diff --git a/.drone.yml b/.drone.yml index ade3d3bdfe30f..5bea361066ad4 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1372,100 +1372,9 @@ steps: - echo "$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt # list versions - for FILE in /go/build/*.txt; do echo $FILE; cat $FILE; done - # get Dockerfiles - - curl -Ls -o /go/build/Dockerfile-cron https://raw.githubusercontent.com/gravitational/teleport/${DRONE_SOURCE_BRANCH:-master}/build.assets/Dockerfile-cron - - curl -Ls -o /go/build/Dockerfile-cron-v8 https://raw.githubusercontent.com/gravitational/teleport/${DRONE_SOURCE_BRANCH:-master}/build.assets/Dockerfile-cron-v8 - # wait for Docker to be ready - sleep 3 - - name: Build and push Teleport containers (CURRENT_VERSION) - image: docker - environment: - OS: linux - ARCH: amd64 - QUAY_USERNAME: - from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME - QUAY_PASSWORD: - from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD - volumes: - - name: dockersock - path: /var/run - commands: - - export VERSION_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt) - - export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)" - - export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)" - - export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-fips" - - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" quay.io - # OSS - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - - docker push $OSS_IMAGE_NAME - # Enterprise - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - - docker push $ENT_IMAGE_NAME - # Enterprise FIPS - - docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - - docker push $ENT_FIPS_IMAGE_NAME - - - name: Build and push Teleport containers (PREVIOUS_VERSION_ONE) - image: docker - environment: - OS: linux - ARCH: amd64 - QUAY_USERNAME: - from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME - QUAY_PASSWORD: - from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD - volumes: - - name: dockersock - path: /var/run - commands: - - export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt) - - export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)" - - export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)" - - export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-fips" - - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" quay.io - # OSS - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - - docker push $OSS_IMAGE_NAME - # Enterprise - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - - docker push $ENT_IMAGE_NAME - # Enterprise FIPS - - docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - - docker push $ENT_FIPS_IMAGE_NAME - - - name: Build and push Teleport containers (PREVIOUS_VERSION_TWO) - image: docker - environment: - OS: linux - ARCH: amd64 - QUAY_USERNAME: - from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME - QUAY_PASSWORD: - from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD - volumes: - - name: dockersock - path: /var/run - commands: - - export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt) - - export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)" - - export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)" - - export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-fips" - - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" quay.io - # OSS - # TODO(logand22): Remove v8 when Teleport 11 is released - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron-v8 /go/build - - docker push $OSS_IMAGE_NAME - # Enterprise - # TODO(logand22): Remove v8 when Teleport 11 is released - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron-v8 /go/build - - docker push $ENT_IMAGE_NAME - # Enterprise FIPS - # TODO(logand22): Remove v8 when Teleport 11 is released - - docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron-v8 /go/build - - docker push $ENT_FIPS_IMAGE_NAME - - name: Build/push Teleport Lab Docker image image: docker:git environment: @@ -1547,9 +1456,6 @@ steps: - echo "$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt # list versions - for FILE in /go/build/*.txt; do echo $FILE; cat $FILE; done - # get Dockerfiles - - curl -Ls -o /go/build/Dockerfile-cron https://raw.githubusercontent.com/gravitational/teleport/${DRONE_SOURCE_BRANCH:-master}/build.assets/Dockerfile-cron - - curl -Ls -o /go/build/Dockerfile-cron-v8 https://raw.githubusercontent.com/gravitational/teleport/${DRONE_SOURCE_BRANCH:-master}/build.assets/Dockerfile-cron-v8 # wait for Docker to be ready - sleep 3 @@ -1603,141 +1509,6 @@ steps: - name: awsconfig path: /root/.aws - - name: Build and push Teleport containers (CURRENT_VERSION) - image: docker - environment: - OS: linux - ARCH: amd64 - volumes: - - name: dockersock - path: /var/run - - name: awsconfig - path: /root/.aws - commands: - - apk add --no-cache aws-cli - - export VERSION_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt) - - export CURRENT_DATE=$(date '+%Y%m%d%H%M') - # Staging image names - - export OSS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-$CURRENT_DATE" - - export ENT_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-$CURRENT_DATE" - - export ENT_FIPS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-fips-$CURRENT_DATE" - # Production image names - - export OSS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)" - - export ENT_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)" - - export ENT_FIPS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-fips" - # Authenticate to staging registry - - aws ecr get-login-password --profile staging --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - # OSS - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build - - docker push $OSS_IMAGE_NAME_STAGE - # Enterprise - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build - - docker push $ENT_IMAGE_NAME_STAGE - # Enterprise FIPS - - docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build - - docker push $ENT_FIPS_IMAGE_NAME_STAGE - # Authenticate to production registry - - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com - - aws ecr-public get-login-password --profile production --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - # Retag images - - docker tag $OSS_IMAGE_NAME_STAGE $OSS_IMAGE_NAME_PROD - - docker tag $ENT_IMAGE_NAME_STAGE $ENT_IMAGE_NAME_PROD - - docker tag $ENT_FIPS_IMAGE_NAME_STAGE $ENT_FIPS_IMAGE_NAME_PROD - # Promote to production registry - - docker push $ENT_IMAGE_NAME_PROD - - docker push $OSS_IMAGE_NAME_PROD - - docker push $ENT_FIPS_IMAGE_NAME_PROD - - - name: Build and push Teleport containers (PREVIOUS_VERSION_ONE) - image: docker - environment: - OS: linux - ARCH: amd64 - volumes: - - name: dockersock - path: /var/run - - name: awsconfig - path: /root/.aws - commands: - - apk add --no-cache aws-cli - - export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt) - - export CURRENT_DATE=$(date '+%Y%m%d%H%M') - # Staging image names - - export OSS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-$CURRENT_DATE" - - export ENT_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-$CURRENT_DATE" - - export ENT_FIPS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-fips-$CURRENT_DATE" - # Production image names - - export OSS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)" - - export ENT_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)" - - export ENT_FIPS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-fips" - # Authenticate to staging registry - - aws ecr get-login-password --profile staging --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - # OSS - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build - - docker push $OSS_IMAGE_NAME_STAGE - # Enterprise - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build - - docker push $ENT_IMAGE_NAME_STAGE - # Enterprise FIPS - - docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build - - docker push $ENT_FIPS_IMAGE_NAME_STAGE - # Authenticate to production registry - - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com - - aws ecr-public get-login-password --profile production --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - # Retag images - - docker tag $OSS_IMAGE_NAME_STAGE $OSS_IMAGE_NAME_PROD - - docker tag $ENT_IMAGE_NAME_STAGE $ENT_IMAGE_NAME_PROD - - docker tag $ENT_FIPS_IMAGE_NAME_STAGE $ENT_FIPS_IMAGE_NAME_PROD - # Promote to production registry - - docker push $ENT_IMAGE_NAME_PROD - - docker push $OSS_IMAGE_NAME_PROD - - docker push $ENT_FIPS_IMAGE_NAME_PROD - - - name: Build and push Teleport containers (PREVIOUS_VERSION_TWO) - image: docker - environment: - OS: linux - ARCH: amd64 - volumes: - - name: dockersock - path: /var/run - - name: awsconfig - path: /root/.aws - commands: - - apk add --no-cache aws-cli - - export CURRENT_DATE=$(date '+%Y%m%d%H%M') - - export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt) - # Staging image names - - export OSS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-$CURRENT_DATE" - - export ENT_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-$CURRENT_DATE" - - export ENT_FIPS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-fips-$CURRENT_DATE" - # Production image names - - export OSS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)" - - export ENT_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)" - - export ENT_FIPS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-fips" - # Authenticate to staging registry - - aws ecr get-login-password --profile staging --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - # OSS - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron-v8 /go/build - - docker push $OSS_IMAGE_NAME_STAGE - # Enterprise - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron-v8 /go/build - - docker push $ENT_IMAGE_NAME_STAGE - # Enterprise FIPS - - docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron-v8 /go/build - - docker push $ENT_FIPS_IMAGE_NAME_STAGE - # Authenticate to production registry - - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com - - aws ecr-public get-login-password --profile production --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - # Retag images - - docker tag $OSS_IMAGE_NAME_STAGE $OSS_IMAGE_NAME_PROD - - docker tag $ENT_IMAGE_NAME_STAGE $ENT_IMAGE_NAME_PROD - - docker tag $ENT_FIPS_IMAGE_NAME_STAGE $ENT_FIPS_IMAGE_NAME_PROD - # Promote to production registry - - docker push $ENT_IMAGE_NAME_PROD - - docker push $OSS_IMAGE_NAME_PROD - - docker push $ENT_FIPS_IMAGE_NAME_PROD - - name: Build/push Teleport Lab Docker image image: docker:git environment: @@ -6546,140 +6317,6 @@ volumes: - name: dockersock temp: {} ---- -kind: pipeline -type: kubernetes -name: build-docker-images - -environment: - BUILDBOX_VERSION: "teleport11" - RUNTIME: go1.17.9 - -trigger: - event: - - tag - ref: - include: - - refs/tags/v* - repo: - include: - - gravitational/* - -workspace: - path: /go - -clone: - disable: true - -steps: - - name: Check out code - image: docker:git - environment: - GITHUB_PRIVATE_KEY: - from_secret: GITHUB_PRIVATE_KEY - GOCACHE: /go/cache - commands: - - mkdir -p /go/src/github.com/gravitational/teleport - - cd /go/src/github.com/gravitational/teleport - - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - # fetch enterprise submodules - - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - - git submodule update --init e - # this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule - - git submodule update --init --recursive webassets || true - - rm -f /root/.ssh/id_rsa - # create necessary directories - - mkdir -p /go/artifacts $GOCACHE - # set version - - if [[ "$(echo v1.2.3-fred.1)" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt - - - name: Assume AWS Role - image: amazon/aws-cli - commands: - - aws sts get-caller-identity - - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ - $(aws sts assume-role \ - --role-arn "$AWS_ROLE" \ - --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ - --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ - --output text) \ - > /root/.aws/credentials - - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity --profile default - environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_ROLE: - from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET - volumes: - - name: awsconfig - path: /root/.aws - - - name: Build/push OSS/Enterprise Docker images - image: docker - environment: - UID: 1000 - GID: 1000 - GOCACHE: /go/cache - GOPATH: /go - OS: linux - ARCH: amd64 - volumes: - - name: dockersock - path: /var/run - - name: awsconfig - path: /root/.aws - commands: - - apk add --no-cache make bash aws-cli - - chown -R $UID:$GID /go - - aws ecr get-login-password --region us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - - cd /go/src/github.com/gravitational/teleport - - make image-ci publish-ci - - - name: Build/push FIPS Docker image - image: docker - environment: - UID: 1000 - GID: 1000 - GOCACHE: /go/cache - GOPATH: /go - OS: linux - ARCH: amd64 - volumes: - - name: dockersock - path: /var/run - - name: awsconfig - path: /root/.aws - commands: - - apk add --no-cache make aws-cli - - chown -R $UID:$GID /go - - aws ecr get-login-password --region us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - - cd /go/src/github.com/gravitational/teleport - # VERSION needs to be set manually when running in the e directory. - # Normally, the version is set and exported by the root Makefile and then inherited, - # but this is not the case for FIPS builds (which only run in e/Makefile) - - export VERSION=$(cat /go/.version.txt) - - make -C e image-fips-ci publish-fips-ci - -services: - - name: Start Docker - image: docker:dind - privileged: true - volumes: - - name: dockersock - path: /var/run - -volumes: - - name: dockersock - temp: {} - - name: awsconfig - temp: {} - --- kind: pipeline type: kubernetes @@ -7640,241 +7277,25 @@ volumes: temp: {} --- -################################################ -# Generated using dronegen, do not edit by hand! -# Use 'make dronegen' to update. -# Generated at dronegen/promote.go (main.buildDockerPromotionPipelineECR) -################################################ - kind: pipeline type: kubernetes -name: promote-docker-ecr +name: promote-build + trigger: event: - include: - promote target: - include: - production - - promote-docker - - promote-docker-ecr repo: include: - - gravitational/* + - gravitational/* + workspace: path: /go + clone: disable: true -steps: -- name: Verify build is tagged - image: alpine:latest - commands: - - '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?'' - && exit 1)' -- name: Wait for docker - image: docker - commands: - - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - volumes: - - name: dockersock - path: /var/run -- name: Assume AWS Role - image: amazon/aws-cli - commands: - - aws sts get-caller-identity - - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ - $(aws sts assume-role \ - --role-arn "$AWS_ROLE" \ - --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ - --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ - --output text) \ - > /root/.aws/credentials - - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity --profile default - environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_ROLE: - from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET - volumes: - - name: awsconfig - path: /root/.aws -- name: Pull/retag Docker images - image: docker - commands: - - apk add --no-cache aws-cli - - export VERSION=${DRONE_TAG##v} - - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin - 146628656107.dkr.ecr.us-west-2.amazonaws.com - - echo "---> Pulling images for $${VERSION}" - - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$${VERSION} - - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION} - - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}-fips - - echo "---> Tagging images for $${VERSION}" - - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$${VERSION} - public.ecr.aws/gravitational/teleport:$${VERSION} - - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION} - public.ecr.aws/gravitational/teleport-ent:$${VERSION} - - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}-fips - public.ecr.aws/gravitational/teleport-ent:$${VERSION}-fips - - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com - - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin - public.ecr.aws - - echo "---> Pushing images for $${VERSION}" - - docker push public.ecr.aws/gravitational/teleport:$${VERSION} - - docker push public.ecr.aws/gravitational/teleport-ent:$${VERSION} - - docker push public.ecr.aws/gravitational/teleport-ent:$${VERSION}-fips - volumes: - - name: dockersock - path: /var/run - - name: awsconfig - path: /root/.aws -services: -- name: Start Docker - image: docker:dind - privileged: true - volumes: - - name: dockersock - path: /var/run -volumes: -- name: dockersock - temp: {} -- name: awsconfig - temp: {} - ---- -################################################ -# Generated using dronegen, do not edit by hand! -# Use 'make dronegen' to update. -# Generated at dronegen/promote.go (main.buildDockerPromotionPipelineQuay) -################################################ - -kind: pipeline -type: kubernetes -name: promote-docker-quay -trigger: - event: - include: - - promote - target: - include: - - production - - promote-docker - - promote-docker-quay - repo: - include: - - gravitational/* -workspace: - path: /go -clone: - disable: true -steps: -- name: Verify build is tagged - image: alpine:latest - commands: - - '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?'' - && exit 1)' -- name: Wait for docker - image: docker - commands: - - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - volumes: - - name: dockersock - path: /var/run -- name: Assume AWS Role - image: amazon/aws-cli - commands: - - aws sts get-caller-identity - - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ - $(aws sts assume-role \ - --role-arn "$AWS_ROLE" \ - --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ - --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ - --output text) \ - > /root/.aws/credentials - - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity --profile default - environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_ROLE: - from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET - volumes: - - name: awsconfig - path: /root/.aws -- name: Pull/retag Docker images - image: docker - commands: - - apk add --no-cache aws-cli - - export VERSION=${DRONE_TAG##v} - - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin - 146628656107.dkr.ecr.us-west-2.amazonaws.com - - echo "---> Pulling images for $${VERSION}" - - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$${VERSION} - - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION} - - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}-fips - - echo "---> Tagging images for $${VERSION}" - - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$${VERSION} - quay.io/gravitational/teleport:$${VERSION} - - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION} - quay.io/gravitational/teleport-ent:$${VERSION} - - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}-fips - quay.io/gravitational/teleport-ent:$${VERSION}-fips - - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com - - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" quay.io - - echo "---> Pushing images for $${VERSION}" - - docker push quay.io/gravitational/teleport:$${VERSION} - - docker push quay.io/gravitational/teleport-ent:$${VERSION} - - docker push quay.io/gravitational/teleport-ent:$${VERSION}-fips - environment: - QUAY_PASSWORD: - from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD - QUAY_USERNAME: - from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME - volumes: - - name: dockersock - path: /var/run - - name: awsconfig - path: /root/.aws -services: -- name: Start Docker - image: docker:dind - privileged: true - volumes: - - name: dockersock - path: /var/run -volumes: -- name: dockersock - temp: {} -- name: awsconfig - temp: {} - ---- -kind: pipeline -type: kubernetes -name: promote-build - -trigger: - event: - - promote - target: - - production - repo: - include: - - gravitational/* - -workspace: - path: /go - -clone: - disable: true - + steps: - name: Check if commit is tagged image: alpine @@ -8771,6 +8192,8 @@ workspace: path: /go clone: disable: true +depends_on: +- clean-up-previous-build steps: - name: Wait for docker image: docker @@ -8785,8 +8208,6 @@ steps: - apk add curl - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" != "200" ]; do sleep 1; done' - depends_on: - - Wait for docker - name: Check out code image: alpine/git:latest commands: @@ -8796,811 +8217,861 @@ steps: - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "$DRONE_TAG" - depends_on: - - Wait for docker - - Wait for docker registry - name: Build full semver image: alpine commands: - mkdir -pv $(dirname "/go/var/full-version") - echo $DRONE_TAG | sed 's/v//' > "/go/var/full-version" - echo $(cat "/go/var/full-version") +- name: Assume ECR - staging AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-staging + environment: + AWS_ACCESS_KEY_ID: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws +- name: Assume ECR - authenticated-pull AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-authenticated-pull + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws depends_on: - - Wait for docker - - Wait for docker registry - - Check out code -- name: Build teleport-operator image "teleport-operator:v11-amd64" - image: docker + - Assume ECR - staging AWS Role +- name: Assume S3 Download AWS Role for teleport + image: amazon/aws-cli commands: - - echo 'Sleeping 0s to avoid registry pull rate limits' && sleep 0 - - docker run --privileged --rm tonistiigi/binfmt --install all - - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - - mkdir -pv "/tmp/teleport-operator-v11-amd64-builder" - - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml" - - echo ' http = true' >> "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml" - - docker buildx create --driver "docker-container" --driver-opt "network=host" --name - "teleport-operator-v11-amd64-builder" --config "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml" - - docker buildx build --push --builder "teleport-operator-v11-amd64-builder" --platform - "linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg - "BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport11" --build-arg - "COMPILER_NAME=x86_64-linux-gnu-gcc" /go/src/github.com/gravitational/teleport - - docker buildx rm "teleport-operator-v11-amd64-builder" - - rm -rf "/tmp/teleport-operator-v11-amd64-builder" + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport environment: - DOCKER_BUILDKIT: "1" + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY volumes: - - name: dockersock - path: /var/run + - name: awsconfig + path: /root/.aws depends_on: - Wait for docker - Wait for docker registry - Check out code - Build full semver -- name: Build teleport-operator image "teleport-operator:v11-arm" - image: docker + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport + image: alpine commands: - - echo 'Sleeping 5s to avoid registry pull rate limits' && sleep 5 - - docker run --privileged --rm tonistiigi/binfmt --install all - - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - - mkdir -pv "/tmp/teleport-operator-v11-arm-builder" - - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml" - - echo ' http = true' >> "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml" - - docker buildx create --driver "docker-container" --driver-opt "network=host" --name - "teleport-operator-v11-arm-builder" --config "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml" - - docker buildx build --push --builder "teleport-operator-v11-arm-builder" --platform - "linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg - "BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11" --build-arg - "COMPILER_NAME=arm-linux-gnueabihf-gcc" /go/src/github.com/gravitational/teleport - - docker buildx rm "teleport-operator-v11-arm-builder" - - rm -rf "/tmp/teleport-operator-v11-arm-builder" - environment: - DOCKER_BUILDKIT: "1" - volumes: - - name: dockersock - path: /var/run + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport") + - curl -Ls -o "/go/build/Dockerfile-teleport" "https://raw.githubusercontent.com/gravitational/teleport/$DRONE_TAG/build.assets/charts/Dockerfile" depends_on: - Wait for docker - Wait for docker registry - Check out code - Build full semver -- name: Build teleport-operator image "teleport-operator:v11-arm64" + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role +- name: Download "teleport_v11-tag_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v11-amd64" image: docker commands: - - echo 'Sleeping 10s to avoid registry pull rate limits' && sleep 10 - docker run --privileged --rm tonistiigi/binfmt --install all - - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - - mkdir -pv "/tmp/teleport-operator-v11-arm64-builder" - - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml" - - echo ' http = true' >> "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml" + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v11-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v11-amd64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name - "teleport-operator-v11-arm64-builder" --config "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml" - - docker buildx build --push --builder "teleport-operator-v11-arm64-builder" --platform - "linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg - "BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11" --build-arg - "COMPILER_NAME=aarch64-linux-gnu-gcc" /go/src/github.com/gravitational/teleport - - docker buildx rm "teleport-operator-v11-arm64-builder" - - rm -rf "/tmp/teleport-operator-v11-arm64-builder" + "teleport-v11-amd64-builder" --config "/tmp/teleport-v11-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v11-amd64-builder" --target "teleport" + --platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v11-amd64-builder" + - rm -rf "/tmp/teleport-v11-amd64-builder" environment: + AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Wait for docker - - Wait for docker registry - - Check out code - - Build full semver -- name: Tag and push image "teleport-operator:v11-amd64" to ECR - staging - image: docker + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v11-tag_amd64.deb" artifacts from S3 +- name: Download "teleport_v11-tag_arm.deb" artifacts from S3 + image: amazon/aws-cli commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - - apk add --no-cache aws-cli - - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v11-arm" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v11-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v11-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v11-arm-builder" --config "/tmp/teleport-v11-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v11-arm-builder" --target "teleport" + --platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v11-arm-builder" + - rm -rf "/tmp/teleport-v11-arm-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v11-tag_arm.deb" artifacts from S3 +- name: Download "teleport_v11-tag_arm64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v11-arm64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v11-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v11-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v11-arm64-builder" --config "/tmp/teleport-v11-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v11-arm64-builder" --target "teleport" + --platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v11-arm64-builder" + - rm -rf "/tmp/teleport-v11-arm64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v11-tag_arm64.deb" artifacts from S3 +- name: Tag and push image "teleport:v11-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, - skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-amd64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Build teleport-operator image "teleport-operator:v11-amd64" -- name: Tag and push image "teleport-operator:v11-arm" to ECR - staging + - Build teleport image "teleport:v11-amd64" +- name: Tag and push image "teleport:v11-arm" to ECR - staging