Load dependant tasks docker images

[La0]

taskboot need to support the following workflow:

• Task A build a base docker image base
• Task B & C each build an extended docker image using base : final-b and final-c
• Task B & C depend on the completion of Task A to start
• Task B & C publish the docker image as an artifact To build the final images, their task need to have the base image in the img local state.

So we should add the following logic:

1. When we are on Taskcluster (env variable TASK_ID is set)
2. We load the current task group definition
3. Lookup potential dependencies for current task
4. For each dependent tsk, list the artifacts
5. If an artifact matches a naming convention (like public/taskboot/image*.tar) : it is then downloaded and loaded in our img current state

Blocker: img does not seem to currently support loading tar images (only pull from repositories) See https://github.com/genuinetools/img/issues/226 Alternative: push to a docker repo using a custom tag in Task A, pull from task B/C and tag the image as the required FROM target

[jschwartzentruber]

I've worked around the blocker you mentioned here: https://github.com/MozillaSecurity/orion/blob/master/services/orion-builder/src/orion_builder/stage_deps.py

I'm using the Docker registry binary from https://github.com/docker/distribution-library-image, using skopeo to load the image.tar into a registry on localhost, and then pulling from localhost to img

It needs improvement. I rely on the artifact name to match the image name, eg. foo.bar will be pulled to mozillasecurity/foo:latest, instead of reading the manifest to see what it contains.