Adding image tags on every commit

Added container image tagging on quay.io with commit id on every merge,
when certain files but not the code are changed (docs, charts, etc.).

Previously we were building updated container images, adding tags and
uploading images onto quay.io only when the code has been changed. The
main reason for not re-building images for every single merged commit
was a long waiting time in Zuul `post` queue for a node (VM)
assignment for the job to run on.

With this change we will have image tag for every merged commit,
including documentation commits, and those tags would be added almost
immediately (within ~1 min), as job runs directly on Zuul and does not
wait in Zuul queue for a node (VM) assignment.

Change-Id: I9692947b74a16de0eb3e8100d30cd4310069abfe

.zuul.yaml

@@ -35,6 +35,7 @@
         - airship-deckhand-docker-build-gate
     post:
       jobs:
+        - airship-deckhand-docker-tag
         - airship-deckhand-docker-publish
 
 - nodeset:
@@ -168,7 +169,7 @@
     timeout: 1800
     run: tools/gate/playbooks/docker-image-build.yaml
     nodeset: airship-deckhand-single-node
-    irrelevant-files:
+    irrelevant-files: &non-code-files-template
       - ^.*\.rst$
       - ^doc/.*$
       - ^charts/.*$
@@ -183,18 +184,16 @@
 
 - job:
     name: airship-deckhand-docker-publish
+    description: |
+      Runs on every merge, unless files in a dictionary below are changed.
+      Builds and publishes container images on quay.io with a set of tags
+      listed in vars section. Waits in Zuul queue for a node (VM) assignment.
     timeout: 1800
     run: tools/gate/playbooks/docker-image-build.yaml
     nodeset: airship-deckhand-single-node
     secrets:
       - airship_deckhand_quay_creds
-    irrelevant-files:
-      - ^.*\.rst$
-      - ^doc/.*$
-      - ^charts/.*$
-      - ^etc/.*$
-      - ^releasenotes/.*$
-      - ^setup.cfg$
+    irrelevant-files: *non-code-files-template
     vars:
       publish: true
       tags:
@@ -203,6 +202,23 @@
           commit: true
         static:
           - latest
+- job:
+    name: airship-deckhand-docker-tag
+    description: |
+      Runs on every merge when files in a dictionalry below are changed, and
+      adds git commit id tag onto the container image published on quay.io,
+      which has `latest` tag set. Does not wait in queue for a node (VM)
+      assignment, runs almost immediately.
+    timeout: 1800
+    run: tools/gate/playbooks/docker-image-tag.yaml
+    nodeset:
+      nodes: []
+    secrets:
+      - airship_deckhand_quay_creds
+# file pattern here must be exactly the same as in
+# airship-deckhand-docker-publish job above,
+# job will be executed on merge only when any of this files get changed
+    files: *non-code-files-template
 
 - secret:
     name: airship_deckhand_quay_creds
@@ -229,3 +245,15 @@
           Lfpty/EyKOJJpOXoBiJlsGHFLi/8gdMAAtMDf72yrQH6KxdNxdRGs5oALkUQ1IcuLbXng
           ySP8WG+DBiwjt4IAtwd/sF+jyVBzDaywxdbS6RJycI+lRThvibQ5UFpr349yOhUdETB6p
           yzFswIVmx1tHM7NhD80zwdSEj4EjG0AL3GXuwfLHGbr5WIeCaVEuCMW+XUwQpw=
+      # Token is valid for 10 years, expires on 10/10/2028
+      token: !encrypted/pkcs1-oaep
+        - Can0JzCSPRnujg8fZBtSXvLuGVRNaaoVkvCm8EKlqohnUmaryU7ColJxWYjPBxEEePxhB
+          mzkM5pD9o8PVkkUj5wxxUXlFDO73AMiwStmh2r/p+sd7bkgw5a2jzhYpBmVtn/qmEemsm
+          iIxQi0kz81qrU0H6w3r58lgskIIbD4yOYgu4DeoWmBU+yZ1V1E5RoumVQBdxB1fyenaKG
+          zR4Y6ebek31+VAlqSN0HUIYMgbc6Mt7ErEn2wjj9MxNvvP52pWDyxr5U2kKpOYdJpZt9h
+          EZgM2cF2zfuG+4KnpdONap54uVRnRcJCf6poI/l4UVYO5Z+EvlF3Xawp3jiPCMCGGy3dd
+          lEeEkvNzJppwAj5bEWT1NoFi7PigkK91znppVHu17jBEKkcl2S6LK87RTjfqnBsAmE30d
+          ibxqS7pCoSCGuUCP4XrW8QfI70Ml4Gb636bZUqZFi1WxzhfNKSO8LBPHekVQnwrmhhv2Z
+          CN9JZdtqR49JpHajubfYrtWxPHuiwnTwgsnpkpM0+5Z1nss/nQhW70uCBXvJkYUtenV87
+          c4Exr6ncOjgtqtjheW16hAGLtm2o36ZvBoLD7yqwYAjwb0bfuzDrw8oWa2yAgOcWnHPO6
+          w0lNv46YTHiJK9hezHqI0hgn5wifVI8avRZmHwaArVvX4LUXD2N/Tk7mxi7r2U=

tools/gate/playbooks/docker-image-tag.yaml

@@ -0,0 +1,54 @@
+# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This job runs on Zuul node itself, thus it's only localhost here
+- hosts: localhost
+  vars:
+    latest_tag: latest
+    org: airshipit
+    image: deckhand
+    new_tag: "{{ zuul.newrev }}"
+    token: "{{ airship_deckhand_quay_creds.token }}"
+    quay_repo_api_url: "https://quay.io/api/v1/repository"
+  tasks:
+    - name: Debug Zuul vars
+      debug:
+        var: zuul
+
+    - block:
+        - name: Get id of the container image currently tagged as latest
+          uri:
+            url: "{{ quay_repo_api_url }}/{{ org }}/{{ image }}/tag/?specificTag={{ latest_tag }}&limit=1"
+            return_content: yes
+          register: response_1
+        - name: Debug response
+          debug:
+            var: response_1
+
+    - block:
+        - name: Add latest commit id tag onto the image currently tagged as latest
+          uri:
+            url: "{{ quay_repo_api_url }}/{{ org }}/{{ image }}/tag/{{ new_tag }}"
+            method: PUT
+            headers:
+              Authorization: "Bearer {{ token }}"
+            body_format: json
+            body:
+              image: "{{ response_1.json.tags[0].docker_image_id }}"
+            status_code: 201
+            return_content: yes
+          register: response_2
+        - name: Debug response
+          debug:
+            var: response_2