image: docker commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' - || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Build teleport-operator image "teleport-operator:v11-arm" -- name: Tag and push image "teleport-operator:v11-arm64" to ECR - staging + - Build teleport image "teleport:v11-arm" +- name: Tag and push image "teleport:v11-arm64" to ECR - staging image: docker commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, - skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Build teleport-operator image "teleport-operator:v11-arm64" -- name: Create manifest and push "teleport-operator:full" to ECR - staging + - Build teleport image "teleport:v11-arm64" +- name: Create manifest and push "teleport:full" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' - || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version") --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version") --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Tag and push image "teleport-operator:v11-amd64" to ECR - staging - - Tag and push image "teleport-operator:v11-arm" to ECR - staging - - Tag and push image "teleport-operator:v11-arm64" to ECR - staging -services: -- name: Start Docker - image: docker:dind - privileged: true - volumes: - - name: dockersock - path: /var/run -- name: drone-docker-registry - image: registry:2 - privileged: false - volumes: [] -volumes: -- name: dockersock - temp: {} - ---- -################################################ -# Generated using dronegen, do not edit by hand! -# Use 'make dronegen' to update. -# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline) -################################################ - -kind: pipeline -type: kubernetes -name: teleport-container-images-branch-promote -environment: - DEBIAN_FRONTEND: noninteractive -trigger: - event: - include: - - promote - target: - include: - - production - - promote-docker - repo: - include: - - gravitational/* -workspace: - path: /go -clone: - disable: true -steps: -- name: Verify build is tagged - image: alpine:latest - commands: - - '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?'' - && exit 1)' -- name: Check if tag is prerelease - image: golang:1.18-alpine - commands: - - apk add git - - mkdir -pv "/tmp/repo" - - cd "/tmp/repo" - - git init - - git remote add origin ${DRONE_REMOTE_URL} - - git fetch origin --tags - - git checkout -qf "${DRONE_TAG}" - - cd "/tmp/repo/build.assets/tooling" - - go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> This is - a prerelease, not continuing promotion for ${DRONE_TAG}' && exit 78) -- name: Wait for docker - image: docker + - Tag and push image "teleport:v11-amd64" to ECR - staging + - Tag and push image "teleport:v11-arm" to ECR - staging + - Tag and push image "teleport:v11-arm64" to ECR - staging +- name: Assume S3 Download AWS Role for teleport-ent + image: amazon/aws-cli commands: - - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport-ent + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY volumes: - - name: dockersock - path: /var/run - depends_on: - - Verify build is tagged - - Check if tag is prerelease -- name: Wait for docker registry - image: alpine - commands: - - apk add curl - - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" - != "200" ]; do sleep 1; done' - depends_on: - - Verify build is tagged - - Check if tag is prerelease - - Wait for docker -- name: Check out code - image: alpine/git:latest - commands: - - mkdir -pv "/go/src/github.com/gravitational/teleport" - - cd "/go/src/github.com/gravitational/teleport" - - git init - - git remote add origin ${DRONE_REMOTE_URL} - - git fetch origin --tags - - git checkout -qf "$DRONE_TAG" + - name: awsconfig + path: /root/.aws depends_on: - - Verify build is tagged - - Check if tag is prerelease - Wait for docker - Wait for docker registry -- name: Build major, minor, and full semvers + - Check out code + - Build full semver + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent image: alpine commands: - - mkdir -pv $(dirname "/go/var/major-version") - - echo $DRONE_TAG | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version" - - echo $(cat "/go/var/major-version") - - mkdir -pv $(dirname "/go/var/minor-version") - - echo $DRONE_TAG | sed 's/v//' | cut -d'.' -f "1,2" > "/go/var/minor-version" - - echo $(cat "/go/var/minor-version") - - mkdir -pv $(dirname "/go/var/full-version") - - echo $DRONE_TAG | sed 's/v//' > "/go/var/full-version" - - echo $(cat "/go/var/full-version") + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent") + - curl -Ls -o "/go/build/Dockerfile-teleport-ent" "https://raw.githubusercontent.com/gravitational/teleport/$DRONE_TAG/build.assets/charts/Dockerfile" depends_on: - - Verify build is tagged - - Check if tag is prerelease - Wait for docker - Wait for docker registry - Check out code -- name: Pull teleport-operator:v11-amd64 and push it to Local Registry + - Build full semver + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role +- name: Download "teleport-ent_v11-tag_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v11-amd64" image: docker commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v11-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v11-amd64-builder" --config "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml" - apk add --no-cache aws-cli - - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin - 146628656107.dkr.ecr.us-west-2.amazonaws.com - - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-amd64 - - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" - - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-amd64 drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-amd64 - - docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v11-amd64-builder" --target + "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg + DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v11-amd64-builder" + - rm -rf "/tmp/teleport-ent-v11-amd64-builder" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Verify build is tagged - - Check if tag is prerelease - - Wait for docker - - Wait for docker registry - - Check out code - - Build major, minor, and full semvers -- name: Pull teleport-operator:v11-arm and push it to Local Registry - image: docker + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v11-tag_amd64.deb" artifacts from S3 +- name: Download "teleport-ent_v11-tag_arm.deb" artifacts from S3 + image: amazon/aws-cli commands: - - apk add --no-cache aws-cli - - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin - 146628656107.dkr.ecr.us-west-2.amazonaws.com - - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-arm - - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" - - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-arm drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm - - docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET volumes: - - name: dockersock - path: /var/run + - name: awsconfig + path: /root/.aws depends_on: - - Verify build is tagged - - Check if tag is prerelease - - Wait for docker - - Wait for docker registry - - Check out code - - Build major, minor, and full semvers -- name: Pull teleport-operator:v11-arm64 and push it to Local Registry + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v11-arm" image: docker commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v11-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v11-arm-builder" --config "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml" - apk add --no-cache aws-cli - - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin - 146628656107.dkr.ecr.us-west-2.amazonaws.com - - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-arm64 - - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" - - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-arm64 drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm64 - - docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v11-arm-builder" --target "teleport" + --platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat + "/go/var/full-version")_arm.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v11-arm-builder" + - rm -rf "/tmp/teleport-ent-v11-arm-builder" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Verify build is tagged - - Check if tag is prerelease - - Wait for docker - - Wait for docker registry - - Check out code - - Build major, minor, and full semvers -- name: Tag and push image "teleport-operator:v11-amd64" to Quay - image: docker + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v11-tag_arm.deb" artifacts from S3 +- name: Download "teleport-ent_v11-tag_arm64.deb" artifacts from S3 + image: amazon/aws-cli commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 - && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64) - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - - docker logout "quay.io" - environment: - QUAY_PASSWORD: - from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD - QUAY_USERNAME: - from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET volumes: - - name: dockersock - path: /var/run + - name: awsconfig + path: /root/.aws depends_on: - - Pull teleport-operator:v11-amd64 and push it to Local Registry -- name: Tag and push image "teleport-operator:v11-arm" to Quay + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v11-arm64" image: docker commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm - && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm) - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - - docker logout "quay.io" + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v11-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v11-arm64-builder" --config "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v11-arm64-builder" --target + "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg + DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v11-arm64-builder" + - rm -rf "/tmp/teleport-ent-v11-arm64-builder" environment: - QUAY_PASSWORD: - from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD - QUAY_USERNAME: - from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Pull teleport-operator:v11-arm and push it to Local Registry -- name: Tag and push image "teleport-operator:v11-arm64" to Quay + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v11-tag_arm64.deb" artifacts from S3 +- name: Tag and push image "teleport-ent:v11-amd64" to ECR - staging image: docker commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 - && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64) - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - - docker logout "quay.io" + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - QUAY_PASSWORD: - from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD - QUAY_USERNAME: - from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Pull teleport-operator:v11-arm64 and push it to Local Registry -- name: Create manifest and push "teleport-operator:major" to Quay + - Build teleport-ent image "teleport-ent:v11-amd64" +- name: Tag and push image "teleport-ent:v11-arm" to ECR - staging image: docker commands: - - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") - --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") - - docker logout "quay.io" + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' + || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - QUAY_PASSWORD: - from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD - QUAY_USERNAME: - from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Tag and push image "teleport-operator:v11-amd64" to Quay - - Tag and push image "teleport-operator:v11-arm" to Quay - - Tag and push image "teleport-operator:v11-arm64" to Quay -- name: Create manifest and push "teleport-operator:minor" to Quay + - Build teleport-ent image "teleport-ent:v11-arm" +- name: Tag and push image "teleport-ent:v11-arm64" to ECR - staging image: docker commands: - - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") - --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") - - docker logout "quay.io" + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - QUAY_PASSWORD: - from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD - QUAY_USERNAME: - from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Tag and push image "teleport-operator:v11-amd64" to Quay - - Tag and push image "teleport-operator:v11-arm" to Quay - - Tag and push image "teleport-operator:v11-arm64" to Quay -- name: Create manifest and push "teleport-operator:full" to Quay + - Build teleport-ent image "teleport-ent:v11-arm64" +- name: Create manifest and push "teleport-ent:full" to ECR - staging image: docker commands: - - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest - create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend - quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend - quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend - quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")) - - docker logout "quay.io" + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' + || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version") --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - QUAY_PASSWORD: - from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD - QUAY_USERNAME: - from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Tag and push image "teleport-operator:v11-amd64" to Quay - - Tag and push image "teleport-operator:v11-arm" to Quay - - Tag and push image "teleport-operator:v11-arm64" to Quay -- name: Tag and push image "teleport-operator:v11-amd64" to ECR - production - image: docker + - Tag and push image "teleport-ent:v11-amd64" to ECR - staging + - Tag and push image "teleport-ent:v11-arm" to ECR - staging + - Tag and push image "teleport-ent:v11-arm64" to ECR - staging +- name: Assume S3 Download AWS Role for teleport-ent-fips + image: amazon/aws-cli commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - - apk add --no-cache aws-cli - - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin - public.ecr.aws - - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat - "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat - "/go/var/full-version")-amd64) - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - - docker logout "public.ecr.aws" + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport-ent-fips environment: AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY volumes: - - name: dockersock - path: /var/run + - name: awsconfig + path: /root/.aws depends_on: - - Pull teleport-operator:v11-amd64 and push it to Local Registry -- name: Tag and push image "teleport-operator:v11-arm" to ECR - production - image: docker + - Wait for docker + - Wait for docker registry + - Check out code + - Build full semver + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for + teleport-ent-fips + image: alpine commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - - apk add --no-cache aws-cli - - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin - public.ecr.aws - - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat - "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat - "/go/var/full-version")-arm) - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - - docker logout "public.ecr.aws" - environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET - volumes: - - name: dockersock - path: /var/run + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips") + - curl -Ls -o "/go/build/Dockerfile-teleport-ent-fips" "https://raw.githubusercontent.com/gravitational/teleport/$DRONE_TAG/build.assets/charts/Dockerfile" depends_on: - - Pull teleport-operator:v11-arm and push it to Local Registry -- name: Tag and push image "teleport-operator:v11-arm64" to ECR - production - image: docker + - Wait for docker + - Wait for docker registry + - Check out code + - Build full semver + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role +- name: Download "teleport-ent_v11-tag-fips_amd64.deb" artifacts from S3 + image: amazon/aws-cli commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - - apk add --no-cache aws-cli - - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin - public.ecr.aws - - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat - "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat - "/go/var/full-version")-arm64) - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - - docker logout "public.ecr.aws" - environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent-fips + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET volumes: - - name: dockersock - path: /var/run + - name: awsconfig + path: /root/.aws depends_on: - - Pull teleport-operator:v11-arm64 and push it to Local Registry -- name: Create manifest and push "teleport-operator:major" to ECR - production + - Assume S3 Download AWS Role for teleport-ent-fips + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips +- name: Build teleport-ent-fips image "teleport-ent:v11-fips-amd64" image: docker commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v11-fips-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v11-fips-amd64-builder" --config "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") + - docker buildx build --push --builder "teleport-ent-v11-fips-amd64-builder" --target + "teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips" + --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + /go/build - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v11-fips-amd64-builder" + - rm -rf "/tmp/teleport-ent-v11-fips-amd64-builder" environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Tag and push image "teleport-operator:v11-amd64" to ECR - production - - Tag and push image "teleport-operator:v11-arm" to ECR - production - - Tag and push image "teleport-operator:v11-arm64" to ECR - production -- name: Create manifest and push "teleport-operator:minor" to ECR - production + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v11-tag-fips_amd64.deb" artifacts from S3 +- name: Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging image: docker commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - apk add --no-cache aws-cli - - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin - public.ecr.aws - - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") - - docker logout "public.ecr.aws" + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Tag and push image "teleport-operator:v11-amd64" to ECR - production - - Tag and push image "teleport-operator:v11-arm" to ECR - production - - Tag and push image "teleport-operator:v11-arm64" to ECR - production -- name: Create manifest and push "teleport-operator:full" to ECR - production + - Build teleport-ent-fips image "teleport-ent:v11-fips-amd64" +- name: Create manifest and push "teleport-ent:full-fips" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin - public.ecr.aws - - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest - create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 - && docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")) - - docker logout "public.ecr.aws" + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' + || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET - volumes: - - name: dockersock - path: /var/run - depends_on: - - Tag and push image "teleport-operator:v11-amd64" to ECR - production - - Tag and push image "teleport-operator:v11-arm" to ECR - production - - Tag and push image "teleport-operator:v11-arm64" to ECR - production -services: -- name: Start Docker - image: docker:dind - privileged: true - volumes: - - name: dockersock - path: /var/run -- name: drone-docker-registry - image: registry:2 - privileged: false - volumes: [] -volumes: -- name: dockersock - temp: {} - ---- -################################################ -# Generated using dronegen, do not edit by hand! -# Use 'make dronegen' to update. -# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline) -################################################ - -kind: pipeline -type: kubernetes -name: teleport-container-images-current-version-cron -environment: - DEBIAN_FRONTEND: noninteractive -trigger: - cron: - include: - - teleport-container-images-cron - repo: - include: - - gravitational/teleport -workspace: - path: /go -clone: - disable: true -steps: -- name: Find the latest available semver for v11 - image: golang:1.18 - commands: - - mkdir -pv "/tmp/teleport" - - cd "/tmp/teleport" - - git init - - git remote add origin ${DRONE_REMOTE_URL} - - git fetch origin --tags - - git checkout -qf "branch/v11" - - mkdir -pv "/go/vars/full-version" - - cd "/tmp/teleport/build.assets/tooling/cmd/query-latest" - - go run . "v11" > "/go/vars/full-version/v11" - - echo Found full semver "$(cat "/go/vars/full-version/v11")" for major version - "v11" -- name: Wait for docker - image: docker - commands: - - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Find the latest available semver for v11 -- name: Wait for docker registry - image: alpine - commands: - - apk add curl - - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" - != "200" ]; do sleep 1; done' - depends_on: - - Find the latest available semver for v11 - - Wait for docker -- name: Check out code - image: alpine/git:latest - commands: - - mkdir -pv "/go/src/github.com/gravitational/teleport" - - cd "/go/src/github.com/gravitational/teleport" - - git init - - git remote add origin ${DRONE_REMOTE_URL} - - git fetch origin --tags - - git checkout -qf "$(cat '/go/vars/full-version/v11')" - depends_on: - - Find the latest available semver for v11 - - Wait for docker - - Wait for docker registry -- name: Build major, minor, and full semvers - image: alpine - commands: - - mkdir -pv $(dirname "/go/var/major-version") - - echo $(cat '/go/vars/full-version/v11') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version" - - echo $(cat "/go/var/major-version") - - mkdir -pv $(dirname "/go/var/minor-version") - - echo $(cat '/go/vars/full-version/v11') | sed 's/v//' | cut -d'.' -f "1,2" > "/go/var/minor-version" - - echo $(cat "/go/var/minor-version") - - mkdir -pv $(dirname "/go/var/full-version") - - echo $(cat '/go/vars/full-version/v11') | sed 's/v//' > "/go/var/full-version" - - echo $(cat "/go/var/full-version") - depends_on: - - Find the latest available semver for v11 - - Wait for docker - - Wait for docker registry - - Check out code + - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging - name: Build teleport-operator image "teleport-operator:v11-amd64" image: docker commands: - - echo 'Sleeping 0s to avoid registry pull rate limits' && sleep 0 - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - mkdir -pv "/tmp/teleport-operator-v11-amd64-builder" @@ -9608,28 +9079,36 @@ steps: - echo ' http = true' >> "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-operator-v11-amd64-builder" --config "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws - docker buildx build --push --builder "teleport-operator-v11-amd64-builder" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg - "BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport11" --build-arg - "COMPILER_NAME=x86_64-linux-gnu-gcc" /go/src/github.com/gravitational/teleport + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport11 --build-arg + COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" - docker buildx rm "teleport-operator-v11-amd64-builder" - rm -rf "/tmp/teleport-operator-v11-amd64-builder" environment: + AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Find the latest available semver for v11 + - Assume ECR - authenticated-pull AWS Role - Wait for docker - Wait for docker registry - Check out code - - Build major, minor, and full semvers + - Build full semver + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role - name: Build teleport-operator image "teleport-operator:v11-arm" image: docker commands: - - echo 'Sleeping 5s to avoid registry pull rate limits' && sleep 5 - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - mkdir -pv "/tmp/teleport-operator-v11-arm-builder" @@ -9637,28 +9116,36 @@ steps: - echo ' http = true' >> "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-operator-v11-arm-builder" --config "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws - docker buildx build --push --builder "teleport-operator-v11-arm-builder" --platform "linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg - "BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11" --build-arg - "COMPILER_NAME=arm-linux-gnueabihf-gcc" /go/src/github.com/gravitational/teleport + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11 --build-arg + COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" - docker buildx rm "teleport-operator-v11-arm-builder" - rm -rf "/tmp/teleport-operator-v11-arm-builder" environment: + AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Find the latest available semver for v11 + - Assume ECR - authenticated-pull AWS Role - Wait for docker - Wait for docker registry - Check out code - - Build major, minor, and full semvers + - Build full semver + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role - name: Build teleport-operator image "teleport-operator:v11-arm64" image: docker commands: - - echo 'Sleeping 10s to avoid registry pull rate limits' && sleep 10 - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - mkdir -pv "/tmp/teleport-operator-v11-arm64-builder" @@ -9666,24 +9153,33 @@ steps: - echo ' http = true' >> "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-operator-v11-arm64-builder" --config "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws - docker buildx build --push --builder "teleport-operator-v11-arm64-builder" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg - "BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11" --build-arg - "COMPILER_NAME=aarch64-linux-gnu-gcc" /go/src/github.com/gravitational/teleport + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11 --build-arg + COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" - docker buildx rm "teleport-operator-v11-arm64-builder" - rm -rf "/tmp/teleport-operator-v11-arm64-builder" environment: + AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Find the latest available semver for v11 + - Assume ECR - authenticated-pull AWS Role - Wait for docker - Wait for docker registry - Check out code - - Build major, minor, and full semvers + - Build full semver + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role - name: Tag and push image "teleport-operator:v11-amd64" to ECR - staging image: docker commands: @@ -9691,32 +9187,18 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing - image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-amd64) - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing - image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing - image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-amd64) + "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: @@ -9728,32 +9210,18 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing - image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-arm) - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing - image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-arm) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing - image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-arm) + "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' + || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: @@ -9765,161 +9233,311 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing - image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-arm64) - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing - image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-arm64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing - image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-arm64) + "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v11-arm64" -- name: Create manifest and push "teleport-operator:major-$TIMESTAMP" to ECR - staging +- name: Create manifest and push "teleport-operator:full" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, - skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP) + "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' + || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version") --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v11-amd64" to