPO_USERNAME} -p ${IMG_REPO_PASSWORD} ${REGISTRY} |
There was a problem hiding this comment.
please replace with QUAY_...
| $(DOCKER) build --build-arg BINARY=hook -t $(REGISTRY)/$(DOCKER_REPO)/hook -f $(DEPLOY_DOCKERFILE) . | ||
| $(DOCKER) tag $(REGISTRY)/$(DOCKER_REPO)/hook $(REGISTRY)/$(DOCKER_REPO)/hook:$(TAG) | ||
| $(DOCKER) build --build-arg BINARY=hook -t $(REGISTRY)/$(IMG_REPO)/$(OC_PROJECT_NAME)-hook -f $(DEPLOY_DOCKERFILE) . | ||
| $(DOCKER) tag $(REGISTRY)/$(IMG_REPO)-hook $(REGISTRY)/$(IMG_REPO)/$(OC_PROJECT_NAME)-hook:$(TAG) |
hemanik
force-pushed
the
migration-to-quay
branch
from
236a9a9 to
d29bd18
Compare
Here, we check if the @jmelis @bartoszmajsak, correct me if this is incorrect and we need to explictly check for the |
|
Thanks @jmelis @bartoszmajsak for your review. I have incorporated the suggested changes. |
|
[test] |
| $(DOCKER) build --build-arg BINARY=$< -t $(REGISTRY)/$(DOCKER_REPO)/$< -f $(DEPLOY_DOCKERFILE) . | ||
| $(DOCKER) tag $(REGISTRY)/$(DOCKER_REPO)/$< $(REGISTRY)/$(DOCKER_REPO)/$<:$(TAG) | ||
| $(DOCKER) build --build-arg BINARY=$< -t $(REGISTRY)/$(IMG_REPO)/$(OC_PROJECT_NAME)-$< -f $(DEPLOY_DOCKERFILE) . | ||
| $(DOCKER) tag $(REGISTRY)/$(IMG_REPO)/$(OC_PROJECT_NAME)-$< $(REGISTRY)/$(IMG_REPO)/$(OC_PROJECT_NAME)-$<:$(TAG) |
There was a problem hiding this comment.
Am I missing something or does the combination of:
https://github.com/arquillian/ike-prow-plugins/pull/218/files#diff-66536a55e28a60c7e24d2d4a43a8b89cR64
export IMG_REPO="openshiftio/rhel-"
with
$(REGISTRY)/$(IMG_REPO)/$(OC_PROJECT_NAME)-$<
results in
quay.io/openshiftio/rhel-/ike-prow-plugins-test-keeper
which is not correct
There was a problem hiding this comment.
@MatousJobanek, you are correct. This is incorrect here.
There was a problem hiding this comment.
@MatousJobanek, you are correct. This is incorrect.
There was a problem hiding this comment.
@hemanik Is there a fix coming for it though? I can't see updates and would love to close this off.
6 participants
The plugins and hook services are migrated to the new Quay registry - specifically https://quay.io/organization/openshiftio.
The new repositories for the same are as follows:
CentOS containers:
https://quay.io/openshiftio/ike-prow-plugins-hook
https://quay.io/openshiftio/ike-prow-plugins-test-keeper
https://quay.io/openshiftio/ike-prow-plugins-pr-sanitizer
https://quay.io/openshiftio/ike-prow-plugins-work-in-progress
RHEL containers:
https://quay.io/openshiftio/rhel-ike-prow-plugins-hook
https://quay.io/openshiftio/rhel-ike-prow-plugins-test-keeper
https://quay.io/openshiftio/rhel-ike-prow-plugins-pr-sanitizer
https://quay.io/openshiftio/rhel-ike-prow-plugins-work-in-progress
Fixes: #199