add support for kubevirt container image pushing

config.yaml

@@ -42,7 +42,12 @@ s3:
   acl: public-read
 
 registry_repos:
-  oscontainer: quay.io/fedora/fedora-coreos
+  oscontainer:
+    repo: quay.io/fedora/fedora-coreos
+    tags: ["${STREAM}"]
+  kubevirt:
+    repo: quay.io/fedora/fedora-coreos-kubevirt
+    tags: ["${STREAM}"]
 
 versionary_hack: true
 
@@ -69,6 +74,7 @@ default_artifacts:
     - exoscale
     - gcp
     - ibmcloud
+    - kubevirt
     - nutanix
     - virtualbox
     - vmware

docs/config.yaml

@@ -72,8 +72,10 @@ streams:
           - vmware
       # OPTIONAL: stream-specific container repos to push to
       additional_registry_repos:
-        oscontainer_old: registry.ci.openshift.org/rhcos-devel/machine-os-oci-content
-        legacy_oscontainer_old: registry.ci.openshift.org/rhcos-devel/machine-os-content
+        oscontainer_old:
+          repo: registry.ci.openshift.org/rhcos-devel/machine-os-oci-content
+        legacy_oscontainer_old:
+          repo: registry.ci.openshift.org/rhcos-devel/machine-os-content
       # OPTIONAL: override default coreos-assembler image to build with
       cosa_img: quay.io/coreos-assembler/coreos-assembler:stable
       # OPTIONAL/TEMPORARY: Override default coreos-assembler image to use for
@@ -112,18 +114,31 @@ s3:
 
 # OPTIONAL: container registry-related keys
 registry_repos:
-  # OPTIONAL: repo to which to push oscontainer
-  oscontainer: quay.io/fedora/fedora-coreos
+  # OPTIONAL: repo and tags to which to push oscontainer
+  oscontainer:
+    # REQUIRED: repo name
+    repo: quay.io/fedora/fedora-coreos
+    # REQUIRED: list of tags to create/overwrite when pushing
+    #           STREAM and VERSION are supported for templating
+    tags: ["${STREAM}"]
   # OPTIONAL/TEMPORARY: additional repo to which to push oscontainer
-  oscontainer_old: quay.io/coreos-assembler/fcos
-  # OPTIONAL: repo to which to push legacy oscontainer
-  legacy_oscontainer: quay.io/openshift-release-dev/rhel-coreos-dev
-  # OPTIONAL/TEMPORARY: additional repo to which to push oscontainer
-  legacy_oscontainer_old: registry.ci.openshift.org/rhcos/rhel-coreos
-  # OPTIONAL: repo to which to push the extensions container
-  extensions: quay.io/openshift-release-dev/rhel-coreos-extensions-dev
-  # OPTIONAL: whether to also tag images with build ID
-  add_build_tag: true
+  oscontainer_old:
+    repo: quay.io/coreos-assembler/fcos
+  # OPTIONAL: repo and tags to which to push legacy oscontainer
+  legacy_oscontainer:
+    repo: quay.io/openshift-release-dev/rhel-coreos-dev
+    tags: ["${STREAM}-legacy", "${VERSION}-legacy"]
+  # OPTIONAL/TEMPORARY: additional repo to which to push legacy oscontainer
+  legacy_oscontainer_old:
+    repo: registry.ci.openshift.org/rhcos/rhel-coreos
+  # OPTIONAL: repo and tags to which to push the extensions container
+  extensions:
+    repo: quay.io/openshift-release-dev/rhel-coreos-extensions-dev
+    tags: ["${STREAM}-extensions", "${VERSION}-extensions"]
+  # OPTIONAL: repo and tags to which to push kubevirt containerdisk container
+  kubevirt:
+    repo: quay.io/fedora/fedora-coreos-kubevirt
+    tags: ["${STREAM}"]
   # OPTIONAL: whether to push in v2s2 format rather than OCI
   v2s2: true
 

jobs/release.Jenkinsfile

@@ -196,7 +196,8 @@ lock(resource: "release-${params.STREAM}", extra: locks) {
             }
         }
 
-        def registry_repos = pipeutils.get_registry_repos(pipecfg, params.STREAM)
+        def registry_repos = pipeutils.get_registry_repos(
+                                pipecfg, params.STREAM, params.VERSION)
 
         // [config.yaml name -> [meta.json artifact name, meta.json toplevel name, tag suffix]]
         // The config.yaml name is the name used in the `registry_repos` object. The
@@ -206,9 +207,10 @@ lock(resource: "release-${params.STREAM}", extra: locks) {
         // could be made configurable in the future. For now since FCOS doesn't need it and
         // OCP ART doesn't actually care what the tag name is (it's just to stop GC), we
         // hardcode it.
-        def push_containers = ['oscontainer': ['ostree', 'base-oscontainer', ''],
-                               'extensions': ['extensions-container', 'extensions-container', '-extensions'],
-                               'legacy_oscontainer': ['legacy-oscontainer', 'oscontainer', '-legacy']]
+        def push_containers = ['oscontainer': ['ostree', 'base-oscontainer'],
+                               'kubevirt': ['kubevirt', 'kubevirt'],
+                               'extensions': ['extensions-container', 'extensions-container'],
+                               'legacy_oscontainer': ['legacy-oscontainer', 'oscontainer']]
 