ECR - staging - Tag and push image "teleport-operator:v11-arm" to ECR - staging - Tag and push image "teleport-operator:v11-arm64" to ECR - staging -- name: Create manifest and push "teleport-operator:minor-$TIMESTAMP" to ECR - staging - image: docker - commands: - - apk add --no-cache aws-cli - - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin - 146628656107.dkr.ecr.us-west-2.amazonaws.com - - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, - skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP) - - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" - environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET +services: +- name: Start Docker + image: docker:dind + privileged: true volumes: - name: dockersock path: /var/run - depends_on: - - Tag and push image "teleport-operator:v11-amd64" to ECR - staging - - Tag and push image "teleport-operator:v11-arm" to ECR - staging - - Tag and push image "teleport-operator:v11-arm64" to ECR - staging -- name: Create manifest and push "teleport-operator:full-$TIMESTAMP" to ECR - staging - image: docker +- name: drone-docker-registry + image: registry:2 + privileged: false + volumes: [] +volumes: +- name: awsconfig + temp: {} +- name: dockersock + temp: {} + +--- +################################################ +# Generated using dronegen, do not edit by hand! +# Use 'make dronegen' to update. +# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline) +################################################ + +kind: pipeline +type: kubernetes +name: teleport-container-images-branch-promote +environment: + DEBIAN_FRONTEND: noninteractive +trigger: + event: + include: + - promote + target: + include: + - production + - promote-docker + repo: + include: + - gravitational/* +workspace: + path: /go +clone: + disable: true +steps: +- name: Verify build is tagged + image: alpine:latest commands: - - apk add --no-cache aws-cli - - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin - 146628656107.dkr.ecr.us-west-2.amazonaws.com - - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, - skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP) - - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" - environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET - volumes: - - name: dockersock - path: /var/run - depends_on: - - Tag and push image "teleport-operator:v11-amd64" to ECR - staging - - Tag and push image "teleport-operator:v11-arm" to ECR - staging - - Tag and push image "teleport-operator:v11-arm64" to ECR - staging -- name: Tag and push image "teleport-operator:v11-amd64" to Quay + - '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?'' + && exit 1)' +- name: Check if tag is prerelease + image: golang:1.18-alpine + commands: + - apk add git + - mkdir -pv "/tmp/repo" + - cd "/tmp/repo" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "${DRONE_TAG}" + - cd "/tmp/repo/build.assets/tooling" + - go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> This is + a prerelease, not continuing promotion for ${DRONE_TAG}' && exit 78) +- name: Wait for docker image: docker commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 - && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64) - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - - docker logout "quay.io" - environment: - QUAY_PASSWORD: - from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD - QUAY_USERNAME: - from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run depends_on: - - Build teleport-operator image "teleport-operator:v11-amd64" -- name: Tag and push image "teleport-operator:v11-arm" to Quay - image: docker + - Verify build is tagged + - Check if tag is prerelease +- name: Wait for docker registry + image: alpine commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - apk add curl + - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" + != "200" ]; do sleep 1; done' + depends_on: + - Verify build is tagged + - Check if tag is prerelease +- name: Check out code + image: alpine/git:latest + commands: + - mkdir -pv "/go/src/github.com/gravitational/teleport" + - cd "/go/src/github.com/gravitational/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "$DRONE_TAG" + depends_on: + - Verify build is tagged + - Check if tag is prerelease +- name: Build major, minor, and full semvers + image: alpine + commands: + - mkdir -pv $(dirname "/go/var/major-version") + - echo $DRONE_TAG | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version" + - echo $(cat "/go/var/major-version") + - mkdir -pv $(dirname "/go/var/minor-version") + - echo $DRONE_TAG | sed 's/v//' | cut -d'.' -f "1,2" > "/go/var/minor-version" + - echo $(cat "/go/var/minor-version") + - mkdir -pv $(dirname "/go/var/full-version") + - echo $DRONE_TAG | sed 's/v//' > "/go/var/full-version" + - echo $(cat "/go/var/full-version") + depends_on: + - Verify build is tagged + - Check if tag is prerelease +- name: Assume ECR - staging AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-staging + environment: + AWS_ACCESS_KEY_ID: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Verify build is tagged + - Check if tag is prerelease +- name: Assume ECR - production AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-production + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume ECR - staging AWS Role + - Verify build is tagged + - Check if tag is prerelease +- name: Pull teleport:v11-amd64 and push it to Local Registry + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-amd64 + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-amd64 drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Verify build is tagged + - Check if tag is prerelease + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - production AWS Role +- name: Pull teleport:v11-arm and push it to Local Registry + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-arm + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-arm drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Verify build is tagged + - Check if tag is prerelease + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - production AWS Role +- name: Pull teleport:v11-arm64 and push it to Local Registry + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-arm64 + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-arm64 drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Verify build is tagged + - Check if tag is prerelease + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - production AWS Role +- name: Tag and push image "teleport:v11-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm - && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm) - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: QUAY_PASSWORD: @@ -9927,25 +9545,27 @@ steps: QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Build teleport-operator image "teleport-operator:v11-arm" -- name: Tag and push image "teleport-operator:v11-arm64" to Quay + - Pull teleport:v11-amd64 and push it to Local Registry +- name: Tag and push image "teleport:v11-arm" to Quay image: docker commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 - && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64) - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: QUAY_PASSWORD: @@ -9953,19 +9573,27 @@ steps: QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Build teleport-operator image "teleport-operator:v11-arm64" -- name: Create manifest and push "teleport-operator:major" to Quay + - Pull teleport:v11-arm and push it to Local Registry +- name: Tag and push image "teleport:v11-arm64" to Quay image: docker commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") - --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: QUAY_PASSWORD: @@ -9973,21 +9601,21 @@ steps: QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Tag and push image "teleport-operator:v11-amd64" to Quay - - Tag and push image "teleport-operator:v11-arm" to Quay - - Tag and push image "teleport-operator:v11-arm64" to Quay -- name: Create manifest and push "teleport-operator:minor" to Quay + - Pull teleport:v11-arm64 and push it to Local Registry +- name: Create manifest and push "teleport:major" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") - --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") + - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat + "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version") - docker logout "quay.io" environment: QUAY_PASSWORD: @@ -9995,23 +9623,48 @@ steps: QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Tag and push image "teleport-operator:v11-amd64" to Quay - - Tag and push image "teleport-operator:v11-arm" to Quay - - Tag and push image "teleport-operator:v11-arm64" to Quay -- name: Create manifest and push "teleport-operator:full" to Quay + - Tag and push image "teleport:v11-amd64" to Quay + - Tag and push image "teleport:v11-arm" to Quay + - Tag and push image "teleport:v11-arm64" to Quay +- name: Create manifest and push "teleport:minor" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") + - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat + "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v11-amd64" to Quay + - Tag and push image "teleport:v11-arm" to Quay + - Tag and push image "teleport:v11-arm64" to Quay +- name: Create manifest and push "teleport:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest - create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend - quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend - quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend - quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")) + create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat + "/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && + docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version")) - docker logout "quay.io" environment: QUAY_PASSWORD: @@ -10019,623 +9672,8347 @@ steps: QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Tag and push image "teleport-operator:v11-amd64" to Quay - - Tag and push image "teleport-operator:v11-arm" to Quay - - Tag and push image "teleport-operator:v11-arm64" to Quay -- name: Tag and push image "teleport-operator:v11-amd64" to ECR - production + - Tag and push image "teleport:v11-amd64" to Quay + - Tag and push image "teleport:v11-arm" to Quay + - Tag and push image "teleport:v11-arm64" to Quay +- name: Tag and push image "teleport:v11-amd64" to ECR - production image: docker commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat - "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat - "/go/var/full-version")-amd64) - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker logout "public.ecr.aws" environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-production volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Build teleport-operator image "teleport-operator:v11-amd64" -- name: Tag and push image "teleport-operator:v11-arm" to ECR - production + - Pull teleport:v11-amd64 and push it to Local Registry +- name: Tag and push image "teleport:v11-arm" to ECR - production image: docker commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat - "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat - "/go/var/full-version")-arm) - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker logout "public.ecr.aws" environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-production volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Build teleport-operator image "teleport-operator:v11-arm" -- name: Tag and push image "teleport-operator:v11-arm64" to ECR - production + - Pull teleport:v11-arm and push it to Local Registry +- name: Tag and push image "teleport:v11-arm64" to ECR - production image: docker commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat - "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat - "/go/var/full-version")-arm64) - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker logout "public.ecr.aws" environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-production volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Build teleport-operator image "teleport-operator:v11-arm64" -- name: Create manifest and push "teleport-operator:major" to ECR - production + - Pull teleport:v11-arm64 and push it to Local Registry +- name: Create manifest and push "teleport:major" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") + - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") - docker logout "public.ecr.aws" environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-production volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Tag and push image "teleport-operator:v11-amd64" to ECR - production - - Tag and push image "teleport-operator:v11-arm" to ECR - production - - Tag and push image "teleport-operator:v11-arm64" to ECR - production -- name: Create manifest and push "teleport-operator:minor" to ECR - production + - Tag and push image "teleport:v11-amd64" to ECR - production + - Tag and push image "teleport:v11-arm" to ECR - production + - Tag and push image "teleport:v11-arm64" to ECR - production +- name: Create manifest and push "teleport:minor" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") + - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") - docker logout "public.ecr.aws" environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-production volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Tag and push image "teleport-operator:v11-amd64" to ECR - production - - Tag and push image "teleport-operator:v11-arm" to ECR - production - - Tag and push image "teleport-operator:v11-arm64" to ECR - production -- name: Create manifest and push "teleport-operator:full" to ECR - production + - Tag and push image "teleport:v11-amd64" to ECR - production + - Tag and push image "teleport:v11-arm" to ECR - production + - Tag and push image "teleport:v11-arm64" to ECR - production +- name: Create manifest and push "teleport:full" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest - create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 - && docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")) + create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker + manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")) - docker logout "public.ecr.aws" environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-production volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Tag and push image "teleport-operator:v11-amd64" to ECR - production - - Tag and push image "teleport-operator:v11-arm" to ECR - production - - Tag and push image "teleport-operator:v11-arm64" to ECR - production -services: -- name: Start Docker - image: docker:dind - privileged: true - volumes: - - name: dockersock - path: /var/run -- name: drone-docker-registry - image: registry:2 - privileged: false - volumes: [] -volumes: -- name: dockersock - temp: {} - ---- -################################################ -# Generated using dronegen, do not edit by hand! -# Use 'make dronegen' to update. -# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline) -################################################ - -kind: pipeline -type: kubernetes -name: teleport-container-images-previous-version-1-cron -environment: - DEBIAN_FRONTEND: noninteractive -trigger: - cron: - include: - - teleport-container-images-cron - repo: - include: - - gravitational/teleport -workspace: - path: /go -clone: - disable: true -steps: -- name: Find the latest available semver for v10 - image: golang:1.18 - commands: - - mkdir -pv "/tmp/teleport" - - cd "/tmp/teleport" - - git init - - git remote add origin ${DRONE_REMOTE_URL} - - git fetch origin --tags - - git checkout -qf "branch/v10" - - mkdir -pv "/go/vars/full-version" - - cd "/tmp/teleport/build.assets/tooling/cmd/query-latest" - - go run . "v10" > "/go/vars/full-version/v10" - - echo Found full semver "$(cat "/go/vars/full-version/v10")" for major version - "v10" -- name: Wait for docker + - Tag and push image "teleport:v11-amd64" to ECR - production + - Tag and push image "teleport:v11-arm" to ECR - production + - Tag and push image "teleport:v11-arm64" to ECR - production +- name: Pull teleport-ent:v11-amd64 and push it to Local Registry image: docker commands: - - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64 + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64 drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + environment: + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Find the latest available semver for v10 -- name: Wait for docker registry - image: alpine - commands: - - apk add curl - - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" - != "200" ]; do sleep 1; done' - depends_on: - - Find the latest available semver for v10 - - Wait for docker -- name: Check out code - image: alpine/git:latest - commands: - - mkdir -pv "/go/src/github.com/gravitational/teleport" - - cd "/go/src/github.com/gravitational/teleport" - - git init - - git remote add origin ${DRONE_REMOTE_URL} - - git fetch origin --tags - - git checkout -qf "$(cat '/go/vars/full-version/v10')" - depends_on: - - Find the latest available semver for v10 - - Wait for docker - - Wait for docker registry -- name: Build major, minor, and full semvers - image: alpine - commands: - - mkdir -pv $(dirname "/go/var/major-version") - - echo $(cat '/go/vars/full-version/v10') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version" - - echo $(cat "/go/var/major-version") - - mkdir -pv $(dirname "/go/var/minor-version") - - echo $(cat '/go/vars/full-version/v10') | sed 's/v//' | cut -d'.' -f "1,2" > "/go/var/minor-version" - - echo $(cat "/go/var/minor-version") - - mkdir -pv $(dirname "/go/var/full-version") - - echo $(cat '/go/vars/full-version/v10') | sed 's/v//' > "/go/var/full-version" - - echo $(cat "/go/var/full-version") - depends_on: - - Find the latest available semver for v10 + - Verify build is tagged + - Check if tag is prerelease - Wait for docker - Wait for docker registry - Check out code -- name: Build teleport-operator image "teleport-operator:v10-amd64" + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - production AWS Role +- name: Pull teleport-ent:v11-arm and push it to Local Registry image: docker commands: - - echo 'Sleeping 0s to avoid registry pull rate limits' && sleep 0 - - docker run --privileged --rm tonistiigi/binfmt --install all - - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - - mkdir -pv "/tmp/teleport-operator-v10-amd64-builder" - - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml" - - echo ' http = true' >> "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml" - - docker buildx create --driver "docker-container" --driver-opt "network=host" --name - "teleport-operator-v10-amd64-builder" --config "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml" - - docker buildx build --push --builder "teleport-operator-v10-amd64-builder" --platform - "linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg - "BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport11" --build-arg - "COMPILER_NAME=x86_64-linux-gnu-gcc" /go/src/github.com/gravitational/teleport - - docker buildx rm "teleport-operator-v10-amd64-builder" - - rm -rf "/tmp/teleport-operator-v10-amd64-builder" + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm environment: - DOCKER_BUILDKIT: "1" + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Find the latest available semver for v10 + - Verify build is tagged + - Check if tag is prerelease - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers -- name: Build teleport-operator image "teleport-operator:v10-arm" + - Assume ECR - staging AWS Role + - Assume ECR - production AWS Role +- name: Pull teleport-ent:v11-arm64 and push it to Local Registry image: docker commands: - - echo 'Sleeping 5s to avoid registry pull rate limits' && sleep 5 - - docker run --privileged --rm tonistiigi/binfmt --install all - - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - - mkdir -pv "/tmp/teleport-operator-v10-arm-builder" - - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml" - - echo ' http = true' >> "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml" - - docker buildx create --driver "docker-container" --driver-opt "network=host" --name - "teleport-operator-v10-arm-builder" --config "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml" - - docker buildx build --push --builder "teleport-operator-v10-arm-builder" --platform - "linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg - "BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11" --build-arg - "COMPILER_NAME=arm-linux-gnueabihf-gcc" /go/src/github.com/gravitational/teleport - - docker buildx rm "teleport-operator-v10-arm-builder" - - rm -rf "/tmp/teleport-operator-v10-arm-builder" + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 environment: - DOCKER_BUILDKIT: "1" + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Find the latest available semver for v10 + - Verify build is tagged + - Check if tag is prerelease - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers -- name: Build teleport-operator image "teleport-operator:v10-arm64" + - Assume ECR - staging AWS Role + - Assume ECR - production AWS Role +- name: Tag and push image "teleport-ent:v11-amd64" to Quay image: docker commands: - - echo 'Sleeping 10s to avoid registry pull rate limits' && sleep 10 - - docker run --privileged --rm tonistiigi/binfmt --install all - - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - - mkdir -pv "/tmp/teleport-operator-v10-arm64-builder" - - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml" - - echo ' http = true' >> "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml" - - docker buildx create --driver "docker-container" --driver-opt "network=host" --name - "teleport-operator-v10-arm64-builder" --config "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml" - - docker buildx build --push --builder "teleport-operator-v10-arm64-builder" --platform - "linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg - "BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11" --build-arg - "COMPILER_NAME=aarch64-linux-gnu-gcc" /go/src/github.com/gravitational/teleport - - docker buildx rm "teleport-operator-v10-arm64-builder" - - rm -rf "/tmp/teleport-operator-v10-arm64-builder" + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" environment: - DOCKER_BUILDKIT: "1" + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Find the latest available semver for v10 - - Wait for docker - - Wait for docker registry - - Check out code - - Build major, minor, and full semvers -- name: Tag and push image "teleport-operator:v10-amd64" to ECR - staging + - Pull teleport-ent:v11-amd64 and push it to Local Registry +- name: Tag and push image "teleport-ent:v11-arm" to Quay image: docker commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - - apk add --no-cache aws-cli - - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin - 146628656107.dkr.ecr.us-west-2.amazonaws.com - - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing - image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-amd64) - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing - image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-amd64) - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing - image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-amd64) - - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Build teleport-operator image "teleport-operator:v10-amd64" -- name: Tag and push image "teleport-operator:v10-arm" to ECR - staging + - Pull teleport-ent:v11-arm and push it to Local Registry +- name: Tag and push image "teleport-ent:v11-arm64" to Quay image: docker commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-ent:v11-arm64 and push it to Local Registry +- name: Create manifest and push "teleport-ent:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to Quay + - Tag and push image "teleport-ent:v11-arm" to Quay + - Tag and push image "teleport-ent:v11-arm64" to Quay +- name: Create manifest and push "teleport-ent:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to Quay + - Tag and push image "teleport-ent:v11-arm" to Quay + - Tag and push image "teleport-ent:v11-arm64" to Quay +- name: Create manifest and push "teleport-ent:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat + "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to Quay + - Tag and push image "teleport-ent:v11-arm" to Quay + - Tag and push image "teleport-ent:v11-arm64" to Quay +- name: Tag and push image "teleport-ent:v11-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin - 146628656107.dkr.ecr.us-west-2.amazonaws.com - - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing - image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-arm) - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing - image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-arm) - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing - image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-arm) - - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-production volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Build teleport-operator image "teleport-operator:v10-arm" -- name: Tag and push image "teleport-operator:v10-arm64" to ECR - staging + - Pull teleport-ent:v11-amd64 and push it to Local Registry +- name: Tag and push image "teleport-ent:v11-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-ent:v11-arm and push it to Local Registry +- name: Tag and push image "teleport-ent:v11-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-ent:v11-arm64 and push it to Local Registry +- name: Create manifest and push "teleport-ent:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to ECR - production + - Tag and push image "teleport-ent:v11-arm" to ECR - production + - Tag and push image "teleport-ent:v11-arm64" to ECR - production +- name: Create manifest and push "teleport-ent:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to ECR - production + - Tag and push image "teleport-ent:v11-arm" to ECR - production + - Tag and push image "teleport-ent:v11-arm64" to ECR - production +- name: Create manifest and push "teleport-ent:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to ECR - production + - Tag and push image "teleport-ent:v11-arm" to ECR - production + - Tag and push image "teleport-ent:v11-arm64" to ECR - production +- name: Pull teleport-ent:v11-fips-amd64 and push it to Local Registry image: docker commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing - image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-arm64) - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing - image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-arm64) - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing - image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-arm64) + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 + - docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Verify build is tagged + - Check if tag is prerelease + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - production AWS Role +- name: Tag and push image "teleport-ent:v11-fips-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-ent:v11-fips-amd64 and push it to Local Registry +- name: Create manifest and push "teleport-ent:major-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to Quay +- name: Create manifest and push "teleport-ent:minor-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to Quay +- name: Create manifest and push "teleport-ent:full-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && + docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to Quay +- name: Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-ent:v11-fips-amd64 and push it to Local Registry +- name: Create manifest and push "teleport-ent:major-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production +- name: Create manifest and push "teleport-ent:minor-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production +- name: Create manifest and push "teleport-ent:full-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production +- name: Pull teleport-operator:v11-amd64 and push it to Local Registry + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64 + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64 drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 + - docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Verify build is tagged + - Check if tag is prerelease + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - production AWS Role +- name: Pull teleport-operator:v11-arm and push it to Local Registry + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm + - docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Verify build is tagged + - Check if tag is prerelease + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - production AWS Role +- name: Pull teleport-operator:v11-arm64 and push it to Local Registry + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64 + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64 drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 + - docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Verify build is tagged + - Check if tag is prerelease + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - production AWS Role +- name: Tag and push image "teleport-operator:v11-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-operator:v11-amd64 and push it to Local Registry +- name: Tag and push image "teleport-operator:v11-arm" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-operator:v11-arm and push it to Local Registry +- name: Tag and push image "teleport-operator:v11-arm64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-operator:v11-arm64 and push it to Local Registry +- name: Create manifest and push "teleport-operator:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to Quay + - Tag and push image "teleport-operator:v11-arm" to Quay + - Tag and push image "teleport-operator:v11-arm64" to Quay +- name: Create manifest and push "teleport-operator:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to Quay + - Tag and push image "teleport-operator:v11-arm" to Quay + - Tag and push image "teleport-operator:v11-arm64" to Quay +- name: Create manifest and push "teleport-operator:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend + quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend + quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend + quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && + docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to Quay + - Tag and push image "teleport-operator:v11-arm" to Quay + - Tag and push image "teleport-operator:v11-arm64" to Quay +- name: Tag and push image "teleport-operator:v11-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-operator:v11-amd64 and push it to Local Registry +- name: Tag and push image "teleport-operator:v11-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-operator:v11-arm and push it to Local Registry +- name: Tag and push image "teleport-operator:v11-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-operator:v11-arm64 and push it to Local Registry +- name: Create manifest and push "teleport-operator:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to ECR - production + - Tag and push image "teleport-operator:v11-arm" to ECR - production + - Tag and push image "teleport-operator:v11-arm64" to ECR - production +- name: Create manifest and push "teleport-operator:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to ECR - production + - Tag and push image "teleport-operator:v11-arm" to ECR - production + - Tag and push image "teleport-operator:v11-arm64" to ECR - production +- name: Create manifest and push "teleport-operator:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + && docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to ECR - production + - Tag and push image "teleport-operator:v11-arm" to ECR - production + - Tag and push image "teleport-operator:v11-arm64" to ECR - production +services: +- name: Start Docker + image: docker:dind + privileged: true + volumes: + - name: dockersock + path: /var/run +- name: drone-docker-registry + image: registry:2 + privileged: false + volumes: [] +volumes: +- name: awsconfig + temp: {} +- name: dockersock + temp: {} + +--- +################################################ +# Generated using dronegen, do not edit by hand! +# Use 'make dronegen' to update. +# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline) +################################################ + +kind: pipeline +type: kubernetes +name: teleport-container-images-current-version-cron +environment: + DEBIAN_FRONTEND: noninteractive +trigger: + cron: + include: + - teleport-container-images-cron + repo: + include: + - gravitational/teleport +workspace: + path: /go +clone: + disable: true +steps: +- name: Find the latest available semver for v11 + image: golang:1.18 + commands: + - mkdir -pv "/tmp/teleport" + - cd "/tmp/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "branch/v11" + - mkdir -pv $(dirname "/go/vars/full-version-v11") + - cd "/tmp/teleport/build.assets/tooling/cmd/query-latest" + - go run . "v11" | sed 's/v//' > "/go/vars/full-version-v11" + - echo Found full semver "$(cat "/go/vars/full-version-v11")" for major version + "v11" +- name: Wait for docker + image: docker + commands: + - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + volumes: + - name: dockersock + path: /var/run + depends_on: + - Find the latest available semver for v11 +- name: Wait for docker registry + image: alpine + commands: + - apk add curl + - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" + != "200" ]; do sleep 1; done' + depends_on: + - Find the latest available semver for v11 +- name: Check out code + image: alpine/git:latest + commands: + - mkdir -pv "/go/src/github.com/gravitational/teleport" + - cd "/go/src/github.com/gravitational/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "v$(cat '/go/vars/full-version-v11')" + depends_on: + - Find the latest available semver for v11 +- name: Build major, minor, and full semvers + image: alpine + commands: + - mkdir -pv $(dirname "/go/var/major-version") + - echo v$(cat '/go/vars/full-version-v11') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version" + - echo $(cat "/go/var/major-version") + - mkdir -pv $(dirname "/go/var/minor-version") + - echo v$(cat '/go/vars/full-version-v11') | sed 's/v//' | cut -d'.' -f "1,2" > + "/go/var/minor-version" + - echo $(cat "/go/var/minor-version") + - mkdir -pv $(dirname "/go/var/full-version") + - echo v$(cat '/go/vars/full-version-v11') | sed 's/v//' > "/go/var/full-version" + - echo $(cat "/go/var/full-version") + depends_on: + - Find the latest available semver for v11 +- name: Assume ECR - staging AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-staging + environment: + AWS_ACCESS_KEY_ID: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v11 +- name: Assume ECR - authenticated-pull AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-authenticated-pull + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume ECR - staging AWS Role + - Find the latest available semver for v11 +- name: Assume ECR - production AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-production + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Find the latest available semver for v11 +- name: Assume S3 Download AWS Role for teleport + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v11 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport") + - curl -Ls -o "/go/build/Dockerfile-teleport" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat + '/go/vars/full-version-v11')/build.assets/charts/Dockerfile" + depends_on: + - Find the latest available semver for v11 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download "teleport_v11-tag_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v11-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v11-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v11-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v11-amd64-builder" --config "/tmp/teleport-v11-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v11-amd64-builder" --target "teleport" + --platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v11-amd64-builder" + - rm -rf "/tmp/teleport-v11-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v11-tag_amd64.deb" artifacts from S3 +- name: Download "teleport_v11-tag_arm.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v11-arm" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v11-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v11-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v11-arm-builder" --config "/tmp/teleport-v11-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v11-arm-builder" --target "teleport" + --platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v11-arm-builder" + - rm -rf "/tmp/teleport-v11-arm-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v11-tag_arm.deb" artifacts from S3 +- name: Download "teleport_v11-tag_arm64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v11-arm64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v11-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v11-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v11-arm64-builder" --config "/tmp/teleport-v11-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v11-arm64-builder" --target "teleport" + --platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v11-arm64-builder" + - rm -rf "/tmp/teleport-v11-arm64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v11-tag_arm64.deb" artifacts from S3 +- name: Tag and push image "teleport:v11-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v11-amd64" +- name: Tag and push image "teleport:v11-arm" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v11-arm" +- name: Tag and push image "teleport:v11-arm64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v11-arm64" +- name: Create manifest and push "teleport:major-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v11-amd64" to ECR - staging + - Tag and push image "teleport:v11-arm" to ECR - staging + - Tag and push image "teleport:v11-arm64" to ECR - staging +- name: Create manifest and push "teleport:minor-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v11-amd64" to ECR - staging + - Tag and push image "teleport:v11-arm" to ECR - staging + - Tag and push image "teleport:v11-arm64" to ECR - staging +- name: Create manifest and push "teleport:full-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v11-amd64" to ECR - staging + - Tag and push image "teleport:v11-arm" to ECR - staging + - Tag and push image "teleport:v11-arm64" to ECR - staging +- name: Tag and push image "teleport:v11-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v11-amd64" +- name: Tag and push image "teleport:v11-arm" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v11-arm" +- name: Tag and push image "teleport:v11-arm64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v11-arm64" +- name: Create manifest and push "teleport:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat + "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v11-amd64" to Quay + - Tag and push image "teleport:v11-arm" to Quay + - Tag and push image "teleport:v11-arm64" to Quay +- name: Create manifest and push "teleport:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat + "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v11-amd64" to Quay + - Tag and push image "teleport:v11-arm" to Quay + - Tag and push image "teleport:v11-arm64" to Quay +- name: Create manifest and push "teleport:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat + "/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && + docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v11-amd64" to Quay + - Tag and push image "teleport:v11-arm" to Quay + - Tag and push image "teleport:v11-arm64" to Quay +- name: Tag and push image "teleport:v11-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v11-amd64" +- name: Tag and push image "teleport:v11-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v11-arm" +- name: Tag and push image "teleport:v11-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v11-arm64" +- name: Create manifest and push "teleport:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v11-amd64" to ECR - production + - Tag and push image "teleport:v11-arm" to ECR - production + - Tag and push image "teleport:v11-arm64" to ECR - production +- name: Create manifest and push "teleport:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v11-amd64" to ECR - production + - Tag and push image "teleport:v11-arm" to ECR - production + - Tag and push image "teleport:v11-arm64" to ECR - production +- name: Create manifest and push "teleport:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker + manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v11-amd64" to ECR - production + - Tag and push image "teleport:v11-arm" to ECR - production + - Tag and push image "teleport:v11-arm64" to ECR - production +- name: Assume S3 Download AWS Role for teleport-ent + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport-ent + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v11 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent") + - curl -Ls -o "/go/build/Dockerfile-teleport-ent" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat + '/go/vars/full-version-v11')/build.assets/charts/Dockerfile" + depends_on: + - Find the latest available semver for v11 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download "teleport-ent_v11-tag_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v11-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v11-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v11-amd64-builder" --config "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v11-amd64-builder" --target + "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg + DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v11-amd64-builder" + - rm -rf "/tmp/teleport-ent-v11-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v11-tag_amd64.deb" artifacts from S3 +- name: Download "teleport-ent_v11-tag_arm.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v11-arm" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v11-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v11-arm-builder" --config "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v11-arm-builder" --target "teleport" + --platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat + "/go/var/full-version")_arm.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v11-arm-builder" + - rm -rf "/tmp/teleport-ent-v11-arm-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v11-tag_arm.deb" artifacts from S3 +- name: Download "teleport-ent_v11-tag_arm64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v11-arm64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v11-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v11-arm64-builder" --config "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v11-arm64-builder" --target + "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg + DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v11-arm64-builder" + - rm -rf "/tmp/teleport-ent-v11-arm64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v11-tag_arm64.deb" artifacts from S3 +- name: Tag and push image "teleport-ent:v11-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v11-amd64" +- name: Tag and push image "teleport-ent:v11-arm" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v11-arm" +- name: Tag and push image "teleport-ent:v11-arm64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v11-arm64" +- name: Create manifest and push "teleport-ent:major-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to ECR - staging + - Tag and push image "teleport-ent:v11-arm" to ECR - staging + - Tag and push image "teleport-ent:v11-arm64" to ECR - staging +- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to ECR - staging + - Tag and push image "teleport-ent:v11-arm" to ECR - staging + - Tag and push image "teleport-ent:v11-arm64" to ECR - staging +- name: Create manifest and push "teleport-ent:full-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to ECR - staging + - Tag and push image "teleport-ent:v11-arm" to ECR - staging + - Tag and push image "teleport-ent:v11-arm64" to ECR - staging +- name: Tag and push image "teleport-ent:v11-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v11-amd64" +- name: Tag and push image "teleport-ent:v11-arm" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v11-arm" +- name: Tag and push image "teleport-ent:v11-arm64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v11-arm64" +- name: Create manifest and push "teleport-ent:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to Quay + - Tag and push image "teleport-ent:v11-arm" to Quay + - Tag and push image "teleport-ent:v11-arm64" to Quay +- name: Create manifest and push "teleport-ent:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to Quay + - Tag and push image "teleport-ent:v11-arm" to Quay + - Tag and push image "teleport-ent:v11-arm64" to Quay +- name: Create manifest and push "teleport-ent:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat + "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to Quay + - Tag and push image "teleport-ent:v11-arm" to Quay + - Tag and push image "teleport-ent:v11-arm64" to Quay +- name: Tag and push image "teleport-ent:v11-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v11-amd64" +- name: Tag and push image "teleport-ent:v11-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v11-arm" +- name: Tag and push image "teleport-ent:v11-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v11-arm64" +- name: Create manifest and push "teleport-ent:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to ECR - production + - Tag and push image "teleport-ent:v11-arm" to ECR - production + - Tag and push image "teleport-ent:v11-arm64" to ECR - production +- name: Create manifest and push "teleport-ent:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to ECR - production + - Tag and push image "teleport-ent:v11-arm" to ECR - production + - Tag and push image "teleport-ent:v11-arm64" to ECR - production +- name: Create manifest and push "teleport-ent:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to ECR - production + - Tag and push image "teleport-ent:v11-arm" to ECR - production + - Tag and push image "teleport-ent:v11-arm64" to ECR - production +- name: Assume S3 Download AWS Role for teleport-ent-fips + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport-ent-fips + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v11 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for + teleport-ent-fips + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips") + - curl -Ls -o "/go/build/Dockerfile-teleport-ent-fips" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat + '/go/vars/full-version-v11')/build.assets/charts/Dockerfile" + depends_on: + - Find the latest available semver for v11 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download "teleport-ent_v11-tag-fips_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent-fips + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent-fips + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips +- name: Build teleport-ent-fips image "teleport-ent:v11-fips-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v11-fips-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v11-fips-amd64-builder" --config "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v11-fips-amd64-builder" --target + "teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips" + --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v11-fips-amd64-builder" + - rm -rf "/tmp/teleport-ent-v11-fips-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v11-tag-fips_amd64.deb" artifacts from S3 +- name: Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found + existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found + existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found + existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent-fips image "teleport-ent:v11-fips-amd64" +- name: Create manifest and push "teleport-ent:major-$TIMESTAMP-fips" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging +- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP-fips" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging +- name: Create manifest and push "teleport-ent:full-$TIMESTAMP-fips" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging +- name: Tag and push image "teleport-ent:v11-fips-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent-fips image "teleport-ent:v11-fips-amd64" +- name: Create manifest and push "teleport-ent:major-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to Quay +- name: Create manifest and push "teleport-ent:minor-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to Quay +- name: Create manifest and push "teleport-ent:full-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && + docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to Quay +- name: Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent-fips image "teleport-ent:v11-fips-amd64" +- name: Create manifest and push "teleport-ent:major-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production +- name: Create manifest and push "teleport-ent:minor-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production +- name: Create manifest and push "teleport-ent:full-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production +- name: Build teleport-operator image "teleport-operator:v11-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" + - mkdir -pv "/tmp/teleport-operator-v11-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-operator-v11-amd64-builder" --config "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-operator-v11-amd64-builder" --platform + "linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport11 --build-arg + COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-operator-v11-amd64-builder" + - rm -rf "/tmp/teleport-operator-v11-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Find the latest available semver for v11 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Build teleport-operator image "teleport-operator:v11-arm" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" + - mkdir -pv "/tmp/teleport-operator-v11-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-operator-v11-arm-builder" --config "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-operator-v11-arm-builder" --platform + "linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11 --build-arg + COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-operator-v11-arm-builder" + - rm -rf "/tmp/teleport-operator-v11-arm-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Find the latest available semver for v11 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Build teleport-operator image "teleport-operator:v11-arm64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" + - mkdir -pv "/tmp/teleport-operator-v11-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-operator-v11-arm64-builder" --config "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-operator-v11-arm64-builder" --platform + "linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11 --build-arg + COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-operator-v11-arm64-builder" + - rm -rf "/tmp/teleport-operator-v11-arm64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Find the latest available semver for v11 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Tag and push image "teleport-operator:v11-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v11-amd64" +- name: Tag and push image "teleport-operator:v11-arm" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v11-arm" +- name: Tag and push image "teleport-operator:v11-arm64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v11-arm64" +- name: Create manifest and push "teleport-operator:major-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to ECR - staging + - Tag and push image "teleport-operator:v11-arm" to ECR - staging + - Tag and push image "teleport-operator:v11-arm64" to ECR - staging +- name: Create manifest and push "teleport-operator:minor-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to ECR - staging + - Tag and push image "teleport-operator:v11-arm" to ECR - staging + - Tag and push image "teleport-operator:v11-arm64" to ECR - staging +- name: Create manifest and push "teleport-operator:full-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to ECR - staging + - Tag and push image "teleport-operator:v11-arm" to ECR - staging + - Tag and push image "teleport-operator:v11-arm64" to ECR - staging +- name: Tag and push image "teleport-operator:v11-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v11-amd64" +- name: Tag and push image "teleport-operator:v11-arm" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v11-arm" +- name: Tag and push image "teleport-operator:v11-arm64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v11-arm64" +- name: Create manifest and push "teleport-operator:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to Quay + - Tag and push image "teleport-operator:v11-arm" to Quay + - Tag and push image "teleport-operator:v11-arm64" to Quay +- name: Create manifest and push "teleport-operator:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to Quay + - Tag and push image "teleport-operator:v11-arm" to Quay + - Tag and push image "teleport-operator:v11-arm64" to Quay +- name: Create manifest and push "teleport-operator:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend + quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend + quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend + quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && + docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to Quay + - Tag and push image "teleport-operator:v11-arm" to Quay + - Tag and push image "teleport-operator:v11-arm64" to Quay +- name: Tag and push image "teleport-operator:v11-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v11-amd64" +- name: Tag and push image "teleport-operator:v11-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v11-arm" +- name: Tag and push image "teleport-operator:v11-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v11-arm64" +- name: Create manifest and push "teleport-operator:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to ECR - production + - Tag and push image "teleport-operator:v11-arm" to ECR - production + - Tag and push image "teleport-operator:v11-arm64" to ECR - production +- name: Create manifest and push "teleport-operator:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to ECR - production + - Tag and push image "teleport-operator:v11-arm" to ECR - production + - Tag and push image "teleport-operator:v11-arm64" to ECR - production +- name: Create manifest and push "teleport-operator:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + && docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to ECR - production + - Tag and push image "teleport-operator:v11-arm" to ECR - production + - Tag and push image "teleport-operator:v11-arm64" to ECR - production +services: +- name: Start Docker + image: docker:dind + privileged: true + volumes: + - name: dockersock + path: /var/run +- name: drone-docker-registry + image: registry:2 + privileged: false + volumes: [] +volumes: +- name: awsconfig + temp: {} +- name: dockersock + temp: {} + +--- +################################################ +# Generated using dronegen, do not edit by hand! +# Use 'make dronegen' to update. +# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline) +################################################ + +kind: pipeline +type: kubernetes +name: teleport-container-images-previous-version-1-cron +environment: + DEBIAN_FRONTEND: noninteractive +trigger: + cron: + include: + - teleport-container-images-cron + repo: + include: + - gravitational/teleport +workspace: + path: /go +clone: + disable: true +steps: +- name: Find the latest available semver for v10 + image: golang:1.18 + commands: + - mkdir -pv "/tmp/teleport" + - cd "/tmp/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "branch/v10" + - mkdir -pv $(dirname "/go/vars/full-version-v10") + - cd "/tmp/teleport/build.assets/tooling/cmd/query-latest" + - go run . "v10" | sed 's/v//' > "/go/vars/full-version-v10" + - echo Found full semver "$(cat "/go/vars/full-version-v10")" for major version + "v10" +- name: Wait for docker + image: docker + commands: + - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + volumes: + - name: dockersock + path: /var/run + depends_on: + - Find the latest available semver for v10 +- name: Wait for docker registry + image: alpine + commands: + - apk add curl + - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" + != "200" ]; do sleep 1; done' + depends_on: + - Find the latest available semver for v10 +- name: Check out code + image: alpine/git:latest + commands: + - mkdir -pv "/go/src/github.com/gravitational/teleport" + - cd "/go/src/github.com/gravitational/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "v$(cat '/go/vars/full-version-v10')" + depends_on: + - Find the latest available semver for v10 +- name: Build major, minor, and full semvers + image: alpine + commands: + - mkdir -pv $(dirname "/go/var/major-version") + - echo v$(cat '/go/vars/full-version-v10') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version" + - echo $(cat "/go/var/major-version") + - mkdir -pv $(dirname "/go/var/minor-version") + - echo v$(cat '/go/vars/full-version-v10') | sed 's/v//' | cut -d'.' -f "1,2" > + "/go/var/minor-version" + - echo $(cat "/go/var/minor-version") + - mkdir -pv $(dirname "/go/var/full-version") + - echo v$(cat '/go/vars/full-version-v10') | sed 's/v//' > "/go/var/full-version" + - echo $(cat "/go/var/full-version") + depends_on: + - Find the latest available semver for v10 +- name: Assume ECR - staging AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-staging + environment: + AWS_ACCESS_KEY_ID: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v10 +- name: Assume ECR - authenticated-pull AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-authenticated-pull + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume ECR - staging AWS Role + - Find the latest available semver for v10 +- name: Assume ECR - production AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-production + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Find the latest available semver for v10 +- name: Assume S3 Download AWS Role for teleport + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v10 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport") + - curl -Ls -o "/go/build/Dockerfile-teleport" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat + '/go/vars/full-version-v10')/build.assets/charts/Dockerfile" + depends_on: + - Find the latest available semver for v10 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download "teleport_v10-tag_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v10-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v10-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v10-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v10-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v10-amd64-builder" --config "/tmp/teleport-v10-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v10-amd64-builder" --target "teleport" + --platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v10-amd64-builder" + - rm -rf "/tmp/teleport-v10-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v10-tag_amd64.deb" artifacts from S3 +- name: Download "teleport_v10-tag_arm.