summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBenjamin Tissoires <benjamin.tissoires@gmail.com>2018-06-18 15:13:17 +0200
committerPeter Hutterer <peter.hutterer@who-t.net>2018-07-03 10:22:12 +1000
commita8c2b88936969bec9bb9a1bb59ac9543d47339da (patch)
tree97422fe5af6af1f41036268baab474228acde4b3
parente5e8c17460cd5783adf79558948faa8c8fca2ed2 (diff)
CI: WIP: attempt to clean up the registry before leaving
According to multiple sources, referenced in https://engineering.facile.it/blog/eng/continuous-deployment-from-gitlab-ci-to-k8s-using-docker-in-docker/ The garbage collector of the registry won't clean up docker images that still have blob references. We should clean up the manifests instead of simply overwriting the tag. Note: this requires to set up a personal token with api access from the maintainers in the form of (for instance): "PERSONAL_TOKEN_bentiss" Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> (cherry picked from commit e70e67847c0c52a0a6e4e6d2452a032911356451)
-rw-r--r--.gitlab-ci.yml128
1 files changed, 116 insertions, 12 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 485b6c6b..eb782266 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -46,8 +46,8 @@ variables:
MESON_BUILDDIR: builddir
NINJA_ARGS: ''
MESON_PARAMS: ''
- FEDORA_DOCKER_IMAGE: $CI_REGISTRY/libinput/$CI_PROJECT_NAME/fedora/$FEDORA_VERSION:latest
- UBUNTU_DOCKER_IMAGE: $CI_REGISTRY/libinput/$CI_PROJECT_NAME/ubuntu/$UBUNTU_VERSION:latest
+ FEDORA_DOCKER_IMAGE: $CI_REGISTRY/libinput/$CI_PROJECT_NAME/fedora/$FEDORA_VERSION
+ UBUNTU_DOCKER_IMAGE: $CI_REGISTRY/libinput/$CI_PROJECT_NAME/ubuntu/$UBUNTU_VERSION
# When using docker-in-docker (dind), it's wise to use the overlayfs driver
# for improved performance.
DOCKER_DRIVER: overlay2
@@ -150,28 +150,28 @@ fedora:28@docker-check:
variables:
GIT_STRATEGY: none
FEDORA_VERSION: 28
- CURRENT_DOCKER_IMAGE: $FEDORA_DOCKER_IMAGE
+ CURRENT_DOCKER_IMAGE: $FEDORA_DOCKER_IMAGE:latest
<<: *docker_check
fedora:27@docker-check:
variables:
GIT_STRATEGY: none
FEDORA_VERSION: 27
- CURRENT_DOCKER_IMAGE: $FEDORA_DOCKER_IMAGE
+ CURRENT_DOCKER_IMAGE: $FEDORA_DOCKER_IMAGE:latest
<<: *docker_check
ubuntu:17.10@docker-check:
variables:
GIT_STRATEGY: none
UBUNTU_VERSION: "17.10"
- CURRENT_DOCKER_IMAGE: $UBUNTU_DOCKER_IMAGE
+ CURRENT_DOCKER_IMAGE: $UBUNTU_DOCKER_IMAGE:latest
<<: *docker_check
ubuntu:18.04@docker-check:
variables:
GIT_STRATEGY: none
UBUNTU_VERSION: "18.04"
- CURRENT_DOCKER_IMAGE: $UBUNTU_DOCKER_IMAGE
+ CURRENT_DOCKER_IMAGE: $UBUNTU_DOCKER_IMAGE:latest
<<: *docker_check
@@ -203,10 +203,11 @@ ubuntu:18.04@docker-check:
- echo "RUN dnf install -y $FEDORA_RPMS ; dnf clean all" >> Dockerfile
# create the docker image
- - docker build --tag $FEDORA_DOCKER_IMAGE .
+ - docker build --tag $FEDORA_DOCKER_IMAGE:latest --tag $FEDORA_DOCKER_IMAGE:$CI_JOB_ID .
# push the docker image to the libinput registry
- - docker push $FEDORA_DOCKER_IMAGE
+ - docker push $FEDORA_DOCKER_IMAGE:latest
+ - docker push $FEDORA_DOCKER_IMAGE:$CI_JOB_ID
<<: *restrict_docker_creation
fedora:28@docker-prep:
@@ -248,10 +249,11 @@ fedora:27@docker-prep:
- echo "RUN apt-get install -y $UBUNTU_DEBS" >> Dockerfile
# create the docker image
- - docker build --tag $UBUNTU_DOCKER_IMAGE .
+ - docker build --tag $UBUNTU_DOCKER_IMAGE:latest --tag $UBUNTU_DOCKER_IMAGE:$CI_JOB_ID .
