Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: Add registry override variable support, and add additional messaging around this in logs #132

Merged
merged 9 commits into from
Nov 1, 2022
Merged

Feature: Add registry override variable support, and add additional messaging around this in logs #132

Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
a6ea34c
fix: add beginning headers around pre-build steps, and add some addit…
shreddedbacon Oct 24, 2022
a5ef8ef
fix: error handling
shreddedbacon Oct 24, 2022
276544c
chore: add some additional separators
shreddedbacon Oct 24, 2022
37f7eb7
chore: add some additional separators
shreddedbacon Oct 24, 2022
c777695
also search for ${PRIVATE_CONTAINER_REGISTRY}_PASSWORD in api for a p…
Schnitzel Oct 24, 2022
6c9f5bd
Merge remote-tracking branch 'origin/container-registries' into conta…
Schnitzel Oct 24, 2022
3f29e08
merge PR #131 and some slight refactoring
Schnitzel Oct 24, 2022
816edd2
chore: prefix the override variable with REGISTRY_
shreddedbacon Oct 27, 2022
ced82bc
Merge branch 'main' into container-registry-password-override
shreddedbacon Oct 27, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 44 additions & 5 deletions legacy/build-deploy.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ else
CI_OVERRIDE_IMAGE_REPO=""
fi

echo -e "##############################################\nBEGIN Checkout Repository\n##############################################"
if [ "$BUILD_TYPE" == "pullrequest" ]; then
/kubectl-build-deploy/scripts/git-checkout-pull-merge.sh "$SOURCE_REPOSITORY" "$PR_HEAD_SHA" "$PR_BASE_SHA"
else
Expand All @@ -51,6 +52,9 @@ else
LAGOON_GIT_SHA="0000000000000000000000000000000000000000"
fi

echo -e "##############################################\nBEGIN Kubernetes and Container Registry Setup\n##############################################"
sleep 0.5s

REGISTRY_SECRETS=()
PRIVATE_REGISTRY_COUNTER=0
PRIVATE_REGISTRY_URLS=()
Expand Down Expand Up @@ -91,9 +95,14 @@ fi
##############################################
# we want to be able to support private container registries
# grab all the container-registries that are defined in the `.lagoon.yml` file
PRIVATE_CONTAINER_REGISTRIES=($(cat .lagoon.yml | shyaml keys container-registries || echo ""))
PRIVATE_CONTAINER_REGISTRIES=($(cat .lagoon.yml | shyaml keys container-registries 2> /dev/null || echo ""))
if [ ! -z $PRIVATE_CONTAINER_REGISTRIES ]; then
echo -e "##############################################\nBEGIN Custom Container Registries Setup\n##############################################"
sleep 0.5s
fi
for PRIVATE_CONTAINER_REGISTRY in "${PRIVATE_CONTAINER_REGISTRIES[@]}"
do
echo "Checking details for $PRIVATE_CONTAINER_REGISTRY";
# check if a url is set, if none set proceed against docker hub
PRIVATE_CONTAINER_REGISTRY_URL=$(cat .lagoon.yml | shyaml get-value container-registries.$PRIVATE_CONTAINER_REGISTRY.url false)
if [ $PRIVATE_CONTAINER_REGISTRY_URL == "false" ]; then
Expand All @@ -113,32 +122,57 @@ do
PRIVATE_REGISTRY_CREDENTIAL=""
# check if we have a password defined anywhere in the api first
if [ ! -z "$LAGOON_PROJECT_VARIABLES" ]; then
PRIVATE_REGISTRY_CREDENTIAL=($(echo $LAGOON_PROJECT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_PASSWORD'") | "\(.value)"'))
TEMP_PRIVATE_REGISTRY_CREDENTIAL=($(echo $LAGOON_PROJECT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_PASSWORD'") | "\(.value)"'))
if [ ! -z "$TEMP_PRIVATE_REGISTRY_CREDENTIAL" ]; then
PRIVATE_REGISTRY_CREDENTIAL=$TEMP_PRIVATE_REGISTRY_CREDENTIAL
PRIVATE_REGISTRY_CREDENTIAL_SOURCE="Lagoon API project variable $PRIVATE_CONTAINER_REGISTRY_PASSWORD"
fi
fi
if [ ! -z "$LAGOON_ENVIRONMENT_VARIABLES" ]; then
TEMP_PRIVATE_REGISTRY_CREDENTIAL=($(echo $LAGOON_ENVIRONMENT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_PASSWORD'") | "\(.value)"'))
if [ ! -z "$TEMP_PRIVATE_REGISTRY_CREDENTIAL" ]; then
PRIVATE_REGISTRY_CREDENTIAL=$TEMP_PRIVATE_REGISTRY_CREDENTIAL
PRIVATE_REGISTRY_CREDENTIAL_SOURCE="Lagoon API environment variable $PRIVATE_CONTAINER_REGISTRY_PASSWORD"
fi
fi

