diff --git a/.drone.yml b/.drone.yml index 9217b51e8518f..92f90b212dfe3 100644 --- a/.drone.yml +++ b/.drone.yml @@ -63,17 +63,19 @@ steps: image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/webapps - - mkdir -p /go/src/github.com/gravitational/teleport /go/cache - - cd /go/src/github.com/gravitational/teleport - - git init && git remote add origin ${DRONE_REMOTE_URL} - - git fetch origin - - git checkout -qf ${DRONE_COMMIT_SHA} + - mkdir -pv "/go/src/github.com/gravitational/teleport" + - cd "/go/src/github.com/gravitational/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "${DRONE_COMMIT_SHA}" - git submodule update --init webassets || true - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true + - mkdir -pv /go/cache - cd /go/src/github.com/gravitational/webapps - git clone https://github.com/gravitational/webapps.git . - git checkout "$(/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh)" @@ -173,17 +175,19 @@ steps: - name: Check out code image: docker:git commands: - - mkdir -p /go/src/github.com/gravitational/teleport /go/cache - - cd /go/src/github.com/gravitational/teleport - - git init && git remote add origin ${DRONE_REMOTE_URL} - - git fetch origin - - git checkout -qf ${DRONE_COMMIT_SHA} + - mkdir -pv "/go/src/github.com/gravitational/teleport" + - cd "/go/src/github.com/gravitational/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "${DRONE_COMMIT_SHA}" - git submodule update --init webassets || true - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true + - mkdir -pv /go/cache - rm -f /root/.ssh/id_rsa environment: GITHUB_PRIVATE_KEY: @@ -276,17 +280,19 @@ steps: - name: Check out code image: docker:git commands: - - mkdir -p /go/src/github.com/gravitational/teleport /go/cache - - cd /go/src/github.com/gravitational/teleport - - git init && git remote add origin ${DRONE_REMOTE_URL} - - git fetch origin - - git checkout -qf ${DRONE_COMMIT_SHA} + - mkdir -pv "/go/src/github.com/gravitational/teleport" + - cd "/go/src/github.com/gravitational/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "${DRONE_COMMIT_SHA}" - git submodule update --init webassets || true - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true + - mkdir -pv /go/cache - rm -f /root/.ssh/id_rsa - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt @@ -383,17 +389,19 @@ steps: - name: Check out code image: docker:git commands: - - mkdir -p /go/src/github.com/gravitational/teleport /go/cache - - cd /go/src/github.com/gravitational/teleport - - git init && git remote add origin ${DRONE_REMOTE_URL} - - git fetch origin - - git checkout -qf ${DRONE_COMMIT_SHA} + - mkdir -pv "/go/src/github.com/gravitational/teleport" + - cd "/go/src/github.com/gravitational/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "${DRONE_COMMIT_SHA}" - git submodule update --init webassets || true - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true + - mkdir -pv /go/cache - rm -f /root/.ssh/id_rsa environment: GITHUB_PRIVATE_KEY: @@ -1129,17 +1137,19 @@ steps: - name: Check out code image: docker:git commands: - - mkdir -p /go/src/github.com/gravitational/teleport /go/cache - - cd /go/src/github.com/gravitational/teleport - - git init && git remote add origin ${DRONE_REMOTE_URL} - - git fetch origin - - git checkout -qf ${DRONE_COMMIT_SHA} + - mkdir -pv "/go/src/github.com/gravitational/teleport" + - cd "/go/src/github.com/gravitational/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "${DRONE_COMMIT_SHA}" - git submodule update --init webassets || true - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true + - mkdir -pv /go/cache - rm -f /root/.ssh/id_rsa environment: GITHUB_PRIVATE_KEY: @@ -1232,17 +1242,19 @@ steps: - name: Check out code image: docker:git commands: - - mkdir -p /go/src/github.com/gravitational/teleport /go/cache - - cd /go/src/github.com/gravitational/teleport - - git init && git remote add origin ${DRONE_REMOTE_URL} - - git fetch origin - - git checkout -qf ${DRONE_COMMIT_SHA} + - mkdir -pv "/go/src/github.com/gravitational/teleport" + - cd "/go/src/github.com/gravitational/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "${DRONE_COMMIT_SHA}" - git submodule update --init webassets || true - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true + - mkdir -pv /go/cache - rm -f /root/.ssh/id_rsa environment: GITHUB_PRIVATE_KEY: @@ -1341,94 +1353,34 @@ steps: - echo "$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt # list versions - for FILE in /go/build/*.txt; do echo $FILE; cat $FILE; done - # get Dockerfiles - - curl -Ls -o /go/build/Dockerfile-cron https://raw.githubusercontent.com/gravitational/teleport/${DRONE_SOURCE_BRANCH:-master}/build.assets/Dockerfile-cron # wait for Docker to be ready - sleep 3 - - name: Build and push Teleport containers (CURRENT_VERSION) - image: docker - environment: - OS: linux - ARCH: amd64 - QUAY_USERNAME: - from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME - QUAY_PASSWORD: - from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD - volumes: - - name: dockersock - path: /var/run - commands: - - export VERSION_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt) - - export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)" - - export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)" - - export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-fips" - - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" quay.io - # OSS - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - - docker push $OSS_IMAGE_NAME - # Enterprise - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - - docker push $ENT_IMAGE_NAME - # Enterprise FIPS - - docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - - docker push $ENT_FIPS_IMAGE_NAME - - - name: Build and push Teleport containers (PREVIOUS_VERSION_ONE) - image: docker - environment: - OS: linux - ARCH: amd64 - QUAY_USERNAME: - from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME - QUAY_PASSWORD: - from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD - volumes: - - name: dockersock - path: /var/run - commands: - - export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt) - - export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)" - - export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)" - - export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-fips" - - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" quay.io - # OSS - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - - docker push $OSS_IMAGE_NAME - # Enterprise - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - - docker push $ENT_IMAGE_NAME - # Enterprise FIPS - - docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - - docker push $ENT_FIPS_IMAGE_NAME - - - name: Build and push Teleport containers (PREVIOUS_VERSION_TWO) - image: docker + - name: Build/push Teleport Lab Docker image + image: docker:git environment: OS: linux ARCH: amd64 QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME QUAY_PASSWORD: - from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD= volumes: - name: dockersock path: /var/run commands: - - export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt) - - export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)" - - export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)" - - export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-fips" + - export TELEPORT_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt | tr -d '^v') + - export TELEPORT_LAB_IMAGE_NAME="quay.io/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)" + # Check out code + - mkdir -p /go/src/github.com/gravitational/teleport + - cd /go/src/github.com/gravitational/teleport + - git init && git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin + - git checkout -qf ${DRONE_COMMIT_SHA} + # Build and push Teleport lab image - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" quay.io - # OSS - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - - docker push $OSS_IMAGE_NAME - # Enterprise - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - - docker push $ENT_IMAGE_NAME - # Enterprise FIPS - - docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - - docker push $ENT_FIPS_IMAGE_NAME + - docker build --build-arg TELEPORT_TAG=$TELEPORT_TAG -t $TELEPORT_LAB_IMAGE_NAME /go/src/github.com/gravitational/teleport/docker/sshd + - docker push $TELEPORT_LAB_IMAGE_NAME services: - name: Start Docker @@ -1484,9 +1436,6 @@ steps: - echo "$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt # list versions - for FILE in /go/build/*.txt; do echo $FILE; cat $FILE; done - # get Dockerfiles - - curl -Ls -o /go/build/Dockerfile-cron https://raw.githubusercontent.com/gravitational/teleport/${DRONE_SOURCE_BRANCH:-master}/build.assets/Dockerfile-cron - - curl -Ls -o /go/build/Dockerfile-cron-v8 https://raw.githubusercontent.com/gravitational/teleport/${DRONE_SOURCE_BRANCH:-master}/build.assets/Dockerfile-cron-v8 # wait for Docker to be ready - sleep 3 @@ -1540,141 +1489,6 @@ steps: - name: awsconfig path: /root/.aws - - name: Build and push Teleport containers (CURRENT_VERSION) - image: docker - environment: - OS: linux - ARCH: amd64 - volumes: - - name: dockersock - path: /var/run - - name: awsconfig - path: /root/.aws - commands: - - apk add --no-cache aws-cli - - export VERSION_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt) - - export CURRENT_DATE=$(date '+%Y%m%d%H%M') - # Staging image names - - export OSS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-$CURRENT_DATE" - - export ENT_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-$CURRENT_DATE" - - export ENT_FIPS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-fips-$CURRENT_DATE" - # Production image names - - export OSS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)" - - export ENT_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)" - - export ENT_FIPS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-fips" - # Authenticate to staging registry - - aws ecr get-login-password --profile staging --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - # OSS - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build - - docker push $OSS_IMAGE_NAME_STAGE - # Enterprise - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build - - docker push $ENT_IMAGE_NAME_STAGE - # Enterprise FIPS - - docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build - - docker push $ENT_FIPS_IMAGE_NAME_STAGE - # Authenticate to production registry - - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com - - aws ecr-public get-login-password --profile production --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - # Retag images - - docker tag $OSS_IMAGE_NAME_STAGE $OSS_IMAGE_NAME_PROD - - docker tag $ENT_IMAGE_NAME_STAGE $ENT_IMAGE_NAME_PROD - - docker tag $ENT_FIPS_IMAGE_NAME_STAGE $ENT_FIPS_IMAGE_NAME_PROD - # Promote to production registry - - docker push $ENT_IMAGE_NAME_PROD - - docker push $OSS_IMAGE_NAME_PROD - - docker push $ENT_FIPS_IMAGE_NAME_PROD - - - name: Build and push Teleport containers (PREVIOUS_VERSION_ONE) - image: docker - environment: - OS: linux - ARCH: amd64 - volumes: - - name: dockersock - path: /var/run - - name: awsconfig - path: /root/.aws - commands: - - apk add --no-cache aws-cli - - export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt) - - export CURRENT_DATE=$(date '+%Y%m%d%H%M') - # Staging image names - - export OSS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-$CURRENT_DATE" - - export ENT_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-$CURRENT_DATE" - - export ENT_FIPS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-fips-$CURRENT_DATE" - # Production image names - - export OSS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)" - - export ENT_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)" - - export ENT_FIPS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-fips" - # Authenticate to staging registry - - aws ecr get-login-password --profile staging --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - # OSS - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build - - docker push $OSS_IMAGE_NAME_STAGE - # Enterprise - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build - - docker push $ENT_IMAGE_NAME_STAGE - # Enterprise FIPS - - docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build - - docker push $ENT_FIPS_IMAGE_NAME_STAGE - # Authenticate to production registry - - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com - - aws ecr-public get-login-password --profile production --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - # Retag images - - docker tag $OSS_IMAGE_NAME_STAGE $OSS_IMAGE_NAME_PROD - - docker tag $ENT_IMAGE_NAME_STAGE $ENT_IMAGE_NAME_PROD - - docker tag $ENT_FIPS_IMAGE_NAME_STAGE $ENT_FIPS_IMAGE_NAME_PROD - # Promote to production registry - - docker push $ENT_IMAGE_NAME_PROD - - docker push $OSS_IMAGE_NAME_PROD - - docker push $ENT_FIPS_IMAGE_NAME_PROD - - - name: Build and push Teleport containers (PREVIOUS_VERSION_TWO) - image: docker - environment: - OS: linux - ARCH: amd64 - volumes: - - name: dockersock - path: /var/run - - name: awsconfig - path: /root/.aws - commands: - - apk add --no-cache aws-cli - - export CURRENT_DATE=$(date '+%Y%m%d%H%M') - - export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt) - # Staging image names - - export OSS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-$CURRENT_DATE" - - export ENT_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-$CURRENT_DATE" - - export ENT_FIPS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-fips-$CURRENT_DATE" - # Production image names - - export OSS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)" - - export ENT_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)" - - export ENT_FIPS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-fips" - # Authenticate to staging registry - - aws ecr get-login-password --profile staging --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - # OSS - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron-v8 /go/build - - docker push $OSS_IMAGE_NAME_STAGE - # Enterprise - - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron-v8 /go/build - - docker push $ENT_IMAGE_NAME_STAGE - # Enterprise FIPS - - docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron-v8 /go/build - - docker push $ENT_FIPS_IMAGE_NAME_STAGE - # Authenticate to production registry - - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com - - aws ecr-public get-login-password --profile production --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - # Retag images - - docker tag $OSS_IMAGE_NAME_STAGE $OSS_IMAGE_NAME_PROD - - docker tag $ENT_IMAGE_NAME_STAGE $ENT_IMAGE_NAME_PROD - - docker tag $ENT_FIPS_IMAGE_NAME_STAGE $ENT_FIPS_IMAGE_NAME_PROD - # Promote to production registry - - docker push $ENT_IMAGE_NAME_PROD - - docker push $OSS_IMAGE_NAME_PROD - - docker push $ENT_FIPS_IMAGE_NAME_PROD - - name: Build/push Teleport Lab Docker image image: docker:git environment: @@ -6483,141 +6297,6 @@ volumes: - name: dockersock temp: {} ---- -kind: pipeline -type: kubernetes -name: build-docker-images - -environment: - BUILDBOX_VERSION: "teleport10" - RUNTIME: go1.17.9 - -trigger: - event: - - tag - ref: - include: - - refs/tags/v* - repo: - include: - - gravitational/* - -workspace: - path: /go - -clone: - disable: true - -steps: - - name: Check out code - image: docker:git - environment: - GITHUB_PRIVATE_KEY: - from_secret: GITHUB_PRIVATE_KEY - GOCACHE: /go/cache - commands: - - mkdir -p /go/src/github.com/gravitational/teleport - - cd /go/src/github.com/gravitational/teleport - - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - # fetch enterprise submodules - - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - - git submodule update --init e - # this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule - - git submodule update --init --recursive webassets || true - - rm -f /root/.ssh/id_rsa - # create necessary directories - - mkdir -p /go/artifacts $GOCACHE - # set version - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt - - - name: Assume AWS Role - image: amazon/aws-cli - commands: - - aws sts get-caller-identity - - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ - $(aws sts assume-role \ - --role-arn "$AWS_ROLE" \ - --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ - --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ - --output text) \ - > /root/.aws/credentials - - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity --profile default - environment: - AWS_ACCESS_KEY_ID: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY - AWS_ROLE: - from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE - AWS_SECRET_ACCESS_KEY: - from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET - volumes: - - name: awsconfig - path: /root/.aws - - - name: Build/push OSS/Enterprise Docker images - image: docker - environment: - UID: 1000 - GID: 1000 - GOCACHE: /go/cache - GOPATH: /go - OS: linux - ARCH: amd64 - volumes: - - name: dockersock - path: /var/run - - name: awsconfig - path: /root/.aws - commands: - - apk add --no-cache make bash aws-cli - - chown -R $UID:$GID /go - - aws ecr get-login-password --region us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - - cd /go/src/github.com/gravitational/teleport - - make image-ci publish-ci - - make publish-operator-ci - - - name: Build/push FIPS Docker image - image: docker - environment: - UID: 1000 - GID: 1000 - GOCACHE: /go/cache - GOPATH: /go - OS: linux - ARCH: amd64 - volumes: - - name: dockersock - path: /var/run - - name: awsconfig - path: /root/.aws - commands: - - apk add --no-cache make aws-cli - - chown -R $UID:$GID /go - - aws ecr get-login-password --region us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - - cd /go/src/github.com/gravitational/teleport - # VERSION needs to be set manually when running in the e directory. - # Normally, the version is set and exported by the root Makefile and then inherited, - # but this is not the case for FIPS builds (which only run in e/Makefile) - - export VERSION=$(cat /go/.version.txt) - - make -C e image-fips-ci publish-fips-ci - -services: - - name: Start Docker - image: docker:dind - privileged: true - volumes: - - name: dockersock - path: /var/run - -volumes: - - name: dockersock - temp: {} - - name: awsconfig - temp: {} - --- kind: pipeline type: kubernetes @@ -6651,7 +6330,7 @@ steps: - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} # set version - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - if [[ "$(echo v1.2.3-fred.1)" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt - name: Assume Download AWS Role image: amazon/aws-cli @@ -6689,7 +6368,7 @@ steps: path: /root/.aws commands: - export VERSION=$(cat /go/.version.txt) - - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi + - if [[ "$(echo v1.2.3-fred.1)" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files - name: Assume Packer AWS Role @@ -6825,7 +6504,7 @@ steps: - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} # set version - - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt + - if [[ "$(echo v1.2.3-fred.1)" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt - name: Assume Download AWS Role image: amazon/aws-cli @@ -6863,7 +6542,7 @@ steps: path: /root/.aws commands: - export VERSION=$(cat /go/.version.txt) - - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi + - if [[ "$(echo v1.2.3-fred.1)" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files @@ -7233,7 +6912,8 @@ steps: commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - - git init && git remote add origin ${DRONE_REMOTE_URL} + - git init + - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "${DRONE_TAG}" - name: Assume Download AWS Role @@ -7312,7 +6992,14 @@ steps: - name: Check if tag is prerelease image: golang:1.18-alpine commands: - - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling" + - apk add git + - mkdir -pv "/tmp/repo" + - cd "/tmp/repo" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "${DRONE_TAG}" + - cd "/tmp/repo/build.assets/tooling" - go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> This is a prerelease, not continuing promotion for ${DRONE_TAG}' && exit 78) depends_on: @@ -7428,7 +7115,8 @@ steps: commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - - git init && git remote add origin ${DRONE_REMOTE_URL} + - git init + - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "${DRONE_TAG}" - name: Assume Download AWS Role @@ -7507,7 +7195,14 @@ steps: - name: Check if tag is prerelease image: golang:1.18-alpine commands: - - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling" + - apk add git + - mkdir -pv "/tmp/repo" + - cd "/tmp/repo" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "${DRONE_TAG}" + - cd "/tmp/repo/build.assets/tooling" - go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> This is a prerelease, not continuing promotion for ${DRONE_TAG}' && exit 78) depends_on: @@ -7562,254 +7257,30 @@ volumes: temp: {} --- -################################################ -# Generated using dronegen, do not edit by hand! -# Use 'make dronegen' to update. -# Generated at dronegen/promote.go (main.buildDockerPromotionPipelineECR) -################################################ - kind: pipeline type: kubernetes -name: promote-docker-ecr +name: promote-build + trigger: event: - include: - promote target: - include: - production - - promote-docker - - promote-docker-ecr repo: include: - - gravitational/* + - gravitational/* + workspace: path: /go + clone: disable: true -steps: -- name: Verify build is tagged - image: alpine:latest - commands: - - '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?'' - && exit 1)' -- name: Wait for docker - image: docker - commands: - - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - volumes: - - name: dockersock - path: /var/run -- name: Assume AWS Role - image: amazon/aws-cli - commands: - - aws sts get-caller-identity - - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ - $(aws sts assume-role \ - --role-arn "$AWS_ROLE" \ - --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ - --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ - --output text) \ - > /root/.aws/credentials - - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity --profile default - environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_ROLE: - from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET - volumes: - - name: awsconfig - path: /root/.aws -- name: Pull/retag Docker images - image: docker - commands: - - apk add --no-cache aws-cli - - export VERSION=${DRONE_TAG##v} - - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin - 146628656107.dkr.ecr.us-west-2.amazonaws.com - - echo "---> Pulling images for $${VERSION}" - - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$${VERSION} - - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION} - - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}-fips - - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$${VERSION} - - echo "---> Tagging images for $${VERSION}" - - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$${VERSION} - public.ecr.aws/gravitational/teleport:$${VERSION} - - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION} - public.ecr.aws/gravitational/teleport-ent:$${VERSION} - - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}-fips - public.ecr.aws/gravitational/teleport-ent:$${VERSION}-fips - - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$${VERSION} - public.ecr.aws/gravitational/teleport-operator:$${VERSION} - - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com - - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin - public.ecr.aws - - echo "---> Pushing images for $${VERSION}" - - docker push public.ecr.aws/gravitational/teleport:$${VERSION} - - docker push public.ecr.aws/gravitational/teleport-ent:$${VERSION} - - docker push public.ecr.aws/gravitational/teleport-ent:$${VERSION}-fips - - docker push public.ecr.aws/gravitational/teleport-operator:$${VERSION} - volumes: - - name: dockersock - path: /var/run - - name: awsconfig - path: /root/.aws -services: -- name: Start Docker - image: docker:dind - privileged: true - volumes: - - name: dockersock - path: /var/run -volumes: -- name: dockersock - temp: {} -- name: awsconfig - temp: {} - ---- -################################################ -# Generated using dronegen, do not edit by hand! -# Use 'make dronegen' to update. -# Generated at dronegen/promote.go (main.buildDockerPromotionPipelineQuay) -################################################ - -kind: pipeline -type: kubernetes -name: promote-docker-quay -trigger: - event: - include: - - promote - target: - include: - - production - - promote-docker - - promote-docker-quay - repo: - include: - - gravitational/* -workspace: - path: /go -clone: - disable: true -steps: -- name: Verify build is tagged - image: alpine:latest - commands: - - '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?'' - && exit 1)' -- name: Wait for docker - image: docker - commands: - - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - volumes: - - name: dockersock - path: /var/run -- name: Assume AWS Role - image: amazon/aws-cli - commands: - - aws sts get-caller-identity - - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ - $(aws sts assume-role \ - --role-arn "$AWS_ROLE" \ - --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ - --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ - --output text) \ - > /root/.aws/credentials - - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity --profile default - environment: - AWS_ACCESS_KEY_ID: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY - AWS_ROLE: - from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE - AWS_SECRET_ACCESS_KEY: - from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET - volumes: - - name: awsconfig - path: /root/.aws -- name: Pull/retag Docker images - image: docker - commands: - - apk add --no-cache aws-cli - - export VERSION=${DRONE_TAG##v} - - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin - 146628656107.dkr.ecr.us-west-2.amazonaws.com - - echo "---> Pulling images for $${VERSION}" - - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$${VERSION} - - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION} - - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}-fips - - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$${VERSION} - - echo "---> Tagging images for $${VERSION}" - - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$${VERSION} - quay.io/gravitational/teleport:$${VERSION} - - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION} - quay.io/gravitational/teleport-ent:$${VERSION} - - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}-fips - quay.io/gravitational/teleport-ent:$${VERSION}-fips - - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$${VERSION} - quay.io/gravitational/teleport-operator:$${VERSION} - - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com - - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" quay.io - - echo "---> Pushing images for $${VERSION}" - - docker push quay.io/gravitational/teleport:$${VERSION} - - docker push quay.io/gravitational/teleport-ent:$${VERSION} - - docker push quay.io/gravitational/teleport-ent:$${VERSION}-fips - - docker push quay.io/gravitational/teleport-operator:$${VERSION} - environment: - QUAY_PASSWORD: - from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD - QUAY_USERNAME: - from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME - volumes: - - name: dockersock - path: /var/run - - name: awsconfig - path: /root/.aws -services: -- name: Start Docker - image: docker:dind - privileged: true - volumes: - - name: dockersock - path: /var/run -volumes: -- name: dockersock - temp: {} -- name: awsconfig - temp: {} - ---- -kind: pipeline -type: kubernetes -name: promote-build - -trigger: - event: - - promote - target: - - production - repo: - include: - - gravitational/* - -workspace: - path: /go - -clone: - disable: true - + steps: - name: Check if commit is tagged image: alpine commands: - - "[ -n ${DRONE_TAG} ] || (echo 'DRONE_TAG is not set. Is the commit tagged?' && exit 1)" + - "[ -n $(echo v1.2.3-fred.1) ] || (echo 'DRONE_TAG is not set. Is the commit tagged?' && exit 1)" - name: Assume Download AWS Role image: amazon/aws-cli @@ -7894,7 +7365,7 @@ steps: mkdir -p /go/src/github.com/gravitational/teleport cd /go/src/github.com/gravitational/teleport git init && git remote add origin ${DRONE_REMOTE_URL} - git fetch origin +refs/tags/${DRONE_TAG}: + git fetch origin +refs/tags/$(echo v1.2.3-fred.1): git checkout -qf FETCH_HEAD - name: Assume AMI Download AWS Role @@ -8078,7 +7549,7 @@ steps: image: golang:1.17-alpine commands: - cd /go/src/github.com/gravitational/teleport/build.assets/tooling - - go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> Not publishing ${DRONE_TAG} packages to RPM and DEB repos' && exit 78) + - go run ./cmd/check -tag $(echo v1.2.3-fred.1) -check prerelease || (echo '---> Not publishing $(echo v1.2.3-fred.1) packages to RPM and DEB repos' && exit 78) - name: Assume RPM Repo AWS Role image: amazon/aws-cli @@ -8180,7 +7651,7 @@ steps: image: golang:1.17-alpine commands: - cd /go/src/github.com/gravitational/teleport/build.assets/tooling - - go run ./cmd/check -tag ${DRONE_TAG} -check latest || (echo '---> Not publishing ${DRONE_REPO} packages to DEB repo' && exit 78) + - go run ./cmd/check -tag $(echo v1.2.3-fred.1) -check latest || (echo '---> Not publishing ${DRONE_REPO} packages to DEB repo' && exit 78) - name: Assume Deb Repo AWS Role image: amazon/aws-cli @@ -8672,8 +8143,10005 @@ steps: - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh environment: WORKSPACE_DIR: /tmp/build-darwin-amd64-connect + +--- +################################################ +# Generated using dronegen, do not edit by hand! +# Use 'make dronegen' to update. +# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline) +################################################ + +kind: pipeline +type: kubernetes +name: teleport-container-images-branch-tag +environment: + DEBIAN_FRONTEND: noninteractive +trigger: + event: + include: + - tag + ref: + include: + - refs/tags/v* + repo: + include: + - gravitational/* +workspace: + path: /go +clone: + disable: true +depends_on: +- clean-up-previous-build +steps: +- name: Wait for docker + image: docker + commands: + - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + volumes: + - name: dockersock + path: /var/run +- name: Wait for docker registry + image: alpine + commands: + - apk add curl + - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" + != "200" ]; do sleep 1; done' +- name: Check out code + image: alpine/git:latest + commands: + - mkdir -pv "/go/src/github.com/gravitational/teleport" + - cd "/go/src/github.com/gravitational/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "$DRONE_TAG" +- name: Build full semver + image: alpine + commands: + - mkdir -pv $(dirname "/go/var/full-version") + - echo $DRONE_TAG | sed 's/v//' > "/go/var/full-version" + - echo $(cat "/go/var/full-version") +- name: Assume ECR - staging AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-staging + environment: + AWS_ACCESS_KEY_ID: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws +- name: Assume ECR - authenticated-pull AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-authenticated-pull + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume ECR - staging AWS Role +- name: Assume S3 Download AWS Role for teleport + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Wait for docker + - Wait for docker registry + - Check out code + - Build full semver + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport") + - curl -Ls -o "/go/build/Dockerfile-teleport" "https://raw.githubusercontent.com/gravitational/teleport/$DRONE_TAG/build.assets/charts/Dockerfile" + depends_on: + - Wait for docker + - Wait for docker registry + - Check out code + - Build full semver + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role +- name: Download "teleport_v10-tag_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v10-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v10-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v10-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v10-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v10-amd64-builder" --config "/tmp/teleport-v10-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v10-amd64-builder" --target "teleport" + --platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v10-amd64-builder" + - rm -rf "/tmp/teleport-v10-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v10-tag_amd64.deb" artifacts from S3 +- name: Download "teleport_v10-tag_arm.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v10-arm" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v10-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v10-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v10-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v10-arm-builder" --config "/tmp/teleport-v10-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v10-arm-builder" --target "teleport" + --platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v10-arm-builder" + - rm -rf "/tmp/teleport-v10-arm-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v10-tag_arm.deb" artifacts from S3 +- name: Download "teleport_v10-tag_arm64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v10-arm64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v10-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v10-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v10-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v10-arm64-builder" --config "/tmp/teleport-v10-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v10-arm64-builder" --target "teleport" + --platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v10-arm64-builder" + - rm -rf "/tmp/teleport-v10-arm64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v10-tag_arm64.deb" artifacts from S3 +- name: Tag and push image "teleport:v10-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-amd64" +- name: Tag and push image "teleport:v10-arm" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' + || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-arm) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-arm" +- name: Tag and push image "teleport:v10-arm64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-arm64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-arm64" +- name: Create manifest and push "teleport:full" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' + || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version") --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to ECR - staging + - Tag and push image "teleport:v10-arm" to ECR - staging + - Tag and push image "teleport:v10-arm64" to ECR - staging +- name: Assume S3 Download AWS Role for teleport-ent + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport-ent + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Wait for docker + - Wait for docker registry + - Check out code + - Build full semver + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent") + - curl -Ls -o "/go/build/Dockerfile-teleport-ent" "https://raw.githubusercontent.com/gravitational/teleport/$DRONE_TAG/build.assets/charts/Dockerfile" + depends_on: + - Wait for docker + - Wait for docker registry + - Check out code + - Build full semver + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role +- name: Download "teleport-ent_v10-tag_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v10-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v10-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v10-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v10-amd64-builder" --config "/tmp/teleport-ent-v10-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v10-amd64-builder" --target + "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg + DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v10-amd64-builder" + - rm -rf "/tmp/teleport-ent-v10-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v10-tag_amd64.deb" artifacts from S3 +- name: Download "teleport-ent_v10-tag_arm.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v10-arm" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v10-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v10-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v10-arm-builder" --config "/tmp/teleport-ent-v10-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v10-arm-builder" --target "teleport" + --platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat + "/go/var/full-version")_arm.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v10-arm-builder" + - rm -rf "/tmp/teleport-ent-v10-arm-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v10-tag_arm.deb" artifacts from S3 +- name: Download "teleport-ent_v10-tag_arm64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v10-arm64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v10-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v10-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v10-arm64-builder" --config "/tmp/teleport-ent-v10-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v10-arm64-builder" --target + "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg + DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v10-arm64-builder" + - rm -rf "/tmp/teleport-ent-v10-arm64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v10-tag_arm64.deb" artifacts from S3 +- name: Tag and push image "teleport-ent:v10-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-amd64" +- name: Tag and push image "teleport-ent:v10-arm" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' + || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-arm" +- name: Tag and push image "teleport-ent:v10-arm64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-arm64" +- name: Create manifest and push "teleport-ent:full" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' + || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version") --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to ECR - staging + - Tag and push image "teleport-ent:v10-arm" to ECR - staging + - Tag and push image "teleport-ent:v10-arm64" to ECR - staging +- name: Assume S3 Download AWS Role for teleport-ent-fips + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport-ent-fips + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Wait for docker + - Wait for docker registry + - Check out code + - Build full semver + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for + teleport-ent-fips + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips") + - curl -Ls -o "/go/build/Dockerfile-teleport-ent-fips" "https://raw.githubusercontent.com/gravitational/teleport/$DRONE_TAG/build.assets/charts/Dockerfile" + depends_on: + - Wait for docker + - Wait for docker registry + - Check out code + - Build full semver + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role +- name: Download "teleport-ent_v10-tag-fips_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent-fips + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent-fips + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips +- name: Build teleport-ent-fips image "teleport-ent:v10-fips-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v10-fips-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-fips-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v10-fips-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v10-fips-amd64-builder" --config "/tmp/teleport-ent-v10-fips-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v10-fips-amd64-builder" --target + "teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips" + --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v10-fips-amd64-builder" + - rm -rf "/tmp/teleport-ent-v10-fips-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v10-tag-fips_amd64.deb" artifacts from S3 +- name: Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent-fips image "teleport-ent:v10-fips-amd64" +- name: Create manifest and push "teleport-ent:full-fips" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' + || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging +- name: Build teleport-operator image "teleport-operator:v10-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" + - mkdir -pv "/tmp/teleport-operator-v10-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-operator-v10-amd64-builder" --config "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-operator-v10-amd64-builder" --platform + "linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport11 --build-arg + COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-operator-v10-amd64-builder" + - rm -rf "/tmp/teleport-operator-v10-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Wait for docker + - Wait for docker registry + - Check out code + - Build full semver + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role +- name: Build teleport-operator image "teleport-operator:v10-arm" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" + - mkdir -pv "/tmp/teleport-operator-v10-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-operator-v10-arm-builder" --config "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-operator-v10-arm-builder" --platform + "linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11 --build-arg + COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-operator-v10-arm-builder" + - rm -rf "/tmp/teleport-operator-v10-arm-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Wait for docker + - Wait for docker registry + - Check out code + - Build full semver + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role +- name: Build teleport-operator image "teleport-operator:v10-arm64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" + - mkdir -pv "/tmp/teleport-operator-v10-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-operator-v10-arm64-builder" --config "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-operator-v10-arm64-builder" --platform + "linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11 --build-arg + COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-operator-v10-arm64-builder" + - rm -rf "/tmp/teleport-operator-v10-arm64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Wait for docker + - Wait for docker registry + - Check out code + - Build full semver + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role +- name: Tag and push image "teleport-operator:v10-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-amd64" +- name: Tag and push image "teleport-operator:v10-arm" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' + || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-arm" +- name: Tag and push image "teleport-operator:v10-arm64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-arm64" +- name: Create manifest and push "teleport-operator:full" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' + || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version") --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to ECR - staging + - Tag and push image "teleport-operator:v10-arm" to ECR - staging + - Tag and push image "teleport-operator:v10-arm64" to ECR - staging +services: +- name: Start Docker + image: docker:dind + privileged: true + volumes: + - name: dockersock + path: /var/run +- name: drone-docker-registry + image: registry:2 + privileged: false + volumes: [] +volumes: +- name: awsconfig + temp: {} +- name: dockersock + temp: {} + +--- +################################################ +# Generated using dronegen, do not edit by hand! +# Use 'make dronegen' to update. +# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline) +################################################ + +kind: pipeline +type: kubernetes +name: teleport-container-images-branch-promote +environment: + DEBIAN_FRONTEND: noninteractive +trigger: + event: + include: + - promote + target: + include: + - production + - promote-docker + repo: + include: + - gravitational/* +workspace: + path: /go +clone: + disable: true +steps: +- name: Verify build is tagged + image: alpine:latest + commands: + - '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?'' + && exit 1)' +- name: Wait for docker + image: docker + commands: + - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + volumes: + - name: dockersock + path: /var/run + depends_on: + - Verify build is tagged +- name: Wait for docker registry + image: alpine + commands: + - apk add curl + - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" + != "200" ]; do sleep 1; done' + depends_on: + - Verify build is tagged +- name: Check out code + image: alpine/git:latest + commands: + - mkdir -pv "/go/src/github.com/gravitational/teleport" + - cd "/go/src/github.com/gravitational/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "$DRONE_TAG" + depends_on: + - Verify build is tagged +- name: Build major, minor, and full semvers + image: alpine + commands: + - mkdir -pv $(dirname "/go/var/major-version") + - echo $DRONE_TAG | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version" + - echo $(cat "/go/var/major-version") + - mkdir -pv $(dirname "/go/var/minor-version") + - echo $DRONE_TAG | sed 's/v//' | cut -d'.' -f "1,2" > "/go/var/minor-version" + - echo $(cat "/go/var/minor-version") + - mkdir -pv $(dirname "/go/var/full-version") + - echo $DRONE_TAG | sed 's/v//' > "/go/var/full-version" + - echo $(cat "/go/var/full-version") + depends_on: + - Verify build is tagged +- name: Assume ECR - staging AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-staging + environment: + AWS_ACCESS_KEY_ID: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Verify build is tagged +- name: Assume ECR - production AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-production + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume ECR - staging AWS Role + - Verify build is tagged +- name: Pull teleport:v10-amd64 and push it to Local Registry + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-amd64 + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-amd64 drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Verify build is tagged + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - production AWS Role +- name: Pull teleport:v10-arm and push it to Local Registry + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-arm + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-arm drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Verify build is tagged + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - production AWS Role +- name: Pull teleport:v10-arm64 and push it to Local Registry + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-arm64 + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-arm64 drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Verify build is tagged + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - production AWS Role +- name: Tag and push image "teleport:v10-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport:v10-amd64 and push it to Local Registry +- name: Tag and push image "teleport:v10-arm" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport:v10-arm and push it to Local Registry +- name: Tag and push image "teleport:v10-arm64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport:v10-arm64 and push it to Local Registry +- name: Create manifest and push "teleport:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat + "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to Quay + - Tag and push image "teleport:v10-arm" to Quay + - Tag and push image "teleport:v10-arm64" to Quay +- name: Create manifest and push "teleport:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat + "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to Quay + - Tag and push image "teleport:v10-arm" to Quay + - Tag and push image "teleport:v10-arm64" to Quay +- name: Create manifest and push "teleport:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat + "/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && + docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to Quay + - Tag and push image "teleport:v10-arm" to Quay + - Tag and push image "teleport:v10-arm64" to Quay +- name: Tag and push image "teleport:v10-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport:v10-amd64 and push it to Local Registry +- name: Tag and push image "teleport:v10-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport:v10-arm and push it to Local Registry +- name: Tag and push image "teleport:v10-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport:v10-arm64 and push it to Local Registry +- name: Create manifest and push "teleport:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to ECR - production + - Tag and push image "teleport:v10-arm" to ECR - production + - Tag and push image "teleport:v10-arm64" to ECR - production +- name: Create manifest and push "teleport:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to ECR - production + - Tag and push image "teleport:v10-arm" to ECR - production + - Tag and push image "teleport:v10-arm64" to ECR - production +- name: Create manifest and push "teleport:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker + manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to ECR - production + - Tag and push image "teleport:v10-arm" to ECR - production + - Tag and push image "teleport:v10-arm64" to ECR - production +- name: Pull teleport-ent:v10-amd64 and push it to Local Registry + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64 + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64 drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Verify build is tagged + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - production AWS Role +- name: Pull teleport-ent:v10-arm and push it to Local Registry + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Verify build is tagged + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - production AWS Role +- name: Pull teleport-ent:v10-arm64 and push it to Local Registry + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Verify build is tagged + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - production AWS Role +- name: Tag and push image "teleport-ent:v10-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-ent:v10-amd64 and push it to Local Registry +- name: Tag and push image "teleport-ent:v10-arm" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-ent:v10-arm and push it to Local Registry +- name: Tag and push image "teleport-ent:v10-arm64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-ent:v10-arm64 and push it to Local Registry +- name: Create manifest and push "teleport-ent:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to Quay + - Tag and push image "teleport-ent:v10-arm" to Quay + - Tag and push image "teleport-ent:v10-arm64" to Quay +- name: Create manifest and push "teleport-ent:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to Quay + - Tag and push image "teleport-ent:v10-arm" to Quay + - Tag and push image "teleport-ent:v10-arm64" to Quay +- name: Create manifest and push "teleport-ent:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat + "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to Quay + - Tag and push image "teleport-ent:v10-arm" to Quay + - Tag and push image "teleport-ent:v10-arm64" to Quay +- name: Tag and push image "teleport-ent:v10-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-ent:v10-amd64 and push it to Local Registry +- name: Tag and push image "teleport-ent:v10-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-ent:v10-arm and push it to Local Registry +- name: Tag and push image "teleport-ent:v10-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-ent:v10-arm64 and push it to Local Registry +- name: Create manifest and push "teleport-ent:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to ECR - production + - Tag and push image "teleport-ent:v10-arm" to ECR - production + - Tag and push image "teleport-ent:v10-arm64" to ECR - production +- name: Create manifest and push "teleport-ent:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to ECR - production + - Tag and push image "teleport-ent:v10-arm" to ECR - production + - Tag and push image "teleport-ent:v10-arm64" to ECR - production +- name: Create manifest and push "teleport-ent:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to ECR - production + - Tag and push image "teleport-ent:v10-arm" to ECR - production + - Tag and push image "teleport-ent:v10-arm64" to ECR - production +- name: Pull teleport-ent:v10-fips-amd64 and push it to Local Registry + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 + - docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Verify build is tagged + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - production AWS Role +- name: Tag and push image "teleport-ent:v10-fips-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-ent:v10-fips-amd64 and push it to Local Registry +- name: Create manifest and push "teleport-ent:major-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to Quay +- name: Create manifest and push "teleport-ent:minor-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to Quay +- name: Create manifest and push "teleport-ent:full-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && + docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to Quay +- name: Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-ent:v10-fips-amd64 and push it to Local Registry +- name: Create manifest and push "teleport-ent:major-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production +- name: Create manifest and push "teleport-ent:minor-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production +- name: Create manifest and