# push the docker image to the libinput registry
- - docker push $UBUNTU_DOCKER_IMAGE
+ - docker push $UBUNTU_DOCKER_IMAGE:latest
+ - docker push $UBUNTU_DOCKER_IMAGE:$CI_JOB_ID
<<: *restrict_docker_creation
ubuntu:17.10@docker-prep:
@@ -309,6 +311,108 @@ ubuntu:18.04@force-docker-prep:
#################################################################
# #
+# docker clean stage #
+# run during the check stage #
+# #
+#################################################################
+
+#
+# This stage will look for the docker images we currently have in
+# the registry and will remove any that are not tagged as 'latest'
+#
+.docker-clean: &docker_clean
+ stage: docker_check
+ image: registry.freedesktop.org/libinput/libinput/jq:latest
+ script:
+ # get the full docker image name (CURRENT_DOCKER_IMAGE still has indirections)
+ - DOCKER_IMAGE=$(eval echo "$CURRENT_DOCKER_IMAGE")
+ - REPOSITORY=$(echo $DOCKER_IMAGE | cut -f2- -d/)
+
+ # get the r/w token from the settings to access the registry
+ #
+ # each developer needs to register a secret variable that contains
+ # a personal token with api access in the form of:
+ # PERSONAL_TOKEN_$USER (for example PERSONAL_TOKEN_bentiss)
+ - tokenname="PERSONAL_TOKEN_$GITLAB_USER_LOGIN"
+ - token=$(eval echo "\$$tokenname")
+
+ # request a token for the registry API
+ - REGISTRY_TOKEN=$(curl https://gitlab.freedesktop.org/jwt/auth --get
+ --silent --show-error
+ -d client_id=docker
+ -d offline_token=true
+ -d service=container_registry
+ -d "scope=repository:$REPOSITORY:pull,*"
+ --fail
+ --user $GITLAB_USER_LOGIN:$token
+ | sed -r 's/(\{"token":"|"\})//g')
+
+ # get the digest of the latest image
+ - LATEST_MANIFEST=$(curl https://$CI_REGISTRY/v2/$REPOSITORY/manifests/latest --silent
+ -H "accept:application/vnd.docker.distribution.manifest.v2+json"
+ -H "authorization:Bearer $REGISTRY_TOKEN"
+ --head
+ | grep -i "Docker-Content-Digest"
+ | grep -oi "sha256:\w\+")
+
+ # get the list of tags
+ - TAGS=$(curl https://$CI_REGISTRY/v2/$REPOSITORY/tags/list --silent
+ -H "accept:application/vnd.docker.distribution.manifest.v2+json"
+ -H "authorization:Bearer $REGISTRY_TOKEN"
+ | jq -r '.tags[]')
+
+ # iterate over the tags
+ - for tag in $TAGS;
+ do
+ MANIFEST=$(curl https://$CI_REGISTRY/v2/$REPOSITORY/manifests/$tag --silent
+ -H "accept:application/vnd.docker.distribution.manifest.v2+json"
+ -H "authorization:Bearer $REGISTRY_TOKEN"
+ --head
+ | grep -i "Docker-Content-Digest"
+ | grep -oi "sha256:\w\+");
+ if test x"$MANIFEST" != x"$LATEST_MANIFEST";
+ then
+ echo removing $tag as $MANIFEST;
+ curl https://$CI_REGISTRY/v2/$REPOSITORY/manifests/$MANIFEST --silent
+ -H "accept:application/vnd.docker.distribution.manifest.v2+json"
+ -H "authorization:Bearer $REGISTRY_TOKEN"
+ --fail --show-error -X DELETE
+ ;fi
+ ;done
+ dependencies: []
+ allow_failure: true
+ <<: *restrict_docker_creation
+
+fedora:28@docker-clean:
+ variables:
+ GIT_STRATEGY: none
+ FEDORA_VERSION: 28
+ CURRENT_DOCKER_IMAGE: $FEDORA_DOCKER_IMAGE
+ <<: *docker_clean
+
+fedora:27@docker-clean:
+ variables:
+ GIT_STRATEGY: none
+ FEDORA_VERSION: 27
+ CURRENT_DOCKER_IMAGE: $FEDORA_DOCKER_IMAGE
+ <<: *docker_clean
+
+ubuntu:17.10@docker-clean:
+ variables:
+ GIT_STRATEGY: none
+ UBUNTU_VERSION: "17.10"
+ CURRENT_DOCKER_IMAGE: $UBUNTU_DOCKER_IMAGE
+ <<: *docker_clean
+
+ubuntu:18.04@docker-clean:
+ variables:
+ GIT_STRATEGY: none
+ UBUNTU_VERSION: "18.04"
+ CURRENT_DOCKER_IMAGE: $UBUNTU_DOCKER_IMAGE
+ <<: *docker_clean
+
+#################################################################
+# #
# build stage #
# #
#################################################################
@@ -319,7 +423,7 @@ ubuntu:18.04@force-docker-prep:
.fedora@template: &fedora_template
stage: build
- image: $FEDORA_DOCKER_IMAGE
+ image: $FEDORA_DOCKER_IMAGE:latest
<<: *default_artifacts
dependencies: []
@@ -426,7 +530,7 @@ fedora:28@scan-build:
.ubuntu@template: &ubuntu_template
stage: build
- image: $UBUNTU_DOCKER_IMAGE
+ image: $UBUNTU_DOCKER_IMAGE:latest
<<: *default_artifacts
dependencies: []