# check if we have an override password defined anywhere in the api
PRIVATE_CONTAINER_REGISTRY_OVERRIDE_KEY="REGISTRY_${PRIVATE_CONTAINER_REGISTRY}_PASSWORD"

if [ ! -z "$LAGOON_PROJECT_VARIABLES" ]; then
TEMP_PRIVATE_REGISTRY_CREDENTIAL=($(echo $LAGOON_PROJECT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_OVERRIDE_KEY'") | "\(.value)"'))
if [ ! -z "$TEMP_PRIVATE_REGISTRY_CREDENTIAL" ]; then
PRIVATE_REGISTRY_CREDENTIAL=$TEMP_PRIVATE_REGISTRY_CREDENTIAL
PRIVATE_REGISTRY_CREDENTIAL_SOURCE="Lagoon API project variable $PRIVATE_CONTAINER_REGISTRY_OVERRIDE_KEY"
fi
fi
if [ ! -z "$LAGOON_ENVIRONMENT_VARIABLES" ]; then
TEMP_PRIVATE_REGISTRY_CREDENTIAL=($(echo $LAGOON_ENVIRONMENT_VARIABLES | jq -r '.[] | select(.scope == "container_registry" and .name == "'$PRIVATE_CONTAINER_REGISTRY_OVERRIDE_KEY'") | "\(.value)"'))
if [ ! -z "$TEMP_PRIVATE_REGISTRY_CREDENTIAL" ]; then
PRIVATE_REGISTRY_CREDENTIAL=$TEMP_PRIVATE_REGISTRY_CREDENTIAL
PRIVATE_REGISTRY_CREDENTIAL_SOURCE="Lagoon API environment variable $PRIVATE_CONTAINER_REGISTRY_OVERRIDE_KEY"
fi
fi

if [ -z $PRIVATE_REGISTRY_CREDENTIAL ]; then
#if no password defined in the lagoon api, pass the one in `.lagoon.yml` as a password
PRIVATE_REGISTRY_CREDENTIAL=$PRIVATE_CONTAINER_REGISTRY_PASSWORD
PRIVATE_REGISTRY_CREDENTIAL_SOURCE=".lagoon.yml (we recommend using an environment variable, see the docs on container-registries for more information)"
fi
if [ -z "$PRIVATE_REGISTRY_CREDENTIAL" ]; then
echo -e "A private container registry was defined in the .lagoon.yml file, but no password could be found in either the .lagoon.yml or in the Lagoon API\n\nPlease check if the password has been set correctly."
exit 1
fi
if [ $PRIVATE_CONTAINER_REGISTRY_URL != "false" ]; then
echo "Attempting to log in to $PRIVATE_CONTAINER_REGISTRY_URL with user $PRIVATE_CONTAINER_REGISTRY_USERNAME - $PRIVATE_CONTAINER_REGISTRY_PASSWORD"
echo "Attempting to log in to $PRIVATE_CONTAINER_REGISTRY_URL with user $PRIVATE_CONTAINER_REGISTRY_USERNAME; password sourced from $PRIVATE_REGISTRY_CREDENTIAL_SOURCE"
docker login --username $PRIVATE_CONTAINER_REGISTRY_USERNAME --password $PRIVATE_REGISTRY_CREDENTIAL $PRIVATE_CONTAINER_REGISTRY_URL
kubectl create secret docker-registry "lagoon-private-registry-${PRIVATE_REGISTRY_COUNTER}-secret" --docker-server=$PRIVATE_CONTAINER_REGISTRY_URL --docker-username=$PRIVATE_CONTAINER_REGISTRY_USERNAME --docker-password=$PRIVATE_REGISTRY_CREDENTIAL --dry-run -o yaml | kubectl apply -f -
REGISTRY_SECRETS+=("lagoon-private-registry-${PRIVATE_REGISTRY_COUNTER}-secret")
PRIVATE_REGISTRY_URLS+=($PRIVATE_CONTAINER_REGISTRY_URL)
PRIVATE_EXTERNAL_REGISTRY=1
let ++PRIVATE_REGISTRY_COUNTER
else
echo "Attempting to log in to docker hub with user $PRIVATE_CONTAINER_REGISTRY_USERNAME - $PRIVATE_CONTAINER_REGISTRY_PASSWORD"
echo "Attempting to log in to docker hub with user $PRIVATE_CONTAINER_REGISTRY_USERNAME; password sourced from $PRIVATE_REGISTRY_CREDENTIAL_SOURCE"
docker login --username $PRIVATE_CONTAINER_REGISTRY_USERNAME --password $PRIVATE_REGISTRY_CREDENTIAL
kubectl create secret docker-registry "lagoon-private-registry-${PRIVATE_REGISTRY_COUNTER}-secret" --docker-server="https://index.docker.io/v1/" --docker-username=$PRIVATE_CONTAINER_REGISTRY_USERNAME --docker-password=$PRIVATE_REGISTRY_CREDENTIAL --dry-run -o yaml | kubectl apply -f -
REGISTRY_SECRETS+=("lagoon-private-registry-${PRIVATE_REGISTRY_COUNTER}-secret")
Expand All @@ -148,6 +182,11 @@ do
fi
fi
done
set -x
if [ ! -z $PRIVATE_CONTAINER_REGISTRIES ]; then
echo -e "##############################################\nEND Custom Container Registries Setup\n##############################################"
sleep 0.5s
fi

echo -e "\n\n##############################################\nStart Build Process\n##############################################"
set -x
. /kubectl-build-deploy/build-deploy-docker-compose.sh