freeipa / freeipa-openshift-container

FreeIPA container for OpenShift 4
4 stars 7 forks source link

Add delivery stage #9

Closed avisiedo closed 4 years ago

avisiedo commented 4 years ago

Add delivery stage that:

https://quay.io/repository/freeipa/freeipa-openshift-container

frasertweedale commented 4 years ago

Travis is not happy; seems to be something about the workspaces key in .travis.yml: https://travis-ci.org/github/freeipa/freeipa-openshift-container/jobs/721212239/config.

avisiedo commented 4 years ago

It is very odd. The same pipeline works perfectly here: https://travis-ci.org/github/avisiedo/freeipa-openshift-container/builds/721412482

But it is not working for the PR. I have double checked the secrets several times, and everything looks good.

I have detected something odd in the log output, and looks like some lines are trimmed missing information (such as the arg --passwd-stdin when doing docker login command). This evoke to fail when the image is pushed as docker was not logged in at quay.io properly. Trying different approaches to see if something works. It seems a bug in travis-ci, unless I am missing something.


Here the odd output:

$docker load -i local-freeipa-server-$dockerfile.tar
echo "$DOCKER_PASSWORD" | $docker login -u "$DOCKER_USERNAME" --password-stdin "${IMAGE_TAG_BASE%%/*}"
# [ -e $HOME/.docker ] || mkdir -p $HOME/.docker
# cat > $HOME/.docker/config.json <<EOF
# {
#   "auths": {
#     "${IMAGE_TAG_BASE%%/*}": {
#       "auth": "$( echo -n "${DOCKER_USERNAME}:${DOCKER_PASSWORD}" | base64 --wrap=0 )",
#       "email": ""
#     }
#   }
# }
# EOF
set -x
if [ "${TRAVIS_BRANCH}" == "master" ] && [ "${TRAVIS_EVENT_TYPE}" != "pull_request" ]
then
  export FINAL_TAG="${IMAGE_TAG_BASE}:${dockerfile}"
else
  export GIT_HASH="$( git rev-parse HEAD 2>/dev/null )"
  export FINAL_TAG="${IMAGE_TAG_BASE}:${dockerfile}-${GIT_HASH}"
fi
$docker tag local/freeipa-server:${dockerfile} ${FINAL_TAG} || exit $?
$docker --log-level debug push ${FINAL_TAG} || exit $?
age: local/freeipa-server:fedora-32
Must provide --username with --password-stdin
++'[' master == master ']'
++'[' pull_request '!=' pull_request ']'
+++git rev-parse HEAD
++export GIT_HASH=9976e93f1f0e9c4cc40fb5aa86f51a482e6952fa
++GIT_HASH=9976e93f1f0e9c4cc40fb5aa86f51a482e6952fa
++export FINAL_TAG=quay.io/freeipa/freeipa-openshift-container:fedora-32-9976e93f1f0e9c4cc40fb5aa86f51a482e6952fa
++FINAL_TAG=quay.io/freeipa/freeipa-openshift-container:fedora-32-9976e93f1f0e9c4cc40fb5aa86f51a482e6952fa
++docker tag local/freeipa-server:fedora-32 quay.io/freeipa/freeipa-openshift-container:fedora-32-9976e93f1f0e9c4cc40fb5aa86f51a482e6952fa
++docker --log-level debug push quay.io/freeipa/freeipa-openshift-container:fedora-32-9976e93f1f0e9c4cc40fb5aa86f51a482e6952fa
The push refers to repository [quay.io/freeipa/freeipa-openshift-container]

The line below:

age: local/freeipa-server:fedora-32

it should be this:

Loaded image: local/freeipa-server:fedora-32

And the line:

Must provide --username with --password-stdin

makes me thing that something wrong is happening that evoke to miss some parts of the input/outputs (a bug). Or more probably I am missing something, that I didn't see yet. (this explain the missed characters: https://travis-ci.community/t/missing-text-from-job-output-when-using-ansi-escape-sequences/9516).


And this is the settings in travis-ci:

image

avisiedo commented 4 years ago

References to the last current executions in the pipelines:

avisiedo commented 4 years ago

I have modified the lint stage for making a quick test, and see what happens.

Setting environment variables from repository settings
$ export IMAGE_TAG_BASE=quay.io/freeipa/freeipa-openshift-container
$ export MY_PUBLIC_VAR=this_is_my+public_value

The same in my personal repo look like the below here: https://travis-ci.org/github/avisiedo/freeipa-openshift-container/jobs/721666731

Setting environment variables from repository settings
$ export IMAGE_TAG_BASE=quay.io/avisied0/freeipa-openshift-container
$ export DOCKER_USERNAME=[secure]
$ export DOCKER_PASSWORD=[secure]
$ export MY_SECRET_VAR=[secure]
$ export MY_PUBLIC_VAR=this_is_my+public_var
avisiedo commented 4 years ago

Requested some help to travis-ci community here: https://travis-ci.community/t/secrets-are-not-imported-in-the-pipeline/9742

avisiedo commented 4 years ago

The situation that is happening is explained here: https://docs.travis-ci.com/user/pull-requests/#pull-requests-and-security-restrictions

The delivery stage is modified so it does nothing when running in a pull request. Thanks to travis-ci community to point that out.

frasertweedale commented 4 years ago

@avisiedo good work. Glad you got to the bottom of the issue and I'm happy with the resolution. Merging.

avisiedo commented 4 years ago

Thank you mate! :)