push "teleport-ent:full-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production +- name: Pull teleport-operator:v10-amd64 and push it to Local Registry + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64 + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64 drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 + - docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Verify build is tagged + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - production AWS Role +- name: Pull teleport-operator:v10-arm and push it to Local Registry + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm + - docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Verify build is tagged + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - production AWS Role +- name: Pull teleport-operator:v10-arm64 and push it to Local Registry + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64 + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64 drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 + - docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Verify build is tagged + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - production AWS Role +- name: Tag and push image "teleport-operator:v10-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-operator:v10-amd64 and push it to Local Registry +- name: Tag and push image "teleport-operator:v10-arm" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-operator:v10-arm and push it to Local Registry +- name: Tag and push image "teleport-operator:v10-arm64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-operator:v10-arm64 and push it to Local Registry +- name: Create manifest and push "teleport-operator:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to Quay + - Tag and push image "teleport-operator:v10-arm" to Quay + - Tag and push image "teleport-operator:v10-arm64" to Quay +- name: Create manifest and push "teleport-operator:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to Quay + - Tag and push image "teleport-operator:v10-arm" to Quay + - Tag and push image "teleport-operator:v10-arm64" to Quay +- name: Create manifest and push "teleport-operator:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend + quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend + quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend + quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && + docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to Quay + - Tag and push image "teleport-operator:v10-arm" to Quay + - Tag and push image "teleport-operator:v10-arm64" to Quay +- name: Tag and push image "teleport-operator:v10-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-operator:v10-amd64 and push it to Local Registry +- name: Tag and push image "teleport-operator:v10-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-operator:v10-arm and push it to Local Registry +- name: Tag and push image "teleport-operator:v10-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Pull teleport-operator:v10-arm64 and push it to Local Registry +- name: Create manifest and push "teleport-operator:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to ECR - production + - Tag and push image "teleport-operator:v10-arm" to ECR - production + - Tag and push image "teleport-operator:v10-arm64" to ECR - production +- name: Create manifest and push "teleport-operator:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to ECR - production + - Tag and push image "teleport-operator:v10-arm" to ECR - production + - Tag and push image "teleport-operator:v10-arm64" to ECR - production +- name: Create manifest and push "teleport-operator:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + && docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to ECR - production + - Tag and push image "teleport-operator:v10-arm" to ECR - production + - Tag and push image "teleport-operator:v10-arm64" to ECR - production +services: +- name: Start Docker + image: docker:dind + privileged: true + volumes: + - name: dockersock + path: /var/run +- name: drone-docker-registry + image: registry:2 + privileged: false + volumes: [] +volumes: +- name: awsconfig + temp: {} +- name: dockersock + temp: {} + +--- +################################################ +# Generated using dronegen, do not edit by hand! +# Use 'make dronegen' to update. +# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline) +################################################ + +kind: pipeline +type: kubernetes +name: teleport-container-images-current-version-cron +environment: + DEBIAN_FRONTEND: noninteractive +trigger: + cron: + include: + - teleport-container-images-cron + repo: + include: + - gravitational/teleport +workspace: + path: /go +clone: + disable: true +steps: +- name: Find the latest available semver for v11 + image: golang:1.18 + commands: + - mkdir -pv "/tmp/teleport" + - cd "/tmp/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "branch/v11" + - mkdir -pv $(dirname "/go/vars/full-version-v11") + - cd "/tmp/teleport/build.assets/tooling/cmd/query-latest" + - go run . "v11" | sed 's/v//' > "/go/vars/full-version-v11" + - echo Found full semver "$(cat "/go/vars/full-version-v11")" for major version + "v11" +- name: Wait for docker + image: docker + commands: + - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + volumes: + - name: dockersock + path: /var/run + depends_on: + - Find the latest available semver for v11 +- name: Wait for docker registry + image: alpine + commands: + - apk add curl + - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" + != "200" ]; do sleep 1; done' + depends_on: + - Find the latest available semver for v11 +- name: Check out code + image: alpine/git:latest + commands: + - mkdir -pv "/go/src/github.com/gravitational/teleport" + - cd "/go/src/github.com/gravitational/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "v$(cat '/go/vars/full-version-v11')" + depends_on: + - Find the latest available semver for v11 +- name: Build major, minor, and full semvers + image: alpine + commands: + - mkdir -pv $(dirname "/go/var/major-version") + - echo v$(cat '/go/vars/full-version-v11') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version" + - echo $(cat "/go/var/major-version") + - mkdir -pv $(dirname "/go/var/minor-version") + - echo v$(cat '/go/vars/full-version-v11') | sed 's/v//' | cut -d'.' -f "1,2" > + "/go/var/minor-version" + - echo $(cat "/go/var/minor-version") + - mkdir -pv $(dirname "/go/var/full-version") + - echo v$(cat '/go/vars/full-version-v11') | sed 's/v//' > "/go/var/full-version" + - echo $(cat "/go/var/full-version") + depends_on: + - Find the latest available semver for v11 +- name: Assume ECR - staging AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-staging + environment: + AWS_ACCESS_KEY_ID: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v11 +- name: Assume ECR - authenticated-pull AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-authenticated-pull + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume ECR - staging AWS Role + - Find the latest available semver for v11 +- name: Assume ECR - production AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-production + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Find the latest available semver for v11 +- name: Assume S3 Download AWS Role for teleport + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v11 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport") + - curl -Ls -o "/go/build/Dockerfile-teleport" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat + '/go/vars/full-version-v11')/build.assets/charts/Dockerfile" + depends_on: + - Find the latest available semver for v11 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download "teleport_v11-tag_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v11-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v11-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v11-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v11-amd64-builder" --config "/tmp/teleport-v11-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v11-amd64-builder" --target "teleport" + --platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v11-amd64-builder" + - rm -rf "/tmp/teleport-v11-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v11-tag_amd64.deb" artifacts from S3 +- name: Download "teleport_v11-tag_arm.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v11-arm" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v11-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v11-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v11-arm-builder" --config "/tmp/teleport-v11-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v11-arm-builder" --target "teleport" + --platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v11-arm-builder" + - rm -rf "/tmp/teleport-v11-arm-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v11-tag_arm.deb" artifacts from S3 +- name: Download "teleport_v11-tag_arm64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v11-arm64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v11-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v11-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v11-arm64-builder" --config "/tmp/teleport-v11-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v11-arm64-builder" --target "teleport" + --platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v11-arm64-builder" + - rm -rf "/tmp/teleport-v11-arm64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v11-tag_arm64.deb" artifacts from S3 +- name: Tag and push image "teleport:v11-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v11-amd64" +- name: Tag and push image "teleport:v11-arm" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v11-arm" +- name: Tag and push image "teleport:v11-arm64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v11-arm64" +- name: Create manifest and push "teleport:major-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v11-amd64" to ECR - staging + - Tag and push image "teleport:v11-arm" to ECR - staging + - Tag and push image "teleport:v11-arm64" to ECR - staging +- name: Create manifest and push "teleport:minor-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v11-amd64" to ECR - staging + - Tag and push image "teleport:v11-arm" to ECR - staging + - Tag and push image "teleport:v11-arm64" to ECR - staging +- name: Create manifest and push "teleport:full-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v11-amd64" to ECR - staging + - Tag and push image "teleport:v11-arm" to ECR - staging + - Tag and push image "teleport:v11-arm64" to ECR - staging +- name: Tag and push image "teleport:v11-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v11-amd64" +- name: Tag and push image "teleport:v11-arm" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v11-arm" +- name: Tag and push image "teleport:v11-arm64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v11-arm64" +- name: Create manifest and push "teleport:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat + "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v11-amd64" to Quay + - Tag and push image "teleport:v11-arm" to Quay + - Tag and push image "teleport:v11-arm64" to Quay +- name: Create manifest and push "teleport:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat + "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v11-amd64" to Quay + - Tag and push image "teleport:v11-arm" to Quay + - Tag and push image "teleport:v11-arm64" to Quay +- name: Create manifest and push "teleport:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat + "/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && + docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v11-amd64" to Quay + - Tag and push image "teleport:v11-arm" to Quay + - Tag and push image "teleport:v11-arm64" to Quay +- name: Tag and push image "teleport:v11-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v11-amd64" +- name: Tag and push image "teleport:v11-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v11-arm" +- name: Tag and push image "teleport:v11-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v11-arm64" +- name: Create manifest and push "teleport:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v11-amd64" to ECR - production + - Tag and push image "teleport:v11-arm" to ECR - production + - Tag and push image "teleport:v11-arm64" to ECR - production +- name: Create manifest and push "teleport:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v11-amd64" to ECR - production + - Tag and push image "teleport:v11-arm" to ECR - production + - Tag and push image "teleport:v11-arm64" to ECR - production +- name: Create manifest and push "teleport:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker + manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v11-amd64" to ECR - production + - Tag and push image "teleport:v11-arm" to ECR - production + - Tag and push image "teleport:v11-arm64" to ECR - production +- name: Assume S3 Download AWS Role for teleport-ent + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport-ent + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v11 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent") + - curl -Ls -o "/go/build/Dockerfile-teleport-ent" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat + '/go/vars/full-version-v11')/build.assets/charts/Dockerfile" + depends_on: + - Find the latest available semver for v11 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download "teleport-ent_v11-tag_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v11-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v11-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v11-amd64-builder" --config "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v11-amd64-builder" --target + "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg + DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v11-amd64-builder" + - rm -rf "/tmp/teleport-ent-v11-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v11-tag_amd64.deb" artifacts from S3 +- name: Download "teleport-ent_v11-tag_arm.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v11-arm" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v11-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v11-arm-builder" --config "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v11-arm-builder" --target "teleport" + --platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat + "/go/var/full-version")_arm.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v11-arm-builder" + - rm -rf "/tmp/teleport-ent-v11-arm-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v11-tag_arm.deb" artifacts from S3 +- name: Download "teleport-ent_v11-tag_arm64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v11-arm64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v11-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v11-arm64-builder" --config "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v11-arm64-builder" --target + "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg + DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v11-arm64-builder" + - rm -rf "/tmp/teleport-ent-v11-arm64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v11-tag_arm64.deb" artifacts from S3 +- name: Tag and push image "teleport-ent:v11-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v11-amd64" +- name: Tag and push image "teleport-ent:v11-arm" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v11-arm" +- name: Tag and push image "teleport-ent:v11-arm64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v11-arm64" +- name: Create manifest and push "teleport-ent:major-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to ECR - staging + - Tag and push image "teleport-ent:v11-arm" to ECR - staging + - Tag and push image "teleport-ent:v11-arm64" to ECR - staging +- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to ECR - staging + - Tag and push image "teleport-ent:v11-arm" to ECR - staging + - Tag and push image "teleport-ent:v11-arm64" to ECR - staging +- name: Create manifest and push "teleport-ent:full-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to ECR - staging + - Tag and push image "teleport-ent:v11-arm" to ECR - staging + - Tag and push image "teleport-ent:v11-arm64" to ECR - staging +- name: Tag and push image "teleport-ent:v11-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v11-amd64" +- name: Tag and push image "teleport-ent:v11-arm" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v11-arm" +- name: Tag and push image "teleport-ent:v11-arm64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v11-arm64" +- name: Create manifest and push "teleport-ent:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to Quay + - Tag and push image "teleport-ent:v11-arm" to Quay + - Tag and push image "teleport-ent:v11-arm64" to Quay +- name: Create manifest and push "teleport-ent:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to Quay + - Tag and push image "teleport-ent:v11-arm" to Quay + - Tag and push image "teleport-ent:v11-arm64" to Quay +- name: Create manifest and push "teleport-ent:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat + "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to Quay + - Tag and push image "teleport-ent:v11-arm" to Quay + - Tag and push image "teleport-ent:v11-arm64" to Quay +- name: Tag and push image "teleport-ent:v11-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v11-amd64" +- name: Tag and push image "teleport-ent:v11-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v11-arm" +- name: Tag and push image "teleport-ent:v11-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v11-arm64" +- name: Create manifest and push "teleport-ent:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to ECR - production + - Tag and push image "teleport-ent:v11-arm" to ECR - production + - Tag and push image "teleport-ent:v11-arm64" to ECR - production +- name: Create manifest and push "teleport-ent:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to ECR - production + - Tag and push image "teleport-ent:v11-arm" to ECR - production + - Tag and push image "teleport-ent:v11-arm64" to ECR - production +- name: Create manifest and push "teleport-ent:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-amd64" to ECR - production + - Tag and push image "teleport-ent:v11-arm" to ECR - production + - Tag and push image "teleport-ent:v11-arm64" to ECR - production +- name: Assume S3 Download AWS Role for teleport-ent-fips + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport-ent-fips + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v11 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for + teleport-ent-fips + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips") + - curl -Ls -o "/go/build/Dockerfile-teleport-ent-fips" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat + '/go/vars/full-version-v11')/build.assets/charts/Dockerfile" + depends_on: + - Find the latest available semver for v11 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download "teleport-ent_v11-tag-fips_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent-fips + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent-fips + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips +- name: Build teleport-ent-fips image "teleport-ent:v11-fips-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v11-fips-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v11-fips-amd64-builder" --config "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v11-fips-amd64-builder" --target + "teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips" + --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v11-fips-amd64-builder" + - rm -rf "/tmp/teleport-ent-v11-fips-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v11-tag-fips_amd64.deb" artifacts from S3 +- name: Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found + existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found + existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found + existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent-fips image "teleport-ent:v11-fips-amd64" +- name: Create manifest and push "teleport-ent:major-$TIMESTAMP-fips" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging +- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP-fips" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging +- name: Create manifest and push "teleport-ent:full-$TIMESTAMP-fips" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging +- name: Tag and push image "teleport-ent:v11-fips-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent-fips image "teleport-ent:v11-fips-amd64" +- name: Create manifest and push "teleport-ent:major-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to Quay +- name: Create manifest and push "teleport-ent:minor-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to Quay +- name: Create manifest and push "teleport-ent:full-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && + docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to Quay +- name: Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent-fips image "teleport-ent:v11-fips-amd64" +- name: Create manifest and push "teleport-ent:major-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production +- name: Create manifest and push "teleport-ent:minor-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production +- name: Create manifest and push "teleport-ent:full-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production +- name: Build teleport-operator image "teleport-operator:v11-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" + - mkdir -pv "/tmp/teleport-operator-v11-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-operator-v11-amd64-builder" --config "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-operator-v11-amd64-builder" --platform + "linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport11 --build-arg + COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-operator-v11-amd64-builder" + - rm -rf "/tmp/teleport-operator-v11-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Find the latest available semver for v11 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Build teleport-operator image "teleport-operator:v11-arm" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" + - mkdir -pv "/tmp/teleport-operator-v11-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-operator-v11-arm-builder" --config "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-operator-v11-arm-builder" --platform + "linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11 --build-arg + COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-operator-v11-arm-builder" + - rm -rf "/tmp/teleport-operator-v11-arm-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Find the latest available semver for v11 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Build teleport-operator image "teleport-operator:v11-arm64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" + - mkdir -pv "/tmp/teleport-operator-v11-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-operator-v11-arm64-builder" --config "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-operator-v11-arm64-builder" --platform + "linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11 --build-arg + COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-operator-v11-arm64-builder" + - rm -rf "/tmp/teleport-operator-v11-arm64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Find the latest available semver for v11 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Tag and push image "teleport-operator:v11-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v11-amd64" +- name: Tag and push image "teleport-operator:v11-arm" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v11-arm" +- name: Tag and push image "teleport-operator:v11-arm64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v11-arm64" +- name: Create manifest and push "teleport-operator:major-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to ECR - staging + - Tag and push image "teleport-operator:v11-arm" to ECR - staging + - Tag and push image "teleport-operator:v11-arm64" to ECR - staging +- name: Create manifest and push "teleport-operator:minor-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to ECR - staging + - Tag and push image "teleport-operator:v11-arm" to ECR - staging + - Tag and push image "teleport-operator:v11-arm64" to ECR - staging +- name: Create manifest and push "teleport-operator:full-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to ECR - staging + - Tag and push image "teleport-operator:v11-arm" to ECR - staging + - Tag and push image "teleport-operator:v11-arm64" to ECR - staging +- name: Tag and push image "teleport-operator:v11-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v11-amd64" +- name: Tag and push image "teleport-operator:v11-arm" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v11-arm" +- name: Tag and push image "teleport-operator:v11-arm64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v11-arm64" +- name: Create manifest and push "teleport-operator:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to Quay + - Tag and push image "teleport-operator:v11-arm" to Quay + - Tag and push image "teleport-operator:v11-arm64" to Quay +- name: Create manifest and push "teleport-operator:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to Quay + - Tag and push image "teleport-operator:v11-arm" to Quay + - Tag and push image "teleport-operator:v11-arm64" to Quay +- name: Create manifest and push "teleport-operator:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend + quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend + quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend + quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && + docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to Quay + - Tag and push image "teleport-operator:v11-arm" to Quay + - Tag and push image "teleport-operator:v11-arm64" to Quay +- name: Tag and push image "teleport-operator:v11-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v11-amd64" +- name: Tag and push image "teleport-operator:v11-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v11-arm" +- name: Tag and push image "teleport-operator:v11-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v11-arm64" +- name: Create manifest and push "teleport-operator:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to ECR - production + - Tag and push image "teleport-operator:v11-arm" to ECR - production + - Tag and push image "teleport-operator:v11-arm64" to ECR - production +- name: Create manifest and push "teleport-operator:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to ECR - production + - Tag and push image "teleport-operator:v11-arm" to ECR - production + - Tag and push image "teleport-operator:v11-arm64" to ECR - production +- name: Create manifest and push "teleport-operator:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + && docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v11-amd64" to ECR - production + - Tag and push image "teleport-operator:v11-arm" to ECR - production + - Tag and push image "teleport-operator:v11-arm64" to ECR - production +services: +- name: Start Docker + image: docker:dind + privileged: true + volumes: + - name: dockersock + path: /var/run +- name: drone-docker-registry + image: registry:2 + privileged: false + volumes: [] +volumes: +- name: awsconfig + temp: {} +- name: dockersock + temp: {} + +--- +################################################ +# Generated using dronegen, do not edit by hand! +# Use 'make dronegen' to update. +# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline) +################################################ + +kind: pipeline +type: kubernetes +name: teleport-container-images-previous-version-1-cron +environment: + DEBIAN_FRONTEND: noninteractive +trigger: + cron: + include: + - teleport-container-images-cron + repo: + include: + - gravitational/teleport +workspace: + path: /go +clone: + disable: true +steps: +- name: Find the latest available semver for v10 + image: golang:1.18 + commands: + - mkdir -pv "/tmp/teleport" + - cd "/tmp/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "branch/v10" + - mkdir -pv $(dirname "/go/vars/full-version-v10") + - cd "/tmp/teleport/build.assets/tooling/cmd/query-latest" + - go run . "v10" | sed 's/v//' > "/go/vars/full-version-v10" + - echo Found full semver "$(cat "/go/vars/full-version-v10")" for major version + "v10" +- name: Wait for docker + image: docker + commands: + - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + volumes: + - name: dockersock + path: /var/run + depends_on: + - Find the latest available semver for v10 +- name: Wait for docker registry + image: alpine + commands: + - apk add curl + - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" + != "200" ]; do sleep 1; done' + depends_on: + - Find the latest available semver for v10 +- name: Check out code + image: alpine/git:latest + commands: + - mkdir -pv "/go/src/github.com/gravitational/teleport" + - cd "/go/src/github.com/gravitational/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "v$(cat '/go/vars/full-version-v10')" + depends_on: + - Find the latest available semver for v10 +- name: Build major, minor, and full semvers + image: alpine + commands: + - mkdir -pv $(dirname "/go/var/major-version") + - echo v$(cat '/go/vars/full-version-v10') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version" + - echo $(cat "/go/var/major-version") + - mkdir -pv $(dirname "/go/var/minor-version") + - echo v$(cat '/go/vars/full-version-v10') | sed 's/v//' | cut -d'.' -f "1,2" > + "/go/var/minor-version" + - echo $(cat "/go/var/minor-version") + - mkdir -pv $(dirname "/go/var/full-version") + - echo v$(cat '/go/vars/full-version-v10') | sed 's/v//' > "/go/var/full-version" + - echo $(cat "/go/var/full-version") + depends_on: + - Find the latest available semver for v10 +- name: Assume ECR - staging AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-staging + environment: + AWS_ACCESS_KEY_ID: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v10 +- name: Assume ECR - authenticated-pull AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-authenticated-pull + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume ECR - staging AWS Role + - Find the latest available semver for v10 +- name: Assume ECR - production AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-production + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Find the latest available semver for v10 +- name: Assume S3 Download AWS Role for teleport + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v10 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport") + - curl -Ls -o "/go/build/Dockerfile-teleport" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat + '/go/vars/full-version-v10')/build.assets/charts/Dockerfile" + depends_on: + - Find the latest available semver for v10 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download "teleport_v10-tag_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v10-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v10-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v10-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v10-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v10-amd64-builder" --config "/tmp/teleport-v10-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v10-amd64-builder" --target "teleport" + --platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v10-amd64-builder" + - rm -rf "/tmp/teleport-v10-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v10-tag_amd64.deb" artifacts from S3 +- name: Download "teleport_v10-tag_arm.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v10-arm" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v10-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v10-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v10-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v10-arm-builder" --config "/tmp/teleport-v10-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v10-arm-builder" --target "teleport" + --platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v10-arm-builder" + - rm -rf "/tmp/teleport-v10-arm-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v10-tag_arm.deb" artifacts from S3 +- name: Download "teleport_v10-tag_arm64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v10-arm64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v10-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v10-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v10-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v10-arm64-builder" --config "/tmp/teleport-v10-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v10-arm64-builder" --target "teleport" + --platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v10-arm64-builder" + - rm -rf "/tmp/teleport-v10-arm64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v10-tag_arm64.deb" artifacts from S3 +- name: Tag and push image "teleport:v10-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-amd64" +- name: Tag and push image "teleport:v10-arm" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-arm" +- name: Tag and push image "teleport:v10-arm64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-arm64" +- name: Create manifest and push "teleport:major-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to ECR - staging + - Tag and push image "teleport:v10-arm" to ECR - staging + - Tag and push image "teleport:v10-arm64" to ECR - staging +- name: Create manifest and push "teleport:minor-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to ECR - staging + - Tag and push image "teleport:v10-arm" to ECR - staging + - Tag and push image "teleport:v10-arm64" to ECR - staging +- name: Create manifest and push "teleport:full-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to ECR - staging + - Tag and push image "teleport:v10-arm" to ECR - staging + - Tag and push image "teleport:v10-arm64" to ECR - staging +- name: Tag and push image "teleport:v10-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-amd64" +- name: Tag and push image "teleport:v10-arm" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-arm" +- name: Tag and push image "teleport:v10-arm64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-arm64" +- name: Create manifest and push "teleport:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat + "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to Quay + - Tag and push image "teleport:v10-arm" to Quay + - Tag and push image "teleport:v10-arm64" to Quay +- name: Create manifest and push "teleport:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat + "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to Quay + - Tag and push image "teleport:v10-arm" to Quay + - Tag and push image "teleport:v10-arm64" to Quay +- name: Create manifest and push "teleport:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat + "/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && + docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to Quay + - Tag and push image "teleport:v10-arm" to Quay + - Tag and push image "teleport:v10-arm64" to Quay +- name: Tag and push image "teleport:v10-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-amd64" +- name: Tag and push image "teleport:v10-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-arm" +- name: Tag and push image "teleport:v10-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v10-arm64" +- name: Create manifest and push "teleport:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to ECR - production + - Tag and push image "teleport:v10-arm" to ECR - production + - Tag and push image "teleport:v10-arm64" to ECR - production +- name: Create manifest and push "teleport:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to ECR - production + - Tag and push image "teleport:v10-arm" to ECR - production + - Tag and push image "teleport:v10-arm64" to ECR - production +- name: Create manifest and push "teleport:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker + manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v10-amd64" to ECR - production + - Tag and push image "teleport:v10-arm" to ECR - production + - Tag and push image "teleport:v10-arm64" to ECR - production +- name: Assume S3 Download AWS Role for teleport-ent + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport-ent + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v10 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent") + - curl -Ls -o "/go/build/Dockerfile-teleport-ent" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat + '/go/vars/full-version-v10')/build.assets/charts/Dockerfile" + depends_on: + - Find the latest available semver for v10 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download "teleport-ent_v10-tag_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v10-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v10-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v10-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v10-amd64-builder" --config "/tmp/teleport-ent-v10-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v10-amd64-builder" --target + "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg + DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v10-amd64-builder" + - rm -rf "/tmp/teleport-ent-v10-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v10-tag_amd64.deb" artifacts from S3 +- name: Download "teleport-ent_v10-tag_arm.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v10-arm" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v10-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v10-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v10-arm-builder" --config "/tmp/teleport-ent-v10-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v10-arm-builder" --target "teleport" + --platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat + "/go/var/full-version")_arm.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v10-arm-builder" + - rm -rf "/tmp/teleport-ent-v10-arm-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v10-tag_arm.deb" artifacts from S3 +- name: Download "teleport-ent_v10-tag_arm64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v10-arm64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v10-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v10-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v10-arm64-builder" --config "/tmp/teleport-ent-v10-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v10-arm64-builder" --target + "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg + DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v10-arm64-builder" + - rm -rf "/tmp/teleport-ent-v10-arm64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v10-tag_arm64.deb" artifacts from S3 +- name: Tag and push image "teleport-ent:v10-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-amd64" +- name: Tag and push image "teleport-ent:v10-arm" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-arm" +- name: Tag and push image "teleport-ent:v10-arm64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-arm64" +- name: Create manifest and push "teleport-ent:major-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to ECR - staging + - Tag and push image "teleport-ent:v10-arm" to ECR - staging + - Tag and push image "teleport-ent:v10-arm64" to ECR - staging +- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to ECR - staging + - Tag and push image "teleport-ent:v10-arm" to ECR - staging + - Tag and push image "teleport-ent:v10-arm64" to ECR - staging +- name: Create manifest and push "teleport-ent:full-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to ECR - staging + - Tag and push image "teleport-ent:v10-arm" to ECR - staging + - Tag and push image "teleport-ent:v10-arm64" to ECR - staging +- name: Tag and push image "teleport-ent:v10-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-amd64" +- name: Tag and push image "teleport-ent:v10-arm" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-arm" +- name: Tag and push image "teleport-ent:v10-arm64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-arm64" +- name: Create manifest and push "teleport-ent:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to Quay + - Tag and push image "teleport-ent:v10-arm" to Quay + - Tag and push image "teleport-ent:v10-arm64" to Quay +- name: Create manifest and push "teleport-ent:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to Quay + - Tag and push image "teleport-ent:v10-arm" to Quay + - Tag and push image "teleport-ent:v10-arm64" to Quay +- name: Create manifest and push "teleport-ent:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat + "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to Quay + - Tag and push image "teleport-ent:v10-arm" to Quay + - Tag and push image "teleport-ent:v10-arm64" to Quay +- name: Tag and push image "teleport-ent:v10-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-amd64" +- name: Tag and push image "teleport-ent:v10-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-arm" +- name: Tag and push image "teleport-ent:v10-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v10-arm64" +- name: Create manifest and push "teleport-ent:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to ECR - production + - Tag and push image "teleport-ent:v10-arm" to ECR - production + - Tag and push image "teleport-ent:v10-arm64" to ECR - production +- name: Create manifest and push "teleport-ent:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to ECR - production + - Tag and push image "teleport-ent:v10-arm" to ECR - production + - Tag and push image "teleport-ent:v10-arm64" to ECR - production +- name: Create manifest and push "teleport-ent:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-amd64" to ECR - production + - Tag and push image "teleport-ent:v10-arm" to ECR - production + - Tag and push image "teleport-ent:v10-arm64" to ECR - production +- name: Assume S3 Download AWS Role for teleport-ent-fips + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport-ent-fips + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v10 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for + teleport-ent-fips + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips") + - curl -Ls -o "/go/build/Dockerfile-teleport-ent-fips" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat + '/go/vars/full-version-v10')/build.assets/charts/Dockerfile" + depends_on: + - Find the latest available semver for v10 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download "teleport-ent_v10-tag-fips_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent-fips + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent-fips + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips +- name: Build teleport-ent-fips image "teleport-ent:v10-fips-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v10-fips-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-fips-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v10-fips-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v10-fips-amd64-builder" --config "/tmp/teleport-ent-v10-fips-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v10-fips-amd64-builder" --target + "teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips" + --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v10-fips-amd64-builder" + - rm -rf "/tmp/teleport-ent-v10-fips-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v10-tag-fips_amd64.deb" artifacts from S3 +- name: Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found + existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found + existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found + existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent-fips image "teleport-ent:v10-fips-amd64" +- name: Create manifest and push "teleport-ent:major-$TIMESTAMP-fips" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging +- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP-fips" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging +- name: Create manifest and push "teleport-ent:full-$TIMESTAMP-fips" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging +- name: Tag and push image "teleport-ent:v10-fips-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent-fips image "teleport-ent:v10-fips-amd64" +- name: Create manifest and push "teleport-ent:major-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to Quay +- name: Create manifest and push "teleport-ent:minor-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to Quay +- name: Create manifest and push "teleport-ent:full-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && + docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to Quay +- name: Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent-fips image "teleport-ent:v10-fips-amd64" +- name: Create manifest and push "teleport-ent:major-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production +- name: Create manifest and push "teleport-ent:minor-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production +- name: Create manifest and push "teleport-ent:full-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production +- name: Build teleport-operator image "teleport-operator:v10-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" + - mkdir -pv "/tmp/teleport-operator-v10-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-operator-v10-amd64-builder" --config "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-operator-v10-amd64-builder" --platform + "linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport11 --build-arg + COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-operator-v10-amd64-builder" + - rm -rf "/tmp/teleport-operator-v10-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Find the latest available semver for v10 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Build teleport-operator image "teleport-operator:v10-arm" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" + - mkdir -pv "/tmp/teleport-operator-v10-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-operator-v10-arm-builder" --config "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-operator-v10-arm-builder" --platform + "linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11 --build-arg + COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-operator-v10-arm-builder" + - rm -rf "/tmp/teleport-operator-v10-arm-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Find the latest available semver for v10 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Build teleport-operator image "teleport-operator:v10-arm64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" + - mkdir -pv "/tmp/teleport-operator-v10-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-operator-v10-arm64-builder" --config "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-operator-v10-arm64-builder" --platform + "linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg + BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport11 --build-arg + COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-operator-v10-arm64-builder" + - rm -rf "/tmp/teleport-operator-v10-arm64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Find the latest available semver for v10 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Tag and push image "teleport-operator:v10-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-amd64" +- name: Tag and push image "teleport-operator:v10-arm" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-arm" +- name: Tag and push image "teleport-operator:v10-arm64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-arm64" +- name: Create manifest and push "teleport-operator:major-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/major-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to ECR - staging + - Tag and push image "teleport-operator:v10-arm" to ECR - staging + - Tag and push image "teleport-operator:v10-arm64" to ECR - staging +- name: Create manifest and push "teleport-operator:minor-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/minor-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to ECR - staging + - Tag and push image "teleport-operator:v10-arm" to ECR - staging + - Tag and push image "teleport-operator:v10-arm64" to ECR - staging +- name: Create manifest and push "teleport-operator:full-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat + "/go/var/full-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to ECR - staging + - Tag and push image "teleport-operator:v10-arm" to ECR - staging + - Tag and push image "teleport-operator:v10-arm64" to ECR - staging +- name: Tag and push image "teleport-operator:v10-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-amd64" +- name: Tag and push image "teleport-operator:v10-arm" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-arm" +- name: Tag and push image "teleport-operator:v10-arm64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-arm64" +- name: Create manifest and push "teleport-operator:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to Quay + - Tag and push image "teleport-operator:v10-arm" to Quay + - Tag and push image "teleport-operator:v10-arm64" to Quay +- name: Create manifest and push "teleport-operator:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to Quay + - Tag and push image "teleport-operator:v10-arm" to Quay + - Tag and push image "teleport-operator:v10-arm64" to Quay +- name: Create manifest and push "teleport-operator:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend + quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend + quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend + quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && + docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to Quay + - Tag and push image "teleport-operator:v10-arm" to Quay + - Tag and push image "teleport-operator:v10-arm64" to Quay +- name: Tag and push image "teleport-operator:v10-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-amd64" +- name: Tag and push image "teleport-operator:v10-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-arm" +- name: Tag and push image "teleport-operator:v10-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat + "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-operator image "teleport-operator:v10-arm64" +- name: Create manifest and push "teleport-operator:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to ECR - production + - Tag and push image "teleport-operator:v10-arm" to ECR - production + - Tag and push image "teleport-operator:v10-arm64" to ECR - production +- name: Create manifest and push "teleport-operator:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to ECR - production + - Tag and push image "teleport-operator:v10-arm" to ECR - production + - Tag and push image "teleport-operator:v10-arm64" to ECR - production +- name: Create manifest and push "teleport-operator:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm + --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 + && docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-operator:v10-amd64" to ECR - production + - Tag and push image "teleport-operator:v10-arm" to ECR - production + - Tag and push image "teleport-operator:v10-arm64" to ECR - production +services: +- name: Start Docker + image: docker:dind + privileged: true + volumes: + - name: dockersock + path: /var/run +- name: drone-docker-registry + image: registry:2 + privileged: false + volumes: [] +volumes: +- name: awsconfig + temp: {} +- name: dockersock + temp: {} + +--- +################################################ +# Generated using dronegen, do not edit by hand! +# Use 'make dronegen' to update. +# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline) +################################################ + +kind: pipeline +type: kubernetes +name: teleport-container-images-previous-version-2-cron +environment: + DEBIAN_FRONTEND: noninteractive +trigger: + cron: + include: + - teleport-container-images-cron + repo: + include: + - gravitational/teleport +workspace: + path: /go +clone: + disable: true +steps: +- name: Find the latest available semver for v9 + image: golang:1.18 + commands: + - mkdir -pv "/tmp/teleport" + - cd "/tmp/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "branch/v9" + - mkdir -pv $(dirname "/go/vars/full-version-v9") + - cd "/tmp/teleport/build.assets/tooling/cmd/query-latest" + - go run . "v9" | sed 's/v//' > "/go/vars/full-version-v9" + - echo Found full semver "$(cat "/go/vars/full-version-v9")" for major version "v9" +- name: Wait for docker + image: docker + commands: + - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + volumes: + - name: dockersock + path: /var/run + depends_on: + - Find the latest available semver for v9 +- name: Wait for docker registry + image: alpine + commands: + - apk add curl + - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" + != "200" ]; do sleep 1; done' + depends_on: + - Find the latest available semver for v9 +- name: Check out code + image: alpine/git:latest + commands: + - mkdir -pv "/go/src/github.com/gravitational/teleport" + - cd "/go/src/github.com/gravitational/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "v$(cat '/go/vars/full-version-v9')" + depends_on: + - Find the latest available semver for v9 +- name: Build major, minor, and full semvers + image: alpine + commands: + - mkdir -pv $(dirname "/go/var/major-version") + - echo v$(cat '/go/vars/full-version-v9') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version" + - echo $(cat "/go/var/major-version") + - mkdir -pv $(dirname "/go/var/minor-version") + - echo v$(cat '/go/vars/full-version-v9') | sed 's/v//' | cut -d'.' -f "1,2" > "/go/var/minor-version" + - echo $(cat "/go/var/minor-version") + - mkdir -pv $(dirname "/go/var/full-version") + - echo v$(cat '/go/vars/full-version-v9') | sed 's/v//' > "/go/var/full-version" + - echo $(cat "/go/var/full-version") + depends_on: + - Find the latest available semver for v9 +- name: Assume ECR - staging AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-staging + environment: + AWS_ACCESS_KEY_ID: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v9 +- name: Assume ECR - authenticated-pull AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-authenticated-pull + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume ECR - staging AWS Role + - Find the latest available semver for v9 +- name: Assume ECR - production AWS Role + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile ecr-production + environment: + AWS_ACCESS_KEY_ID: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY + AWS_ROLE: + from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Find the latest available semver for v9 +- name: Assume S3 Download AWS Role for teleport + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v9 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport") + - curl -Ls -o "/go/build/Dockerfile-teleport" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat + '/go/vars/full-version-v9')/build.assets/charts/Dockerfile" + depends_on: + - Find the latest available semver for v9 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download "teleport_v9-tag_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v9-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v9-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v9-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v9-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v9-amd64-builder" --config "/tmp/teleport-v9-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v9-amd64-builder" --target "teleport" + --platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v9-amd64-builder" + - rm -rf "/tmp/teleport-v9-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v9-tag_amd64.deb" artifacts from S3 +- name: Download "teleport_v9-tag_arm.