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v10-arm" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v10-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v10-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v10-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v10-arm-builder" --config "/tmp/teleport-v10-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v10-arm-builder" --target "teleport" + --platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v10-arm-builder" + - rm -rf "/tmp/teleport-v10-arm-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v10-tag_arm.deb" artifacts from S3 +- name: Download "teleport_v10-tag_arm64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v10-arm64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v10-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v10-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v10-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v10-arm64-builder" --config "/tmp/teleport-v10-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v10-arm64-builder" --target "teleport" + --platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v10-arm64-builder" + - rm -rf "/tmp/teleport-v10-arm64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v10-tag_arm64.deb" artifacts from S3 +- name: Tag and push image "teleport:v10-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-amd64" +- name: Tag and push image "teleport:v10-arm" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-arm" +- name: Tag and push image "teleport:v10-arm64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-arm64" +- name: Create manifest and push "teleport:major-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to ECR - staging + - Tag and push image "teleport:v10-arm" to ECR - staging + - Tag and push image "teleport:v10-arm64" to ECR - staging +- name: Create manifest and push "teleport:minor-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to ECR - staging + - Tag and push image "teleport:v10-arm" to ECR - staging + - Tag and push image "teleport:v10-arm64" to ECR - staging +- name: Create manifest and push "teleport:full-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to ECR - staging + - Tag and push image "teleport:v10-arm" to ECR - staging + - Tag and push image "teleport:v10-arm64" to ECR - staging +- name: Tag and push image "teleport:v10-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-amd64" +- name: Tag and push image "teleport:v10-arm" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-arm" +- name: Tag and push image "teleport:v10-arm64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-arm64" +- name: Create manifest and push "teleport:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat + "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to Quay + - Tag and push image "teleport:v10-arm" to Quay + - Tag and push image "teleport:v10-arm64" to Quay +- name: Create manifest and push "teleport:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat + "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to Quay + - Tag and push image "teleport:v10-arm" to Quay + - Tag and push image "teleport:v10-arm64" to Quay +- name: Create manifest and push "teleport:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat + "/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && + docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to Quay + - Tag and push image "teleport:v10-arm" to Quay + - Tag and push image "teleport:v10-arm64" to Quay +- name: Tag and push image "teleport:v10-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-amd64" +- name: Tag and push image "teleport:v10-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-arm" +- name: Tag and push image "teleport:v10-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-arm64" +- name: Create manifest and push "teleport:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to ECR - production + - Tag and push image "teleport:v10-arm" to ECR - production + - Tag and push image "teleport:v10-arm64" to ECR - production +- name: Create manifest and push "teleport:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to ECR - production + - Tag and push image "teleport:v10-arm" to ECR - production + - Tag and push image "teleport:v10-arm64" to ECR - production +- name: Create manifest and push "teleport:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker + manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to ECR - production + - Tag and push image "teleport:v10-arm" to ECR - production + - Tag and push image "teleport:v10-arm64" to ECR - production +- name: Assume S3 Download AWS Role for teleport-ent + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport-ent + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v10 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent") + - curl -Ls -o "/go/build/Dockerfile-teleport-ent" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat + '/go/vars/full-version-v10')/build.assets/charts/Dockerfile" + depends_on: + - Find the latest available semver for v10 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download "teleport-ent_v10-tag_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v10-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v10-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v10-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v10-amd64-builder" --config "/tmp/teleport-ent-v10-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v10-amd64-builder" --target + "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg + DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v10-amd64-builder" + - rm -rf "/tmp/teleport-ent-v10-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v10-tag_amd64.deb" artifacts from S3 +- name: Download "teleport-ent_v10-tag_arm.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v10-arm" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v10-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v10-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v10-arm-builder" --config "/tmp/teleport-ent-v10-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v10-arm-builder" --target "teleport" + --platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat + "/go/var/full-version")_arm.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v10-arm-builder" + - rm -rf "/tmp/teleport-ent-v10-arm-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v10-tag_arm.deb" artifacts from S3 +- name: Download "teleport-ent_v10-tag_arm64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v10-arm64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v10-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v10-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v10-arm64-builder" --config "/tmp/teleport-ent-v10-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v10-arm64-builder" --target + "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg + DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v10-arm64-builder" + - rm -rf "/tmp/teleport-ent-v10-arm64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v10-tag_arm64.deb" artifacts from S3 +- name: Tag and push image "teleport-ent:v10-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-amd64" +- name: Tag and push image "teleport-ent:v10-arm" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-arm" +- name: Tag and push image "teleport-ent:v10-arm64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-arm64" +- name: Create manifest and push "teleport-ent:major-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to ECR - staging + - Tag and push image "teleport-ent:v10-arm" to ECR - staging + - Tag and push image "teleport-ent:v10-arm64" to ECR - staging +- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to ECR - staging + - Tag and push image "teleport-ent:v10-arm" to ECR - staging + - Tag and push image "teleport-ent:v10-arm64" to ECR - staging +- name: Create manifest and push "teleport-ent:full-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to ECR - staging + - Tag and push image "teleport-ent:v10-arm" to ECR - staging + - Tag and push image "teleport-ent:v10-arm64" to ECR - staging +- name: Tag and push image "teleport-ent:v10-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-amd64" +- name: Tag and push image "teleport-ent:v10-arm" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-arm" +- name: Tag and push image "teleport-ent:v10-arm64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-arm64" +- name: Create manifest and push "teleport-ent:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to Quay + - Tag and push image "teleport-ent:v10-arm" to Quay + - Tag and push image "teleport-ent:v10-arm64" to Quay +- name: Create manifest and push "teleport-ent:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to Quay + - Tag and push image "teleport-ent:v10-arm" to Quay + - Tag and push image "teleport-ent:v10-arm64" to Quay +- name: Create manifest and push "teleport-ent:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat + "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to Quay + - Tag and push image "teleport-ent:v10-arm" to Quay + - Tag and push image "teleport-ent:v10-arm64" to Quay +- name: Tag and push image "teleport-ent:v10-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-amd64" +- name: Tag and push image "teleport-ent:v10-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-arm" +- name: Tag and push image "teleport-ent:v10-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-arm64" +- name: Create manifest and push "teleport-ent:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to ECR - production + - Tag and push image "teleport-ent:v10-arm" to ECR - production + - Tag and push image "teleport-ent:v10-arm64" to ECR - production +- name: Create manifest and push "teleport-ent:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to ECR - production + - Tag and push image "teleport-ent:v10-arm" to ECR - production + - Tag and push image "teleport-ent:v10-arm64" to ECR - production +- name: Create manifest and push "teleport-ent:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to ECR - production + - Tag and push image "teleport-ent:v10-arm" to ECR - production + - Tag and push image "teleport-ent:v10-arm64" to ECR - production +- name: Assume S3 Download AWS Role for teleport-ent-fips + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport-ent-fips + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v10 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for + teleport-ent-fips + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips") + - curl -Ls -o "/go/build/Dockerfile-teleport-ent-fips" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat + '/go/vars/full-version-v10')/build.assets/charts/Dockerfile" + depends_on: + - Find the latest available semver for v10 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download "teleport-ent_v10-tag-fips_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent-fips + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent-fips + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips +- name: Build teleport-ent-fips image "teleport-ent:v10-fips-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v10-fips-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-fips-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v10-fips-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v10-fips-amd64-builder" --config "/tmp/teleport-ent-v10-fips-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v10-fips-amd64-builder" --target + "teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips" + --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v10-fips-amd64-builder" + - rm -rf "/tmp/teleport-ent-v10-fips-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v10-tag-fips_amd64.deb" artifacts from S3 +- name: Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found + existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found + existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found + existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent-fips image "teleport-ent:v10-fips-amd64" +- name: Create manifest and push "teleport-ent:major-$TIMESTAMP-fips" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging +- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP-fips" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging +- name: Create manifest and push "teleport-ent:full-$TIMESTAMP-fips" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging +- name: Tag and push image "teleport-ent:v10-fips-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent-fips image "teleport-ent:v10-fips-amd64" +- name: Create manifest and push "teleport-ent:major-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to Quay +- name: Create manifest and push "teleport-ent:minor-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to Quay +- name: Create manifest and push "teleport-ent:full-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && + docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to Quay +- name: Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent-fips image "teleport-ent:v10-fips-amd64" +- name: Create manifest and push "teleport-ent:major-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production +- name: Create manifest and push "teleport-ent:minor-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production +- name: Create manifest and push "teleport-ent:full-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production +- name: Build teleport-operator image "teleport-operator:v10-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" + - mkdir -pv "/tmp/teleport-operator-v10-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-operator-v10-amd64-builder" --config "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-operator-v10-amd64-builder" --platform + "linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport11 --build-arg + COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-operator-v10-amd64-builder" + - rm -rf "/tmp/teleport-operator-v10-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Find the latest available semver for v10 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Build teleport-operator image "teleport-operator:v10-arm" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" + - mkdir -pv "/tmp/teleport-operator-v10-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-operator-v10-arm-builder" --config "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-operator-v10-arm-builder" --platform + "linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11 --build-arg + COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-operator-v10-arm-builder" + - rm -rf "/tmp/teleport-operator-v10-arm-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Find the latest available semver for v10 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Build teleport-operator image "teleport-operator:v10-arm64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" + - mkdir -pv "/tmp/teleport-operator-v10-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-operator-v10-arm64-builder" --config "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-operator-v10-arm64-builder" --platform + "linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11 --build-arg + COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-operator-v10-arm64-builder" + - rm -rf "/tmp/teleport-operator-v10-arm64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Find the latest available semver for v10 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Tag and push image "teleport-operator:v10-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-amd64" +- name: Tag and push image "teleport-operator:v10-arm" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-arm" +- name: Tag and push image "teleport-operator:v10-arm64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-arm64" +- name: Create manifest and push "teleport-operator:major-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to ECR - staging + - Tag and push image "teleport-operator:v10-arm" to ECR - staging + - Tag and push image "teleport-operator:v10-arm64" to ECR - staging +- name: Create manifest and push "teleport-operator:minor-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to ECR - staging + - Tag and push image "teleport-operator:v10-arm" to ECR - staging + - Tag and push image "teleport-operator:v10-arm64" to ECR - staging +- name: Create manifest and push "teleport-operator:full-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to ECR - staging + - Tag and push image "teleport-operator:v10-arm" to ECR - staging + - Tag and push image "teleport-operator:v10-arm64" to ECR - staging +- name: Tag and push image "teleport-operator:v10-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-amd64" +- name: Tag and push image "teleport-operator:v10-arm" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-arm" +- name: Tag and push image "teleport-operator:v10-arm64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-arm64" +- name: Create manifest and push "teleport-operator:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to Quay + - Tag and push image "teleport-operator:v10-arm" to Quay + - Tag and push image "teleport-operator:v10-arm64" to Quay +- name: Create manifest and push "teleport-operator:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to Quay + - Tag and push image "teleport-operator:v10-arm" to Quay + - Tag and push image "teleport-operator:v10-arm64" to Quay +- name: Create manifest and push "teleport-operator:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend + quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend + quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend + quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && + docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to Quay + - Tag and push image "teleport-operator:v10-arm" to Quay + - Tag and push image "teleport-operator:v10-arm64" to Quay +- name: Tag and push image "teleport-operator:v10-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-amd64" +- name: Tag and push image "teleport-operator:v10-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-arm" +- name: Tag and push image "teleport-operator:v10-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-arm64" +- name: Create manifest and push "teleport-operator:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to ECR - production + - Tag and push image "teleport-operator:v10-arm" to ECR - production + - Tag and push image "teleport-operator:v10-arm64" to ECR - production +- name: Create manifest and push "teleport-operator:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to ECR - production + - Tag and push image "teleport-operator:v10-arm" to ECR - production + - Tag and push image "teleport-operator:v10-arm64" to ECR - production +- name: Create manifest and push "teleport-operator:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + && docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to ECR - production + - Tag and push image "teleport-operator:v10-arm" to ECR - production + - Tag and push image "teleport-operator:v10-arm64" to ECR - production +services: +- name: Start Docker + image: docker:dind + privileged: true + volumes: + - name: dockersock + path: /var/run +- name: drone-docker-registry + image: registry:2 + privileged: false + volumes: [] +volumes: +- name: awsconfig + temp: {} +- name: dockersock + temp: {} + +--- +################################################ +# Generated using dronegen, do not edit by hand! +# Use 'make dronegen' to update. +# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline) +################################################ + +kind: pipeline +type: kubernetes +name: teleport-container-images-previous-version-2-cron +environment: + DEBIAN_FRONTEND: noninteractive +trigger: + cron: + include: + - teleport-container-images-cron + repo: + include: + - gravitational/teleport +workspace: + path: /go +clone: + disable: true +steps: +- name: Find the latest available semver for v9 + image: golang:1.18 + commands: + - mkdir -pv "/tmp/teleport" + - cd "/tmp/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "branch/v9" + - mkdir -pv $(dirname "/go/vars/full-version-v9") + - cd "/tmp/teleport/build.assets/tooling/cmd/query-latest" + - go run . "v9" | sed 's/v//' > "/go/vars/full-version-v9" + - echo Found full semver "$(cat "/go/vars/full-version-v9")" for major version "v9" +- name: Wait for docker + image: docker + commands: + - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + volumes: + - name: dockersock + path: /var/run + depends_on: + - Find the latest available semver for v9 +- name: Wait for docker registry + image: alpine + commands: + - apk add curl + - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" + != "200" ]; do sleep 1; done' + depends_on: + - Find the latest available semver for v9 +- name: Check out code + image: alpine/git:latest + commands: + - mkdir -pv "/go/src/github.com/gravitational/teleport" + - cd "/go/src/github.com/gravitational/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "v$(cat '/go/vars/full-version-v9')" + depends_on: + - Find the latest available semver for v9 +- name: Build major, minor, and full semvers + image: alpine + commands: + - mkdir -pv $(dirname "/go/var/major-version") + - echo v$(cat '/go/vars/full-version-v9') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version" + - echo $(cat "/go/var/major-version") + - mkdir -pv $(dirname "/go/var/minor-version") + - echo v$(cat '/go/vars/full-version-v9') | sed 's/v//' | cut -d'.' -f "1,2" > "/go/var/minor-version" + - echo $(cat "/go/var/minor-version") + - mkdir -pv $(dirname "/go/var/full-version") + - echo v$(cat '/go/vars/full-version-v9') | sed 's/v//' > "/go/var/full-version" + - echo $(cat "/go/var/full-version") + depends_on: + - Find the latest available semver for v9 +- name: Assume ECR - staging AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-staging + environment: + AWS_ACCESS_KEY_ID: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v9 +- name: Assume ECR - authenticated-pull AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-authenticated-pull + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume ECR - staging AWS Role + - Find the latest available semver for v9 +- name: Assume ECR - production AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-production + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Find the latest available semver for v9 +- name: Assume S3 Download AWS Role for teleport + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v9 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport") + - curl -Ls -o "/go/build/Dockerfile-teleport" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat + '/go/vars/full-version-v9')/build.assets/charts/Dockerfile" + depends_on: + - Find the latest available semver for v9 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download "teleport_v9-tag_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v9-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v9-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v9-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v9-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v9-amd64-builder" --config "/tmp/teleport-v9-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v9-amd64-builder" --target "teleport" + --platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v9-amd64-builder" + - rm -rf "/tmp/teleport-v9-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v9-tag_amd64.deb" artifacts from S3 +- name: Download "teleport_v9-tag_arm.