         // XXX: hack: on releases that don't support pushing the
         // base-oscontainer, remove it from the list.
@@ -238,31 +240,19 @@ lock(resource: "release-${params.STREAM}", extra: locks) {
                 parallel push_containers.collectEntries{configname, val -> [configname, {
                     withCredentials([file(variable: 'REGISTRY_SECRET',
                                           credentialsId: 'oscontainer-push-registry-secret')]) {
-                        def repo = registry_repos[configname]
-                        def (artifact, metajsonname, tag_suffix) = val
-                        if (pipecfg.hotfix) {
-                            // this is a hotfix build; include the hotfix name
-                            // in the tag suffix so we don't clobber official
-                            // tags
-                            tag_suffix += "-hotfix-${pipecfg.hotfix.name}"
-                        }
-                        def extra_args = basearches.collect{"--arch ${it}"}
-                        if (registry_repos.v2s2) {
-                            extra_args += "--v2s2"
-                        }
-                        def tag_args = ["--tag=${params.STREAM}${tag_suffix}"]
-                        if (registry_repos.add_build_tag) {
-                            tag_args += "--tag=${params.VERSION}${tag_suffix}"
-                        }
+                        def repo = registry_repos[configname]['repo']
+                        def (artifact, metajsonname) = val
+                        def tag_args = registry_repos[configname].tags.collect{"--tag=$it"}
+                        def v2s2_arg = registry_repos.v2s2 ? "--v2s2" : ""
                         shwrap("""
                         export STORAGE_DRIVER=vfs # https://github.com/coreos/fedora-coreos-pipeline/issues/723#issuecomment-1297668507
                         cosa push-container-manifest --auth=\${REGISTRY_SECRET} \
                             --repo=${repo} ${tag_args.join(' ')} \
                             --artifact=${artifact} --metajsonname=${metajsonname} \
-                            --build=${params.VERSION} ${extra_args.join(' ')}
+                            --build=${params.VERSION} ${v2s2_arg}
                         """)
 
-                        def old_repo = registry_repos["${configname}_old"]
+                        def old_repo = registry_repos."${configname}_old"?.repo
                         if (old_repo) {
                             // a separate credential for the old location is optional; we support it
                             // being merged as part of oscontainer-push-registry-secret

libcloud.groovy

@@ -259,24 +259,6 @@ def upload_to_clouds(pipecfg, basearch, buildID, stream) {
             }
         }
     }
-    credentials = [file(variable: "KUBEVIRT_IMAGE_UPLOAD_CONFIG",
-                        credentialsId: "kubevirt-image-upload-config")]
-    if (pipecfg.clouds?.kubevirt &&
-        artifacts.contains("kubevirt") &&
-        utils.credentialsExist(credentials)) {
-        def creds = credentials
-        uploaders["☁️ ⬆️ :kubevirt"] = {
-            withCredentials(creds) {
-                utils.syncCredentialsIfInRemoteSession(["KUBEVIRT_IMAGE_UPLOAD_CONFIG"])
-                def c = pipecfg.clouds.kubevirt
-                shwrap("""coreos-assembler buildextend-kubevirt \
-                             --upload \
-                             --name ${c.name} \
-                             --repository ${c.repository}
-                """)
-            }
-        }
-    }
     credentials = [file(variable: "POWERVS_IMAGE_UPLOAD_CONFIG",
                         credentialsId: "powervs-image-upload-config")]
     if (pipecfg.clouds?.powervs &&

utils.groovy

@@ -417,10 +417,30 @@ def build_artifacts(pipecfg, stream, basearch) {
     utils.runParallel(parallelruns, maxRuns)
 }
 
-def get_registry_repos(pipecfg, stream) {
+def get_registry_repos(pipecfg, stream, version) {
     def registry_repos = pipecfg.registry_repos ?: [:]
     // merge top-level registry_repos with stream-specific bits
     registry_repos += pipecfg.streams[stream].additional_registry_repos ?: [:]
+    for (repo in (registry_repos.keySet() as List)) {
+        if (repo == 'v2s2') {
+            // this is a boolean option, not a registry repo
+            continue
+        }
+        if (registry_repos[repo].tags) {
+            def processed_tags = []
+            for (tag in registry_repos."${repo}".tags) {
+                tag = utils.substituteStr(tag, [STREAM: stream, VERSION: version])
+                if (pipecfg.hotfix) {
+                    // this is a hotfix build; include the hotfix name
+                    // in the tag suffix so we don't clobber official
+                    // tags
+                    tag += "-hotfix-${pipecfg.hotfix.name}"
+                }
+                processed_tags += tag
+            }
+            registry_repos[repo]['tags'] = processed_tags
+        }
+    }
     return registry_repos
 }