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v9-arm" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v9-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v9-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v9-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v9-arm-builder" --config "/tmp/teleport-v9-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v9-arm-builder" --target "teleport" + --platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v9-arm-builder" + - rm -rf "/tmp/teleport-v9-arm-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v9-tag_arm.deb" artifacts from S3 +- name: Download "teleport_v9-tag_arm64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat + "/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb + environment: + AWS_PROFILE: s3-download-teleport + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport +- name: Build teleport image "teleport:v9-arm64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-v9-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v9-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-v9-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-v9-arm64-builder" --config "/tmp/teleport-v9-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-v9-arm64-builder" --target "teleport" + --platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-v9-arm64-builder" + - rm -rf "/tmp/teleport-v9-arm64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport_v9-tag_arm64.deb" artifacts from S3 +- name: Tag and push image "teleport:v9-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v9-amd64" +- name: Tag and push image "teleport:v9-arm" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v9-arm" +- name: Tag and push image "teleport:v9-arm64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 + && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v9-arm64" +- name: Create manifest and push "teleport:major-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/major-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v9-amd64" to ECR - staging + - Tag and push image "teleport:v9-arm" to ECR - staging + - Tag and push image "teleport:v9-arm64" to ECR - staging +- name: Create manifest and push "teleport:minor-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/minor-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v9-amd64" to ECR - staging + - Tag and push image "teleport:v9-arm" to ECR - staging + - Tag and push image "teleport:v9-arm64" to ECR - staging +- name: Create manifest and push "teleport:full-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat + "/go/var/full-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v9-amd64" to ECR - staging + - Tag and push image "teleport:v9-arm" to ECR - staging + - Tag and push image "teleport:v9-arm64" to ECR - staging +- name: Tag and push image "teleport:v9-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v9-amd64" +- name: Tag and push image "teleport:v9-arm" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v9-arm" +- name: Tag and push image "teleport:v9-arm64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v9-arm64" +- name: Create manifest and push "teleport:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend + quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat + "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v9-amd64" to Quay + - Tag and push image "teleport:v9-arm" to Quay + - Tag and push image "teleport:v9-arm64" to Quay +- name: Create manifest and push "teleport:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend + quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat + "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v9-amd64" to Quay + - Tag and push image "teleport:v9-arm" to Quay + - Tag and push image "teleport:v9-arm64" to Quay +- name: Create manifest and push "teleport:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat + "/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm + --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && + docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v9-amd64" to Quay + - Tag and push image "teleport:v9-arm" to Quay + - Tag and push image "teleport:v9-arm64" to Quay +- name: Tag and push image "teleport:v9-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v9-amd64" +- name: Tag and push image "teleport:v9-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v9-arm" +- name: Tag and push image "teleport:v9-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 + && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport image "teleport:v9-arm64" +- name: Create manifest and push "teleport:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v9-amd64" to ECR - production + - Tag and push image "teleport:v9-arm" to ECR - production + - Tag and push image "teleport:v9-arm64" to ECR - production +- name: Create manifest and push "teleport:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v9-amd64" to ECR - production + - Tag and push image "teleport:v9-arm" to ECR - production + - Tag and push image "teleport:v9-arm64" to ECR - production +- name: Create manifest and push "teleport:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend + public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker + manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport:v9-amd64" to ECR - production + - Tag and push image "teleport:v9-arm" to ECR - production + - Tag and push image "teleport:v9-arm64" to ECR - production +- name: Assume S3 Download AWS Role for teleport-ent + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport-ent + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v9 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent") + - curl -Ls -o "/go/build/Dockerfile-teleport-ent" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat + '/go/vars/full-version-v9')/build.assets/charts/Dockerfile" + depends_on: + - Find the latest available semver for v9 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download "teleport-ent_v9-tag_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v9-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v9-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v9-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v9-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v9-amd64-builder" --config "/tmp/teleport-ent-v9-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v9-amd64-builder" --target + "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg + DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v9-amd64-builder" + - rm -rf "/tmp/teleport-ent-v9-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v9-tag_amd64.deb" artifacts from S3 +- name: Download "teleport-ent_v9-tag_arm.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v9-arm" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v9-arm-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v9-arm-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v9-arm-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v9-arm-builder" --config "/tmp/teleport-ent-v9-arm-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v9-arm-builder" --target "teleport" + --platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat + "/go/var/full-version")_arm.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v9-arm-builder" + - rm -rf "/tmp/teleport-ent-v9-arm-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v9-tag_arm.deb" artifacts from S3 +- name: Download "teleport-ent_v9-tag_arm64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent +- name: Build teleport-ent image "teleport-ent:v9-arm64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v9-arm64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v9-arm64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v9-arm64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v9-arm64-builder" --config "/tmp/teleport-ent-v9-arm64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v9-arm64-builder" --target + "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg + DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v9-arm64-builder" + - rm -rf "/tmp/teleport-ent-v9-arm64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v9-tag_arm64.deb" artifacts from S3 +- name: Tag and push image "teleport-ent:v9-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v9-amd64" +- name: Tag and push image "teleport-ent:v9-arm" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v9-arm" +- name: Tag and push image "teleport-ent:v9-arm64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v9-arm64" +- name: Create manifest and push "teleport-ent:major-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-amd64" to ECR - staging + - Tag and push image "teleport-ent:v9-arm" to ECR - staging + - Tag and push image "teleport-ent:v9-arm64" to ECR - staging +- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-amd64" to ECR - staging + - Tag and push image "teleport-ent:v9-arm" to ECR - staging + - Tag and push image "teleport-ent:v9-arm64" to ECR - staging +- name: Create manifest and push "teleport-ent:full-$TIMESTAMP" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, + skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-amd64" to ECR - staging + - Tag and push image "teleport-ent:v9-arm" to ECR - staging + - Tag and push image "teleport-ent:v9-arm64" to ECR - staging +- name: Tag and push image "teleport-ent:v9-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v9-amd64" +- name: Tag and push image "teleport-ent:v9-arm" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v9-arm" +- name: Tag and push image "teleport-ent:v9-arm64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v9-arm64" +- name: Create manifest and push "teleport-ent:major" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-amd64" to Quay + - Tag and push image "teleport-ent:v9-arm" to Quay + - Tag and push image "teleport-ent:v9-arm64" to Quay +- name: Create manifest and push "teleport-ent:minor" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-amd64" to Quay + - Tag and push image "teleport-ent:v9-arm" to Quay + - Tag and push image "teleport-ent:v9-arm64" to Quay +- name: Create manifest and push "teleport-ent:full" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat + "/go/var/full-version")) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-amd64" to Quay + - Tag and push image "teleport-ent:v9-arm" to Quay + - Tag and push image "teleport-ent:v9-arm64" to Quay +- name: Tag and push image "teleport-ent:v9-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v9-amd64" +- name: Tag and push image "teleport-ent:v9-arm" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v9-arm" +- name: Tag and push image "teleport-ent:v9-arm64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-arm64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent image "teleport-ent:v9-arm64" +- name: Create manifest and push "teleport-ent:major" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-amd64" to ECR - production + - Tag and push image "teleport-ent:v9-arm" to ECR - production + - Tag and push image "teleport-ent:v9-arm64" to ECR - production +- name: Create manifest and push "teleport-ent:minor" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-amd64" to ECR - production + - Tag and push image "teleport-ent:v9-arm" to ECR - production + - Tag and push image "teleport-ent:v9-arm64" to ECR - production +- name: Create manifest and push "teleport-ent:full" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 + && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-amd64" to ECR - production + - Tag and push image "teleport-ent:v9-arm" to ECR - production + - Tag and push image "teleport-ent:v9-arm64" to ECR - production +- name: Assume S3 Download AWS Role for teleport-ent-fips + image: amazon/aws-cli + commands: + - aws sts get-caller-identity + - |- + printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ + $(aws sts assume-role \ + --role-arn "$AWS_ROLE" \ + --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ + --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ + --output text) \ + >> /root/.aws/credentials + - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY + - aws sts get-caller-identity --profile s3-download-teleport-ent-fips + environment: + AWS_ACCESS_KEY_ID: + from_secret: AWS_ACCESS_KEY_ID + AWS_ROLE: + from_secret: AWS_ROLE + AWS_SECRET_ACCESS_KEY: + from_secret: AWS_SECRET_ACCESS_KEY + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Find the latest available semver for v9 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for + teleport-ent-fips + image: alpine + commands: + - apk add curl + - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips") + - curl -Ls -o "/go/build/Dockerfile-teleport-ent-fips" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat + '/go/vars/full-version-v9')/build.assets/charts/Dockerfile" + depends_on: + - Find the latest available semver for v9 + - Wait for docker + - Wait for docker registry + - Check out code + - Build major, minor, and full semvers + - Assume ECR - staging AWS Role + - Assume ECR - authenticated-pull AWS Role + - Assume ECR - production AWS Role +- name: Download "teleport-ent_v9-tag-fips_amd64.deb" artifacts from S3 + image: amazon/aws-cli + commands: + - END_TIME=$(( $(date +%s) + 3600 )) + - TIMED_OUT=true + - while [ $(date +%s) -lt $${END_TIME?} ]; do + - SUCCESS=true + - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr + -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + || SUCCESS=false + - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' + - echo 'Condition not met yet, waiting another 60 seconds...' + - sleep 60 + - done + - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ + "$SUCCESS" = "true" ]'' && exit 1' + - mkdir -pv "/go/build" + - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat + "/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + environment: + AWS_PROFILE: s3-download-teleport-ent-fips + AWS_REGION: us-west-2 + AWS_S3_BUCKET: + from_secret: AWS_S3_BUCKET + volumes: + - name: awsconfig + path: /root/.aws + depends_on: + - Assume S3 Download AWS Role for teleport-ent-fips + - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips +- name: Build teleport-ent-fips image "teleport-ent:v9-fips-amd64" + image: docker + commands: + - docker run --privileged --rm tonistiigi/binfmt --install all + - mkdir -pv "/go/build" && cd "/go/build" + - mkdir -pv "/tmp/teleport-ent-v9-fips-amd64-builder" + - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v9-fips-amd64-builder/buildkitd.toml" + - echo ' http = true' >> "/tmp/teleport-ent-v9-fips-amd64-builder/buildkitd.toml" + - docker buildx create --driver "docker-container" --driver-opt "network=host" --name + "teleport-ent-v9-fips-amd64-builder" --config "/tmp/teleport-ent-v9-fips-amd64-builder/buildkitd.toml" + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker buildx build --push --builder "teleport-ent-v9-fips-amd64-builder" --target + "teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips" + --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb + /go/build + - docker logout "public.ecr.aws" + - docker buildx rm "teleport-ent-v9-fips-amd64-builder" + - rm -rf "/tmp/teleport-ent-v9-fips-amd64-builder" + environment: + AWS_PROFILE: ecr-authenticated-pull + DOCKER_BUILDKIT: "1" + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Assume ECR - authenticated-pull AWS Role + - Download "teleport-ent_v9-tag-fips_amd64.deb" artifacts from S3 +- name: Tag and push image "teleport-ent:v9-fips-amd64" to ECR - staging + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found + existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found + existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64) + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found + existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent-fips image "teleport-ent:v9-fips-amd64" +- name: Create manifest and push "teleport-ent:major-$TIMESTAMP-fips" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/major-version")-$TIMESTAMP-fips) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-fips-amd64" to ECR - staging +- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP-fips" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/minor-version")-$TIMESTAMP-fips) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-fips-amd64" to ECR - staging +- name: Create manifest and push "teleport-ent:full-$TIMESTAMP-fips" to ECR - staging + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin + 146628656107.dkr.ecr.us-west-2.amazonaws.com + - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') + - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing + image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat + "/go/var/full-version")-$TIMESTAMP-fips) + - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" + environment: + AWS_PROFILE: ecr-staging + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-fips-amd64" to ECR - staging +- name: Tag and push image "teleport-ent:v9-fips-amd64" to Quay + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent-fips image "teleport-ent:v9-fips-amd64" +- name: Create manifest and push "teleport-ent:major-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-fips-amd64" to Quay +- name: Create manifest and push "teleport-ent:minor-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-fips-amd64" to Quay +- name: Create manifest and push "teleport-ent:full-fips" to Quay + image: docker + commands: + - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend + quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && + docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) + - docker logout "quay.io" + environment: + QUAY_PASSWORD: + from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD + QUAY_USERNAME: + from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-fips-amd64" to Quay +- name: Tag and push image "teleport-ent:v9-fips-amd64" to ECR - production + image: docker + commands: + - docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat + "/go/var/full-version")-fips-amd64) + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Build teleport-ent-fips image "teleport-ent:v9-fips-amd64" +- name: Create manifest and push "teleport-ent:major-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-fips-amd64" to ECR - production +- name: Create manifest and push "teleport-ent:minor-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 + - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-fips-amd64" to ECR - production +- name: Create manifest and push "teleport-ent:full-fips" to ECR - production + image: docker + commands: + - apk add --no-cache aws-cli + - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin + public.ecr.aws + - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest + create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips + --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 + && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) + - docker logout "public.ecr.aws" + environment: + AWS_PROFILE: ecr-production + volumes: + - name: awsconfig + path: /root/.aws + - name: dockersock + path: /var/run + depends_on: + - Tag and push image "teleport-ent:v9-fips-amd64" to ECR - production +services: +- name: Start Docker + image: docker:dind + privileged: true + volumes: + - name: dockersock + path: /var/run +- name: drone-docker-registry + image: registry:2 + privileged: false + volumes: [] +volumes: +- name: awsconfig + temp: {} +- name: dockersock + temp: {} --- kind: signature -hmac: 016970bab87871788798cff4f22961a9e5aa4a01b7fc94deb39513deb79e7344 +hmac: 1c6fb06e764b9cc5bb04ab64cfe47a35ec7c3debe1f42d481aece2eb1dcfd713 ... diff --git a/Makefile b/Makefile index 4ac2130c5f04e..e3a1c290e9187 100644 --- a/Makefile +++ b/Makefile @@ -13,11 +13,7 @@ # Master/dev branch: "1.0.0-dev" VERSION=10.3.7 -DOCKER_IMAGE_QUAY ?= quay.io/gravitational/teleport -DOCKER_IMAGE_ECR ?= public.ecr.aws/gravitational/teleport -DOCKER_IMAGE_STAGING ?= 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport -DOCKER_IMAGE_OPERATOR_STAGING ?= 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator - +DOCKER_IMAGE ?= teleport GOPATH ?= $(shell go env GOPATH) @@ -366,11 +362,10 @@ release-arm64: $(MAKE) release ARCH=arm64 # -# make release-unix - Produces a binary release tarball containing teleport, -# tctl, and tsh. +# make build-archive - Packages the results of a build into a release tarball # -.PHONY: -release-unix: clean full +.PHONY: build-archive +build-archive: @echo "---> Creating OSS release archive." mkdir teleport cp -rf $(BUILDDIR)/* \ @@ -383,6 +378,13 @@ release-unix: clean full tar $(TAR_FLAGS) -c teleport | gzip -n > $(RELEASE).tar.gz rm -rf teleport @echo "---> Created $(RELEASE).tar.gz." + +# +# make release-unix - Produces a binary release tarball containing teleport, +# tctl, and tsh. +# +.PHONY: +release-unix: clean full build-archive @if [ -f e/Makefile ]; then \ rm -fr $(ASSETS_BUILDDIR)/webassets; \ $(MAKE) -C e release; \ @@ -963,70 +965,17 @@ install: build cp -f $(BUILDDIR)/teleport $(BINDIR)/ mkdir -p $(DATADIR) - # Docker image build. Always build the binaries themselves within docker (see # the "docker" rule) to avoid dependencies on the host libc version. .PHONY: image -image: clean docker-binaries +image: OS=linux +image: TARBALL_PATH_SECTION:=-s "$(shell pwd)" +image: clean docker-binaries build-archive oss-deb cp ./build.assets/charts/Dockerfile $(BUILDDIR)/ - cd $(BUILDDIR) && docker build --no-cache . -t $(DOCKER_IMAGE_QUAY):$(VERSION) + cd $(BUILDDIR) && docker build --no-cache . -t $(DOCKER_IMAGE):$(VERSION)-$(ARCH) --target teleport \ + --build-arg DEB_PATH="./teleport_$(VERSION)_$(ARCH).deb" if [ -f e/Makefile ]; then $(MAKE) -C e image; fi -.PHONY: publish -publish: image - docker push $(DOCKER_IMAGE_QUAY):$(VERSION) - if [ -f e/Makefile ]; then $(MAKE) -C e publish; fi - -.PHONY: publish-ecr -publish-ecr: image - docker tag $(DOCKER_IMAGE_QUAY) $(DOCKER_IMAGE_ECR) - docker push $(DOCKER_IMAGE_ECR):$(VERSION) - if [ -f e/Makefile ]; then $(MAKE) -C e publish-ecr; fi - -# Docker image build in CI. -# This is run to build and push Docker images to a private repository as part of the build process. -# When we are ready to make the images public after testing (i.e. when publishing a release), we pull these -# images down, retag them and push them up to the production repo so they're available for use. -# This job can be removed/consolidated after we switch over completely from using Jenkins to using Drone. -.PHONY: image-ci -image-ci: clean docker-binaries - cp ./build.assets/charts/Dockerfile $(BUILDDIR)/ - cd $(BUILDDIR) && docker build --no-cache . -t $(DOCKER_IMAGE_STAGING):$(VERSION) - if [ -f e/Makefile ]; then $(MAKE) -C e image-ci; fi - - -# DOCKER_CLI_EXPERIMENTAL=enabled is set to allow inspecting the manifest for present images. -# https://docs.docker.com/engine/reference/commandline/cli/#experimental-features -# The internal staging images use amazon ECR's immutable repository settings. This makes overwrites impossible currently. -# This can cause issues when drone tagging pipelines must be re-run due to failures. -# Currently the work around for this is to not attempt to push to the image when it already exists. -.PHONY: publish-ci -publish-ci: image-ci - @if DOCKER_CLI_EXPERIMENTAL=enabled docker manifest inspect "$(DOCKER_IMAGE_STAGING):$(VERSION)" >/dev/null 2>&1; then\ - echo "$(DOCKER_IMAGE_STAGING):$(VERSION) already exists. "; \ - else \ - docker push "$(DOCKER_IMAGE_STAGING):$(VERSION)"; \ - fi - if [ -f e/Makefile ]; then $(MAKE) -C e publish-ci; fi - -# Docker image build for Teleport Operator -.PHONY: image-operator-ci -image-operator-ci: - make -C operator docker-build IMG="$(DOCKER_IMAGE_OPERATOR_STAGING):$(VERSION)" - -# DOCKER_CLI_EXPERIMENTAL=enabled is set to allow inspecting the manifest for present images. -# https://docs.docker.com/engine/reference/commandline/cli/#experimental-features -# The internal staging images use amazon ECR's immutable repository settings. This makes overwrites impossible currently. -# This can cause issues when drone tagging pipelines must be re-run due to failures. -# Currently the work around for this is to not attempt to push to the image when it already exists. -.PHONY: publish-operator-ci -publish-operator-ci: image-operator-ci - @if DOCKER_CLI_EXPERIMENTAL=enabled docker manifest inspect "$(DOCKER_IMAGE_OPERATOR_STAGING):$(VERSION)" >/dev/null 2>&1; then \ - echo "$(DOCKER_IMAGE_OPERATOR_STAGING):$(VERSION) already exists. "; \ - else \ - docker push "$(DOCKER_IMAGE_OPERATOR_STAGING):$(VERSION)"; \ - fi - .PHONY: print-version print-version: @echo $(VERSION) @@ -1079,13 +1028,17 @@ rpm: rpm-unsigned: $(MAKE) UNSIGNED_RPM=true rpm -# build .deb -.PHONY: deb -deb: +# build open source .deb only +.PHONY: oss-deb +oss-deb: mkdir -p $(BUILDDIR)/ cp ./build.assets/build-package.sh ./build.assets/build-common.sh $(BUILDDIR)/ chmod +x $(BUILDDIR)/build-package.sh cd $(BUILDDIR) && ./build-package.sh -t oss -v $(VERSION) -p deb -a $(ARCH) $(RUNTIME_SECTION) $(TARBALL_PATH_SECTION) + +# build .deb +.PHONY: deb +deb: oss-deb if [ -f e/Makefile ]; then $(MAKE) -C e deb; fi # check binary compatibility with different OSes diff --git a/build.assets/Dockerfile-cron b/build.assets/Dockerfile-cron deleted file mode 100644 index e5230361bf696..0000000000000 --- a/build.assets/Dockerfile-cron +++ /dev/null @@ -1,45 +0,0 @@ -# First stage downloads pre-compiled Teleport archive from get.gravitational.com -# and extracts binaries from the archive. -FROM alpine AS download - -ARG DOWNLOAD_TYPE=teleport -ARG VERSION_TAG -ARG OS -ARG ARCH -ARG EXTRA_DOWNLOAD_ARGS="" - -WORKDIR /tmp -# Install dependencies. -RUN apk --update --no-cache add curl tar - -# Download the appropriate binary tarball from get.gravitational.com and extract the binaries into -# a temporary directory for us to use in the second stage. -RUN mkdir -p build && \ - curl -Ls https://get.gravitational.com/${DOWNLOAD_TYPE}-${VERSION_TAG}-${OS}-${ARCH}${EXTRA_DOWNLOAD_ARGS}-bin.tar.gz | tar -xzf - && \ - cp $DOWNLOAD_TYPE/teleport $DOWNLOAD_TYPE/tctl $DOWNLOAD_TYPE/tsh $DOWNLOAD_TYPE/tbot build - -# Second stage builds final container with teleport binaries. -FROM ubuntu:20.04 AS teleport - -# Install ca-certificates, dumb-init and libelf1, then clean up. -RUN apt-get update && \ - DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \ - DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y ca-certificates dumb-init libelf1 && \ - update-ca-certificates && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* - -# Copy "teleport", "tctl", "tbot", and "tsh" binaries from the previous stage. -COPY --from=download /tmp/build/teleport /usr/local/bin/teleport -COPY --from=download /tmp/build/tctl /usr/local/bin/tctl -COPY --from=download /tmp/build/tsh /usr/local/bin/tsh -COPY --from=download /tmp/build/tbot /usr/local/bin/tbot - -# Run Teleport inside the image with a default config file location. -ENTRYPOINT ["/usr/bin/dumb-init", "teleport", "start", "-c", "/etc/teleport/teleport.yaml"] - -# Optional third stage which is only run when building the FIPS image. -FROM teleport AS teleport-fips - -# Override the standard entrypoint set in the previous image with the --fips argument to start in FIPS mode. -ENTRYPOINT ["/usr/bin/dumb-init", "teleport", "start", "-c", "/etc/teleport/teleport.yaml", "--fips"] diff --git a/build.assets/charts/Dockerfile b/build.assets/charts/Dockerfile index cbf32c8f1fa03..4b2c1ec619af6 100644 --- a/build.assets/charts/Dockerfile +++ b/build.assets/charts/Dockerfile @@ -1,4 +1,9 @@ -FROM ubuntu:20.04 +# Stage to build the image, without FIPS entrypoint argument +FROM ubuntu:20.04 AS teleport + +# Copy the deb archive +ARG DEB_PATH +COPY ${DEB_PATH?