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v9-arm" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v9-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v9-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v9-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v9-arm-builder" --config "/tmp/teleport-v9-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v9-arm-builder" --target "teleport" + --platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v9-arm-builder" + - rm -rf "/tmp/teleport-v9-arm-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v9-tag_arm.deb" artifacts from S3 +- name: Download "teleport_v9-tag_arm64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v9-arm64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v9-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v9-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v9-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v9-arm64-builder" --config "/tmp/teleport-v9-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v9-arm64-builder" --target "teleport" + --platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v9-arm64-builder" + - rm -rf "/tmp/teleport-v9-arm64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v9-tag_arm64.deb" artifacts from S3 +- name: Tag and push image "teleport:v9-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v9-amd64" +- name: Tag and push image "teleport:v9-arm" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v9-arm" +- name: Tag and push image "teleport:v9-arm64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v9-arm64" +- name: Create manifest and push "teleport:major-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v9-amd64" to ECR - staging + - Tag and push image "teleport:v9-arm" to ECR - staging + - Tag and push image "teleport:v9-arm64" to ECR - staging +- name: Create manifest and push "teleport:minor-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v9-amd64" to ECR - staging + - Tag and push image "teleport:v9-arm" to ECR - staging + - Tag and push image "teleport:v9-arm64" to ECR - staging +- name: Create manifest and push "teleport:full-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v9-amd64" to ECR - staging + - Tag and push image "teleport:v9-arm" to ECR - staging + - Tag and push image "teleport:v9-arm64" to ECR - staging +- name: Tag and push image "teleport:v9-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v9-amd64" +- name: Tag and push image "teleport:v9-arm" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v9-arm" +- name: Tag and push image "teleport:v9-arm64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v9-arm64" +- name: Create manifest and push "teleport:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat + "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v9-amd64" to Quay + - Tag and push image "teleport:v9-arm" to Quay + - Tag and push image "teleport:v9-arm64" to Quay +- name: Create manifest and push "teleport:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat + "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v9-amd64" to Quay + - Tag and push image "teleport:v9-arm" to Quay + - Tag and push image "teleport:v9-arm64" to Quay +- name: Create manifest and push "teleport:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat + "/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && + docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v9-amd64" to Quay + - Tag and push image "teleport:v9-arm" to Quay + - Tag and push image "teleport:v9-arm64" to Quay +- name: Tag and push image "teleport:v9-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v9-amd64" +- name: Tag and push image "teleport:v9-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v9-arm" +- name: Tag and push image "teleport:v9-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v9-arm64" +- name: Create manifest and push "teleport:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v9-amd64" to ECR - production + - Tag and push image "teleport:v9-arm" to ECR - production + - Tag and push image "teleport:v9-arm64" to ECR - production +- name: Create manifest and push "teleport:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v9-amd64" to ECR - production + - Tag and push image "teleport:v9-arm" to ECR - production + - Tag and push image "teleport:v9-arm64" to ECR - production +- name: Create manifest and push "teleport:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker + manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v9-amd64" to ECR - production + - Tag and push image "teleport:v9-arm" to ECR - production + - Tag and push image "teleport:v9-arm64" to ECR - production +- name: Assume S3 Download AWS Role for teleport-ent + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport-ent + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v9 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent") + - curl -Ls -o "/go/build/Dockerfile-teleport-ent" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat + '/go/vars/full-version-v9')/build.assets/charts/Dockerfile" + depends_on: + - Find the latest available semver for v9 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download "teleport-ent_v9-tag_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v9-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v9-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v9-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v9-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v9-amd64-builder" --config "/tmp/teleport-ent-v9-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v9-amd64-builder" --target + "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg + DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v9-amd64-builder" + - rm -rf "/tmp/teleport-ent-v9-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v9-tag_amd64.deb" artifacts from S3 +- name: Download "teleport-ent_v9-tag_arm.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v9-arm" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v9-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v9-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v9-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v9-arm-builder" --config "/tmp/teleport-ent-v9-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v9-arm-builder" --target "teleport" + --platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat + "/go/var/full-version")_arm.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v9-arm-builder" + - rm -rf "/tmp/teleport-ent-v9-arm-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v9-tag_arm.deb" artifacts from S3 +- name: Download "teleport-ent_v9-tag_arm64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v9-arm64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v9-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v9-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v9-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v9-arm64-builder" --config "/tmp/teleport-ent-v9-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v9-arm64-builder" --target + "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg + DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v9-arm64-builder" + - rm -rf "/tmp/teleport-ent-v9-arm64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v9-tag_arm64.deb" artifacts from S3 +- name: Tag and push image "teleport-ent:v9-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v9-amd64" +- name: Tag and push image "teleport-ent:v9-arm" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v9-arm" +- name: Tag and push image "teleport-ent:v9-arm64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v9-arm64" +- name: Create manifest and push "teleport-ent:major-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-amd64" to ECR - staging + - Tag and push image "teleport-ent:v9-arm" to ECR - staging + - Tag and push image "teleport-ent:v9-arm64" to ECR - staging +- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-amd64" to ECR - staging + - Tag and push image "teleport-ent:v9-arm" to ECR - staging + - Tag and push image "teleport-ent:v9-arm64" to ECR - staging +- name: Create manifest and push "teleport-ent:full-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-amd64" to ECR - staging + - Tag and push image "teleport-ent:v9-arm" to ECR - staging + - Tag and push image "teleport-ent:v9-arm64" to ECR - staging +- name: Tag and push image "teleport-ent:v9-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v9-amd64" +- name: Tag and push image "teleport-ent:v9-arm" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v9-arm" +- name: Tag and push image "teleport-ent:v9-arm64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v9-arm64" +- name: Create manifest and push "teleport-ent:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-amd64" to Quay + - Tag and push image "teleport-ent:v9-arm" to Quay + - Tag and push image "teleport-ent:v9-arm64" to Quay +- name: Create manifest and push "teleport-ent:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-amd64" to Quay + - Tag and push image "teleport-ent:v9-arm" to Quay + - Tag and push image "teleport-ent:v9-arm64" to Quay +- name: Create manifest and push "teleport-ent:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat + "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-amd64" to Quay + - Tag and push image "teleport-ent:v9-arm" to Quay + - Tag and push image "teleport-ent:v9-arm64" to Quay +- name: Tag and push image "teleport-ent:v9-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v9-amd64" +- name: Tag and push image "teleport-ent:v9-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v9-arm" +- name: Tag and push image "teleport-ent:v9-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v9-arm64" +- name: Create manifest and push "teleport-ent:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-amd64" to ECR - production + - Tag and push image "teleport-ent:v9-arm" to ECR - production + - Tag and push image "teleport-ent:v9-arm64" to ECR - production +- name: Create manifest and push "teleport-ent:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-amd64" to ECR - production + - Tag and push image "teleport-ent:v9-arm" to ECR - production + - Tag and push image "teleport-ent:v9-arm64" to ECR - production +- name: Create manifest and push "teleport-ent:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-amd64" to ECR - production + - Tag and push image "teleport-ent:v9-arm" to ECR - production + - Tag and push image "teleport-ent:v9-arm64" to ECR - production +- name: Assume S3 Download AWS Role for teleport-ent-fips + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport-ent-fips + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v9 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for + teleport-ent-fips + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips") + - curl -Ls -o "/go/build/Dockerfile-teleport-ent-fips" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat + '/go/vars/full-version-v9')/build.assets/charts/Dockerfile" + depends_on: + - Find the latest available semver for v9 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download "teleport-ent_v9-tag-fips_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent-fips + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent-fips + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips +- name: Build teleport-ent-fips image "teleport-ent:v9-fips-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v9-fips-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v9-fips-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v9-fips-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v9-fips-amd64-builder" --config "/tmp/teleport-ent-v9-fips-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v9-fips-amd64-builder" --target + "teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips" + --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v9-fips-amd64-builder" + - rm -rf "/tmp/teleport-ent-v9-fips-amd64-builder" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Build teleport-operator image "teleport-operator:v10-arm64" -- name: Create manifest and push "teleport-operator:major-$TIMESTAMP" to ECR - staging + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v9-tag-fips_amd64.deb" artifacts from S3 +- name: Tag and push image "teleport-ent:v9-fips-amd64" to ECR - staging image: docker commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, - skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/major-version")-$TIMESTAMP) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found + existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found + existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found + existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Tag and push image "teleport-operator:v10-amd64" to ECR - staging - - Tag and push image "teleport-operator:v10-arm" to ECR - staging - - Tag and push image "teleport-operator:v10-arm64" to ECR - staging -- name: Create manifest and push "teleport-operator:minor-$TIMESTAMP" to ECR - staging + - Build teleport-ent-fips image "teleport-ent:v9-fips-amd64" +- name: Create manifest and push "teleport-ent:major-$TIMESTAMP-fips" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, - skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/minor-version")-$TIMESTAMP) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Tag and push image "teleport-operator:v10-amd64" to ECR - staging - - Tag and push image "teleport-operator:v10-arm" to ECR - staging - - Tag and push image "teleport-operator:v10-arm64" to ECR - staging -- name: Create manifest and push "teleport-operator:full-$TIMESTAMP" to ECR - staging + - Tag and push image "teleport-ent:v9-fips-amd64" to ECR - staging +- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP-fips" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, - skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat - "/go/var/full-version")-$TIMESTAMP) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET - volumes: - - name: dockersock - path: /var/run - depends_on: - - Tag and push image "teleport-operator:v10-amd64" to ECR - staging - - Tag and push image "teleport-operator:v10-arm" to ECR - staging - - Tag and push image "teleport-operator:v10-arm64" to ECR - staging -- name: Tag and push image "teleport-operator:v10-amd64" to Quay - image: docker - commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 - && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64) - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - - docker logout "quay.io" - environment: - QUAY_PASSWORD: - from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD - QUAY_USERNAME: - from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Build teleport-operator image "teleport-operator:v10-amd64" -- name: Tag and push image "teleport-operator:v10-arm" to Quay + - Tag and push image "teleport-ent:v9-fips-amd64" to ECR - staging +- name: Create manifest and push "teleport-ent:full-$TIMESTAMP-fips" to ECR - staging image: docker commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm - && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm) - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - - docker logout "quay.io" + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - QUAY_PASSWORD: - from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD - QUAY_USERNAME: - from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Build teleport-operator image "teleport-operator:v10-arm" -- name: Tag and push image "teleport-operator:v10-arm64" to Quay + - Tag and push image "teleport-ent:v9-fips-amd64" to ECR - staging +- name: Tag and push image "teleport-ent:v9-fips-amd64" to Quay image: docker commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 - && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64) - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker logout "quay.io" environment: QUAY_PASSWORD: @@ -10643,19 +18020,19 @@ steps: QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Build teleport-operator image "teleport-operator:v10-arm64" -- name: Create manifest and push "teleport-operator:major" to Quay + - Build teleport-ent-fips image "teleport-ent:v9-fips-amd64" +- name: Create manifest and push "teleport-ent:major-fips" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") - --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips - docker logout "quay.io" environment: QUAY_PASSWORD: @@ -10663,21 +18040,19 @@ steps: QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Tag and push image "teleport-operator:v10-amd64" to Quay - - Tag and push image "teleport-operator:v10-arm" to Quay - - Tag and push image "teleport-operator:v10-arm64" to Quay -- name: Create manifest and push "teleport-operator:minor" to Quay + - Tag and push image "teleport-ent:v9-fips-amd64" to Quay +- name: Create manifest and push "teleport-ent:minor-fips" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") - --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips - docker logout "quay.io" environment: QUAY_PASSWORD: @@ -10685,301 +18060,124 @@ steps: QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Tag and push image "teleport-operator:v10-amd64" to Quay - - Tag and push image "teleport-operator:v10-arm" to Quay - - Tag and push image "teleport-operator:v10-arm64" to Quay -- name: Create manifest and push "teleport-operator:full" to Quay + - Tag and push image "teleport-ent:v9-fips-amd64" to Quay +- name: Create manifest and push "teleport-ent:full-fips" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest - create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend - quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend - quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend - quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")) - - docker logout "quay.io" - environment: - QUAY_PASSWORD: - from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD - QUAY_USERNAME: - from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME - volumes: - - name: dockersock - path: /var/run - depends_on: - - Tag and push image "teleport-operator:v10-amd64" to Quay - - Tag and push image "teleport-operator:v10-arm" to Quay - - Tag and push image "teleport-operator:v10-arm64" to Quay -- name: Tag and push image "teleport-operator:v10-amd64" to ECR - production - image: docker - commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - - apk add --no-cache aws-cli - - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin - public.ecr.aws - - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat - "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat - "/go/var/full-version")-amd64) - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - - docker logout "public.ecr.aws" - environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET - volumes: - - name: dockersock - path: /var/run - depends_on: - - Build teleport-operator image "teleport-operator:v10-amd64" -- name: Tag and push image "teleport-operator:v10-arm" to ECR - production - image: docker - commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - - apk add --no-cache aws-cli - - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin - public.ecr.aws - - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat - "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat - "/go/var/full-version")-arm) - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - - docker logout "public.ecr.aws" - environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET - volumes: - - name: dockersock - path: /var/run - depends_on: - - Build teleport-operator image "teleport-operator:v10-arm" -- name: Tag and push image "teleport-operator:v10-arm64" to ECR - production - image: docker - commands: - - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - - apk add --no-cache aws-cli - - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin - public.ecr.aws - - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat - "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat - "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat - "/go/var/full-version")-arm64) - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - - docker logout "public.ecr.aws" - environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && + docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Build teleport-operator image "teleport-operator:v10-arm64" -- name: Create manifest and push "teleport-operator:major" to ECR - production + - Tag and push image "teleport-ent:v9-fips-amd64" to Quay +- name: Tag and push image "teleport-ent:v9-fips-amd64" to ECR - production image: docker commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker logout "public.ecr.aws" environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-production volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Tag and push image "teleport-operator:v10-amd64" to ECR - production - - Tag and push image "teleport-operator:v10-arm" to ECR - production - - Tag and push image "teleport-operator:v10-arm64" to ECR - production -- name: Create manifest and push "teleport-operator:minor" to ECR - production + - Build teleport-ent-fips image "teleport-ent:v9-fips-amd64" +- name: Create manifest and push "teleport-ent:major-fips" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips - docker logout "public.ecr.aws" environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-production volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Tag and push image "teleport-operator:v10-amd64" to ECR - production - - Tag and push image "teleport-operator:v10-arm" to ECR - production - - Tag and push image "teleport-operator:v10-arm64" to ECR - production -- name: Create manifest and push "teleport-operator:full" to ECR - production + - Tag and push image "teleport-ent:v9-fips-amd64" to ECR - production +- name: Create manifest and push "teleport-ent:minor-fips" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") - > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest - create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm - --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 - && docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")) + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips - docker logout "public.ecr.aws" environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-production volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Tag and push image "teleport-operator:v10-amd64" to ECR - production - - Tag and push image "teleport-operator:v10-arm" to ECR - production - - Tag and push image "teleport-operator:v10-arm64" to ECR - production -services: -- name: Start Docker - image: docker:dind - privileged: true - volumes: - - name: dockersock - path: /var/run -- name: drone-docker-registry - image: registry:2 - privileged: false - volumes: [] -volumes: -- name: dockersock - temp: {} - ---- -################################################ -# Generated using dronegen, do not edit by hand! -# Use 'make dronegen' to update. -# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline) -################################################ - -kind: pipeline -type: kubernetes -name: teleport-container-images-previous-version-2-cron -environment: - DEBIAN_FRONTEND: noninteractive -trigger: - cron: - include: - - teleport-container-images-cron - repo: - include: - - gravitational/teleport -workspace: - path: /go -clone: - disable: true -steps: -- name: Find the latest available semver for v9 - image: golang:1.18 - commands: - - mkdir -pv "/tmp/teleport" - - cd "/tmp/teleport" - - git init - - git remote add origin ${DRONE_REMOTE_URL} - - git fetch origin --tags - - git checkout -qf "branch/v9" - - mkdir -pv "/go/vars/full-version" - - cd "/tmp/teleport/build.assets/tooling/cmd/query-latest" - - go run . "v9" > "/go/vars/full-version/v9" - - echo Found full semver "$(cat "/go/vars/full-version/v9")" for major version "v9" -- name: Wait for docker + - Tag and push image "teleport-ent:v9-fips-amd64" to ECR - production +- name: Create manifest and push "teleport-ent:full-fips" to ECR - production image: docker commands: - - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: - - Find the latest available semver for v9 -- name: Wait for docker registry - image: alpine - commands: - - apk add curl - - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" - != "200" ]; do sleep 1; done' - depends_on: - - Find the latest available semver for v9 - - Wait for docker -- name: Check out code - image: alpine/git:latest - commands: - - mkdir -pv "/go/src/github.com/gravitational/teleport" - - cd "/go/src/github.com/gravitational/teleport" - - git init - - git remote add origin ${DRONE_REMOTE_URL} - - git fetch origin --tags - - git checkout -qf "$(cat '/go/vars/full-version/v9')" - depends_on: - - Find the latest available semver for v9 - - Wait for docker - - Wait for docker registry -- name: Build major, minor, and full semvers - image: alpine - commands: - - mkdir -pv $(dirname "/go/var/major-version") - - echo $(cat '/go/vars/full-version/v9') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version" - - echo $(cat "/go/var/major-version") - - mkdir -pv $(dirname "/go/var/minor-version") - - echo $(cat '/go/vars/full-version/v9') | sed 's/v//' | cut -d'.' -f "1,2" > "/go/var/minor-version" - - echo $(cat "/go/var/minor-version") - - mkdir -pv $(dirname "/go/var/full-version") - - echo $(cat '/go/vars/full-version/v9') | sed 's/v//' > "/go/var/full-version" - - echo $(cat "/go/var/full-version") - depends_on: - - Find the latest available semver for v9 - - Wait for docker - - Wait for docker registry - - Check out code + - Tag and push image "teleport-ent:v9-fips-amd64" to ECR - production - name: Build teleport-operator image "teleport-operator:v9-amd64" image: docker commands: - - echo 'Sleeping 0s to avoid registry pull rate limits' && sleep 0 - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - mkdir -pv "/tmp/teleport-operator-v9-amd64-builder" @@ -10987,28 +18185,38 @@ steps: - echo ' http = true' >> "/tmp/teleport-operator-v9-amd64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-operator-v9-amd64-builder" --config "/tmp/teleport-operator-v9-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws - docker buildx build --push --builder "teleport-operator-v9-amd64-builder" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg - "BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport11" --build-arg - "COMPILER_NAME=x86_64-linux-gnu-gcc" /go/src/github.com/gravitational/teleport + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport11 --build-arg + COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" - docker buildx rm "teleport-operator-v9-amd64-builder" - rm -rf "/tmp/teleport-operator-v9-amd64-builder" environment: + AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: + - Assume ECR - authenticated-pull AWS Role - Find the latest available semver for v9 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role - name: Build teleport-operator image "teleport-operator:v9-arm" image: docker commands: - - echo 'Sleeping 5s to avoid registry pull rate limits' && sleep 5 - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - mkdir -pv "/tmp/teleport-operator-v9-arm-builder" @@ -11016,28 +18224,38 @@ steps: - echo ' http = true' >> "/tmp/teleport-operator-v9-arm-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-operator-v9-arm-builder" --config "/tmp/teleport-operator-v9-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws - docker buildx build --push --builder "teleport-operator-v9-arm-builder" --platform "linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg - "BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11" --build-arg - "COMPILER_NAME=arm-linux-gnueabihf-gcc" /go/src/github.com/gravitational/teleport + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11 --build-arg + COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" - docker buildx rm "teleport-operator-v9-arm-builder" - rm -rf "/tmp/teleport-operator-v9-arm-builder" environment: + AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: + - Assume ECR - authenticated-pull AWS Role - Find the latest available semver for v9 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role - name: Build teleport-operator image "teleport-operator:v9-arm64" image: docker commands: - - echo 'Sleeping 10s to avoid registry pull rate limits' && sleep 10 - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - mkdir -pv "/tmp/teleport-operator-v9-arm64-builder" @@ -11045,24 +18263,35 @@ steps: - echo ' http = true' >> "/tmp/teleport-operator-v9-arm64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-operator-v9-arm64-builder" --config "/tmp/teleport-operator-v9-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws - docker buildx build --push --builder "teleport-operator-v9-arm64-builder" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg - "BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11" --build-arg - "COMPILER_NAME=aarch64-linux-gnu-gcc" /go/src/github.com/gravitational/teleport + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11 --build-arg + COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" - docker buildx rm "teleport-operator-v9-arm64-builder" - rm -rf "/tmp/teleport-operator-v9-arm64-builder" environment: + AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: + - Assume ECR - authenticated-pull AWS Role - Find the latest available semver for v9 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role - name: Tag and push image "teleport-operator:v9-amd64" to ECR - staging image: docker commands: @@ -11091,11 +18320,10 @@ steps: "/go/var/minor-version")-$TIMESTAMP-amd64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: @@ -11128,11 +18356,10 @@ steps: "/go/var/minor-version")-$TIMESTAMP-arm) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: @@ -11165,11 +18392,10 @@ steps: "/go/var/minor-version")-$TIMESTAMP-arm64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: @@ -11191,11 +18417,10 @@ steps: "/go/var/major-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: @@ -11219,11 +18444,10 @@ steps: "/go/var/minor-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: @@ -11247,11 +18471,10 @@ steps: "/go/var/full-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-staging volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: @@ -11280,6 +18503,8 @@ steps: QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: @@ -11306,6 +18531,8 @@ steps: QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: @@ -11332,6 +18559,8 @@ steps: QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: @@ -11352,6 +18581,8 @@ steps: QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: @@ -11374,6 +18605,8 @@ steps: QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: @@ -11398,6 +18631,8 @@ steps: QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: @@ -11424,11 +18659,10 @@ steps: - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - docker logout "public.ecr.aws" environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-production volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: @@ -11453,11 +18687,10 @@ steps: - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - docker logout "public.ecr.aws" environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-production volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: @@ -11482,11 +18715,10 @@ steps: - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker logout "public.ecr.aws" environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-production volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: @@ -11504,11 +18736,10 @@ steps: - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") - docker logout "public.ecr.aws" environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-production volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: @@ -11528,11 +18759,10 @@ steps: - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") - docker logout "public.ecr.aws" environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-production volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: @@ -11554,11 +18784,10 @@ steps: && docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")) - docker logout "public.ecr.aws" environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + AWS_PROFILE: ecr-production volumes: + - name: awsconfig + path: /root/.aws - name: dockersock path: /var/run depends_on: @@ -11577,10 +18806,12 @@ services: privileged: false volumes: [] volumes: +- name: awsconfig + temp: {} - name: dockersock temp: {} --- kind: signature -hmac: 6949186be54eb7dcaf7703a9a06127ba64b6ba3400724c81f3945d92965de2eb +hmac: 9732eb0c3ec2fb74845174e68847320a4c2d88486209fe5326f9f89bbb07152b ... diff --git a/Makefile b/Makefile index 014e9a8aed4ae..d287b292fc925 100644 --- a/Makefile +++ b/Makefile @@ -13,10 +13,7 @@ # Master/dev branch: "1.0.0-dev" VERSION=12.0.0-dev -DOCKER_IMAGE_QUAY ?