zuul/zuul-jobs
Code Issues Proposed changes
466aa92635
zuul-jobs/roles/build-container-image/common.rst
okozachenko 0c3b87f20e Add promote-container-image role 
This role uses skopeo to perform image operations.

Also update the container roles docs to add missing documentation
for the already existing upload-container-image role.  Clarify
some ambiguity about the registry and repository attributes of
the container images data structure.

Change-Id: Ib66c85daf0edacf0dd797ab34b0d629f99c7111b
Co-Authored-By: James E. Blair <jim@acmegating.com>
2023-03-21 10:17:49 -07:00

5.9 KiB
Raw Blame History

This is one of a collection of roles which are designed to work together to build, upload, and promote container images in a gating context:

  • :zuulbuild-container-image: Build the images.
  • :zuulupload-container-image: Upload the images to a registry.
  • :zuulpromote-container-image: Promote previously uploaded images.

The :zuulbuild-container-image role is designed to be used in check and gate pipelines and simply builds the images. It can be used to verify that the build functions, or it can be followed by the use of subsequent roles to upload the images to a registry.

The :zuulupload-container-image role uploads the images to a registry. It can be used in one of two modes: by default it will upload with a single tag corresponding to the change ID. In this mode, the role role is designed to be used in a job in a gate pipeline so that the build produced by the gate is staged and can later be promoted to production if the change is successful. The other mode allows for use of this job in a release pipeline to directly upload a release build with the final set of tags.

The :zuulpromote-container-image role is designed to be used in a promote pipeline. It requires no nodes and runs very quickly on the Zuul executor. It simply re-tags a previously uploaded image for a change with whatever tags are supplied by :zuulbuild-container-image.container_images.tags. It also removes the change ID tag from the repository in the registry, and removes any similar change ID tags. This keeps the repository tidy in the case that gated changes fail to merge after uploading their staged images.

They all accept the same input data, principally a list of dictionaries representing the images to build. YAML anchors can be used to supply the same data to all three jobs.

Use the :zuulensure-skopeo role as well as the :zuulensure-docker, or :zuulensure-podman roles before using the roles described here.

Role Variables

The default container filename name to use. Serves as the base for :zuulbuild-container-image.container_images.container_filename. This allows a global overriding of the container filename name, for example when building all images from different folders with similarily named containerfiles.

If omitted, the default depends on the container command used. Typically, this is Dockerfile for docker and Containerfile (with a fallback on Dockerfile) for podman.