} /tmp/teleport.deb # Install dumb-init and ca-certificates. The dumb-init package is to ensure # signals and orphaned processes are are handled correctly. The ca-certificate @@ -39,18 +44,22 @@ FROM ubuntu:20.04 # "apt-get update" to reduce the size of the image. RUN apt-get update && \ DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \ + # Install dependencies DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y ca-certificates dumb-init libelf1 && \ + # Install tools DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y net-tools iputils-ping inetutils-telnet netcat tcpdump busybox && \ busybox --install -s && \ update-ca-certificates && \ + # Install Teleport + dpkg -i /tmp/teleport.deb && \ + # Cleanup apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* - -# Bundle "teleport", "tctl", "tbot", and "tsh" binaries into image. -COPY teleport /usr/local/bin/teleport -COPY tctl /usr/local/bin/tctl -COPY tsh /usr/local/bin/tsh -COPY tbot /usr/local/bin/tbot + rm -rf /var/lib/apt/lists/* && \ + rm -rf /tmp/* # By setting this entry point, we expose make target as command. ENTRYPOINT ["/usr/bin/dumb-init", "teleport", "start", "-c", "/etc/teleport/teleport.yaml"] + +# Stage to launch Teleport with the fips argument +FROM teleport AS teleport-fips +ENTRYPOINT ["/usr/bin/dumb-init", "teleport", "start", "-c", "/etc/teleport/teleport.yaml", "--fips"] diff --git a/build.assets/charts/Dockerfile-fips b/build.assets/charts/Dockerfile-fips deleted file mode 100644 index 46bf9d3a0aa15..0000000000000 --- a/build.assets/charts/Dockerfile-fips +++ /dev/null @@ -1,56 +0,0 @@ -FROM ubuntu:20.04 - -# Install dumb-init and ca-certificates. The dumb-init package is to ensure -# signals and orphaned processes are are handled correctly. The ca-certificate -# package is installed because the base Ubuntu image does not come with any -# certificate authorities. libelf1 is a dependency introduced by Teleport 7.0. -# -# The below packages are provided for debug purposes. Installing them adds around -# six megabytes to the image size. The packages include the following commands: -# * net-tools -# * netstat -# * ifconfig -# * ipmaddr -# * iptunnel -# * mii-tool -# * nameif -# * plipconfig -# * rarp -# * route -# * slattach -# * arp -# * iputils-ping -# * ping -# * ping4 -# * ping6 -# * inetutils-telnet -# * telnet -# * netcat -# * netcat -# * tcpdump -# * tcpdump -# * busybox (see "busybox --list" for all provided utils) -# * less -# * nslookup -# * vi -# * wget -# -# Note that /var/lib/apt/lists/* is cleaned up in the same RUN command as -# "apt-get update" to reduce the size of the image. -RUN apt-get update && \ - DEBIAN_FRONTEND=noninteractive apt-get upgrade -y && \ - DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y ca-certificates dumb-init libelf1 && \ - DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y net-tools iputils-ping inetutils-telnet netcat tcpdump busybox && \ - busybox --install -s && \ - update-ca-certificates && \ - apt-get -y clean && \ - rm -rf /var/lib/apt/lists/* - -# Bundle "teleport", "tctl", "tbot", and "tsh" binaries into image. -COPY teleport /usr/local/bin/teleport -COPY tctl /usr/local/bin/tctl -COPY tsh /usr/local/bin/tsh -COPY tbot /usr/local/bin/tbot - -# By setting this entry point, we expose make target as command. -ENTRYPOINT ["/usr/bin/dumb-init", "teleport", "start", "-c", "/etc/teleport/teleport.yaml", "--fips"] diff --git a/dronegen/common.go b/dronegen/common.go index 917989e3425b5..63ac021f026fd 100644 --- a/dronegen/common.go +++ b/dronegen/common.go @@ -33,6 +33,16 @@ const ( // ProductionRegistryQuay is the production image registry that hosts images on quay.io. Will be deprecated in the future. // See RFD 73 - https://github.com/gravitational/teleport/blob/c18c09f5d562dd46a509154eab4295ad39decc3c/rfd/0073-public-image-registry.md ProductionRegistryQuay = "quay.io" + + // Go version used by internal tools + GoVersion = "1.18" + + // The name of this service must match k8s.io/apimachinery/pkg/util/validation `IsDNS1123Subdomain` + // so that it is resolvable + // See https://github.com/drone-runners/drone-runner-kube/blob/master/engine/compiler/compiler.go#L398 + // for details + LocalRegistryHostname string = "drone-docker-registry" + LocalRegistrySocket string = LocalRegistryHostname + ":5000" ) var ( @@ -105,12 +115,20 @@ func pushTriggerForBranch(branches ...string) trigger { return t } +func cronTrigger(cronJobNames []string) trigger { + return trigger{ + Cron: triggerRef{Include: cronJobNames}, + Repo: triggerRef{Include: []string{"gravitational/teleport"}}, + } +} + func cloneRepoCommands(cloneDirectory, commit string) []string { return []string{ fmt.Sprintf("mkdir -pv %q", cloneDirectory), fmt.Sprintf("cd %q", cloneDirectory), - `git init && git remote add origin ${DRONE_REMOTE_URL}`, - `git fetch origin --tags`, + "git init", + "git remote add origin ${DRONE_REMOTE_URL}", + "git fetch origin --tags", fmt.Sprintf("git checkout -qf %q", commit), } } @@ -215,6 +233,27 @@ func dockerService(v ...volumeRef) service { } } +// Starts a container registry service at `LocalRegistrySocket` +// This can be pushed/pulled to via `docker push/pull :5000/image:tag` +func dockerRegistryService() service { + return service{ + Name: LocalRegistryHostname, + Image: "registry:2", + } +} + +// dockerVolumes returns a slice of volumes +// It includes the Docker socket volume by default, plus any extra volumes passed in +func dockerVolumes(v ...volume) []volume { + return append(v, volumeDocker) +} + +// dockerVolumeRefs returns a slice of volumeRefs +// It includes the Docker socket volumeRef as a default, plus any extra volumeRefs passed in +func dockerVolumeRefs(v ...volumeRef) []volumeRef { + return append(v, volumeRefDocker) +} + // releaseMakefileTarget gets the correct Makefile target for a given arch/fips/centos combo func releaseMakefileTarget(b buildType) string { makefileTarget := fmt.Sprintf("release-%s", b.arch) @@ -251,6 +290,18 @@ func waitForDockerStep() step { } } +// waitForDockerStep returns a step which checks that the Docker registry is ready +func waitForDockerRegistryStep() step { + return step{ + Name: "Wait for docker registry", + Image: "alpine", + Commands: []string{ + "apk add curl", + fmt.Sprintf(`timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %%{http_code} http://%s/)" != "200" ]; do sleep 1; done'`, LocalRegistrySocket), + }, + } +} + func verifyTaggedStep() step { return step{ Name: "Verify build is tagged", @@ -270,13 +321,33 @@ func cloneRepoStep(clonePath, commit string) step { } } -func verifyNotPrereleaseStep(checkoutPath string) step { +func verifyNotPrereleaseStep() step { + clonePath := "/tmp/repo" + commands := []string{ + "apk add git", + } + commands = append(commands, cloneRepoCommands(clonePath, "${DRONE_TAG}")...) + commands = append(commands, + fmt.Sprintf("cd %q", path.Join(clonePath, "build.assets", "tooling")), + "go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> This is a prerelease, not continuing promotion for ${DRONE_TAG}' && exit 78)", + ) + return step{ - Name: "Check if tag is prerelease", - Image: "golang:1.18-alpine", - Commands: []string{ - fmt.Sprintf("cd %q", path.Join(checkoutPath, "build.assets", "tooling")), - "go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> This is a prerelease, not continuing promotion for ${DRONE_TAG}' && exit 78)", - }, + Name: "Check if tag is prerelease", + Image: fmt.Sprintf("golang:%s-alpine", GoVersion), + Commands: commands, + } +} + +func sliceSelect[T, V any](slice []T, selector func(T) V) []V { + selectedValues := make([]V, len(slice)) + for i, entry := range slice { + selectedValues[i] = selector(entry) } + + return selectedValues +} + +func getStepNames(steps []step) []string { + return sliceSelect(steps, func(s step) string { return s.Name }) } diff --git a/dronegen/container_image_products.go b/dronegen/container_image_products.go new file mode 100644 index 0000000000000..669ed176ea4b5 --- /dev/null +++ b/dronegen/container_image_products.go @@ -0,0 +1,488 @@ +// Copyright 2021 Gravitational, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import ( + "fmt" + "path" + "regexp" + + "golang.org/x/exp/maps" +) + +// Describes a Gravitational "product", where a "product" is a piece of software +// that we provide to our customers via container repositories. +type Product struct { + Name string + DockerfilePath string + WorkingDirectory string // Working directory to use for "docker build". + DockerfileTarget string // Optional. Defines a dockerfile target to stop at on build. + SupportedArchs []string // ISAs that the builder should produce + SetupSteps []step // Product-specific, arch agnostic steps that must be ran before building an image. + ArchSetupSteps map[string][]step // Product and arch specific steps that must be ran before building an image. If commands are empty then they are treated as dependent steps. + DockerfileArgBuilder func(arch string) []string // Generator that returns "docker build --arg" strings + ImageBuilder func(repo *ContainerRepo, tag *ImageTag) *Image // Generator that returns an Image struct that defines what "docker build" should produce + MinimumSupportedMajorVersion string // Semver of the minimum major version that the product can be built for. For example, for Teleport Lab, this would be "v10". +} + +func NewTeleportProduct(isEnterprise, isFips bool, version *ReleaseVersion) *Product { + workingDirectory := "/go/build" + downloadURL := fmt.Sprintf( + "https://raw.githubusercontent.com/gravitational/teleport/%s/build.assets/charts/Dockerfile", + version.ShellVersion, + ) + name := "teleport" + dockerfileTarget := "teleport" + supportedArches := []string{"amd64"} + + if isEnterprise { + name += "-ent" + } + if isFips { + dockerfileTarget += "-fips" + name += "-fips" + } else { + supportedArches = append(supportedArches, "arm", "arm64") + } + + setupSteps, dockerfilePath, downloadProfileName := getTeleportSetupSteps(name, workingDirectory, downloadURL) + archSetupSteps, debPaths := getTeleportArchsSetupSteps(supportedArches, workingDirectory, downloadProfileName, version, isEnterprise, isFips) + + return &Product{ + Name: name, + DockerfilePath: dockerfilePath, + WorkingDirectory: workingDirectory, + DockerfileTarget: dockerfileTarget, + SupportedArchs: supportedArches, + SetupSteps: setupSteps, + ArchSetupSteps: archSetupSteps, + DockerfileArgBuilder: func(arch string) []string { + return []string{ + fmt.Sprintf("DEB_PATH=%s", debPaths[arch]), + } + }, + ImageBuilder: func(repo *ContainerRepo, tag *ImageTag) *Image { + imageProductName := "teleport" + if isEnterprise { + imageProductName += "-ent" + } + + if isFips { + tag.AppendString("fips") + } + + return &Image{ + Repo: repo, + Name: imageProductName, + Tag: tag, + } + }, + // While technically this goes back much further, this is as far back as changes will be backported. + MinimumSupportedMajorVersion: "v9", + } +} + +func NewTeleportOperatorProduct(cloneDirectory string) *Product { + name := "teleport-operator" + return &Product{ + Name: name, + DockerfilePath: path.Join(cloneDirectory, "operator", "Dockerfile"), + WorkingDirectory: cloneDirectory, + SupportedArchs: []string{"amd64", "arm", "arm64"}, + ImageBuilder: func(repo *ContainerRepo, tag *ImageTag) *Image { + return &Image{ + Repo: repo, + Name: name, + Tag: tag, + } + }, + DockerfileArgBuilder: func(arch string) []string { + buildboxName := fmt.Sprintf("%s/gravitational/teleport-buildbox", ProductionRegistry) + compilerName := "" + switch arch { + case "x86_64", "amd64": + compilerName = "x86_64-linux-gnu-gcc" + case "i686", "i386": + compilerName = "i686-linux-gnu-gcc" + case "arm64", "aarch64": + buildboxName += "-arm" + compilerName = "aarch64-linux-gnu-gcc" + // We may want to add additional arm ISAs in the future to support devices without hardware FPUs + case "armhf": + case "arm": + buildboxName += "-arm" + compilerName = "arm-linux-gnueabihf-gcc" + } + + buildboxName += ":teleport11" + + return []string{ + fmt.Sprintf("BUILDBOX=%s", buildboxName), + fmt.Sprintf("COMPILER_NAME=%s", compilerName), + } + }, + MinimumSupportedMajorVersion: "v10", + } +} + +// Builds all the steps required to prepare the pipeline for building Teleport images. +// Returns the setup steps, the path to the downloaded Teleport dockerfile, and the name of the +// AWS profile that can be used to download artifacts from S3. +func getTeleportSetupSteps(productName, workingPath, downloadURL string) ([]step, string, string) { + assumeS3DownloadRoleStep, profileName := assumeS3DownloadRoleStep(productName) + downloadDockerfileStep, dockerfilePath := downloadTeleportDockerfileStep(productName, workingPath, downloadURL) + // Additional setup steps in the future should go here + + return []step{assumeS3DownloadRoleStep, downloadDockerfileStep}, dockerfilePath, profileName +} + +// Generates steps that download a deb for each supported arch to the working directory. +// Returns maps keyed by the supported arches, with the generated setup steps and deb paths. +func getTeleportArchsSetupSteps(supportedArchs []string, workingDirectory, profile string, version *ReleaseVersion, + isEnterprise, isFips bool) (map[string][]step, map[string]string) { + + archSetupSteps := make(map[string][]step, len(supportedArchs)) + debPaths := make(map[string]string, len(supportedArchs)) + + for _, supportedArch := range supportedArchs { + archSetupStep, debPath := getTeleportArchSetupStep(supportedArch, workingDirectory, profile, version, isEnterprise, isFips) + archSetupSteps[supportedArch] = []step{archSetupStep} + debPaths[supportedArch] = debPath + } + + return archSetupSteps, debPaths +} + +// Generates steps that download a deb for each supported arch to the working directory. +// Returns the generated step, and the path to the downloaded deb. +func getTeleportArchSetupStep(arch, workingDirectory, profile string, version *ReleaseVersion, isEnterprise, isFips bool) (step, string) { + shellDebName := buildTeleportDebName(version, arch, isEnterprise, isFips, false) + humanDebName := buildTeleportDebName(version, arch, isEnterprise, isFips, true) + commands := generateDownloadCommandsForArch(shellDebName, version.GetFullSemver().GetSemverValue(), workingDirectory, profile) + + downloadStep := step{ + Name: fmt.Sprintf("Download %q artifacts from S3", humanDebName), + Image: "amazon/aws-cli", + Environment: map[string]value{ + "AWS_REGION": {raw: "us-west-2"}, + "AWS_S3_BUCKET": {fromSecret: "AWS_S3_BUCKET"}, + "AWS_PROFILE": {raw: profile}, + }, + Commands: commands, + Volumes: []volumeRef{volumeRefAwsConfig}, + } + + return downloadStep, shellDebName +} + +// Generates the commands to download `debName` from s3 to `workingDirectory`. +// Returns the commands as well as the path where the deb will be downloaded to. +func generateDownloadCommandsForArch(debName, trimmedTag, workingDirectory, profile string) []string { + bucketPath := fmt.Sprintf("s3://$AWS_S3_BUCKET/teleport/tag/%s/", trimmedTag) + checkCommands := []string{ + "SUCCESS=true", + fmt.Sprintf("aws s3 ls %s | tr -s ' ' | cut -d' ' -f 4 | grep -x %s || SUCCESS=false", bucketPath, debName), + } + successCommand := "[ \"$SUCCESS\" = \"true\" ]" + + remotePath := fmt.Sprintf("%s%s", bucketPath, debName) + downloadPath := path.Join(workingDirectory, debName) + + commands := make([]string, 0) + // Wait up to an hour for debs to be build and published to s3 by other pipelines + commands = append(commands, wrapCommandsInTimeout(checkCommands, successCommand, 60*60, 60)...) + commands = append(commands, fmt.Sprintf("mkdir -pv %q", workingDirectory)) + commands = append(commands, fmt.Sprintf("aws s3 cp %s %s", remotePath, downloadPath)) + + return commands +} + +// Returns either a human-readable or shell-evaluable Teleport deb name. +func buildTeleportDebName(version *ReleaseVersion, arch string, isEnterprise, isFips, humanReadable bool) string { + var versionString string + if humanReadable { + versionString = fmt.Sprintf("%s-tag", version.MajorVersion) + } else { + versionString = version.GetFullSemver().GetSemverValue() + } + + debName := "teleport" + if isEnterprise { + debName = fmt.Sprintf("%s-ent", debName) + } + debName = fmt.Sprintf("%s_%s", debName, versionString) + if isFips { + debName = fmt.Sprintf("%s-fips", debName) + } + debName = fmt.Sprintf("%s_%s.deb", debName, arch) + + return debName +} + +// Creates a shell loop with a timeout +// commands: commands to run in a loop +// successCommand: should evaluate to shell true (i.e. `[ true ]`) when the loop has succeeded +// timeoutSeconds: how long in seconds to wait before the loop fails +// sleepTimeSeconds: how long to wait after every iteration before running again +func wrapCommandsInTimeout(commands []string, successCommand string, timeoutSeconds int, sleepTimeSeconds int) []string { + setupCommands := []string{ + fmt.Sprintf("END_TIME=$(( $(date +%%s) + %d ))", timeoutSeconds), + "TIMED_OUT=true", + "while [ $(date +%s) -lt $${END_TIME?} ]; do", + } + + finalizeCommands := []string{ + // Evaluate the condition + fmt.Sprintf("%s && TIMED_OUT=false && break;", successCommand), + // Sleep if not met + fmt.Sprintf("echo 'Condition not met yet, waiting another %d seconds...'", sleepTimeSeconds), + fmt.Sprintf("sleep %d", sleepTimeSeconds), + "done", + // Conditionally log timeout failure and exit + fmt.Sprintf("[ $${TIMED_OUT?} = true ] && echo 'Timed out while waiting for condition: %s' && exit 1", successCommand), + } + + loopCommands := make([]string, 0) + loopCommands = append(loopCommands, setupCommands...) + loopCommands = append(loopCommands, commands...) + loopCommands = append(loopCommands, finalizeCommands...) + + return loopCommands +} + +// Generates a step that downloads the Teleport Dockerfile +// Returns the generated step and the path to the downloaded Dockerfile +func downloadTeleportDockerfileStep(productName, workingPath, downloadURL string) (step, string) { + // Enterprise and fips specific dockerfiles should be configured here in the future if needed + dockerfilePath := path.Join(workingPath, fmt.Sprintf("Dockerfile-%s", productName)) + + return step{ + Name: fmt.Sprintf("Download Teleport Dockerfile to %q for %s", dockerfilePath, productName), + Image: "alpine", + Commands: []string{ + "apk add curl", + fmt.Sprintf("mkdir -pv $(dirname %q)", dockerfilePath), + fmt.Sprintf("curl -Ls -o %q %q", dockerfilePath, downloadURL), + }, + }, dockerfilePath +} + +func assumeS3DownloadRoleStep(productName string) (step, string) { + profileName := fmt.Sprintf("s3-download-%s", productName) + return kubernetesAssumeAwsRoleStep(kubernetesRoleSettings{ + awsRoleSettings: awsRoleSettings{ + awsAccessKeyID: value{fromSecret: "AWS_ACCESS_KEY_ID"}, + awsSecretAccessKey: value{fromSecret: "AWS_SECRET_ACCESS_KEY"}, + role: value{fromSecret: "AWS_ROLE"}, + }, + configVolume: volumeRefAwsConfig, + profile: profileName, + name: fmt.Sprintf("Assume S3 Download AWS Role for %s", productName), + append: true, + }), profileName +} + +func (p *Product) getBaseImage(arch string, version *ReleaseVersion, containerRepo *ContainerRepo) *Image { + return p.ImageBuilder( + containerRepo, + &ImageTag{ + ShellBaseValue: version.GetFullSemver().GetSemverValue(), + DisplayBaseValue: version.MajorVersion, + Arch: arch, + }, + ) +} + +func (p *Product) GetLocalRegistryImage(arch string, version *ReleaseVersion) *Image { + return p.getBaseImage(arch, version, GetLocalContainerRepo()) +} + +func (p *Product) GetStagingRegistryImage(arch string, version *ReleaseVersion, stagingRepo *ContainerRepo) *Image { + return p.getBaseImage(arch, version, stagingRepo) +} + +func (p *Product) buildSteps(version *ReleaseVersion, parentStepNames []string, flags *TriggerFlags) []step { + steps := make([]step, 0) + + // Get the container repos images will be pushed to + stagingRepo := GetStagingContainerRepo(flags.UseUniqueStagingTag) + publicEcrPullRegistry := GetPublicEcrPullRegistry() + productionRepos := GetProductionContainerRepos() + + // Collect the name of the steps that are required before build/retrieval + productSetupStepNames := make([]string, 0) + if flags.ShouldBuildNewImages { + for _, setupStep := range p.SetupSteps { + // Wait for the parent steps before starting on the product setup steps + setupStep.DependsOn = append(setupStep.DependsOn, parentStepNames...) + steps = append(steps, setupStep) + productSetupStepNames = append(productSetupStepNames, setupStep.Name) + } + } + if len(productSetupStepNames) == 0 { + // Cover the case where there are no product setup steps + productSetupStepNames = parentStepNames + } + + archBuildStepDetails := make([]*buildStepOutput, 0, len(p.SupportedArchs)) + + // Add image build/retrieval steps + for _, supportedArch := range p.SupportedArchs { + // Include steps for building images from scratch + if flags.ShouldBuildNewImages { + archBuildStep, archBuildStepDetail := p.createBuildStep(supportedArch, version, publicEcrPullRegistry) + + // Collect the name of steps that are required before build, taking into account arch-specific steps + setupStepNames := make([]string, 0) + for _, archSetupStep := range p.ArchSetupSteps[supportedArch] { + archSetupStep.DependsOn = append(archSetupStep.DependsOn, productSetupStepNames...) + steps = append(steps, archSetupStep) + setupStepNames = append(setupStepNames, archSetupStep.Name) + } + if len(setupStepNames) == 0 { + // Cover the case where there are no arch specific steps + setupStepNames = productSetupStepNames + } + + archBuildStep.DependsOn = append(archBuildStep.DependsOn, setupStepNames...) + + steps = append(steps, archBuildStep) + archBuildStepDetails = append(archBuildStepDetails, archBuildStepDetail) + } else { + stagingImage := p.GetStagingRegistryImage(supportedArch, version, stagingRepo) + pullStagingImageStep, locallyPushedImage := stagingRepo.pullPushStep(stagingImage, productSetupStepNames) + steps = append(steps, pullStagingImageStep) + + // Generate build details that point to the pulled staging images + archBuildStepDetails = append(archBuildStepDetails, &buildStepOutput{ + StepName: pullStagingImageStep.Name, + BuiltImage: locallyPushedImage, + Version: version, + Product: p, + }) + } + } + + // Add publish steps + for _, containerRepo := range getReposToPublishTo(productionRepos, stagingRepo, flags) { + buildSteps := containerRepo.buildSteps(archBuildStepDetails, flags) + + // Add repo setup step dependency to the build steps + setupStepNames := getStepNames(containerRepo.SetupSteps) + for _, buildStep := range buildSteps { + buildStep.DependsOn = append(buildStep.DependsOn, setupStepNames...) + } + + steps = append(steps, buildSteps...) + } + + return steps +} + +func getReposToPublishTo(productionRepos []*ContainerRepo, stagingRepo *ContainerRepo, flags *TriggerFlags) []*ContainerRepo { + stagingRepos := []*ContainerRepo{stagingRepo} + + if flags.ShouldAffectProductionImages { + if !flags.ShouldBuildNewImages { + // In this case the images will be pulled from staging and therefor should not be re-published + // to staging + return productionRepos + } + + return append(stagingRepos, productionRepos...) + } + + return stagingRepos +} + +func (p *Product) GetBuildStepName(arch string, version *ReleaseVersion) string { + localImageName := p.GetLocalRegistryImage(arch, version) + return fmt.Sprintf("Build %s image %q", p.Name, localImageName.GetDisplayName()) +} + +func cleanBuilderName(builderName string) string { + var invalidBuildxCharExpression = regexp.MustCompile(`[^a-zA-Z0-9._-]+`) + return invalidBuildxCharExpression.ReplaceAllString(builderName, "-") +} + +func (p *Product) createBuildStep(arch string, version *ReleaseVersion, publicEcrPullRegistry *ContainerRepo) (step, *buildStepOutput) { + localRegistryImage := p.GetLocalRegistryImage(arch, version) + builderName := cleanBuilderName(fmt.Sprintf("%s-builder", localRegistryImage.GetDisplayName())) + + buildxConfigFileDir := path.Join("/tmp", builderName) + buildxConfigFilePath := path.Join(buildxConfigFileDir, "buildkitd.toml") + + buildxCreateCommand := "docker buildx create" + buildxCreateCommand += fmt.Sprintf(" --driver %q", "docker-container") + // This is set so that buildx can reach the local registry + buildxCreateCommand += fmt.Sprintf(" --driver-opt %q", "network=host") + buildxCreateCommand += fmt.Sprintf(" --name %q", builderName) + buildxCreateCommand += fmt.Sprintf(" --config %q", buildxConfigFilePath) + + buildCommand := "docker buildx build" + buildCommand += " --push" + buildCommand += fmt.Sprintf(" --builder %q", builderName) + if p.DockerfileTarget != "" { + buildCommand += fmt.Sprintf(" --target %q", p.DockerfileTarget) + } + buildCommand += fmt.Sprintf(" --platform %q", "linux/"+arch) + buildCommand += fmt.Sprintf(" --tag %s", localRegistryImage.GetShellName()) + buildCommand += fmt.Sprintf(" --file %q", p.DockerfilePath) + if p.DockerfileArgBuilder != nil { + for _, buildArg := range p.DockerfileArgBuilder(arch) { + buildCommand += fmt.Sprintf(" --build-arg %s", buildArg) + } + } + buildCommand += " " + p.WorkingDirectory + + // This is important to prevent pull rate limiting. See `GetPublicEcrPullRegistry` doc comment + // for details. + authenticatedBuildCommands := publicEcrPullRegistry.buildCommandsWithLogin([]string{buildCommand}) + + commands := []string{ + "docker run --privileged --rm tonistiigi/binfmt --install all", + fmt.Sprintf("mkdir -pv %q && cd %q", p.WorkingDirectory, p.WorkingDirectory), + fmt.Sprintf("mkdir -pv %q", buildxConfigFileDir), + fmt.Sprintf("echo '[registry.