= quay.io/gravitational/teleport -DOCKER_IMAGE_ECR ?= public.ecr.aws/gravitational/teleport -DOCKER_IMAGE_STAGING ?= 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport - +DOCKER_IMAGE ?= teleport GOPATH ?= $(shell go env GOPATH) @@ -408,11 +405,10 @@ release-arm64: $(MAKE) release ARCH=arm64 # -# make release-unix - Produces a binary release tarball containing teleport, -# tctl, and tsh. +# make build-archive - Packages the results of a build into a release tarball # -.PHONY: -release-unix: clean full +.PHONY: build-archive +build-archive: @echo "---> Creating OSS release archive." mkdir teleport cp -rf $(BUILDDIR)/* \ @@ -425,6 +421,13 @@ release-unix: clean full tar $(TAR_FLAGS) -c teleport | gzip -n > $(RELEASE).tar.gz rm -rf teleport @echo "---> Created $(RELEASE).tar.gz." + +# +# make release-unix - Produces a binary release tarball containing teleport, +# tctl, and tsh. +# +.PHONY: +release-unix: clean full build-archive @if [ -f e/Makefile ]; then $(MAKE) -C e release; fi # @@ -998,53 +1001,17 @@ install: build cp -f $(BUILDDIR)/teleport $(BINDIR)/ mkdir -p $(DATADIR) - # Docker image build. Always build the binaries themselves within docker (see # the "docker" rule) to avoid dependencies on the host libc version. .PHONY: image -image: clean docker-binaries +image: OS=linux +image: TARBALL_PATH_SECTION:=-s "$(shell pwd)" +image: clean docker-binaries build-archive oss-deb cp ./build.assets/charts/Dockerfile $(BUILDDIR)/ - cd $(BUILDDIR) && docker build --no-cache . -t $(DOCKER_IMAGE_QUAY):$(VERSION) + cd $(BUILDDIR) && docker build --no-cache . -t $(DOCKER_IMAGE):$(VERSION)-$(ARCH) --target teleport \ + --build-arg DEB_PATH="./teleport_$(VERSION)_$(ARCH).deb" if [ -f e/Makefile ]; then $(MAKE) -C e image; fi -.PHONY: publish -publish: image - docker push $(DOCKER_IMAGE_QUAY):$(VERSION) - if [ -f e/Makefile ]; then $(MAKE) -C e publish; fi - -.PHONY: publish-ecr -publish-ecr: image - docker tag $(DOCKER_IMAGE_QUAY) $(DOCKER_IMAGE_ECR) - docker push $(DOCKER_IMAGE_ECR):$(VERSION) - if [ -f e/Makefile ]; then $(MAKE) -C e publish-ecr; fi - -# Docker image build in CI. -# This is run to build and push Docker images to a private repository as part of the build process. -# When we are ready to make the images public after testing (i.e. when publishing a release), we pull these -# images down, retag them and push them up to the production repo so they're available for use. -# This job can be removed/consolidated after we switch over completely from using Jenkins to using Drone. -.PHONY: image-ci -image-ci: clean docker-binaries - cp ./build.assets/charts/Dockerfile $(BUILDDIR)/ - cd $(BUILDDIR) && docker build --no-cache . -t $(DOCKER_IMAGE_STAGING):$(VERSION) - if [ -f e/Makefile ]; then $(MAKE) -C e image-ci; fi - - -# DOCKER_CLI_EXPERIMENTAL=enabled is set to allow inspecting the manifest for present images. -# https://docs.docker.com/engine/reference/commandline/cli/#experimental-features -# The internal staging images use amazon ECR's immutable repository settings. This makes overwrites impossible currently. -# This can cause issues when drone tagging pipelines must be re-run due to failures. -# Currently the work around for this is to not attempt to push to the image when it already exists. -.PHONY: publish-ci -publish-ci: image-ci - @if DOCKER_CLI_EXPERIMENTAL=enabled docker manifest inspect "$(DOCKER_IMAGE_STAGING):$(VERSION)" >/dev/null 2>&1; then\ - echo "$(DOCKER_IMAGE_STAGING):$(VERSION) already exists. "; \ - else \ - docker push "$(DOCKER_IMAGE_STAGING):$(VERSION)"; \ - fi - if [ -f e/Makefile ]; then $(MAKE) -C e publish-ci; fi - - .PHONY: print-version print-version: @echo $(VERSION) @@ -1097,13 +1064,17 @@ rpm: rpm-unsigned: $(MAKE) UNSIGNED_RPM=true rpm -# build .deb -.PHONY: deb -deb: +# build open source .deb only +.PHONY: oss-deb +oss-deb: mkdir -p $(BUILDDIR)/ cp ./build.assets/build-package.sh ./build.assets/build-common.sh $(BUILDDIR)/ chmod +x $(BUILDDIR)/build-package.sh cd $(BUILDDIR) && ./build-package.sh -t oss -v $(VERSION) -p deb -a $(ARCH) $(RUNTIME_SECTION) $(TARBALL_PATH_SECTION) + +# build .deb +.PHONY: deb +deb: oss-deb if [ -f e/Makefile ]; then $(MAKE) -C e deb; fi # check binary compatibility with different OSes diff --git a/build.assets/Dockerfile-cron b/build.assets/Dockerfile-cron deleted file mode 100644 index e5230361bf696..0000000000000 --- a/build.assets/Dockerfile-cron +++ /dev/null @@ -1,45 +0,0 @@ -# First stage downloads pre-compiled Teleport archive from get.gravitational.com -# and extracts binaries from the archive. -FROM alpine AS download - -ARG DOWNLOAD_TYPE=teleport -ARG VERSION_TAG -ARG OS -ARG ARCH -ARG EXTRA_DOWNLOAD_ARGS="" - -WORKDIR /tmp -# Install dependencies. -RUN apk --update --no-cache add curl tar - -# Download the appropriate binary tarball from get.gravitational.com and extract the binaries into -# a temporary directory for us to use in the second stage. -RUN mkdir -p build && \ - curl -Ls https://get.gravitational.com/${DOWNLOAD_TYPE}-${VERSION_TAG}-${OS}-${ARCH}${EXTRA_DOWNLOAD_ARGS}-bin.tar.gz | tar -xzf - && \ - cp $DOWNLOAD_TYPE/teleport $DOWNLOAD_TYPE/tctl $DOWNLOAD_TYPE/tsh $DOWNLOAD_TYPE/tbot build - -# Second stage builds final container with teleport binaries. -FROM ubuntu:20.04 AS teleport - -# Install ca-certificates, dumb-init and libelf1, then clean up. -RUN apt-get update && \ - DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \ - DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y ca-certificates dumb-init libelf1 && \ - update-ca-certificates && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* - -# Copy "teleport", "tctl", "tbot", and "tsh" binaries from the previous stage. -COPY --from=download /tmp/build/teleport /usr/local/bin/teleport -COPY --from=download /tmp/build/tctl /usr/local/bin/tctl -COPY --from=download /tmp/build/tsh /usr/local/bin/tsh -COPY --from=download /tmp/build/tbot /usr/local/bin/tbot - -# Run Teleport inside the image with a default config file location. -ENTRYPOINT ["/usr/bin/dumb-init", "teleport", "start", "-c", "/etc/teleport/teleport.yaml"] - -# Optional third stage which is only run when building the FIPS image. -FROM teleport AS teleport-fips - -# Override the standard entrypoint set in the previous image with the --fips argument to start in FIPS mode. -ENTRYPOINT ["/usr/bin/dumb-init", "teleport", "start", "-c", "/etc/teleport/teleport.yaml", "--fips"] diff --git a/build.assets/Dockerfile-cron-v8 b/build.assets/Dockerfile-cron-v8 deleted file mode 100644 index 80e48c82b35f7..0000000000000 --- a/build.assets/Dockerfile-cron-v8 +++ /dev/null @@ -1,44 +0,0 @@ -# First stage downloads pre-compiled Teleport archive from get.gravitational.com -# and extracts binaries from the archive. -FROM alpine AS download - -ARG DOWNLOAD_TYPE=teleport -ARG VERSION_TAG -ARG OS -ARG ARCH -ARG EXTRA_DOWNLOAD_ARGS="" - -WORKDIR /tmp -# Install dependencies. -RUN apk --update --no-cache add curl tar - -# Download the appropriate binary tarball from get.gravitational.com and extract the binaries into -# a temporary directory for us to use in the second stage. -RUN mkdir -p build && \ - curl -Ls https://get.gravitational.com/${DOWNLOAD_TYPE}-${VERSION_TAG}-${OS}-${ARCH}${EXTRA_DOWNLOAD_ARGS}-bin.tar.gz | tar -xzf - && \ - cp $DOWNLOAD_TYPE/teleport $DOWNLOAD_TYPE/tctl $DOWNLOAD_TYPE/tsh build - -# Second stage builds final container with teleport binaries. -FROM ubuntu:20.04 AS teleport - -# Install ca-certificates, dumb-init and libelf1, then clean up. -RUN apt-get update && \ - DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \ - DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y ca-certificates dumb-init libelf1 && \ - update-ca-certificates && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* - -# Copy "teleport", "tctl", and "tsh" binaries from the previous stage. -COPY --from=download /tmp/build/teleport /usr/local/bin/teleport -COPY --from=download /tmp/build/tctl /usr/local/bin/tctl -COPY --from=download /tmp/build/tsh /usr/local/bin/tsh - -# Run Teleport inside the image with a default config file location. -ENTRYPOINT ["/usr/bin/dumb-init", "teleport", "start", "-c", "/etc/teleport/teleport.yaml"] - -# Optional third stage which is only run when building the FIPS image. -FROM teleport AS teleport-fips - -# Override the standard entrypoint set in the previous image with the --fips argument to start in FIPS mode. -ENTRYPOINT ["/usr/bin/dumb-init", "teleport", "start", "-c", "/etc/teleport/teleport.yaml", "--fips"] diff --git a/build.assets/charts/Dockerfile b/build.assets/charts/Dockerfile index cbf32c8f1fa03..4b2c1ec619af6 100644 --- a/build.assets/charts/Dockerfile +++ b/build.assets/charts/Dockerfile @@ -1,4 +1,9 @@ -FROM ubuntu:20.04 +# Stage to build the image, without FIPS entrypoint argument +FROM ubuntu:20.04 AS teleport + +# Copy the deb archive +ARG DEB_PATH +COPY ${DEB_PATH?} /tmp/teleport.deb # Install dumb-init and ca-certificates. The dumb-init package is to ensure # signals and orphaned processes are are handled correctly. The ca-certificate @@ -39,18 +44,22 @@ FROM ubuntu:20.04 # "apt-get update" to reduce the size of the image. RUN apt-get update && \ DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \ + # Install dependencies DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y ca-certificates dumb-init libelf1 && \ + # Install tools DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y net-tools iputils-ping inetutils-telnet netcat tcpdump busybox && \ busybox --install -s && \ update-ca-certificates && \ + # Install Teleport + dpkg -i /tmp/teleport.deb && \ + # Cleanup apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* - -# Bundle "teleport", "tctl", "tbot", and "tsh" binaries into image. -COPY teleport /usr/local/bin/teleport -COPY tctl /usr/local/bin/tctl -COPY tsh /usr/local/bin/tsh -COPY tbot /usr/local/bin/tbot + rm -rf /var/lib/apt/lists/* && \ + rm -rf /tmp/* # By setting this entry point, we expose make target as command. ENTRYPOINT ["/usr/bin/dumb-init", "teleport", "start", "-c", "/etc/teleport/teleport.yaml"] + +# Stage to launch Teleport with the fips argument +FROM teleport AS teleport-fips +ENTRYPOINT ["/usr/bin/dumb-init", "teleport", "start", "-c", "/etc/teleport/teleport.yaml", "--fips"] diff --git a/build.assets/charts/Dockerfile-fips b/build.assets/charts/Dockerfile-fips deleted file mode 100644 index 46bf9d3a0aa15..0000000000000 --- a/build.assets/charts/Dockerfile-fips +++ /dev/null @@ -1,56 +0,0 @@ -FROM ubuntu:20.04 - -# Install dumb-init and ca-certificates. The dumb-init package is to ensure -# signals and orphaned processes are are handled correctly. The ca-certificate -# package is installed because the base Ubuntu image does not come with any -# certificate authorities. libelf1 is a dependency introduced by Teleport 7.0. -# -# The below packages are provided for debug purposes. Installing them adds around -# six megabytes to the image size. The packages include the following commands: -# * net-tools -# * netstat -# * ifconfig -# * ipmaddr -# * iptunnel -# * mii-tool -# * nameif -# * plipconfig -# * rarp -# * route -# * slattach -# * arp -# * iputils-ping -# * ping -# * ping4 -# * ping6 -# * inetutils-telnet -# * telnet -# * netcat -# * netcat -# * tcpdump -# * tcpdump -# * busybox (see "busybox --list" for all provided utils) -# * less -# * nslookup -# * vi -# * wget -# -# Note that /var/lib/apt/lists/* is cleaned up in the same RUN command as -# "apt-get update" to reduce the size of the image. -RUN apt-get update && \ - DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \ - DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y ca-certificates dumb-init libelf1 && \ - DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y net-tools iputils-ping inetutils-telnet netcat tcpdump busybox && \ - busybox --install -s && \ - update-ca-certificates && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* - -# Bundle "teleport", "tctl", "tbot", and "tsh" binaries into image. -COPY teleport /usr/local/bin/teleport -COPY tctl /usr/local/bin/tctl -COPY tsh /usr/local/bin/tsh -COPY tbot /usr/local/bin/tbot - -# By setting this entry point, we expose make target as command. -ENTRYPOINT ["/usr/bin/dumb-init", "teleport", "start", "-c", "/etc/teleport/teleport.yaml", "--fips"] diff --git a/dronegen/common.go b/dronegen/common.go index aa649d4651582..6abaf2c964117 100644 --- a/dronegen/common.go +++ b/dronegen/common.go @@ -345,3 +345,16 @@ func verifyNotPrereleaseStep() step { Commands: commands, } } + +func sliceSelect[T, V any](slice []T, selector func(T) V) []V { + selectedValues := make([]V, len(slice)) + for i, entry := range slice { + selectedValues[i] = selector(entry) + } + + return selectedValues +} + +func getStepNames(steps []step) []string { + return sliceSelect(steps, func(s step) string { return s.Name }) +} diff --git a/dronegen/container_image_products.go b/dronegen/container_image_products.go index f3f29ec47a3a3..76781742eb7ee 100644 --- a/dronegen/container_image_products.go +++ b/dronegen/container_image_products.go @@ -18,6 +18,8 @@ import ( "fmt" "path" "regexp" + + "golang.org/x/exp/maps" ) // Describes a Gravitational "product", where a "product" is a piece of software @@ -28,10 +30,65 @@ type Product struct { WorkingDirectory string // Working directory to use for "docker build". DockerfileTarget string // Optional. Defines a dockerfile target to stop at on build. SupportedArchs []string // ISAs that the builder should produce - SetupSteps []step // Product-specific steps that must be ran before building an image. + SetupSteps []step // Product-specific, arch agnostic steps that must be ran before building an image. + ArchSetupSteps map[string][]step // Product and arch specific steps that must be ran before building an image. DockerfileArgBuilder func(arch string) []string // Generator that returns "docker build --arg" strings ImageBuilder func(repo *ContainerRepo, tag *ImageTag) *Image // Generator that returns an Image struct that defines what "docker build" should produce - GetRequiredStepNames func(arch string) []string // Generator that returns the name of the steps that "docker build" should wait for +} + +func NewTeleportProduct(isEnterprise, isFips bool, version *ReleaseVersion) *Product { + workingDirectory := "/go/build" + downloadURL := fmt.Sprintf( + "https://raw.githubusercontent.com/gravitational/teleport/%s/build.assets/charts/Dockerfile", + version.ShellVersion, + ) + name := "teleport" + dockerfileTarget := "teleport" + supportedArches := []string{"amd64"} + + if isEnterprise { + name += "-ent" + } + if isFips { + dockerfileTarget += "-fips" + name += "-fips" + } else { + supportedArches = append(supportedArches, "arm", "arm64") + } + + setupSteps, dockerfilePath, downloadProfileName := getTeleportSetupSteps(name, workingDirectory, downloadURL) + archSetupSteps, debPaths := getTeleportArchsSetupSteps(supportedArches, workingDirectory, downloadProfileName, version, isEnterprise, isFips) + + return &Product{ + Name: name, + DockerfilePath: dockerfilePath, + WorkingDirectory: workingDirectory, + DockerfileTarget: dockerfileTarget, + SupportedArchs: supportedArches, + SetupSteps: setupSteps, + ArchSetupSteps: archSetupSteps, + DockerfileArgBuilder: func(arch string) []string { + return []string{ + fmt.Sprintf("DEB_PATH=%s", debPaths[arch]), + } + }, + ImageBuilder: func(repo *ContainerRepo, tag *ImageTag) *Image { + imageProductName := "teleport" + if isEnterprise { + imageProductName += "-ent" + } + + if isFips { + tag.AppendString("fips") + } + + return &Image{ + Repo: repo, + Name: imageProductName, + Tag: tag, + } + }, + } } func NewTeleportOperatorProduct(cloneDirectory string) *Product { @@ -76,60 +133,232 @@ func NewTeleportOperatorProduct(cloneDirectory string) *Product { } } -func (p *Product) getBaseImage(arch string, version *ReleaseVersion) *Image { - return &Image{ - Name: p.Name, - Tag: &ImageTag{ +// Builds all the steps required to prepare the pipeline for building Teleport images. +// Returns the setup steps, the path to the downloaded Teleport dockerfile, and the name of the +// AWS profile that can be used to download artifacts from S3. +func getTeleportSetupSteps(productName, workingPath, downloadURL string) ([]step, string, string) { + assumeS3DownloadRoleStep, profileName := assumeS3DownloadRoleStep(productName) + downloadDockerfileStep, dockerfilePath := downloadTeleportDockerfileStep(productName, workingPath, downloadURL) + // Additional setup steps in the future should go here + + return []step{assumeS3DownloadRoleStep, downloadDockerfileStep}, dockerfilePath, profileName +} + +// Generates steps that download a deb for each supported arch to the working directory. +// Returns maps keyed by the supported arches, with the generated setup steps and deb paths. +func getTeleportArchsSetupSteps(supportedArchs []string, workingDirectory, profile string, version *ReleaseVersion, + isEnterprise, isFips bool) (map[string][]step, map[string]string) { + + archSetupSteps := make(map[string][]step, len(supportedArchs)) + debPaths := make(map[string]string, len(supportedArchs)) + + for _, supportedArch := range supportedArchs { + archSetupStep, debPath := getTeleportArchSetupStep(supportedArch, workingDirectory, profile, version, isEnterprise, isFips) + archSetupSteps[supportedArch] = []step{archSetupStep} + debPaths[supportedArch] = debPath + } + + return archSetupSteps, debPaths +} + +// Generates steps that download a deb for each supported arch to the working directory. +// Returns the generated step, and the path to the downloaded deb. +func getTeleportArchSetupStep(arch, workingDirectory, profile string, version *ReleaseVersion, isEnterprise, isFips bool) (step, string) { + shellDebName := buildTeleportDebName(version, arch, isEnterprise, isFips, false) + humanDebName := buildTeleportDebName(version, arch, isEnterprise, isFips, true) + commands := generateDownloadCommandsForArch(shellDebName, version.GetFullSemver().GetSemverValue(), workingDirectory, profile) + + downloadStep := step{ + Name: fmt.Sprintf("Download %q artifacts from S3", humanDebName), + Image: "amazon/aws-cli", + Environment: map[string]value{ + "AWS_REGION": {raw: "us-west-2"}, + "AWS_S3_BUCKET": {fromSecret: "AWS_S3_BUCKET"}, + "AWS_PROFILE": {raw: profile}, + }, + Commands: commands, + Volumes: []volumeRef{volumeRefAwsConfig}, + } + + return downloadStep, shellDebName +} + +// Generates the commands to download `debName` from s3 to `workingDirectory`. +// Returns the commands as well as the path where the deb will be downloaded to. +func generateDownloadCommandsForArch(debName, trimmedTag, workingDirectory, profile string) []string { + bucketPath := fmt.Sprintf("s3://$AWS_S3_BUCKET/teleport/tag/%s/", trimmedTag) + checkCommands := []string{ + "SUCCESS=true", + fmt.Sprintf("aws s3 ls %s | tr -s ' ' | cut -d' ' -f 4 | grep -x %s || SUCCESS=false", bucketPath, debName), + } + successCommand := "[ \"$SUCCESS\" = \"true\" ]" + + remotePath := fmt.Sprintf("%s%s", bucketPath, debName) + downloadPath := path.Join(workingDirectory, debName) + + commands := make([]string, 0) + // Wait up to an hour for debs to be build and published to s3 by other pipelines + commands = append(commands, wrapCommandsInTimeout(checkCommands, successCommand, 60*60, 60)...) + commands = append(commands, fmt.Sprintf("mkdir -pv %q", workingDirectory)) + commands = append(commands, fmt.Sprintf("aws s3 cp %s %s", remotePath, downloadPath)) + + return commands +} + +// Returns either a human-readable or shell-evaluable Teleport deb name. +func buildTeleportDebName(version *ReleaseVersion, arch string, isEnterprise, isFips, humanReadable bool) string { + var versionString string + if humanReadable { + versionString = fmt.Sprintf("%s-tag", version.MajorVersion) + } else { + versionString = version.GetFullSemver().GetSemverValue() + } + + debName := "teleport" + if isEnterprise { + debName = fmt.Sprintf("%s-ent", debName) + } + debName = fmt.Sprintf("%s_%s", debName, versionString) + if isFips { + debName = fmt.Sprintf("%s-fips", debName) + } + debName = fmt.Sprintf("%s_%s.deb", debName, arch) + + return debName +} + +// Creates a shell loop with a timeout +// commands: commands to run in a loop +// successCommand: should evaluate to shell true (i.e. `[ true ]`) when the loop has succeeded +// timeoutSeconds: how long in seconds to wait before the loop fails +// sleepTimeSeconds: how long to wait after every iteration before running again +func wrapCommandsInTimeout(commands []string, successCommand string, timeoutSeconds int, sleepTimeSeconds int) []string { + setupCommands := []string{ + fmt.Sprintf("END_TIME=$(( $(date +%%s) + %d ))", timeoutSeconds), + "TIMED_OUT=true", + "while [ $(date +%s) -lt $${END_TIME?} ]; do", + } + + finalizeCommands := []string{ + // Evaluate the condition + fmt.Sprintf("%s && TIMED_OUT=false && break;", successCommand), + // Sleep if not met + fmt.Sprintf("echo 'Condition not met yet, waiting another %d seconds...'", sleepTimeSeconds), + fmt.Sprintf("sleep %d", sleepTimeSeconds), + "done", + // Conditionally log timeout failure and exit + fmt.Sprintf("[ $${TIMED_OUT?} = true ] && echo 'Timed out while waiting for condition: %s' && exit 1", successCommand), + } + + loopCommands := make([]string, 0) + loopCommands = append(loopCommands, setupCommands...) + loopCommands = append(loopCommands, commands...) + loopCommands = append(loopCommands, finalizeCommands...) + + return loopCommands +} + +// Generates a step that downloads the Teleport Dockerfile +// Returns the generated step and the path to the downloaded Dockerfile +func downloadTeleportDockerfileStep(productName, workingPath, downloadURL string) (step, string) { + // Enterprise and fips specific dockerfiles should be configured here in the future if needed + dockerfilePath := path.Join(workingPath, fmt.Sprintf("Dockerfile-%s", productName)) + + return step{ + Name: fmt.Sprintf("Download Teleport Dockerfile to %q for %s", dockerfilePath, productName), + Image: "alpine", + Commands: []string{ + "apk add curl", + fmt.Sprintf("mkdir -pv $(dirname %q)", dockerfilePath), + fmt.Sprintf("curl -Ls -o %q %q", dockerfilePath, downloadURL), + }, + }, dockerfilePath +} + +func assumeS3DownloadRoleStep(productName string) (step, string) { + profileName := fmt.Sprintf("s3-download-%s", productName) + return kubernetesAssumeAwsRoleStep(kubernetesRoleSettings{ + awsRoleSettings: awsRoleSettings{ + awsAccessKeyID: value{fromSecret: "AWS_ACCESS_KEY_ID"}, + awsSecretAccessKey: value{fromSecret: "AWS_SECRET_ACCESS_KEY"}, + role: value{fromSecret: "AWS_ROLE"}, + }, + configVolume: volumeRefAwsConfig, + profile: profileName, + name: fmt.Sprintf("Assume S3 Download AWS Role for %s", productName), + append: true, + }), profileName +} + +func (p *Product) getBaseImage(arch string, version *ReleaseVersion, containerRepo *ContainerRepo) *Image { + return p.ImageBuilder( + containerRepo, + &ImageTag{ ShellBaseValue: version.GetFullSemver().GetSemverValue(), DisplayBaseValue: version.MajorVersion, Arch: arch, }, - } + ) } func (p *Product) GetLocalRegistryImage(arch string, version *ReleaseVersion) *Image { - image := p.getBaseImage(arch, version) - image.Repo = NewLocalContainerRepo() - - return image + return p.getBaseImage(arch, version, GetLocalContainerRepo()) } func (p *Product) GetStagingRegistryImage(arch string, version *ReleaseVersion, stagingRepo *ContainerRepo) *Image { - image := p.getBaseImage(arch, version) - image.Repo = stagingRepo - - return image + return p.getBaseImage(arch, version, stagingRepo) } -func (p *Product) buildSteps(version *ReleaseVersion, setupStepNames []string, flags *TriggerFlags) []step { +func (p *Product) buildSteps(version *ReleaseVersion, parentStepNames []string, flags *TriggerFlags) []step { steps := make([]step, 0) + // Get the container repos images will be pushed to stagingRepo := GetStagingContainerRepo(flags.UseUniqueStagingTag) + publicEcrPullRegistry := GetPublicEcrPullRegistry() productionRepos := GetProductionContainerRepos() - for _, setupStep := range p.SetupSteps { - setupStep.DependsOn = append(setupStep.DependsOn, setupStepNames...) - steps = append(steps, setupStep) - setupStepNames = append(setupStepNames, setupStep.Name) + // Collect the name of the steps that are required before build/retrieval + productSetupStepNames := make([]string, 0) + if flags.ShouldBuildNewImages { + for _, setupStep := range p.SetupSteps { + // Wait for the parent steps before starting on the product setup steps + setupStep.DependsOn = append(setupStep.DependsOn, parentStepNames...) + steps = append(steps, setupStep) + productSetupStepNames = append(productSetupStepNames, setupStep.Name) + } + } + if len(productSetupStepNames) == 0 { + // Cover the case where there are no product setup steps + productSetupStepNames = parentStepNames } archBuildStepDetails := make([]*buildStepOutput, 0, len(p.SupportedArchs)) - for i, supportedArch := range p.SupportedArchs { + // Add image build/retrieval steps + for _, supportedArch := range p.SupportedArchs { // Include steps for building images from scratch if flags.ShouldBuildNewImages { - archBuildStep, archBuildStepDetail := p.createBuildStep(supportedArch, version, i) + archBuildStep, archBuildStepDetail := p.createBuildStep(supportedArch, version, publicEcrPullRegistry) + + // Collect the name of steps that are required before build, taking into account arch-specific steps + setupStepNames := make([]string, 0) + for _, archSetupStep := range p.ArchSetupSteps[supportedArch] { + archSetupStep.DependsOn = append(archSetupStep.DependsOn, productSetupStepNames...) + steps = append(steps, archSetupStep) + setupStepNames = append(setupStepNames, archSetupStep.Name) + } + if len(setupStepNames) == 0 { + // Cover the case where there are no arch specific steps + setupStepNames = productSetupStepNames + } archBuildStep.DependsOn = append(archBuildStep.DependsOn, setupStepNames...) - if p.GetRequiredStepNames != nil { - archBuildStep.DependsOn = append(archBuildStep.DependsOn, p.GetRequiredStepNames(supportedArch)...) - } steps = append(steps, archBuildStep) archBuildStepDetails = append(archBuildStepDetails, archBuildStepDetail) } else { stagingImage := p.GetStagingRegistryImage(supportedArch, version, stagingRepo) - pullStagingImageStep, locallyPushedImage := stagingRepo.pullPushStep(stagingImage, setupStepNames) + pullStagingImageStep, locallyPushedImage := stagingRepo.pullPushStep(stagingImage, productSetupStepNames) steps = append(steps, pullStagingImageStep) // Generate build details that point to the pulled staging images @@ -142,8 +371,17 @@ func (p *Product) buildSteps(version *ReleaseVersion, setupStepNames []string, f } } + // Add publish steps for _, containerRepo := range getReposToPublishTo(productionRepos, stagingRepo, flags) { - steps = append(steps, containerRepo.buildSteps(archBuildStepDetails, flags)...) + buildSteps := containerRepo.buildSteps(archBuildStepDetails, flags) + + // Add repo setup step dependency to the build steps + setupStepNames := getStepNames(containerRepo.SetupSteps) + for _, buildStep := range buildSteps { + buildStep.DependsOn = append(buildStep.DependsOn, setupStepNames...) + } + + steps = append(steps, buildSteps...) } return steps @@ -175,7 +413,7 @@ func cleanBuilderName(builderName string) string { return invalidBuildxCharExpression.ReplaceAllString(builderName, "-") } -func (p *Product) createBuildStep(arch string, version *ReleaseVersion, delay int) (step, *buildStepOutput) { +func (p *Product) createBuildStep(arch string, version *ReleaseVersion, publicEcrPullRegistry *ContainerRepo) (step, *buildStepOutput) { localRegistryImage := p.GetLocalRegistryImage(arch, version) builderName := cleanBuilderName(fmt.Sprintf("%s-builder", localRegistryImage.GetDisplayName())) @@ -200,36 +438,41 @@ func (p *Product) createBuildStep(arch string, version *ReleaseVersion, delay in buildCommand += fmt.Sprintf(" --file %q", p.DockerfilePath) if p.DockerfileArgBuilder != nil { for _, buildArg := range p.DockerfileArgBuilder(arch) { - buildCommand += fmt.Sprintf(" --build-arg %q", buildArg) + buildCommand += fmt.Sprintf(" --build-arg %s", buildArg) } } buildCommand += " " + p.WorkingDirectory - delayTime := delay * 5 + // This is important to prevent pull rate limiting. See `GetPublicEcrPullRegistry` doc comment + // for details. + authenticatedBuildCommands := publicEcrPullRegistry.buildCommandsWithLogin([]string{buildCommand}) + + commands := []string{ + "docker run --privileged --rm tonistiigi/binfmt --install all", + fmt.Sprintf("mkdir -pv %q && cd %q", p.WorkingDirectory, p.WorkingDirectory), + fmt.Sprintf("mkdir -pv %q", buildxConfigFileDir), + fmt.Sprintf("echo '[registry.