%q]' > %q", LocalRegistrySocket, buildxConfigFilePath), + fmt.Sprintf("echo ' http = true' >> %q", buildxConfigFilePath), + buildxCreateCommand, + } + commands = append(commands, authenticatedBuildCommands...) + commands = append(commands, + fmt.Sprintf("docker buildx rm %q", builderName), + fmt.Sprintf("rm -rf %q", buildxConfigFileDir), + ) + + envVars := maps.Clone(publicEcrPullRegistry.EnvironmentVars) + envVars["DOCKER_BUILDKIT"] = value{ + raw: "1", + } + + step := step{ + Name: p.GetBuildStepName(arch, version), + Image: "docker", + Volumes: dockerVolumeRefs(volumeRefAwsConfig), + Environment: envVars, + Commands: commands, + DependsOn: getStepNames(publicEcrPullRegistry.SetupSteps), + } + + return step, &buildStepOutput{ + StepName: step.Name, + BuiltImage: localRegistryImage, + Version: version, + Product: p, + } +} diff --git a/dronegen/container_image_triggers.go b/dronegen/container_image_triggers.go new file mode 100644 index 0000000000000..be07848ee1dc5 --- /dev/null +++ b/dronegen/container_image_triggers.go @@ -0,0 +1,168 @@ +// Copyright 2021 Gravitational, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import ( + "fmt" + "path" +) + +// Describes a Drone trigger as it pertains to container image building. +type TriggerInfo struct { + Trigger trigger + Name string + Flags *TriggerFlags + SupportedVersions []*ReleaseVersion + SetupSteps []step + ParentePipelineNames []string +} + +// This type is mainly used to make passing these vars around cleaner +type TriggerFlags struct { + ShouldAffectProductionImages bool + ShouldBuildNewImages bool + UseUniqueStagingTag bool + ShouldOnlyPublishFullSemver bool +} + +func NewTagTrigger(branchMajorVersion string) *TriggerInfo { + tagTrigger := triggerTag + + return &TriggerInfo{ + Trigger: tagTrigger, + Name: "tag", + Flags: &TriggerFlags{ + ShouldAffectProductionImages: false, + ShouldBuildNewImages: true, + UseUniqueStagingTag: false, + ShouldOnlyPublishFullSemver: true, + }, + SupportedVersions: []*ReleaseVersion{ + { + MajorVersion: branchMajorVersion, + ShellVersion: "$DRONE_TAG", + RelativeVersionName: "branch", + }, + }, + ParentePipelineNames: []string{ + tagCleanupPipelineName, + }, + } +} + +func NewPromoteTrigger(branchMajorVersion string) *TriggerInfo { + promoteTrigger := triggerPromote + promoteTrigger.Target.Include = append(promoteTrigger.Target.Include, "promote-docker") + + return &TriggerInfo{ + Trigger: promoteTrigger, + Name: "promote", + Flags: &TriggerFlags{ + ShouldAffectProductionImages: true, + ShouldBuildNewImages: false, + UseUniqueStagingTag: false, + ShouldOnlyPublishFullSemver: false, + }, + SupportedVersions: []*ReleaseVersion{ + { + MajorVersion: branchMajorVersion, + ShellVersion: "$DRONE_TAG", + RelativeVersionName: "branch", + }, + }, + SetupSteps: []step{verifyTaggedStep()}, + } +} + +func NewCronTrigger(latestMajorVersions []string) *TriggerInfo { + if len(latestMajorVersions) == 0 { + return nil + } + + majorVersionVarBasePath := "/go/vars/full-version" + + supportedVersions := make([]*ReleaseVersion, 0, len(latestMajorVersions)) + if len(latestMajorVersions) > 0 { + latestMajorVersion := latestMajorVersions[0] + supportedVersions = append(supportedVersions, &ReleaseVersion{ + MajorVersion: latestMajorVersion, + ShellVersion: readCronShellVersionCommand(majorVersionVarBasePath, latestMajorVersion), + RelativeVersionName: "current-version", + SetupSteps: []step{getLatestSemverStep(latestMajorVersion, majorVersionVarBasePath)}, + }) + + if len(latestMajorVersions) > 1 { + for i, majorVersion := range latestMajorVersions[1:] { + supportedVersions = append(supportedVersions, &ReleaseVersion{ + MajorVersion: majorVersion, + ShellVersion: readCronShellVersionCommand(majorVersionVarBasePath, majorVersion), + RelativeVersionName: fmt.Sprintf("previous-version-%d", i+1), + SetupSteps: []step{getLatestSemverStep(majorVersion, majorVersionVarBasePath)}, + }) + } + } + } + + return &TriggerInfo{ + Trigger: cronTrigger([]string{"teleport-container-images-cron"}), + Name: "cron", + Flags: &TriggerFlags{ + ShouldAffectProductionImages: true, + ShouldBuildNewImages: true, + UseUniqueStagingTag: true, + ShouldOnlyPublishFullSemver: false, + }, + SupportedVersions: supportedVersions, + } +} + +func getLatestSemverStep(majorVersion string, majorVersionVarBasePath string) step { + // We don't use "/go/src/github.com/gravitational/teleport" here as a later stage + // may need to clone a different version, and "/go" persists between steps + cloneDirectory := "/tmp/teleport" + majorVersionVarPath := fmt.Sprintf("%s-%s", majorVersionVarBasePath, majorVersion) + return step{ + Name: fmt.Sprintf("Find the latest available semver for %s", majorVersion), + Image: fmt.Sprintf("golang:%s", GoVersion), + Commands: append( + cloneRepoCommands(cloneDirectory, fmt.Sprintf("branch/%s", majorVersion)), + fmt.Sprintf("mkdir -pv $(dirname %q)", majorVersionVarPath), + fmt.Sprintf("cd %q", path.Join(cloneDirectory, "build.assets", "tooling", "cmd", "query-latest")), + fmt.Sprintf("go run . %q | sed 's/v//' > %q", majorVersion, majorVersionVarPath), + fmt.Sprintf("echo Found full semver \"$(cat %q)\" for major version %q", majorVersionVarPath, majorVersion), + ), + } +} + +func readCronShellVersionCommand(majorVersionDirectory, majorVersion string) string { + return fmt.Sprintf("v$(cat '%s-%s')", majorVersionDirectory, majorVersion) +} + +// Drone triggers must all evaluate to "true" for a pipeline to be executed. +// As a result these pipelines are duplicated for each trigger. +// See https://docs.drone.io/pipeline/triggers/ for details. +func (ti *TriggerInfo) buildPipelines() []pipeline { + pipelines := make([]pipeline, 0, len(ti.SupportedVersions)) + for _, teleportVersion := range ti.SupportedVersions { + pipeline := teleportVersion.buildVersionPipeline(ti.SetupSteps, ti.Flags) + pipeline.Name += "-" + ti.Name + pipeline.Trigger = ti.Trigger + pipeline.DependsOn = append(pipeline.DependsOn, ti.ParentePipelineNames...) + + pipelines = append(pipelines, pipeline) + } + + return pipelines +} diff --git a/dronegen/container_images.go b/dronegen/container_images.go new file mode 100644 index 0000000000000..823536047724a --- /dev/null +++ b/dronegen/container_images.go @@ -0,0 +1,116 @@ +// Copyright 2021 Gravitational, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import ( + "fmt" + "strings" +) + +func buildContainerImagePipelines() []pipeline { + // ************************************************************* + // ****** These need to be updated on each major release. ****** + // ****** After updating, "make dronegen" must be reran. ****** + // ************************************************************* + latestMajorVersions := []string{"v11", "v10", "v9"} + branchMajorVersion := "v10" + + triggers := []*TriggerInfo{ + NewTagTrigger(branchMajorVersion), + NewPromoteTrigger(branchMajorVersion), + NewCronTrigger(latestMajorVersions), + } + + if configureForPRTestingOnly { + triggers = append(triggers, NewTestTrigger(prBranch, branchMajorVersion)) + } + + pipelines := make([]pipeline, 0, len(triggers)) + for _, trigger := range triggers { + pipelines = append(pipelines, trigger.buildPipelines()...) + } + + return pipelines +} + +// Describes a container image. Used for both local and remove images. +type Image struct { + Repo *ContainerRepo + Name string + Tag *ImageTag +} + +func (i *Image) GetShellName() string { + repo := strings.TrimSuffix(i.Repo.RegistryDomain, "/") + if i.Repo.RegistryOrg != "" { + repo = fmt.Sprintf("%s/%s", repo, i.Repo.RegistryOrg) + } + return fmt.Sprintf("%s/%s:%s", repo, i.Name, i.Tag.GetShellValue()) +} + +func (i *Image) GetDisplayName() string { + return fmt.Sprintf("%s:%s", i.Name, i.Tag.GetDisplayValue()) +} + +// Contains information about the tag portion of an image. +type ImageTag struct { + ShellBaseValue string // Should evaluate in a shell context to the tag's value + DisplayBaseValue string // Should be set to a human-readable version of ShellTag + Arch string + IsImmutable bool +} + +// Commented out for linter but left incase needed in the future +// func NewLatestTag() *ImageTag { +// return &ImageTag{ +// ShellBaseValue: "latest", +// DisplayBaseValue: "latest", +// } +// } + +func (it *ImageTag) AppendString(s string) { + it.ShellBaseValue += fmt.Sprintf("-%s", s) + it.DisplayBaseValue += fmt.Sprintf("-%s", s) +} + +func (it *ImageTag) IsMultArch() bool { + return it.Arch != "" +} + +func (it *ImageTag) GetShellValue() string { + return it.getValue(it.ShellBaseValue) +} + +func (it *ImageTag) GetDisplayValue() string { + return it.getValue(it.DisplayBaseValue) +} + +func (it *ImageTag) getValue(baseValue string) string { + if it.Arch == "" { + return baseValue + } + + return fmt.Sprintf("%s-%s", baseValue, it.Arch) +} + +// The `step` struct doesn't contain enough information to setup +// dependent steps so we add that via this struct +// This is used internally to pass information around +type buildStepOutput struct { + StepName string + BuiltImage *Image + Version *ReleaseVersion + Product *Product +} diff --git a/dronegen/container_images_release_version.go b/dronegen/container_images_release_version.go new file mode 100644 index 0000000000000..30ad98415b247 --- /dev/null +++ b/dronegen/container_images_release_version.go @@ -0,0 +1,279 @@ +// Copyright 2021 Gravitational, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import ( + "fmt" + "path" + "strconv" + "strings" + + "golang.org/x/mod/semver" +) + +const ( + varDirectory = "/go/var" +) + +// Describes a Teleport/repo release version. All product releases are tied to Teleport's release cycle +// via this struct. +type ReleaseVersion struct { + MajorVersion string // This is the major version of a given build. `SearchVersion` should match this when evaluated. + ShellVersion string // This value will be evaluated by the shell in the context of a Drone step + RelativeVersionName string // The set of values for this should not change between major releases + SetupSteps []step // Version-specific steps that must be ran before executing build and push steps +} + +func (rv *ReleaseVersion) buildVersionPipeline(triggerSetupSteps []step, flags *TriggerFlags) pipeline { + pipelineName := fmt.Sprintf("teleport-container-images-%s", rv.RelativeVersionName) + + setupSteps, dependentStepNames := rv.getSetupStepInformation(triggerSetupSteps) + + pipeline := newKubePipeline(pipelineName) + pipeline.Workspace = workspace{Path: "/go"} + pipeline.Services = []service{ + dockerService(), + dockerRegistryService(), + } + pipeline.Volumes = dockerVolumes(volumeAwsConfig) + pipeline.Environment = map[string]value{ + "DEBIAN_FRONTEND": { + raw: "noninteractive", + }, + } + pipeline.Steps = append(setupSteps, rv.buildSteps(dependentStepNames, flags)...) + + return pipeline +} + +func (rv *ReleaseVersion) getSetupStepInformation(triggerSetupSteps []step) ([]step, []string) { + triggerSetupStepNames := make([]string, 0, len(triggerSetupSteps)) + for _, triggerSetupStep := range triggerSetupSteps { + triggerSetupStepNames = append(triggerSetupStepNames, triggerSetupStep.Name) + } + + nextStageSetupStepNames := triggerSetupStepNames + if len(rv.SetupSteps) > 0 { + versionSetupStepNames := make([]string, 0, len(rv.SetupSteps)) + for _, versionSetupStep := range rv.SetupSteps { + versionSetupStep.DependsOn = append(versionSetupStep.DependsOn, triggerSetupStepNames...) + versionSetupStepNames = append(versionSetupStepNames, versionSetupStep.Name) + } + + nextStageSetupStepNames = versionSetupStepNames + } + + setupSteps := append(triggerSetupSteps, rv.SetupSteps...) + + return setupSteps, nextStageSetupStepNames +} + +func (rv *ReleaseVersion) buildSteps(parentSetupStepNames []string, flags *TriggerFlags) []step { + clonedRepoPath := "/go/src/github.com/gravitational/teleport" + steps := make([]step, 0) + + setupSteps := []step{ + waitForDockerStep(), + waitForDockerRegistryStep(), + cloneRepoStep(clonedRepoPath, rv.ShellVersion), + rv.buildSplitSemverSteps(flags.ShouldOnlyPublishFullSemver), + } + + // These are sequential to prevent read/write contention by mounting volumes on + // multiple containeres at once + repos := getReposUsedByPipeline(flags) + var previousSetupRepo *ContainerRepo + for _, containerRepo := range repos { + repoSetupSteps := containerRepo.SetupSteps + if previousSetupRepo != nil { + previousRepoStepNames := getStepNames(previousSetupRepo.SetupSteps) + for i, repoSetupStep := range repoSetupSteps { + repoSetupSteps[i].DependsOn = append(repoSetupStep.DependsOn, previousRepoStepNames...) + } + } + setupSteps = append(setupSteps, repoSetupSteps...) + + if len(repoSetupSteps) > 0 { + previousSetupRepo = containerRepo + } + } + + for _, setupStep := range setupSteps { + setupStep.DependsOn = append(setupStep.DependsOn, parentSetupStepNames...) + steps = append(steps, setupStep) + } + + setupStepNames := append(parentSetupStepNames, getStepNames(setupSteps)...) + + for _, product := range rv.getProducts(clonedRepoPath) { + if semver.Compare(rv.MajorVersion, product.MinimumSupportedMajorVersion) < 0 { + // If the release version doesn't support the product + continue + } + + steps = append(steps, product.buildSteps(rv, setupStepNames, flags)...) + } + + return steps +} + +func getReposUsedByPipeline(flags *TriggerFlags) []*ContainerRepo { + repos := []*ContainerRepo{GetStagingContainerRepo(flags.UseUniqueStagingTag)} + + if flags.ShouldBuildNewImages { + repos = append(repos, GetPublicEcrPullRegistry()) + } + + if flags.ShouldAffectProductionImages { + repos = append(repos, GetProductionContainerRepos()...) + } + + return repos +} + +type Semver struct { + Name string // Human-readable name for the information contained in the semver, i.e. "major" + FilePath string // The path under the working dir where the information can be read from + FieldCount int // The number of significant version fields available in the semver i.e. "v11" -> 1 + IsImmutable bool + IsFull bool +} + +func (rv *ReleaseVersion) GetSemvers() []*Semver { + return []*Semver{ + { + Name: "major", + FilePath: path.Join(varDirectory, "major-version"), + FieldCount: 1, + IsImmutable: false, + }, + { + Name: "minor", + FilePath: path.Join(varDirectory, "minor-version"), + FieldCount: 2, + IsImmutable: false, + }, + rv.GetFullSemver(), + } +} + +func (rv *ReleaseVersion) GetFullSemver() *Semver { + return &Semver{ + // For releases this is the "canonical" semver. + // For prereleases this is canonical + metadata. + // This is done to keep prereleases pushed to staging + // from overwriting release versions. + Name: "full", + FilePath: path.Join(varDirectory, "full-version"), + IsImmutable: true, + IsFull: true, + } +} + +func (s *Semver) GetSemverValue() string { + return fmt.Sprintf("$(cat %q)", s.FilePath) +} + +func (rv *ReleaseVersion) buildSplitSemverSteps(onlyBuildFullSemver bool) step { + semvers := rv.GetSemvers() + + // Build the commands that generate the semvers + commands := make([]string, 0, len(semvers)) + stepNameVersions := make([]string, 0, len(semvers)) + for _, semver := range semvers { + if onlyBuildFullSemver && !semver.IsFull { + continue + } + + commands = append(commands, fmt.Sprintf("mkdir -pv $(dirname %q)", semver.FilePath)) + if semver.IsFull { + // Special case for full semver where only the "v" should be trimmed + commands = append(commands, fmt.Sprintf("echo %s | sed 's/v//' > %q", rv.ShellVersion, semver.FilePath)) + } else { + // Trim the semver metadata and some digits + // Ex: semver.FieldCount = 3, cutFieldString = "1,2,3" + cutFieldStrings := make([]string, 0, semver.FieldCount) + for i := 1; i <= semver.FieldCount; i++ { + cutFieldStrings = append(cutFieldStrings, strconv.Itoa(i)) + } + cutFieldString := strings.Join(cutFieldStrings, ",") + + commands = append(commands, fmt.Sprintf("echo %s | sed 's/v//' | cut -d'.' -f %q > %q", + rv.ShellVersion, cutFieldString, semver.FilePath)) + } + // For debugging + commands = append(commands, fmt.Sprintf("echo %s", semver.GetSemverValue())) + + stepNameVersions = append(stepNameVersions, semver.Name) + } + + // Build the formatted, human-readable step name + concatStepNameVersions := "Build" + for i, stepNameVersion := range stepNameVersions { + if i+1 < len(stepNameVersions) { + // If not the last version name + concatStepNameVersions = fmt.Sprintf("%s %s,", concatStepNameVersions, stepNameVersion) + } else { + if len(stepNameVersions) > 1 { + concatStepNameVersions = fmt.Sprintf("%s and", concatStepNameVersions) + } + + concatStepNameVersions = fmt.Sprintf("%s %s semver", concatStepNameVersions, stepNameVersion) + if len(stepNameVersions) > 1 { + concatStepNameVersions = fmt.Sprintf("%ss", concatStepNameVersions) + } + } + } + + return step{ + Name: concatStepNameVersions, + Image: "alpine", + Commands: commands, + } +} + +func (rv *ReleaseVersion) getProducts(clonedRepoPath string) []*Product { + teleportProducts := []*Product{ + NewTeleportProduct(false, false, rv), // OSS + NewTeleportProduct(true, false, rv), // Enterprise + NewTeleportProduct(true, true, rv), // Enterprise/FIPS + } + + teleportOperatorProduct := NewTeleportOperatorProduct(clonedRepoPath) + + products := make([]*Product, 0, len(teleportProducts)+1) + products = append(products, teleportProducts...) + products = append(products, teleportOperatorProduct) + + return products +} + +func (rv *ReleaseVersion) getTagsForVersion(onlyBuildFullSemver bool) []*ImageTag { + semvers := rv.GetSemvers() + imageTags := make([]*ImageTag, 0, len(semvers)) + for _, semver := range semvers { + if onlyBuildFullSemver && !semver.IsFull { + continue + } + + imageTags = append(imageTags, &ImageTag{ + ShellBaseValue: semver.GetSemverValue(), + DisplayBaseValue: semver.Name, + IsImmutable: semver.IsImmutable, + }) + } + + return imageTags +} diff --git a/dronegen/container_images_repos.go b/dronegen/container_images_repos.go new file mode 100644 index 0000000000000..56255d8774e98 --- /dev/null +++ b/dronegen/container_images_repos.go @@ -0,0 +1,341 @@ +// Copyright 2021 Gravitational, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import ( + "fmt" + "sort" + "strings" + + "golang.org/x/exp/maps" +) + +// Describes a registry and repo that images are to be published to. +type ContainerRepo struct { + Name string // Human readable name for the repo. Does not need to match remote value. + IsImmutable bool // True if the repo supports updating existing tags, false otherwise + EnvironmentVars map[string]value // Steps that use the described repo should include these env vars + RegistryDomain string // The registry that hosts the container repo + RegistryOrg string // The organization name (usually "gravitational") that the repo is listed under + SetupSteps []step // Optional field that can be used to run setup code prior to first login + LoginCommands []string // Commands to authenticate the docker daemon with the repo + TagBuilder func(baseTag *ImageTag) *ImageTag // Postprocessor for tags that append CR-specific suffixes +} + +func NewEcrContainerRepo(accessKeyIDSecret, secretAccessKeySecret, roleSecret, domain, name string, + isPublic, isImmutable, guaranteeUnique bool) *ContainerRepo { + ecrRegion := StagingEcrRegion + loginSubcommand := "ecr" + if isPublic { + ecrRegion = PublicEcrRegion + loginSubcommand = "ecr-public" + } + + repoName := fmt.Sprintf("ECR - %s", name) + profileName := fmt.Sprintf("ecr-%s", name) + + registryOrg := ProductionRegistryOrg + if configureForPRTestingOnly { + accessKeyIDSecret = testingSecretPrefix + accessKeyIDSecret + secretAccessKeySecret = testingSecretPrefix + secretAccessKeySecret + roleSecret = testingSecretPrefix + roleSecret + registryOrg = testingECRRegistryOrg + + if !isPublic { + domain = testingECRDomain + ecrRegion = testingECRRegion + } + } + + loginCommands := []string{ + "apk add --no-cache aws-cli", + fmt.Sprintf("aws %s get-login-password --region=%s | docker login -u=\"AWS\" --password-stdin %s", loginSubcommand, ecrRegion, domain), + } + + if guaranteeUnique { + loginCommands = append(loginCommands, "TIMESTAMP=$(date -d @\"$DRONE_BUILD_CREATED\" '+%Y%m%d%H%M')") + } + + return &ContainerRepo{ + Name: repoName, + IsImmutable: isImmutable, + EnvironmentVars: map[string]value{ + "AWS_PROFILE": {raw: profileName}, + }, + RegistryDomain: domain, + RegistryOrg: registryOrg, + SetupSteps: []step{ + kubernetesAssumeAwsRoleStep(kubernetesRoleSettings{ + awsRoleSettings: awsRoleSettings{ + awsAccessKeyID: value{fromSecret: accessKeyIDSecret}, + awsSecretAccessKey: value{fromSecret: secretAccessKeySecret}, + role: value{fromSecret: roleSecret}, + }, + configVolume: volumeRefAwsConfig, + profile: profileName, + name: fmt.Sprintf("Assume %s AWS Role", repoName), + append: true, + }), + }, + LoginCommands: loginCommands, + TagBuilder: func(tag *ImageTag) *ImageTag { + if guaranteeUnique { + tag.AppendString("$TIMESTAMP") + } + + return tag + }, + } +} + +func NewQuayContainerRepo(dockerUsername, dockerPassword string) *ContainerRepo { + registryOrg := ProductionRegistryOrg + if configureForPRTestingOnly { + dockerUsername = testingSecretPrefix + dockerUsername + dockerPassword = testingSecretPrefix + dockerPassword + registryOrg = testingQuayRegistryOrg + } + + return &ContainerRepo{ + Name: "Quay", + IsImmutable: false, + EnvironmentVars: map[string]value{ + "QUAY_USERNAME": { + fromSecret: dockerUsername, + }, + "QUAY_PASSWORD": { + fromSecret: dockerPassword, + }, + }, + RegistryDomain: ProductionRegistryQuay, + RegistryOrg: registryOrg, + LoginCommands: []string{ + fmt.Sprintf("docker login -u=\"$QUAY_USERNAME\" -p=\"$QUAY_PASSWORD\" %q", ProductionRegistryQuay), + }, + } +} + +func NewLocalContainerRepo() *ContainerRepo { + return &ContainerRepo{ + Name: "Local Registry", + IsImmutable: false, + RegistryDomain: LocalRegistrySocket, + } +} + +func GetLocalContainerRepo() *ContainerRepo { + return NewLocalContainerRepo() +} + +func GetStagingContainerRepo(uniqueStagingTag bool) *ContainerRepo { + return NewEcrContainerRepo("STAGING_TELEPORT_DRONE_USER_ECR_KEY", "STAGING_TELEPORT_DRONE_USER_ECR_SECRET", + "STAGING_TELEPORT_DRONE_ECR_AWS_ROLE", StagingRegistry, "staging", false, true, uniqueStagingTag) +} + +func GetProductionContainerRepos() []*ContainerRepo { + return []*ContainerRepo{ + NewQuayContainerRepo("PRODUCTION_QUAYIO_DOCKER_USERNAME", "PRODUCTION_QUAYIO_DOCKER_PASSWORD"), + NewEcrContainerRepo("PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY", "PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET", + "PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE", ProductionRegistry, "production", true, false, false), + } +} + +// This is a special case of "public.ecr.aws". This references a public ECR repo that may only ever be pulled from. +// The purpose of this is to authenticate with public ECR prior to `docker buildx build` so that the build command +// will pull from the repo as an authenticated user. Pulling as an authenticated user greatly increase the number +// of layers that can be pulled per second, which fixes certain issues with running build commands in parallel. +func GetPublicEcrPullRegistry() *ContainerRepo { + // Note: these credentials currently allow for push and pull. I'd recommend either a separate role or set of + // credentials for pull only access. + return NewEcrContainerRepo("PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY", "PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET", + "PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE", ProductionRegistry, "authenticated-pull", true, false, false) +} + +func (cr *ContainerRepo) buildSteps(buildStepDetails []*buildStepOutput, flags *TriggerFlags) []step { + if len(buildStepDetails) == 0 { + return nil + } + + steps := make([]step, 0) + + // Tag and push, collecting the names of the tag/push steps and the images pushed. + imageTags := cr.BuildImageTags(buildStepDetails[0].Version, flags) + pushedImages := make(map[*ImageTag][]*Image, len(imageTags)) + pushStepNames := make([]string, 0, len(buildStepDetails)) + for _, buildStepDetail := range buildStepDetails { + pushStep, pushedArchImages := cr.tagAndPushStep(buildStepDetail, imageTags) + pushStepNames = append(pushStepNames, pushStep.Name) + for _, imageTag := range imageTags { + pushedImages[imageTag] = append(pushedImages[imageTag], pushedArchImages[imageTag]) + } + + steps = append(steps, pushStep) + } + + // Create and push a manifest for each tag, referencing multiple architectures in the manifest + for _, imageTag := range imageTags { + multiarchImageTag := *imageTag + multiarchImageTag.Arch = "" + manifestImage := buildStepDetails[0].Product.ImageBuilder(cr, &multiarchImageTag) + manifestStepName := cr.createAndPushManifestStep(manifestImage, pushStepNames, pushedImages[imageTag]) + steps = append(steps, manifestStepName) + } + + return steps +} + +func (cr *ContainerRepo) logoutCommand() string { + return fmt.Sprintf("docker logout %q", cr.RegistryDomain) +} + +func (cr *ContainerRepo) buildCommandsWithLogin(wrappedCommands []string) []string { + if cr.LoginCommands == nil || len(cr.LoginCommands) == 0 { + return wrappedCommands + } + + commands := make([]string, 0) + commands = append(commands, cr.LoginCommands...) + commands = append(commands, wrappedCommands...) + commands = append(commands, cr.logoutCommand()) + + return commands +} + +func (cr *ContainerRepo) BuildImageRepo() string { + return fmt.Sprintf("%s/%s/", cr.RegistryDomain, cr.RegistryOrg) +} + +func (cr *ContainerRepo) BuildImageTags(version *ReleaseVersion, flags *TriggerFlags) []*ImageTag { + tags := version.getTagsForVersion(flags.ShouldOnlyPublishFullSemver) + + if cr.TagBuilder != nil { + for i, tag := range tags { + tags[i] = cr.TagBuilder(tag) + } + } + + return tags +} + +// Pulls an image with authentication pushes it to the local repo. +// Does not generate additional tags. +// Returns an *Image struct describing the locally pushed image. +func (cr *ContainerRepo) pullPushStep(image *Image, dependencySteps []string) (step, *Image) { + localRepo := GetLocalContainerRepo() + localRepoImage := *image + localRepoImage.Repo = localRepo + + commands := image.Repo.buildCommandsWithLogin([]string{fmt.Sprintf("docker pull %s", image.GetShellName())}) + commands = append(commands, + fmt.Sprintf("docker tag %s %s", image.GetShellName(), localRepoImage.GetShellName()), + fmt.Sprintf("docker push %s", localRepoImage.GetShellName()), + ) + + return step{ + Name: fmt.Sprintf("Pull %s and push it to %s", image.GetDisplayName(), localRepo.Name), + Image: "docker", + Volumes: dockerVolumeRefs(volumeRefAwsConfig), + Environment: cr.EnvironmentVars, + Commands: commands, + DependsOn: dependencySteps, + }, &localRepoImage +} + +func (cr *ContainerRepo) tagAndPushStep(buildStepDetails *buildStepOutput, imageTags []*ImageTag) (step, map[*ImageTag]*Image) { + archImageMap := make(map[*ImageTag]*Image, len(imageTags)) + for _, imageTag := range imageTags { + archTag := *imageTag + archTag.Arch = buildStepDetails.BuiltImage.Tag.Arch + archImage := buildStepDetails.Product.ImageBuilder(cr, &archTag) + archImageMap[imageTag] = archImage + } + + // This is tracked separately as maps in golang have a non-deterministic order when iterated over. + // As a result, .drone.yml will be updated every time `make dronegen` is ran regardless of if there + // is a change to the map or not + // The order/comparator does not matter here as long as it is deterministic between dronegen runs + archImageKeys := maps.Keys(archImageMap) + sort.SliceStable(archImageKeys, func(i, j int) bool { return archImageKeys[i].GetDisplayValue() < archImageKeys[j].GetDisplayValue() }) + + pullCommands := []string{ + fmt.Sprintf("docker pull %s", buildStepDetails.BuiltImage.GetShellName()), + } + + tagAndPushCommands := make([]string, 0) + for _, archImageKey := range archImageKeys { + archImage := archImageMap[archImageKey] + + // Skip pushing images if the tag or container registry is immutable + tagAndPushCommands = append(tagAndPushCommands, buildImmutableSafeCommands(archImageKey.IsImmutable || cr.IsImmutable, archImage.GetShellName(), []string{ + fmt.Sprintf("docker tag %s %s", buildStepDetails.BuiltImage.GetShellName(), archImage.GetShellName()), + fmt.Sprintf("docker push %s", archImage.GetShellName()), + })...) + } + tagAndPushCommands = cr.buildCommandsWithLogin(tagAndPushCommands) + + commands := append(pullCommands, tagAndPushCommands...) + + dependencySteps := []string{} + if buildStepDetails.StepName != "" { + dependencySteps = append(dependencySteps, buildStepDetails.StepName) + } + + step := step{ + Name: fmt.Sprintf("Tag and push image %q to %s", buildStepDetails.BuiltImage.GetDisplayName(), cr.Name), + Image: "docker", + Volumes: dockerVolumeRefs(volumeRefAwsConfig), + Environment: cr.EnvironmentVars, + Commands: commands, + DependsOn: dependencySteps, + } + + return step, archImageMap +} + +func (cr *ContainerRepo) createAndPushManifestStep(manifestImage *Image, pushStepNames []string, pushedImages []*Image) step { + if len(pushStepNames) == 0 { + return step{} + } + + manifestCommandArgs := make([]string, 0, len(pushedImages)) + for _, pushedImage := range pushedImages { + manifestCommandArgs = append(manifestCommandArgs, fmt.Sprintf("--amend %s", pushedImage.GetShellName())) + } + + // Skip pushing manifest if the tag or container registry is immutable + commands := buildImmutableSafeCommands(manifestImage.Tag.IsImmutable || cr.IsImmutable, manifestImage.GetShellName(), []string{ + fmt.Sprintf("docker manifest create %s %s", manifestImage.GetShellName(), strings.Join(manifestCommandArgs, " ")), + fmt.Sprintf("docker manifest push %s", manifestImage.GetShellName()), + }) + + return step{ + Name: fmt.Sprintf("Create manifest and push %q to %s", manifestImage.GetDisplayName(), cr.Name), + Image: "docker", + Volumes: dockerVolumeRefs(volumeRefAwsConfig), + Environment: cr.EnvironmentVars, + Commands: cr.buildCommandsWithLogin(commands), + DependsOn: pushStepNames, + } +} + +func buildImmutableSafeCommands(isImmutable bool, imageToCheck string, commandsToRun []string) []string { + if !isImmutable { + return commandsToRun + } + + conditionalCommand := fmt.Sprintf("docker manifest inspect %s > /dev/null 2>&1", imageToCheck) + commandToRun := strings.Join(commandsToRun, " && ") + return []string{fmt.Sprintf("%s && echo 'Found existing image, skipping' || (%s)", conditionalCommand, commandToRun)} +} diff --git a/dronegen/container_images_testing.go b/dronegen/container_images_testing.go new file mode 100644 index 0000000000000..d762165ece810 --- /dev/null +++ b/dronegen/container_images_testing.go @@ -0,0 +1,85 @@ +// Copyright 2021 Gravitational, Inc +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +// This file contains variables and functions to make testing of the container image build process +// more simple and easier. + +// To run one of these pipelines locally: +// # Drone requires certain variables to be set +// export DRONE_REMOTE_URL="https://github.com/gravitational/teleport" +// export DRONE_SOURCE_BRANCH="$(git branch --show-current)" +// # `drone exec` does not support `exec` or `kubernetes` pipelines +// sed -i '' 's/type\: kubernetes/type\: docker/' .drone.yml && sed -i '' 's/type\: exec/type\: docker/' .drone.yml +// # Drone has a bug where "workspace" is appended to "/drone/src". This fixes that by updating references +// sed -i '' 's~/go/~/drone/src/go/~g' .drone.yml +// # Pull the current branch instead of v11 +// sed -i '' "s~git checkout -qf \"\$(cat '/go/vars/full-version/v11')\"~git checkout -qf \"${DRONE_SOURCE_BRANCH}\"~" .drone.yml +// # `drone exec` does not properly map the workspace path. This creates a volume to be shared between steps +// # at the correct path +// DOCKER_VOLUME_NAME="go" +// docker volume create "$DOCKER_VOLUME_NAME" +// drone exec --trusted --pipeline teleport-container-images-current-version-cron --clone=false --volume "${DOCKER_VOLUME_NAME}:/go" +// # Cleanup +// docker volume rm "$DOCKER_VOLUME_NAME" + +// If you are working on a PR/testing changes to this file you should configure the following for Drone testing: +// 1. Publish the branch you're working on +// 2. Set `prBranch` to the name of the branch in (1) +// 3. Set `configureForPRTestingOnly` to true +// 4. Create a public and private ECR, Quay repos for "teleport", "teleport-ent", "teleport-operator", "teleport-lab" +// 5. Set `testingQuayRegistryOrg` and `testingECRRegistryOrg` to the org name(s) used in (4) +// 6. Set the `ECRTestingDomain` to the domain used for the private ECR repos +// 7. Create two separate IAM users, each with full access to either the public ECR repo OR the private ECR repo +// 8. Create a Quay "robot account" with write permissions for the created Quay repos +// 9. Set the Drone secrets for the secret names listed in "GetContainerRepos" to the credentials in (7, 8), prefixed by the value of `testingSecretPrefix` +// +// On each commit, after running `make dronegen``, run the following commands and resign the file: +// # Pull the current branch instead of v11 so the appropriate dockerfile gets loaded +// sed -i '' "s~git checkout -qf \"\$(cat '/go/vars/full-version/v11')\"~git checkout -qf \"${DRONE_SOURCE_BRANCH}\"~" .drone.yml +// +// When finishing up your PR check the following: +// * The testing secrets added to Drone have been removed +// * `configureForPRTestingOnly` has been set to false, and `make dronegen` has been reran afterwords + +const ( + configureForPRTestingOnly bool = false + testingSecretPrefix string = "TEST_" + testingQuayRegistryOrg string = "" // "fred_heinecke" + testingECRRegistryOrg string = "u8j2q1d9" + testingECRRegion string = "us-east-2" + prBranch string = "" // "fred/multiarch-teleport-actual-container-images" + testingECRDomain string = "278576220453.dkr.ecr.us-east-2.amazonaws.com" +) + +const ( + ProductionRegistryOrg string = "gravitational" + PublicEcrRegion string = "us-east-1" + StagingEcrRegion string = "us-west-2" +) + +func NewTestTrigger(triggerBranch, testMajorVersion string) *TriggerInfo { + // baseTrigger := NewTagTrigger(testMajorVersion) + // baseTrigger := NewPromoteTrigger(testMajorVersion) + baseTrigger := NewCronTrigger([]string{testMajorVersion}) + baseTrigger.Name = "Test trigger on push" + baseTrigger.Trigger = trigger{ + Repo: triggerRef{Include: []string{"gravitational/teleport"}}, + Event: triggerRef{Include: []string{"push"}}, + Branch: triggerRef{Include: []string{triggerBranch}}, + } + + return baseTrigger +} diff --git a/dronegen/main.go b/dronegen/main.go index 18b0d6d40bcaf..6d2b2acd63cd3 100644 --- a/dronegen/main.go +++ b/dronegen/main.go @@ -32,10 +32,11 @@ func main() { pipelines = append(pipelines, pushPipelines()...) pipelines = append(pipelines, tagPipelines()...) pipelines = append(pipelines, cronPipelines()...) - pipelines = append(pipelines, artifactMigrationPipeline()...) + pipelines = append(pipelines, buildOsRepoPipelines()...) pipelines = append(pipelines, promoteBuildPipelines()...) pipelines = append(pipelines, updateDocsPipeline()) pipelines = append(pipelines, buildboxPipeline()) + pipelines = append(pipelines, buildContainerImagePipelines()...) pipelines = append(pipelines, publishReleasePipeline()) if err := writePipelines(".drone.yml", pipelines); err != nil { diff --git a/dronegen/misc.go b/dronegen/misc.go index c477382a4eb12..f7cc2da0dac42 100644 --- a/dronegen/misc.go +++ b/dronegen/misc.go @@ -18,13 +18,3 @@ func updateDocsPipeline() pipeline { // TODO: migrate return pipeline{} } - -func verifyTaggedBuildStep() step { - return step{ - Name: "Verify build is tagged", - Image: "alpine:latest", - Commands: []string{ - "[ -n ${DRONE_TAG} ] || (echo 'DRONE_TAG is not set. Is the commit tagged?' && exit 1)", - }, - } -} diff --git a/dronegen/os_repos.go b/dronegen/os_repos.go index 62275090bf7ef..0b2d1ec4c787a 100644 --- a/dronegen/os_repos.go +++ b/dronegen/os_repos.go @@ -20,6 +20,13 @@ import ( "strings" ) +func buildOsRepoPipelines() []pipeline { + pipelines := promoteBuildOsRepoPipelines() + pipelines = append(pipelines, artifactMigrationPipeline()...) + + return pipelines +} + func promoteBuildOsRepoPipelines() []pipeline { aptPipeline := promoteAptPipeline() yumPipeline := promoteYumPipeline() @@ -183,9 +190,8 @@ func (optpb *OsPackageToolPipelineBuilder) buildPromoteOsPackagePipeline() pipel pipelineName := fmt.Sprintf("publish-%s", optpb.pipelineNameSuffix) checkoutPath := "/go/src/github.com/gravitational/teleport" commitName := "${DRONE_TAG}" - checkoutStepName := "Check out code" - p := optpb.buildBaseOsPackagePipeline(pipelineName, checkoutStepName, checkoutPath, commitName) + p := optpb.buildBaseOsPackagePipeline(pipelineName, checkoutPath, commitName) p.Trigger = triggerPromote p.Trigger.Repo.Include = []string{"gravitational/teleport"} @@ -221,14 +227,13 @@ func (optpb *OsPackageToolPipelineBuilder) buildMigrateOsPackagePipeline(trigger // DRONE_TAG is not available outside of promotion pipelines and will cause drone to fail with a // "migrate-apt-new-repos: bad substitution" error if used here commitName := "${DRONE_COMMIT}" - checkoutStepName := "Check out code" // If migrations are not configured then don't run if triggerBranch == "" || len(migrationVersions) == 0 { return buildNeverTriggerPipeline(pipelineName) } - p := optpb.buildBaseOsPackagePipeline(pipelineName, checkoutStepName, checkoutPath, commitName) + p := optpb.buildBaseOsPackagePipeline(pipelineName, checkoutPath, commitName) p.Trigger = trigger{ Repo: triggerRef{Include: []string{"gravitational/teleport"}}, Event: triggerRef{Include: []string{"push"}}, @@ -271,7 +276,7 @@ func buildNeverTriggerPipeline(pipelineName string) pipeline { // Functions that use this method should add at least: // * a Trigger // * Steps for checkout -func (optpb *OsPackageToolPipelineBuilder) buildBaseOsPackagePipeline(pipelineName, checkoutStepName, checkoutPath, commit string) pipeline { +func (optpb *OsPackageToolPipelineBuilder) buildBaseOsPackagePipeline(pipelineName, checkoutPath, commit string) pipeline { p := newKubePipeline(pipelineName) p.Workspace = workspace{Path: "/go"} p.Volumes = []volume{ @@ -284,13 +289,7 @@ func (optpb *OsPackageToolPipelineBuilder) buildBaseOsPackagePipeline(pipelineNa volumeTmpfs, volumeAwsConfig, } - p.Steps = []step{ - { - Name: checkoutStepName, - Image: "alpine/git:latest", - Commands: toolCheckoutCommands(checkoutPath, commit), - }, - } + p.Steps = []step{cloneRepoStep(checkoutPath, commit)} setStepResourceLimits(p.Steps) return p @@ -313,17 +312,6 @@ func setStepResourceLimits(steps []step) { // } } -// Note that tags are also valid here as a tag refers to a specific commit -func toolCheckoutCommands(checkoutPath, commit string) []string { - commands := []string{ - fmt.Sprintf("mkdir -p %q", checkoutPath), - fmt.Sprintf("cd %q", checkoutPath), - `git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .`, - fmt.Sprintf("git checkout %q", commit), - } - return commands -} - func (optpb *OsPackageToolPipelineBuilder) getDroneTagVersionSteps(codePath string) []step { return optpb.getVersionSteps(codePath, "${DRONE_TAG}", true) } @@ -402,7 +390,7 @@ func (optpb *OsPackageToolPipelineBuilder) getVersionSteps(codePath, version str name: "Assume Upload AWS Role", }) - verifyNotPrereleaseStep := verifyNotPrereleaseStep(codePath) + verifyNotPrereleaseStep := verifyNotPrereleaseStep() buildAndUploadStep := step{ Name: fmt.Sprintf("Publish %ss to %s repos for %q", optpb.packageType, strings.ToUpper(optpb.packageManagerName), version), diff --git a/dronegen/promote.go b/dronegen/promote.go index ee008d204a296..0f1b222ff7018 100644 --- a/dronegen/promote.go +++ b/dronegen/promote.go @@ -14,153 +14,13 @@ package main -import "fmt" - func promoteBuildPipelines() []pipeline { promotePipelines := make([]pipeline, 0) promotePipelines = append(promotePipelines, promoteBuildOsRepoPipelines()...) - promotePipelines = append(promotePipelines, buildDockerPromotionPipelineECR(), buildDockerPromotionPipelineQuay()) return promotePipelines } -func buildDockerPromotionPipelineECR() pipeline { - dockerPipeline := newKubePipeline("promote-docker-ecr") - dockerPipeline.Trigger = triggerPromote - dockerPipeline.Trigger.Target.Include = append(dockerPipeline.Trigger.Target.Include, "promote-docker", "promote-docker-ecr") - dockerPipeline.Workspace = workspace{Path: "/go"} - - // Add docker service - dockerPipeline.Services = []service{ - dockerService(), - } - dockerPipeline.Volumes = []volume{ - volumeDocker, - volumeAwsConfig, - } - - dockerPipeline.Steps = append(dockerPipeline.Steps, verifyTaggedBuildStep()) - dockerPipeline.Steps = append(dockerPipeline.Steps, waitForDockerStep()) - - // Pull/Push Steps - dockerPipeline.Steps = append(dockerPipeline.Steps, kubernetesAssumeAwsRoleStep(kubernetesRoleSettings{ - awsRoleSettings: awsRoleSettings{ - awsAccessKeyID: value{fromSecret: "PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY"}, - awsSecretAccessKey: value{fromSecret: "PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET"}, - role: value{fromSecret: "PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE"}, - }, - configVolume: volumeRefAwsConfig, - })) - dockerPipeline.Steps = append(dockerPipeline.Steps, step{ - Name: "Pull/retag Docker images", - Image: "docker", - Volumes: []volumeRef{ - volumeRefDocker, - volumeRefAwsConfig, - }, - Commands: []string{ - "apk add --no-cache aws-cli", - "export VERSION=${DRONE_TAG##v}", - // authenticate with staging credentials - "aws ecr get-login-password --region=us-west-2 | docker login -u=\"AWS\" --password-stdin " + StagingRegistry, - // pull staging images - "echo \"---> Pulling images for $${VERSION}\"", - fmt.Sprintf("docker pull %s/gravitational/teleport:$${VERSION}", StagingRegistry), - fmt.Sprintf("docker pull %s/gravitational/teleport-ent:$${VERSION}", StagingRegistry), - fmt.Sprintf("docker pull %s/gravitational/teleport-ent:$${VERSION}-fips", StagingRegistry), - fmt.Sprintf("docker pull %s/gravitational/teleport-operator:$${VERSION}", StagingRegistry), - // retag images to production naming - "echo \"---> Tagging images for $${VERSION}\"", - fmt.Sprintf("docker tag %s/gravitational/teleport:$${VERSION} %s/gravitational/teleport:$${VERSION}", StagingRegistry, ProductionRegistry), - fmt.Sprintf("docker tag %s/gravitational/teleport-ent:$${VERSION} %s/gravitational/teleport-ent:$${VERSION}", StagingRegistry, ProductionRegistry), - fmt.Sprintf("docker tag %s/gravitational/teleport-ent:$${VERSION}-fips %s/gravitational/teleport-ent:$${VERSION}-fips", StagingRegistry, ProductionRegistry), - fmt.Sprintf("docker tag %s/gravitational/teleport-operator:$${VERSION} %s/gravitational/teleport-operator:$${VERSION}", StagingRegistry, ProductionRegistry), - // authenticate with production credentials - "docker logout " + StagingRegistry, - "aws ecr-public get-login-password --region=us-east-1 | docker login -u=\"AWS\" --password-stdin " + ProductionRegistry, - // push production images - "echo \"---> Pushing images for $${VERSION}\"", - // push production images ECR - fmt.Sprintf("docker push %s/gravitational/teleport:$${VERSION}", ProductionRegistry), - fmt.Sprintf("docker push %s/gravitational/teleport-ent:$${VERSION}", ProductionRegistry), - fmt.Sprintf("docker push %s/gravitational/teleport-ent:$${VERSION}-fips", ProductionRegistry), - fmt.Sprintf("docker push %s/gravitational/teleport-operator:$${VERSION}", ProductionRegistry), - }, - }) - - return dockerPipeline -} - -func buildDockerPromotionPipelineQuay() pipeline { - dockerPipeline := newKubePipeline("promote-docker-quay") - dockerPipeline.Trigger = triggerPromote - dockerPipeline.Trigger.Target.Include = append(dockerPipeline.Trigger.Target.Include, "promote-docker", "promote-docker-quay") - dockerPipeline.Workspace = workspace{Path: "/go"} - - // Add docker service - dockerPipeline.Services = []service{ - dockerService(), - } - dockerPipeline.Volumes = []volume{ - volumeDocker, - volumeAwsConfig, - } - - dockerPipeline.Steps = append(dockerPipeline.Steps, verifyTaggedBuildStep()) - dockerPipeline.Steps = append(dockerPipeline.Steps, waitForDockerStep()) - - // Pull/Push Steps - dockerPipeline.Steps = append(dockerPipeline.Steps, kubernetesAssumeAwsRoleStep(kubernetesRoleSettings{ - awsRoleSettings: awsRoleSettings{ - awsAccessKeyID: value{fromSecret: "PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY"}, - awsSecretAccessKey: value{fromSecret: "PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET"}, - role: value{fromSecret: "PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE"}, - }, - configVolume: volumeRefAwsConfig, - })) - dockerPipeline.Steps = append(dockerPipeline.Steps, step{ - Name: "Pull/retag Docker images", - Image: "docker", - Environment: map[string]value{ - "QUAY_USERNAME": {fromSecret: "PRODUCTION_QUAYIO_DOCKER_USERNAME"}, - "QUAY_PASSWORD": {fromSecret: "PRODUCTION_QUAYIO_DOCKER_PASSWORD"}, - }, - Volumes: []volumeRef{ - volumeRefDocker, - volumeRefAwsConfig, - }, - Commands: []string{ - "apk add --no-cache aws-cli", - "export VERSION=${DRONE_TAG##v}", - // authenticate with staging credentials - "aws ecr get-login-password --region=us-west-2 | docker login -u=\"AWS\" --password-stdin " + StagingRegistry, - // pull staging images - "echo \"---> Pulling images for $${VERSION}\"", - fmt.Sprintf("docker pull %s/gravitational/teleport:$${VERSION}", StagingRegistry), - fmt.Sprintf("docker pull %s/gravitational/teleport-ent:$${VERSION}", StagingRegistry), - fmt.Sprintf("docker pull %s/gravitational/teleport-ent:$${VERSION}-fips", StagingRegistry), - fmt.Sprintf("docker pull %s/gravitational/teleport-operator:$${VERSION}", StagingRegistry), - // retag images to production naming - "echo \"---> Tagging images for $${VERSION}\"", - fmt.Sprintf("docker tag %s/gravitational/teleport:$${VERSION} %s/gravitational/teleport:$${VERSION}", StagingRegistry, ProductionRegistryQuay), - fmt.Sprintf("docker tag %s/gravitational/teleport-ent:$${VERSION} %s/gravitational/teleport-ent:$${VERSION}", StagingRegistry, ProductionRegistryQuay), - fmt.Sprintf("docker tag %s/gravitational/teleport-ent:$${VERSION}-fips %s/gravitational/teleport-ent:$${VERSION}-fips", StagingRegistry, ProductionRegistryQuay), - fmt.Sprintf("docker tag %s/gravitational/teleport-operator:$${VERSION} %s/gravitational/teleport-operator:$${VERSION}", StagingRegistry, ProductionRegistryQuay), - // authenticate with production credentials - "docker logout " + StagingRegistry, - "docker login -u=\"$QUAY_USERNAME\" -p=\"$QUAY_PASSWORD\" " + ProductionRegistryQuay, - // push production images - "echo \"---> Pushing images for $${VERSION}\"", - fmt.Sprintf("docker push %s/gravitational/teleport:$${VERSION}", ProductionRegistryQuay), - fmt.Sprintf("docker push %s/gravitational/teleport-ent:$${VERSION}", ProductionRegistryQuay), - fmt.Sprintf("docker push %s/gravitational/teleport-ent:$${VERSION}-fips", ProductionRegistryQuay), - fmt.Sprintf("docker push %s/gravitational/teleport-operator:$${VERSION}", ProductionRegistryQuay), - }, - }) - - return dockerPipeline -} - func publishReleasePipeline() pipeline { return relcliPipeline(triggerPromote, "publish-rlz", "Publish in Release API", "relcli auto_publish -f -v 6") } diff --git a/dronegen/push.go b/dronegen/push.go index dfc080fd72e98..f09140862dca8 100644 --- a/dronegen/push.go +++ b/dronegen/push.go @@ -18,6 +18,7 @@ import "fmt" // pushCheckoutCommands builds a list of commands for Drone to check out a git commit on a push build func pushCheckoutCommands(b buildType) []string { + cloneDirectory := "/go/src/github.com/gravitational/teleport" var commands []string if b.hasTeleportConnect() { @@ -25,12 +26,9 @@ func pushCheckoutCommands(b buildType) []string { commands = append(commands, `mkdir -p /go/src/github.com/gravitational/webapps`) } + commands = append(commands, cloneRepoCommands(cloneDirectory, "${DRONE_COMMIT_SHA}")...) + commands = append(commands, - `mkdir -p /go/src/github.com/gravitational/teleport /go/cache`, - `cd /go/src/github.com/gravitational/teleport`, - `git init && git remote add origin ${DRONE_REMOTE_URL}`, - `git fetch origin`, - `git checkout -qf ${DRONE_COMMIT_SHA}`, // this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule `git submodule update --init webassets || true`, `mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa`, @@ -39,6 +37,7 @@ func pushCheckoutCommands(b buildType) []string { // do a recursive submodule checkout to get both webassets and webassets/e // this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule `git submodule update --init --recursive webassets || true`, + `mkdir -pv /go/cache`, ) if b.hasTeleportConnect() { diff --git a/operator/Dockerfile b/operator/Dockerfile index 85bf3f14e93e9..6425a618eb895 100644 --- a/operator/Dockerfile +++ b/operator/Dockerfile @@ -1,5 +1,6 @@ ARG BUILDBOX -FROM $BUILDBOX as builder +# BUILDPLATFORM is provided by Docker/buildx +FROM --platform=$BUILDPLATFORM $BUILDBOX as builder WORKDIR /go/src/github.com/gravitational/teleport @@ -7,11 +8,12 @@ WORKDIR /go/src/github.com/gravitational/teleport COPY go.mod go.mod COPY go.sum go.sum -# we have to copy the API before `go mod download` because go.mod has a replace directive for it +# We have to copy the API before `go mod download` because go.mod has a replace directive for it COPY api/ api/ -# cache deps before building and copying source -# this way we don't need to re-download deps when the deps are the same +# Download and Cache dependencies before building and copying source +# This will prevent re-downloading the operator's dependencies if they have not changed as this +# `run` layer will be cached RUN go mod download COPY *.go ./ @@ -22,10 +24,20 @@ COPY operator/sidecar/ operator/sidecar/ COPY operator/main.go operator/main.go COPY operator/namespace.go operator/namespace.go -# Build -RUN GOOS=linux GOARCH=amd64 go build -a -o /go/bin/teleport-operator github.com/gravitational/teleport/operator +# Compiler package should use host-triplet-agnostic name (i.e. "x86-64-linux-gnu-gcc" instead of "gcc") +# in most cases, to avoid issues on systems with multiple versions of gcc (i.e. buildboxes) +# TARGETOS and TARGETARCH are provided by Docker/buildx, but must be explicitly listed here +ARG COMPILER_NAME TARGETOS TARGETARCH -FROM gcr.io/distroless/cc +# Build the program +# CGO is required for github.com/gravitational/teleport/lib/system +RUN echo "Targeting $TARGETOS/$TARGETARCH with CC=$COMPILER_NAME" && \ + CGO_ENABLED=1 CC=$COMPILER_NAME GOOS=$TARGETOS GOARCH=$TARGETARCH \ + go build -a -o /go/bin/teleport-operator github.com/gravitational/teleport/operator + +# Create the image with the build operator on the $TARGETPLATFORM +# TARGETPLATFORM is provided by Docker/buildx +FROM --platform=$TARGETPLATFORM gcr.io/distroless/cc WORKDIR / COPY --from=builder /go/bin/teleport-operator . diff --git a/operator/Makefile b/operator/Makefile index 23dc4b6a1ac8a..5759593fc90ff 100644 --- a/operator/Makefile +++ b/operator/Makefile @@ -20,6 +20,25 @@ SHELL = /usr/bin/env bash -o pipefail # include BUILDBOX_VERSION, BUILDBOX and BUILDBOX_variant variables include ../build.assets/images.mk +# Configure which compiler and buildbox to use +OS ?= $(shell go env GOOS) +ARCH ?= $(shell go env GOARCH) +ifeq ("$(OS)","linux") +ifeq ("$(ARCH)","amd64") +COMPILER ?= x86_64-linux-gnu-gcc +PLATFORM_BUILDBOX ?= $(BUILDBOX) +else ifeq ("$(ARCH)","386") +COMPILER ?= x86_64-linux-gnu-gcc +PLATFORM_BUILDBOX ?= $(BUILDBOX) +else ifeq ("$(ARCH)","arm") +COMPILER ?= arm-linux-gnueabihf-gcc +PLATFORM_BUILDBOX ?= $(BUILDBOX_ARM) +else ifeq ("$(ARCH)","arm64") +COMPILER ?= aarch64-linux-gnu-gcc +PLATFORM_BUILDBOX ?= $(BUILDBOX_ARM) +endif +endif + .PHONY: all all: build @@ -103,7 +122,8 @@ run: manifests generate fmt vet ## Run a controller from your host. .PHONY: docker-build docker-build: ## Build docker image with the manager. - docker build --build-arg BUILDBOX=$(BUILDBOX) -t ${IMG} .. -f ./Dockerfile + docker buildx build --platform="$(OS)/$(ARCH)" --build-arg BUILDBOX=$(PLATFORM_BUILDBOX) \ + --build-arg COMPILER_NAME=$(COMPILER) -t ${IMG} --load .. -f ./Dockerfile .PHONY: docker-push docker-push: ## Push docker image with the manager.