%q]' > %q", LocalRegistrySocket, buildxConfigFilePath), + fmt.Sprintf("echo ' http = true' >> %q", buildxConfigFilePath), + buildxCreateCommand, + } + commands = append(commands, authenticatedBuildCommands...) + commands = append(commands, + fmt.Sprintf("docker buildx rm %q", builderName), + fmt.Sprintf("rm -rf %q", buildxConfigFileDir), + ) + + envVars := maps.Clone(publicEcrPullRegistry.EnvironmentVars) + envVars["DOCKER_BUILDKIT"] = value{ + raw: "1", + } step := step{ - Name: p.GetBuildStepName(arch, version), - Image: "docker", - Volumes: dockerVolumeRefs(), - Environment: map[string]value{ - "DOCKER_BUILDKIT": { - raw: "1", - }, - }, - Commands: []string{ - // Without a delay buildx can occasionally try to pull base images faster than container registries will allow, - // triggering a rate limit. - fmt.Sprintf("echo 'Sleeping %ds to avoid registry pull rate limits' && sleep %d", delayTime, delayTime), - "docker run --privileged --rm tonistiigi/binfmt --install all", - fmt.Sprintf("mkdir -pv %q && cd %q", p.WorkingDirectory, p.WorkingDirectory), - fmt.Sprintf("mkdir -pv %q", buildxConfigFileDir), - fmt.Sprintf("echo '[registry.%q]' > %q", LocalRegistrySocket, buildxConfigFilePath), - fmt.Sprintf("echo ' http = true' >> %q", buildxConfigFilePath), - buildxCreateCommand, - buildCommand, - fmt.Sprintf("docker buildx rm %q", builderName), - fmt.Sprintf("rm -rf %q", buildxConfigFileDir), - }, + Name: p.GetBuildStepName(arch, version), + Image: "docker", + Volumes: dockerVolumeRefs(volumeRefAwsConfig), + Environment: envVars, + Commands: commands, + DependsOn: getStepNames(publicEcrPullRegistry.SetupSteps), } return step, &buildStepOutput{ diff --git a/dronegen/container_image_triggers.go b/dronegen/container_image_triggers.go index baa33faf2d82d..2218bd12c0ce3 100644 --- a/dronegen/container_image_triggers.go +++ b/dronegen/container_image_triggers.go @@ -21,11 +21,12 @@ import ( // Describes a Drone trigger as it pertains to container image building. type TriggerInfo struct { - Trigger trigger - Name string - Flags *TriggerFlags - SupportedVersions []*ReleaseVersion - SetupSteps []step + Trigger trigger + Name string + Flags *TriggerFlags + SupportedVersions []*ReleaseVersion + SetupSteps []step + ParentePipelineNames []string } // This type is mainly used to make passing these vars around cleaner @@ -55,6 +56,9 @@ func NewTagTrigger(branchMajorVersion string) *TriggerInfo { RelativeVersionName: "branch", }, }, + ParentePipelineNames: []string{ + tagCleanupPipelineName, + }, } } @@ -87,25 +91,25 @@ func NewCronTrigger(latestMajorVersions []string) *TriggerInfo { return nil } - majorVersionVarDirectory := "/go/vars/full-version" + majorVersionVarBasePath := "/go/vars/full-version" supportedVersions := make([]*ReleaseVersion, 0, len(latestMajorVersions)) if len(latestMajorVersions) > 0 { latestMajorVersion := latestMajorVersions[0] supportedVersions = append(supportedVersions, &ReleaseVersion{ MajorVersion: latestMajorVersion, - ShellVersion: readCronShellVersionCommand(majorVersionVarDirectory, latestMajorVersion), + ShellVersion: readCronShellVersionCommand(majorVersionVarBasePath, latestMajorVersion), RelativeVersionName: "current-version", - SetupSteps: []step{getLatestSemverStep(latestMajorVersion, majorVersionVarDirectory)}, + SetupSteps: []step{getLatestSemverStep(latestMajorVersion, majorVersionVarBasePath)}, }) if len(latestMajorVersions) > 1 { for i, majorVersion := range latestMajorVersions[1:] { supportedVersions = append(supportedVersions, &ReleaseVersion{ MajorVersion: majorVersion, - ShellVersion: readCronShellVersionCommand(majorVersionVarDirectory, majorVersion), + ShellVersion: readCronShellVersionCommand(majorVersionVarBasePath, majorVersion), RelativeVersionName: fmt.Sprintf("previous-version-%d", i+1), - SetupSteps: []step{getLatestSemverStep(majorVersion, majorVersionVarDirectory)}, + SetupSteps: []step{getLatestSemverStep(majorVersion, majorVersionVarBasePath)}, }) } } @@ -124,26 +128,26 @@ func NewCronTrigger(latestMajorVersions []string) *TriggerInfo { } } -func getLatestSemverStep(majorVersion string, majorVersionVarDirectory string) step { +func getLatestSemverStep(majorVersion string, majorVersionVarBasePath string) step { // We don't use "/go/src/github.com/gravitational/teleport" here as a later stage // may need to clone a different version, and "/go" persists between steps cloneDirectory := "/tmp/teleport" - majorVersionVarPath := path.Join(majorVersionVarDirectory, majorVersion) + majorVersionVarPath := fmt.Sprintf("%s-%s", majorVersionVarBasePath, majorVersion) return step{ Name: fmt.Sprintf("Find the latest available semver for %s", majorVersion), Image: fmt.Sprintf("golang:%s", GoVersion), Commands: append( cloneRepoCommands(cloneDirectory, fmt.Sprintf("branch/%s", majorVersion)), - fmt.Sprintf("mkdir -pv %q", majorVersionVarDirectory), + fmt.Sprintf("mkdir -pv $(dirname %q)", majorVersionVarPath), fmt.Sprintf("cd %q", path.Join(cloneDirectory, "build.assets", "tooling", "cmd", "query-latest")), - fmt.Sprintf("go run . %q > %q", majorVersion, majorVersionVarPath), + fmt.Sprintf("go run . %q | sed 's/v//' > %q", majorVersion, majorVersionVarPath), fmt.Sprintf("echo Found full semver \"$(cat %q)\" for major version %q", majorVersionVarPath, majorVersion), ), } } func readCronShellVersionCommand(majorVersionDirectory, majorVersion string) string { - return fmt.Sprintf("$(cat '%s')", path.Join(majorVersionDirectory, majorVersion)) + return fmt.Sprintf("v$(cat '%s-%s')", majorVersionDirectory, majorVersion) } // Drone triggers must all evaluate to "true" for a pipeline to be executed. @@ -155,6 +159,7 @@ func (ti *TriggerInfo) buildPipelines() []pipeline { pipeline := teleportVersion.buildVersionPipeline(ti.SetupSteps, ti.Flags) pipeline.Name += "-" + ti.Name pipeline.Trigger = ti.Trigger + pipeline.DependsOn = append(pipeline.DependsOn, ti.ParentePipelineNames...) pipelines = append(pipelines, pipeline) } diff --git a/dronegen/container_images_release_version.go b/dronegen/container_images_release_version.go index b434b1843aefa..4e9b3d1fd47a9 100644 --- a/dronegen/container_images_release_version.go +++ b/dronegen/container_images_release_version.go @@ -45,7 +45,7 @@ func (rv *ReleaseVersion) buildVersionPipeline(triggerSetupSteps []step, flags * dockerService(), dockerRegistryService(), } - pipeline.Volumes = dockerVolumes() + pipeline.Volumes = dockerVolumes(volumeAwsConfig) pipeline.Environment = map[string]value{ "DEBIAN_FRONTEND": { raw: "noninteractive", @@ -78,7 +78,7 @@ func (rv *ReleaseVersion) getSetupStepInformation(triggerSetupSteps []step) ([]s return setupSteps, nextStageSetupStepNames } -func (rv *ReleaseVersion) buildSteps(setupStepNames []string, flags *TriggerFlags) []step { +func (rv *ReleaseVersion) buildSteps(parentSetupStepNames []string, flags *TriggerFlags) []step { clonedRepoPath := "/go/src/github.com/gravitational/teleport" steps := make([]step, 0) @@ -88,12 +88,33 @@ func (rv *ReleaseVersion) buildSteps(setupStepNames []string, flags *TriggerFlag cloneRepoStep(clonedRepoPath, rv.ShellVersion), rv.buildSplitSemverSteps(flags.ShouldOnlyPublishFullSemver), } + + // These are sequential to prevent read/write contention by mounting volumes on + // multiple containeres at once + repos := getReposUsedByPipeline(flags) + var previousSetupRepo *ContainerRepo + for _, containerRepo := range repos { + repoSetupSteps := containerRepo.SetupSteps + if previousSetupRepo != nil { + previousRepoStepNames := getStepNames(previousSetupRepo.SetupSteps) + for i, repoSetupStep := range repoSetupSteps { + repoSetupSteps[i].DependsOn = append(repoSetupStep.DependsOn, previousRepoStepNames...) + } + } + setupSteps = append(setupSteps, repoSetupSteps...) + + if len(repoSetupSteps) > 0 { + previousSetupRepo = containerRepo + } + } + for _, setupStep := range setupSteps { - setupStep.DependsOn = append(setupStep.DependsOn, setupStepNames...) + setupStep.DependsOn = append(setupStep.DependsOn, parentSetupStepNames...) steps = append(steps, setupStep) - setupStepNames = append(setupStepNames, setupStep.Name) } + setupStepNames := append(parentSetupStepNames, getStepNames(setupSteps)...) + for _, product := range rv.getProducts(clonedRepoPath) { steps = append(steps, product.buildSteps(rv, setupStepNames, flags)...) } @@ -101,6 +122,20 @@ func (rv *ReleaseVersion) buildSteps(setupStepNames []string, flags *TriggerFlag return steps } +func getReposUsedByPipeline(flags *TriggerFlags) []*ContainerRepo { + repos := []*ContainerRepo{GetStagingContainerRepo(flags.UseUniqueStagingTag)} + + if flags.ShouldBuildNewImages { + repos = append(repos, GetPublicEcrPullRegistry()) + } + + if flags.ShouldAffectProductionImages { + repos = append(repos, GetProductionContainerRepos()...) + } + + return repos +} + type Semver struct { Name string // Human-readable name for the information contained in the semver, i.e. "major" FilePath string // The path under the working dir where the information can be read from @@ -203,9 +238,16 @@ func (rv *ReleaseVersion) buildSplitSemverSteps(onlyBuildFullSemver bool) step { } func (rv *ReleaseVersion) getProducts(clonedRepoPath string) []*Product { + teleportProducts := []*Product{ + NewTeleportProduct(false, false, rv), // OSS + NewTeleportProduct(true, false, rv), // Enterprise + NewTeleportProduct(true, true, rv), // Enterprise/FIPS + } + teleportOperatorProduct := NewTeleportOperatorProduct(clonedRepoPath) - products := make([]*Product, 0, 1) + products := make([]*Product, 0, len(teleportProducts)+1) + products = append(products, teleportProducts...) products = append(products, teleportOperatorProduct) return products diff --git a/dronegen/container_images_repos.go b/dronegen/container_images_repos.go index 78659348c72b8..56255d8774e98 100644 --- a/dronegen/container_images_repos.go +++ b/dronegen/container_images_repos.go @@ -24,33 +24,36 @@ import ( // Describes a registry and repo that images are to be published to. type ContainerRepo struct { - Name string - IsProductionRepo bool - IsImmutable bool - EnvironmentVars map[string]value - RegistryDomain string - RegistryOrg string - LoginCommands []string - TagBuilder func(baseTag *ImageTag) *ImageTag // Postprocessor for tags that append CR-specific suffixes + Name string // Human readable name for the repo. Does not need to match remote value. + IsImmutable bool // True if the repo supports updating existing tags, false otherwise + EnvironmentVars map[string]value // Steps that use the described repo should include these env vars + RegistryDomain string // The registry that hosts the container repo + RegistryOrg string // The organization name (usually "gravitational") that the repo is listed under + SetupSteps []step // Optional field that can be used to run setup code prior to first login + LoginCommands []string // Commands to authenticate the docker daemon with the repo + TagBuilder func(baseTag *ImageTag) *ImageTag // Postprocessor for tags that append CR-specific suffixes } -func NewEcrContainerRepo(accessKeyIDSecret, secretAccessKeySecret, domain string, isProduction, isImmutable, guaranteeUnique bool) *ContainerRepo { - nameSuffix := "staging" +func NewEcrContainerRepo(accessKeyIDSecret, secretAccessKeySecret, roleSecret, domain, name string, + isPublic, isImmutable, guaranteeUnique bool) *ContainerRepo { ecrRegion := StagingEcrRegion loginSubcommand := "ecr" - if isProduction { - nameSuffix = "production" + if isPublic { ecrRegion = PublicEcrRegion loginSubcommand = "ecr-public" } + repoName := fmt.Sprintf("ECR - %s", name) + profileName := fmt.Sprintf("ecr-%s", name) + registryOrg := ProductionRegistryOrg if configureForPRTestingOnly { accessKeyIDSecret = testingSecretPrefix + accessKeyIDSecret secretAccessKeySecret = testingSecretPrefix + secretAccessKeySecret + roleSecret = testingSecretPrefix + roleSecret registryOrg = testingECRRegistryOrg - if !isProduction { + if !isPublic { domain = testingECRDomain ecrRegion = testingECRRegion } @@ -66,20 +69,27 @@ func NewEcrContainerRepo(accessKeyIDSecret, secretAccessKeySecret, domain string } return &ContainerRepo{ - Name: fmt.Sprintf("ECR - %s", nameSuffix), - IsProductionRepo: isProduction, - IsImmutable: isImmutable, + Name: repoName, + IsImmutable: isImmutable, EnvironmentVars: map[string]value{ - "AWS_ACCESS_KEY_ID": { - fromSecret: accessKeyIDSecret, - }, - "AWS_SECRET_ACCESS_KEY": { - fromSecret: secretAccessKeySecret, - }, + "AWS_PROFILE": {raw: profileName}, }, RegistryDomain: domain, RegistryOrg: registryOrg, - LoginCommands: loginCommands, + SetupSteps: []step{ + kubernetesAssumeAwsRoleStep(kubernetesRoleSettings{ + awsRoleSettings: awsRoleSettings{ + awsAccessKeyID: value{fromSecret: accessKeyIDSecret}, + awsSecretAccessKey: value{fromSecret: secretAccessKeySecret}, + role: value{fromSecret: roleSecret}, + }, + configVolume: volumeRefAwsConfig, + profile: profileName, + name: fmt.Sprintf("Assume %s AWS Role", repoName), + append: true, + }), + }, + LoginCommands: loginCommands, TagBuilder: func(tag *ImageTag) *ImageTag { if guaranteeUnique { tag.AppendString("$TIMESTAMP") @@ -99,9 +109,8 @@ func NewQuayContainerRepo(dockerUsername, dockerPassword string) *ContainerRepo } return &ContainerRepo{ - Name: "Quay", - IsProductionRepo: true, - IsImmutable: false, + Name: "Quay", + IsImmutable: false, EnvironmentVars: map[string]value{ "QUAY_USERNAME": { fromSecret: dockerUsername, @@ -120,10 +129,9 @@ func NewQuayContainerRepo(dockerUsername, dockerPassword string) *ContainerRepo func NewLocalContainerRepo() *ContainerRepo { return &ContainerRepo{ - Name: "Local Registry", - IsProductionRepo: false, - IsImmutable: false, - RegistryDomain: LocalRegistrySocket, + Name: "Local Registry", + IsImmutable: false, + RegistryDomain: LocalRegistrySocket, } } @@ -132,16 +140,29 @@ func GetLocalContainerRepo() *ContainerRepo { } func GetStagingContainerRepo(uniqueStagingTag bool) *ContainerRepo { - return NewEcrContainerRepo("STAGING_TELEPORT_DRONE_USER_ECR_KEY", "STAGING_TELEPORT_DRONE_USER_ECR_SECRET", StagingRegistry, false, true, uniqueStagingTag) + return NewEcrContainerRepo("STAGING_TELEPORT_DRONE_USER_ECR_KEY", "STAGING_TELEPORT_DRONE_USER_ECR_SECRET", + "STAGING_TELEPORT_DRONE_ECR_AWS_ROLE", StagingRegistry, "staging", false, true, uniqueStagingTag) } func GetProductionContainerRepos() []*ContainerRepo { return []*ContainerRepo{ NewQuayContainerRepo("PRODUCTION_QUAYIO_DOCKER_USERNAME", "PRODUCTION_QUAYIO_DOCKER_PASSWORD"), - NewEcrContainerRepo("PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY", "PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET", ProductionRegistry, true, false, false), + NewEcrContainerRepo("PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY", "PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET", + "PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE", ProductionRegistry, "production", true, false, false), } } +// This is a special case of "public.ecr.aws". This references a public ECR repo that may only ever be pulled from. +// The purpose of this is to authenticate with public ECR prior to `docker buildx build` so that the build command +// will pull from the repo as an authenticated user. Pulling as an authenticated user greatly increase the number +// of layers that can be pulled per second, which fixes certain issues with running build commands in parallel. +func GetPublicEcrPullRegistry() *ContainerRepo { + // Note: these credentials currently allow for push and pull. I'd recommend either a separate role or set of + // credentials for pull only access. + return NewEcrContainerRepo("PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY", "PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET", + "PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE", ProductionRegistry, "authenticated-pull", true, false, false) +} + func (cr *ContainerRepo) buildSteps(buildStepDetails []*buildStepOutput, flags *TriggerFlags) []step { if len(buildStepDetails) == 0 { return nil @@ -225,7 +246,7 @@ func (cr *ContainerRepo) pullPushStep(image *Image, dependencySteps []string) (s return step{ Name: fmt.Sprintf("Pull %s and push it to %s", image.GetDisplayName(), localRepo.Name), Image: "docker", - Volumes: dockerVolumeRefs(), + Volumes: dockerVolumeRefs(volumeRefAwsConfig), Environment: cr.EnvironmentVars, Commands: commands, DependsOn: dependencySteps, @@ -274,7 +295,7 @@ func (cr *ContainerRepo) tagAndPushStep(buildStepDetails *buildStepOutput, image step := step{ Name: fmt.Sprintf("Tag and push image %q to %s", buildStepDetails.BuiltImage.GetDisplayName(), cr.Name), Image: "docker", - Volumes: dockerVolumeRefs(), + Volumes: dockerVolumeRefs(volumeRefAwsConfig), Environment: cr.EnvironmentVars, Commands: commands, DependsOn: dependencySteps, @@ -302,7 +323,7 @@ func (cr *ContainerRepo) createAndPushManifestStep(manifestImage *Image, pushSte return step{ Name: fmt.Sprintf("Create manifest and push %q to %s", manifestImage.GetDisplayName(), cr.Name), Image: "docker", - Volumes: dockerVolumeRefs(), + Volumes: dockerVolumeRefs(volumeRefAwsConfig), Environment: cr.EnvironmentVars, Commands: cr.buildCommandsWithLogin(commands), DependsOn: pushStepNames, diff --git a/dronegen/container_images_testing.go b/dronegen/container_images_testing.go index 49688abd75680..d762165ece810 100644 --- a/dronegen/container_images_testing.go +++ b/dronegen/container_images_testing.go @@ -57,10 +57,10 @@ package main const ( configureForPRTestingOnly bool = false testingSecretPrefix string = "TEST_" - testingQuayRegistryOrg string = "" //"fred_heinecke" + testingQuayRegistryOrg string = "" // "fred_heinecke" testingECRRegistryOrg string = "u8j2q1d9" testingECRRegion string = "us-east-2" - prBranch string = "" //"fred/multiarch-teleport-container-images" + prBranch string = "" // "fred/multiarch-teleport-actual-container-images" testingECRDomain string = "278576220453.dkr.ecr.us-east-2.amazonaws.com" ) diff --git a/dronegen/promote.go b/dronegen/promote.go index 2f1eb0a2bdb77..0f1b222ff7018 100644 --- a/dronegen/promote.go +++ b/dronegen/promote.go @@ -14,147 +14,13 @@ package main -import "fmt" - func promoteBuildPipelines() []pipeline { promotePipelines := make([]pipeline, 0) promotePipelines = append(promotePipelines, promoteBuildOsRepoPipelines()...) - promotePipelines = append(promotePipelines, buildDockerPromotionPipelineECR(), buildDockerPromotionPipelineQuay()) return promotePipelines } -func buildDockerPromotionPipelineECR() pipeline { - dockerPipeline := newKubePipeline("promote-docker-ecr") - dockerPipeline.Trigger = triggerPromote - dockerPipeline.Trigger.Target.Include = append(dockerPipeline.Trigger.Target.Include, "promote-docker", "promote-docker-ecr") - dockerPipeline.Workspace = workspace{Path: "/go"} - - // Add docker service - dockerPipeline.Services = []service{ - dockerService(), - } - dockerPipeline.Volumes = []volume{ - volumeDocker, - volumeAwsConfig, - } - - dockerPipeline.Steps = append(dockerPipeline.Steps, verifyTaggedStep()) - dockerPipeline.Steps = append(dockerPipeline.Steps, waitForDockerStep()) - - // Pull/Push Steps - dockerPipeline.Steps = append(dockerPipeline.Steps, kubernetesAssumeAwsRoleStep(kubernetesRoleSettings{ - awsRoleSettings: awsRoleSettings{ - awsAccessKeyID: value{fromSecret: "PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY"}, - awsSecretAccessKey: value{fromSecret: "PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET"}, - role: value{fromSecret: "PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE"}, - }, - configVolume: volumeRefAwsConfig, - })) - dockerPipeline.Steps = append(dockerPipeline.Steps, step{ - Name: "Pull/retag Docker images", - Image: "docker", - Volumes: []volumeRef{ - volumeRefDocker, - volumeRefAwsConfig, - }, - Commands: []string{ - "apk add --no-cache aws-cli", - "export VERSION=${DRONE_TAG##v}", - // authenticate with staging credentials - "aws ecr get-login-password --region=us-west-2 | docker login -u=\"AWS\" --password-stdin " + StagingRegistry, - // pull staging images - "echo \"---> Pulling images for $${VERSION}\"", - fmt.Sprintf("docker pull %s/gravitational/teleport:$${VERSION}", StagingRegistry), - fmt.Sprintf("docker pull %s/gravitational/teleport-ent:$${VERSION}", StagingRegistry), - fmt.Sprintf("docker pull %s/gravitational/teleport-ent:$${VERSION}-fips", StagingRegistry), - // retag images to production naming - "echo \"---> Tagging images for $${VERSION}\"", - fmt.Sprintf("docker tag %s/gravitational/teleport:$${VERSION} %s/gravitational/teleport:$${VERSION}", StagingRegistry, ProductionRegistry), - fmt.Sprintf("docker tag %s/gravitational/teleport-ent:$${VERSION} %s/gravitational/teleport-ent:$${VERSION}", StagingRegistry, ProductionRegistry), - fmt.Sprintf("docker tag %s/gravitational/teleport-ent:$${VERSION}-fips %s/gravitational/teleport-ent:$${VERSION}-fips", StagingRegistry, ProductionRegistry), - // authenticate with production credentials - "docker logout " + StagingRegistry, - "aws ecr-public get-login-password --region=us-east-1 | docker login -u=\"AWS\" --password-stdin " + ProductionRegistry, - // push production images - "echo \"---> Pushing images for $${VERSION}\"", - // push production images ECR - fmt.Sprintf("docker push %s/gravitational/teleport:$${VERSION}", ProductionRegistry), - fmt.Sprintf("docker push %s/gravitational/teleport-ent:$${VERSION}", ProductionRegistry), - fmt.Sprintf("docker push %s/gravitational/teleport-ent:$${VERSION}-fips", ProductionRegistry), - }, - }) - - return dockerPipeline -} - -func buildDockerPromotionPipelineQuay() pipeline { - dockerPipeline := newKubePipeline("promote-docker-quay") - dockerPipeline.Trigger = triggerPromote - dockerPipeline.Trigger.Target.Include = append(dockerPipeline.Trigger.Target.Include, "promote-docker", "promote-docker-quay") - dockerPipeline.Workspace = workspace{Path: "/go"} - - // Add docker service - dockerPipeline.Services = []service{ - dockerService(), - } - dockerPipeline.Volumes = []volume{ - volumeDocker, - volumeAwsConfig, - } - - dockerPipeline.Steps = append(dockerPipeline.Steps, verifyTaggedStep()) - dockerPipeline.Steps = append(dockerPipeline.Steps, waitForDockerStep()) - - // Pull/Push Steps - dockerPipeline.Steps = append(dockerPipeline.Steps, kubernetesAssumeAwsRoleStep(kubernetesRoleSettings{ - awsRoleSettings: awsRoleSettings{ - awsAccessKeyID: value{fromSecret: "PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY"}, - awsSecretAccessKey: value{fromSecret: "PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET"}, - role: value{fromSecret: "PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE"}, - }, - configVolume: volumeRefAwsConfig, - })) - dockerPipeline.Steps = append(dockerPipeline.Steps, step{ - Name: "Pull/retag Docker images", - Image: "docker", - Environment: map[string]value{ - "QUAY_USERNAME": {fromSecret: "PRODUCTION_QUAYIO_DOCKER_USERNAME"}, - "QUAY_PASSWORD": {fromSecret: "PRODUCTION_QUAYIO_DOCKER_PASSWORD"}, - }, - Volumes: []volumeRef{ - volumeRefDocker, - volumeRefAwsConfig, - }, - Commands: []string{ - "apk add --no-cache aws-cli", - "export VERSION=${DRONE_TAG##v}", - // authenticate with staging credentials - "aws ecr get-login-password --region=us-west-2 | docker login -u=\"AWS\" --password-stdin " + StagingRegistry, - // pull staging images - "echo \"---> Pulling images for $${VERSION}\"", - fmt.Sprintf("docker pull %s/gravitational/teleport:$${VERSION}", StagingRegistry), - fmt.Sprintf("docker pull %s/gravitational/teleport-ent:$${VERSION}", StagingRegistry), - fmt.Sprintf("docker pull %s/gravitational/teleport-ent:$${VERSION}-fips", StagingRegistry), - // retag images to production naming - "echo \"---> Tagging images for $${VERSION}\"", - fmt.Sprintf("docker tag %s/gravitational/teleport:$${VERSION} %s/gravitational/teleport:$${VERSION}", StagingRegistry, ProductionRegistryQuay), - fmt.Sprintf("docker tag %s/gravitational/teleport-ent:$${VERSION} %s/gravitational/teleport-ent:$${VERSION}", StagingRegistry, ProductionRegistryQuay), - fmt.Sprintf("docker tag %s/gravitational/teleport-ent:$${VERSION}-fips %s/gravitational/teleport-ent:$${VERSION}-fips", StagingRegistry, ProductionRegistryQuay), - // authenticate with production credentials - "docker logout " + StagingRegistry, - "docker login -u=\"$QUAY_USERNAME\" -p=\"$QUAY_PASSWORD\" " + ProductionRegistryQuay, - // push production images - "echo \"---> Pushing images for $${VERSION}\"", - fmt.Sprintf("docker push %s/gravitational/teleport:$${VERSION}", ProductionRegistryQuay), - fmt.Sprintf("docker push %s/gravitational/teleport-ent:$${VERSION}", ProductionRegistryQuay), - fmt.Sprintf("docker push %s/gravitational/teleport-ent:$${VERSION}-fips", ProductionRegistryQuay), - }, - }) - - return dockerPipeline -} - func publishReleasePipeline() pipeline { return relcliPipeline(triggerPromote, "publish-rlz", "Publish in Release API", "relcli auto_publish -f -v 6") }