diff --git a/.drone.yml b/.drone.yml index 8b2b5ff959d5a..594f3a87cd981 100644 --- a/.drone.yml +++ b/.drone.yml @@ -61,6 +61,7 @@ clone: steps: - name: Check out code image: docker:git + pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" @@ -79,13 +80,23 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Build artifacts image: docker + pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go @@ -103,6 +114,8 @@ steps: volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Send Slack notification image: plugins/slack settings: @@ -130,6 +143,10 @@ services: volumes: - name: dockersock temp: {} +- name: dockerconfig + temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -166,6 +183,7 @@ clone: steps: - name: Check out code image: docker:git + pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" @@ -184,13 +202,23 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Build artifacts image: docker + pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go @@ -206,6 +234,8 @@ steps: volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Send Slack notification image: plugins/slack settings: @@ -233,6 +263,10 @@ services: volumes: - name: dockersock temp: {} +- name: dockerconfig + temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -269,6 +303,7 @@ clone: steps: - name: Check out code image: docker:git + pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" @@ -289,13 +324,23 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Build artifacts image: docker + pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go @@ -313,6 +358,8 @@ steps: volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Send Slack notification image: plugins/slack settings: @@ -340,6 +387,10 @@ services: volumes: - name: dockersock temp: {} +- name: dockerconfig + temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -376,6 +427,7 @@ clone: steps: - name: Check out code image: docker:git + pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" @@ -394,13 +446,23 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Build artifacts image: docker + pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go @@ -416,6 +478,8 @@ steps: volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Send Slack notification image: plugins/slack settings: @@ -443,6 +507,10 @@ services: volumes: - name: dockersock temp: {} +- name: dockerconfig + temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -818,13 +886,23 @@ steps: && exit 1)' - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Assume AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -896,13 +974,17 @@ services: - name: dockersock path: /var/run volumes: -- name: dockersock - temp: {} - name: tmpfs temp: medium: memory - name: awsconfig temp: {} +- name: dockersock + temp: {} +- name: dockerconfig + temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -1142,6 +1224,7 @@ clone: steps: - name: Check out code image: docker:git + pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" @@ -1160,13 +1243,23 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Build artifacts image: docker + pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go @@ -1182,6 +1275,8 @@ steps: volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Send Slack notification image: plugins/slack settings: @@ -1209,6 +1304,10 @@ services: volumes: - name: dockersock temp: {} +- name: dockerconfig + temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -1245,6 +1344,7 @@ clone: steps: - name: Check out code image: docker:git + pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" @@ -1263,6 +1363,7 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Delegate build to GitHub image: golang:1.18-alpine + pull: if-not-exists commands: - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling" - go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e -workflow @@ -1288,6 +1389,8 @@ steps: when: status: - failure +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- kind: pipeline @@ -1659,6 +1762,7 @@ depends_on: steps: - name: Check out code image: docker:git + pull: if-not-exists commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport @@ -1682,13 +1786,23 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Build artifacts image: docker + pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go @@ -1704,8 +1818,11 @@ steps: volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Copy artifacts image: docker + pull: if-not-exists commands: - cd /go/src/github.com/gravitational/teleport - find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts @@ -1719,6 +1836,7 @@ steps: done && ls -l - name: Assume AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -1743,6 +1861,7 @@ steps: path: /root/.aws - name: Upload to S3 image: amazon/aws-cli + pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} @@ -1755,6 +1874,7 @@ steps: path: /root/.aws - name: Register artifacts image: docker + pull: if-not-exists commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") @@ -1814,6 +1934,10 @@ volumes: temp: {} - name: dockersock temp: {} +- name: dockerconfig + temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -1847,6 +1971,7 @@ depends_on: steps: - name: Check out code image: docker:git + pull: if-not-exists commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport @@ -1870,13 +1995,23 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Build artifacts image: docker + pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go @@ -1894,8 +2029,11 @@ steps: volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Copy artifacts image: docker + pull: if-not-exists commands: - cd /go/src/github.com/gravitational/teleport - find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts @@ -1906,6 +2044,7 @@ steps: done && ls -l - name: Assume AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -1930,6 +2069,7 @@ steps: path: /root/.aws - name: Upload to S3 image: amazon/aws-cli + pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} @@ -1942,6 +2082,7 @@ steps: path: /root/.aws - name: Register artifacts image: docker + pull: if-not-exists commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") @@ -2001,6 +2142,10 @@ volumes: temp: {} - name: dockersock temp: {} +- name: dockerconfig + temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -2034,6 +2179,7 @@ depends_on: steps: - name: Check out code image: docker:git + pull: if-not-exists commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport @@ -2057,13 +2203,23 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Build artifacts image: docker + pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go @@ -2081,8 +2237,11 @@ steps: volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Copy artifacts image: docker + pull: if-not-exists commands: - cd /go/src/github.com/gravitational/teleport - find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts @@ -2100,6 +2259,7 @@ steps: done && ls -l - name: Assume AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -2124,6 +2284,7 @@ steps: path: /root/.aws - name: Upload to S3 image: amazon/aws-cli + pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} @@ -2136,6 +2297,7 @@ steps: path: /root/.aws - name: Register artifacts image: docker + pull: if-not-exists commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") @@ -2195,6 +2357,10 @@ volumes: temp: {} - name: dockersock temp: {} +- name: dockerconfig + temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -2228,6 +2394,7 @@ depends_on: steps: - name: Check out code image: docker:git + pull: if-not-exists commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport @@ -2251,13 +2418,23 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Build artifacts image: docker + pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go @@ -2275,8 +2452,11 @@ steps: volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Copy artifacts image: docker + pull: if-not-exists commands: - cd /go/src/github.com/gravitational/teleport - find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts @@ -2285,6 +2465,7 @@ steps: done && ls -l - name: Assume AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -2309,6 +2490,7 @@ steps: path: /root/.aws - name: Upload to S3 image: amazon/aws-cli + pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} @@ -2321,6 +2503,7 @@ steps: path: /root/.aws - name: Register artifacts image: docker + pull: if-not-exists commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") @@ -2380,6 +2563,10 @@ volumes: temp: {} - name: dockersock temp: {} +- name: dockerconfig + temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -2434,13 +2621,23 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Assume Download AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -2482,6 +2679,7 @@ steps: path: /root/.aws - name: Assume Build AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -2529,6 +2727,8 @@ steps: volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: awsconfig path: /root/.aws - name: tmpfs @@ -2543,6 +2743,7 @@ steps: \; - name: Assume Upload AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -2567,6 +2768,7 @@ steps: path: /root/.aws - name: Upload to S3 image: amazon/aws-cli + pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} @@ -2636,13 +2838,17 @@ services: - name: dockersock path: /var/run volumes: +- name: awsconfig + temp: {} - name: dockersock temp: {} -- name: awsconfig +- name: dockerconfig temp: {} - name: tmpfs temp: medium: memory +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -2697,13 +2903,23 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Assume Download AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -2743,6 +2959,7 @@ steps: path: /root/.aws - name: Assume Build AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -2791,6 +3008,8 @@ steps: volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: awsconfig path: /root/.aws - name: tmpfs @@ -2803,6 +3022,7 @@ steps: \; - name: Assume Upload AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -2827,6 +3047,7 @@ steps: path: /root/.aws - name: Upload to S3 image: amazon/aws-cli + pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} @@ -2896,13 +3117,17 @@ services: - name: dockersock path: /var/run volumes: +- name: awsconfig + temp: {} - name: dockersock temp: {} -- name: awsconfig +- name: dockerconfig temp: {} - name: tmpfs temp: medium: memory +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -2957,13 +3182,23 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Assume Download AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -3005,6 +3240,7 @@ steps: path: /root/.aws - name: Assume Build AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -3045,6 +3281,8 @@ steps: volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: awsconfig path: /root/.aws - name: Copy artifacts @@ -3057,6 +3295,7 @@ steps: \; - name: Assume Upload AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -3081,6 +3320,7 @@ steps: path: /root/.aws - name: Upload to S3 image: amazon/aws-cli + pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} @@ -3148,10 +3388,14 @@ services: - name: dockersock path: /var/run volumes: +- name: awsconfig + temp: {} - name: dockersock temp: {} -- name: awsconfig +- name: dockerconfig temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -3206,13 +3450,23 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Assume Download AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -3252,6 +3506,7 @@ steps: path: /root/.aws - name: Assume Build AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -3293,6 +3548,8 @@ steps: volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: awsconfig path: /root/.aws - name: Copy artifacts @@ -3303,6 +3560,7 @@ steps: \; - name: Assume Upload AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -3327,6 +3585,7 @@ steps: path: /root/.aws - name: Upload to S3 image: amazon/aws-cli + pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} @@ -3394,10 +3653,14 @@ services: - name: dockersock path: /var/run volumes: +- name: awsconfig + temp: {} - name: dockersock temp: {} -- name: awsconfig +- name: dockerconfig temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -3431,6 +3694,7 @@ depends_on: steps: - name: Check out code image: docker:git + pull: if-not-exists commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport @@ -3454,13 +3718,23 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Build artifacts image: docker + pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go @@ -3476,8 +3750,11 @@ steps: volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Copy artifacts image: docker + pull: if-not-exists commands: - cd /go/src/github.com/gravitational/teleport - find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts @@ -3488,6 +3765,7 @@ steps: done && ls -l - name: Assume AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -3512,6 +3790,7 @@ steps: path: /root/.aws - name: Upload to S3 image: amazon/aws-cli + pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} @@ -3524,6 +3803,7 @@ steps: path: /root/.aws - name: Register artifacts image: docker + pull: if-not-exists commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") @@ -3583,6 +3863,10 @@ volumes: temp: {} - name: dockersock temp: {} +- name: dockerconfig + temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -3637,13 +3921,23 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Assume Download AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -3685,6 +3979,7 @@ steps: path: /root/.aws - name: Assume Build AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -3732,6 +4027,8 @@ steps: volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: awsconfig path: /root/.aws - name: tmpfs @@ -3746,6 +4043,7 @@ steps: \; - name: Assume Upload AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -3770,6 +4068,7 @@ steps: path: /root/.aws - name: Upload to S3 image: amazon/aws-cli + pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} @@ -3839,13 +4138,17 @@ services: - name: dockersock path: /var/run volumes: +- name: awsconfig + temp: {} - name: dockersock temp: {} -- name: awsconfig +- name: dockerconfig temp: {} - name: tmpfs temp: medium: memory +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -3900,13 +4203,23 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Assume Download AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -3948,6 +4261,7 @@ steps: path: /root/.aws - name: Assume Build AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -3988,6 +4302,8 @@ steps: volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: awsconfig path: /root/.aws - name: Copy artifacts @@ -4000,6 +4316,7 @@ steps: \; - name: Assume Upload AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -4024,6 +4341,7 @@ steps: path: /root/.aws - name: Upload to S3 image: amazon/aws-cli + pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} @@ -4091,10 +4409,14 @@ services: - name: dockersock path: /var/run volumes: +- name: awsconfig + temp: {} - name: dockersock temp: {} -- name: awsconfig +- name: dockerconfig temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -4778,6 +5100,7 @@ depends_on: steps: - name: Check out code image: docker:git + pull: if-not-exists commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport @@ -4801,13 +5124,23 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Build artifacts image: docker + pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go @@ -4823,8 +5156,11 @@ steps: volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Copy artifacts image: docker + pull: if-not-exists commands: - cd /go/src/github.com/gravitational/teleport - find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts @@ -4835,6 +5171,7 @@ steps: done && ls -l - name: Assume AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -4859,6 +5196,7 @@ steps: path: /root/.aws - name: Upload to S3 image: amazon/aws-cli + pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} @@ -4871,6 +5209,7 @@ steps: path: /root/.aws - name: Register artifacts image: docker + pull: if-not-exists commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") @@ -4930,6 +5269,10 @@ volumes: temp: {} - name: dockersock temp: {} +- name: dockerconfig + temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -4963,6 +5306,7 @@ clone: steps: - name: Check out code image: docker:git + pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" @@ -4981,6 +5325,7 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Delegate build to GitHub image: golang:1.18-alpine + pull: if-not-exists commands: - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling" - go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e -workflow @@ -4989,6 +5334,8 @@ steps: environment: GHA_APP_KEY: from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -5292,13 +5639,23 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Assume Download AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -5340,6 +5697,7 @@ steps: path: /root/.aws - name: Assume Build AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -5380,6 +5738,8 @@ steps: volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: awsconfig path: /root/.aws - name: Copy artifacts @@ -5392,6 +5752,7 @@ steps: \; - name: Assume Upload AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -5416,6 +5777,7 @@ steps: path: /root/.aws - name: Upload to S3 image: amazon/aws-cli + pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} @@ -5483,10 +5845,14 @@ services: - name: dockersock path: /var/run volumes: +- name: awsconfig + temp: {} - name: dockersock temp: {} -- name: awsconfig +- name: dockerconfig temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -5804,13 +6170,23 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Assume Download AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -5852,6 +6228,7 @@ steps: path: /root/.aws - name: Assume Build AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -5899,6 +6276,8 @@ steps: volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: awsconfig path: /root/.aws - name: tmpfs @@ -5913,6 +6292,7 @@ steps: \; - name: Assume Upload AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -5937,6 +6317,7 @@ steps: path: /root/.aws - name: Upload to S3 image: amazon/aws-cli + pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} @@ -6006,13 +6387,17 @@ services: - name: dockersock path: /var/run volumes: +- name: awsconfig + temp: {} - name: dockersock temp: {} -- name: awsconfig +- name: dockerconfig temp: {} - name: tmpfs temp: medium: memory +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -6046,6 +6431,7 @@ depends_on: steps: - name: Check out code image: docker:git + pull: if-not-exists commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport @@ -6069,13 +6455,23 @@ steps: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Build artifacts image: docker + pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go @@ -6095,8 +6491,11 @@ steps: volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Copy artifacts image: docker + pull: if-not-exists commands: - cd /go/src/github.com/gravitational/teleport - find . -maxdepth 1 -iname "teleport*.zip" -print -exec cp {} /go/artifacts \; @@ -6106,6 +6505,7 @@ steps: done && ls -l - name: Assume AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -6130,6 +6530,7 @@ steps: path: /root/.aws - name: Upload to S3 image: amazon/aws-cli + pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} @@ -6142,6 +6543,7 @@ steps: path: /root/.aws - name: Register artifacts image: docker + pull: if-not-exists commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") @@ -6201,6 +6603,10 @@ volumes: temp: {} - name: dockersock temp: {} +- name: dockerconfig + temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- kind: pipeline @@ -6589,13 +6995,23 @@ steps: - git checkout ${DRONE_COMMIT} - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Configure Staging AWS Profile image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -6620,6 +7036,7 @@ steps: path: /root/.aws - name: Configure Production AWS Profile image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -6644,6 +7061,7 @@ steps: path: /root/.aws - name: Build and push buildbox image: docker + pull: if-not-exists commands: - apk add --no-cache make aws-cli - chown -R $UID:$GID /go @@ -6657,12 +7075,15 @@ steps: login -u="AWS" --password-stdin public.ecr.aws - docker push public.ecr.aws/gravitational/teleport-buildbox:$BUILDBOX_VERSION volumes: - - name: dockersock - path: /var/run - name: awsconfig path: /root/.aws + - name: dockersock + path: /var/run + - name: dockerconfig + path: /root/.docker - name: Build and push buildbox-fips image: docker + pull: if-not-exists commands: - apk add --no-cache make aws-cli - chown -R $UID:$GID /go @@ -6677,12 +7098,15 @@ steps: login -u="AWS" --password-stdin public.ecr.aws - docker push public.ecr.aws/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION volumes: - - name: dockersock - path: /var/run - name: awsconfig path: /root/.aws + - name: dockersock + path: /var/run + - name: dockerconfig + path: /root/.docker - name: Build and push buildbox-arm image: docker + pull: if-not-exists commands: - apk add --no-cache make aws-cli - chown -R $UID:$GID /go @@ -6697,12 +7121,15 @@ steps: login -u="AWS" --password-stdin public.ecr.aws - docker push public.ecr.aws/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION volumes: - - name: dockersock - path: /var/run - name: awsconfig path: /root/.aws + - name: dockersock + path: /var/run + - name: dockerconfig + path: /root/.docker - name: Build and push buildbox-centos7 image: docker + pull: if-not-exists commands: - apk add --no-cache make aws-cli - chown -R $UID:$GID /go @@ -6717,12 +7144,15 @@ steps: login -u="AWS" --password-stdin public.ecr.aws - docker push public.ecr.aws/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION volumes: - - name: dockersock - path: /var/run - name: awsconfig path: /root/.aws + - name: dockersock + path: /var/run + - name: dockerconfig + path: /root/.docker - name: Build and push buildbox-centos7-fips image: docker + pull: if-not-exists commands: - apk add --no-cache make aws-cli - chown -R $UID:$GID /go @@ -6737,10 +7167,12 @@ steps: login -u="AWS" --password-stdin public.ecr.aws - docker push public.ecr.aws/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION volumes: - - name: dockersock - path: /var/run - name: awsconfig path: /root/.aws + - name: dockersock + path: /var/run + - name: dockerconfig + path: /root/.docker services: - name: Start Docker image: docker:dind @@ -6749,10 +7181,14 @@ services: - name: dockersock path: /var/run volumes: +- name: awsconfig + temp: {} - name: dockersock temp: {} -- name: awsconfig +- name: dockerconfig temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -6781,6 +7217,8 @@ steps: image: alpine:latest commands: - echo "This command, step, and pipeline never runs" +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -6810,11 +7248,13 @@ clone: steps: - name: Verify build is tagged image: alpine:latest + pull: if-not-exists commands: - '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?'' && exit 1)' - name: Check out code image: alpine/git:latest + pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" @@ -6824,6 +7264,7 @@ steps: - git checkout -qf "${DRONE_TAG}" - name: Assume Download AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -6871,6 +7312,7 @@ steps: - Check out code - name: Assume Upload AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -6959,6 +7401,8 @@ volumes: medium: memory - name: awsconfig temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -6987,6 +7431,8 @@ steps: image: alpine:latest commands: - echo "This command, step, and pipeline never runs" +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -7016,11 +7462,13 @@ clone: steps: - name: Verify build is tagged image: alpine:latest + pull: if-not-exists commands: - '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?'' && exit 1)' - name: Check out code image: alpine/git:latest + pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" @@ -7030,6 +7478,7 @@ steps: - git checkout -qf "${DRONE_TAG}" - name: Assume Download AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -7077,6 +7526,7 @@ steps: - Check out code - name: Assume Upload AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -7166,6 +7616,8 @@ volumes: medium: memory - name: awsconfig temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- kind: pipeline @@ -7963,19 +8415,30 @@ depends_on: steps: - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Wait for docker registry image: alpine + pull: if-not-exists commands: - apk add curl - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" != "200" ]; do sleep 1; done' - name: Check out code image: alpine/git:latest + pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" @@ -7991,6 +8454,7 @@ steps: - echo $(cat "/go/var/full-version") - name: Assume ECR - staging AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -8015,6 +8479,7 @@ steps: path: /root/.aws - name: Assume ECR - authenticated-pull AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -8041,6 +8506,7 @@ steps: - Assume ECR - staging AWS Role - name: Assume S3 Download AWS Role for teleport image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -8131,6 +8597,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v11-amd64-builder" --target "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb @@ -8141,6 +8608,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8192,6 +8663,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v11-arm-builder" --target "teleport" --platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb @@ -8202,6 +8674,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8253,6 +8729,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v11-arm64-builder" --target "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb @@ -8263,6 +8740,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8279,6 +8760,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 @@ -8288,6 +8770,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8302,6 +8788,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm @@ -8311,6 +8798,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8326,6 +8817,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 @@ -8335,6 +8827,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8348,6 +8844,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat @@ -8359,6 +8856,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8370,6 +8871,7 @@ steps: - Tag and push image "teleport:v11-arm64" to ECR - staging - name: Assume S3 Download AWS Role for teleport-ent image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -8460,6 +8962,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v11-amd64-builder" --target "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg @@ -8470,6 +8973,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8521,6 +9028,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v11-arm-builder" --target "teleport" --platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat @@ -8531,6 +9039,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8582,6 +9094,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v11-arm64-builder" --target "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg @@ -8592,6 +9105,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8608,6 +9125,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 @@ -8617,6 +9135,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8632,6 +9154,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm @@ -8641,6 +9164,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8656,6 +9183,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 @@ -8665,6 +9193,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8678,6 +9210,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat @@ -8689,6 +9222,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8700,6 +9237,7 @@ steps: - Tag and push image "teleport-ent:v11-arm64" to ECR - staging - name: Assume S3 Download AWS Role for teleport-ent-fips image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -8791,6 +9329,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v11-fips-amd64-builder" --target "teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips" @@ -8802,6 +9341,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8818,6 +9361,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 @@ -8827,6 +9371,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8840,6 +9388,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat @@ -8849,6 +9398,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8869,6 +9422,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v11-amd64-builder" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg @@ -8880,6 +9434,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8906,6 +9464,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v11-arm-builder" --platform "linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg @@ -8917,6 +9476,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8943,6 +9506,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v11-arm64-builder" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg @@ -8954,6 +9518,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8975,6 +9543,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 @@ -8984,6 +9553,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -8999,6 +9572,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm @@ -9008,6 +9582,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -9023,6 +9601,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 @@ -9032,6 +9611,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -9045,6 +9628,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat @@ -9056,6 +9640,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -9081,6 +9669,10 @@ volumes: temp: {} - name: dockersock temp: {} +- name: dockerconfig + temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -9112,6 +9704,7 @@ clone: steps: - name: Verify build is tagged image: alpine:latest + pull: if-not-exists commands: - '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?'' && exit 1)' @@ -9133,16 +9726,26 @@ steps: '; echo 'a prerelease' - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker depends_on: - Verify build is tagged - Record if tag ($DRONE_TAG) is prerelease - name: Wait for docker registry image: alpine + pull: if-not-exists commands: - apk add curl - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" @@ -9152,6 +9755,7 @@ steps: - Record if tag ($DRONE_TAG) is prerelease - name: Check out code image: alpine/git:latest + pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" @@ -9179,6 +9783,7 @@ steps: - Record if tag ($DRONE_TAG) is prerelease - name: Assume ECR - staging AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -9206,6 +9811,7 @@ steps: - Record if tag ($DRONE_TAG) is prerelease - name: Assume ECR - production AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -9238,6 +9844,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-amd64 - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" @@ -9246,6 +9853,10 @@ steps: - docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -9266,6 +9877,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" @@ -9274,6 +9886,10 @@ steps: - docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -9294,6 +9910,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm64 - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" @@ -9302,6 +9919,10 @@ steps: - docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -9322,6 +9943,7 @@ steps: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 @@ -9334,6 +9956,10 @@ steps: - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -9350,6 +9976,7 @@ steps: commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm @@ -9362,6 +9989,10 @@ steps: - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -9379,6 +10010,7 @@ steps: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 @@ -9391,6 +10023,10 @@ steps: - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -9410,6 +10046,7 @@ steps: ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat @@ -9417,6 +10054,10 @@ steps: - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -9438,6 +10079,7 @@ steps: ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat @@ -9445,6 +10087,10 @@ steps: - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -9462,6 +10108,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat @@ -9470,6 +10117,10 @@ steps: docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version")) - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -9491,6 +10142,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 @@ -9504,6 +10156,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -9518,6 +10174,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm @@ -9531,6 +10188,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -9546,6 +10207,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 @@ -9559,6 +10221,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -9576,6 +10242,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm @@ -9584,6 +10251,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -9603,6 +10274,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm @@ -9611,6 +10283,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -9626,6 +10302,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend @@ -9636,6 +10313,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -9651,6 +10332,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" @@ -9659,6 +10341,10 @@ steps: - docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -9679,6 +10365,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" @@ -9687,6 +10374,10 @@ steps: - docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -9707,6 +10398,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" @@ -9715,6 +10407,10 @@ steps: - docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -9735,6 +10431,7 @@ steps: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 @@ -9747,6 +10444,10 @@ steps: - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -9764,6 +10465,7 @@ steps: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm @@ -9776,6 +10478,10 @@ steps: - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -9793,6 +10499,7 @@ steps: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 @@ -9805,6 +10512,10 @@ steps: - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -9824,6 +10535,7 @@ steps: ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm @@ -9831,6 +10543,10 @@ steps: - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -9852,6 +10568,7 @@ steps: ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm @@ -9859,6 +10576,10 @@ steps: - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -9876,6 +10597,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend @@ -9885,6 +10607,10 @@ steps: "/go/var/full-version")) - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -9906,6 +10632,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat @@ -9920,6 +10647,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -9935,6 +10666,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm @@ -9948,6 +10680,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -9963,6 +10699,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat @@ -9977,6 +10714,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -9994,6 +10735,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm @@ -10002,6 +10744,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -10021,6 +10767,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm @@ -10029,6 +10776,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -10044,6 +10795,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") @@ -10054,6 +10806,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -10069,6 +10825,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" @@ -10078,6 +10835,10 @@ steps: - docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -10098,6 +10859,7 @@ steps: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 @@ -10110,6 +10872,10 @@ steps: - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -10129,11 +10895,16 @@ steps: ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -10153,11 +10924,16 @@ steps: ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -10173,6 +10949,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend @@ -10180,6 +10957,10 @@ steps: docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -10199,6 +10980,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat @@ -10213,6 +10995,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -10230,12 +11016,17 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -10253,12 +11044,17 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -10272,6 +11068,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips @@ -10280,6 +11077,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -10293,6 +11094,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" @@ -10302,6 +11104,10 @@ steps: - docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -10322,6 +11128,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" @@ -10331,6 +11138,10 @@ steps: - docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -10351,6 +11162,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" @@ -10360,6 +11172,10 @@ steps: - docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -10380,6 +11196,7 @@ steps: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 @@ -10392,6 +11209,10 @@ steps: - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -10409,6 +11230,7 @@ steps: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm @@ -10421,6 +11243,10 @@ steps: - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -10438,6 +11264,7 @@ steps: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 @@ -10450,6 +11277,10 @@ steps: - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -10469,6 +11300,7 @@ steps: ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm @@ -10476,6 +11308,10 @@ steps: - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -10497,6 +11333,7 @@ steps: ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm @@ -10504,6 +11341,10 @@ steps: - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -10521,6 +11362,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend @@ -10530,6 +11372,10 @@ steps: docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")) - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -10551,6 +11397,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat @@ -10565,6 +11412,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -10580,6 +11431,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat @@ -10594,6 +11446,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -10609,6 +11465,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat @@ -10623,6 +11480,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -10640,6 +11501,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm @@ -10648,6 +11510,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -10667,6 +11533,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm @@ -10675,6 +11542,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -10690,6 +11561,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") @@ -10700,6 +11572,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -10725,6 +11601,10 @@ volumes: temp: {} - name: dockersock temp: {} +- name: dockerconfig + temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -10766,15 +11646,25 @@ steps: "v11" - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker depends_on: - Find the latest available semver for v11 - name: Wait for docker registry image: alpine + pull: if-not-exists commands: - apk add curl - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" @@ -10783,6 +11673,7 @@ steps: - Find the latest available semver for v11 - name: Check out code image: alpine/git:latest + pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" @@ -10809,6 +11700,7 @@ steps: - Find the latest available semver for v11 - name: Assume ECR - staging AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -10835,6 +11727,7 @@ steps: - Find the latest available semver for v11 - name: Assume ECR - authenticated-pull AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -10862,6 +11755,7 @@ steps: - Find the latest available semver for v11 - name: Assume ECR - production AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -10889,6 +11783,7 @@ steps: - Find the latest available semver for v11 - name: Assume S3 Download AWS Role for teleport image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -10983,6 +11878,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v11-amd64-builder" --target "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb @@ -10993,6 +11889,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11044,6 +11944,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v11-arm-builder" --target "teleport" --platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb @@ -11054,6 +11955,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11105,6 +12010,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v11-arm64-builder" --target "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb @@ -11115,6 +12021,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11131,6 +12041,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing @@ -11153,6 +12064,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11167,6 +12082,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing @@ -11189,6 +12105,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11204,6 +12124,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing @@ -11226,6 +12147,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11239,6 +12164,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -11251,6 +12177,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11266,6 +12196,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -11278,6 +12209,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11293,6 +12228,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -11305,6 +12241,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11320,6 +12260,7 @@ steps: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 @@ -11332,6 +12273,10 @@ steps: - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -11348,6 +12293,7 @@ steps: commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm @@ -11360,6 +12306,10 @@ steps: - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -11377,6 +12327,7 @@ steps: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 @@ -11389,6 +12340,10 @@ steps: - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -11404,6 +12359,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat @@ -11411,6 +12367,10 @@ steps: - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -11428,6 +12388,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat @@ -11435,6 +12396,10 @@ steps: - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -11452,6 +12417,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat @@ -11460,6 +12426,10 @@ steps: docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version")) - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -11481,6 +12451,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 @@ -11494,6 +12465,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11508,6 +12483,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm @@ -11521,6 +12497,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11536,6 +12516,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 @@ -11549,6 +12530,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11562,6 +12547,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm @@ -11570,6 +12556,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11585,6 +12575,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm @@ -11593,6 +12584,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11608,6 +12603,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend @@ -11618,6 +12614,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11629,6 +12629,7 @@ steps: - Tag and push image "teleport:v11-arm64" to ECR - production - name: Assume S3 Download AWS Role for teleport-ent image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -11723,6 +12724,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v11-amd64-builder" --target "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg @@ -11733,6 +12735,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11784,6 +12790,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v11-arm-builder" --target "teleport" --platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat @@ -11794,6 +12801,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11845,6 +12856,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v11-arm64-builder" --target "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg @@ -11855,6 +12867,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11871,6 +12887,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing @@ -11893,6 +12910,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11908,6 +12929,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing @@ -11930,6 +12952,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11945,6 +12971,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing @@ -11967,6 +12994,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -11980,6 +13011,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -11992,6 +13024,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12007,6 +13043,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -12019,6 +13056,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12034,6 +13075,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -12046,6 +13088,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12061,6 +13107,7 @@ steps: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 @@ -12073,6 +13120,10 @@ steps: - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -12090,6 +13141,7 @@ steps: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm @@ -12102,6 +13154,10 @@ steps: - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -12119,6 +13175,7 @@ steps: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 @@ -12131,6 +13188,10 @@ steps: - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -12146,6 +13207,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm @@ -12153,6 +13215,10 @@ steps: - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -12170,6 +13236,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm @@ -12177,6 +13244,10 @@ steps: - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -12194,6 +13265,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend @@ -12203,6 +13275,10 @@ steps: "/go/var/full-version")) - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -12224,6 +13300,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat @@ -12238,6 +13315,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12253,6 +13334,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm @@ -12266,6 +13348,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12281,6 +13367,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat @@ -12295,6 +13382,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12308,6 +13399,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm @@ -12316,6 +13408,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12331,6 +13427,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm @@ -12339,6 +13436,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12354,6 +13455,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") @@ -12364,6 +13466,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12375,6 +13481,7 @@ steps: - Tag and push image "teleport-ent:v11-arm64" to ECR - production - name: Assume S3 Download AWS Role for teleport-ent-fips image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -12470,6 +13577,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v11-fips-amd64-builder" --target "teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips" @@ -12481,6 +13589,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12497,6 +13609,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found @@ -12519,6 +13632,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12532,6 +13649,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing @@ -12542,6 +13660,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12555,6 +13677,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing @@ -12565,6 +13688,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12578,6 +13705,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing @@ -12588,6 +13716,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12601,6 +13733,7 @@ steps: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 @@ -12613,6 +13746,10 @@ steps: - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -12628,11 +13765,16 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -12648,11 +13790,16 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -12668,6 +13815,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend @@ -12675,6 +13823,10 @@ steps: docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -12694,6 +13846,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat @@ -12708,6 +13861,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12721,12 +13878,17 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12740,12 +13902,17 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12759,6 +13926,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips @@ -12767,6 +13935,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12787,6 +13959,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v11-amd64-builder" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg @@ -12798,6 +13971,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12826,6 +14003,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v11-arm-builder" --platform "linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg @@ -12837,6 +14015,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12865,6 +14047,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v11-arm64-builder" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg @@ -12876,6 +14059,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12899,6 +14086,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing @@ -12921,6 +14109,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12936,6 +14128,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing @@ -12958,6 +14151,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -12973,6 +14170,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing @@ -12995,6 +14193,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -13008,6 +14210,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -13020,6 +14223,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -13035,6 +14242,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -13047,6 +14255,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -13062,6 +14274,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -13074,6 +14287,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -13089,6 +14306,7 @@ steps: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 @@ -13101,6 +14319,10 @@ steps: - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -13118,6 +14340,7 @@ steps: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm @@ -13130,6 +14353,10 @@ steps: - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -13147,6 +14374,7 @@ steps: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 @@ -13159,6 +14387,10 @@ steps: - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -13174,6 +14406,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm @@ -13181,6 +14414,10 @@ steps: - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -13198,6 +14435,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm @@ -13205,6 +14443,10 @@ steps: - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -13222,6 +14464,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend @@ -13231,6 +14474,10 @@ steps: docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")) - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -13252,6 +14499,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat @@ -13266,6 +14514,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -13281,6 +14533,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat @@ -13295,6 +14548,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -13310,6 +14567,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat @@ -13324,6 +14582,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -13337,6 +14599,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm @@ -13345,6 +14608,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -13360,6 +14627,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm @@ -13368,6 +14636,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -13383,6 +14655,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") @@ -13393,6 +14666,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -13418,6 +14695,10 @@ volumes: temp: {} - name: dockersock temp: {} +- name: dockerconfig + temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -13459,15 +14740,25 @@ steps: "v10" - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker depends_on: - Find the latest available semver for v10 - name: Wait for docker registry image: alpine + pull: if-not-exists commands: - apk add curl - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" @@ -13476,6 +14767,7 @@ steps: - Find the latest available semver for v10 - name: Check out code image: alpine/git:latest + pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" @@ -13502,6 +14794,7 @@ steps: - Find the latest available semver for v10 - name: Assume ECR - staging AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -13528,6 +14821,7 @@ steps: - Find the latest available semver for v10 - name: Assume ECR - authenticated-pull AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -13555,6 +14849,7 @@ steps: - Find the latest available semver for v10 - name: Assume ECR - production AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -13582,6 +14877,7 @@ steps: - Find the latest available semver for v10 - name: Assume S3 Download AWS Role for teleport image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -13676,6 +14972,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v10-amd64-builder" --target "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb @@ -13686,6 +14983,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -13737,6 +15038,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v10-arm-builder" --target "teleport" --platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb @@ -13747,6 +15049,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -13798,6 +15104,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v10-arm64-builder" --target "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb @@ -13808,6 +15115,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -13824,6 +15135,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing @@ -13846,6 +15158,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -13860,6 +15176,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing @@ -13882,6 +15199,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -13897,6 +15218,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing @@ -13919,6 +15241,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -13932,6 +15258,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -13944,6 +15271,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -13959,6 +15290,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -13971,6 +15303,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -13986,6 +15322,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -13998,6 +15335,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -14013,6 +15354,7 @@ steps: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 @@ -14025,6 +15367,10 @@ steps: - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -14041,6 +15387,7 @@ steps: commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm @@ -14053,6 +15400,10 @@ steps: - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -14070,6 +15421,7 @@ steps: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 @@ -14082,6 +15434,10 @@ steps: - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -14097,6 +15453,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat @@ -14104,6 +15461,10 @@ steps: - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -14121,6 +15482,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat @@ -14128,6 +15490,10 @@ steps: - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -14145,6 +15511,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat @@ -14153,6 +15520,10 @@ steps: docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version")) - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -14174,6 +15545,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 @@ -14187,6 +15559,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -14201,6 +15577,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm @@ -14214,6 +15591,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -14229,6 +15610,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 @@ -14242,6 +15624,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -14255,6 +15641,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm @@ -14263,6 +15650,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -14278,6 +15669,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm @@ -14286,6 +15678,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -14301,6 +15697,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend @@ -14311,6 +15708,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -14322,6 +15723,7 @@ steps: - Tag and push image "teleport:v10-arm64" to ECR - production - name: Assume S3 Download AWS Role for teleport-ent image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -14416,6 +15818,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v10-amd64-builder" --target "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg @@ -14426,6 +15829,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -14477,6 +15884,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v10-arm-builder" --target "teleport" --platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat @@ -14487,6 +15895,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -14538,6 +15950,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v10-arm64-builder" --target "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg @@ -14548,6 +15961,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -14564,6 +15981,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing @@ -14586,6 +16004,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -14601,6 +16023,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing @@ -14623,6 +16046,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -14638,6 +16065,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing @@ -14660,6 +16088,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -14673,6 +16105,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -14685,6 +16118,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -14700,6 +16137,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -14712,6 +16150,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -14727,6 +16169,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -14739,6 +16182,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -14754,6 +16201,7 @@ steps: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 @@ -14766,6 +16214,10 @@ steps: - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -14783,6 +16235,7 @@ steps: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm @@ -14795,6 +16248,10 @@ steps: - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -14812,6 +16269,7 @@ steps: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 @@ -14824,6 +16282,10 @@ steps: - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -14839,6 +16301,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm @@ -14846,6 +16309,10 @@ steps: - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -14863,6 +16330,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm @@ -14870,6 +16338,10 @@ steps: - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -14887,6 +16359,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend @@ -14896,6 +16369,10 @@ steps: "/go/var/full-version")) - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -14917,6 +16394,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat @@ -14931,6 +16409,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -14946,6 +16428,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm @@ -14959,6 +16442,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -14974,6 +16461,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat @@ -14988,6 +16476,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15001,6 +16493,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm @@ -15009,6 +16502,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15024,6 +16521,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm @@ -15032,6 +16530,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15047,6 +16549,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") @@ -15057,6 +16560,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15068,6 +16575,7 @@ steps: - Tag and push image "teleport-ent:v10-arm64" to ECR - production - name: Assume S3 Download AWS Role for teleport-ent-fips image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -15163,6 +16671,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v10-fips-amd64-builder" --target "teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips" @@ -15174,6 +16683,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15190,6 +16703,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found @@ -15212,6 +16726,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15225,6 +16743,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing @@ -15235,6 +16754,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15248,6 +16771,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing @@ -15258,6 +16782,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15271,6 +16799,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing @@ -15281,6 +16810,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15294,6 +16827,7 @@ steps: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 @@ -15306,6 +16840,10 @@ steps: - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -15321,11 +16859,16 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -15341,11 +16884,16 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -15361,6 +16909,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend @@ -15368,6 +16917,10 @@ steps: docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -15387,6 +16940,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat @@ -15401,6 +16955,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15414,12 +16972,17 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15433,12 +16996,17 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15452,6 +17020,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips @@ -15460,6 +17029,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15480,6 +17053,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v10-amd64-builder" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg @@ -15491,6 +17065,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15519,6 +17097,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v10-arm-builder" --platform "linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg @@ -15530,6 +17109,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15558,6 +17141,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v10-arm64-builder" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 --file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg @@ -15569,6 +17153,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15592,6 +17180,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing @@ -15614,6 +17203,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15629,6 +17222,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing @@ -15651,6 +17245,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15666,6 +17264,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing @@ -15688,6 +17287,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15701,6 +17304,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -15713,6 +17317,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15728,6 +17336,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -15740,6 +17349,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15755,6 +17368,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -15767,6 +17381,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15782,6 +17400,7 @@ steps: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 @@ -15794,6 +17413,10 @@ steps: - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -15811,6 +17434,7 @@ steps: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm @@ -15823,6 +17447,10 @@ steps: - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -15840,6 +17468,7 @@ steps: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 @@ -15852,6 +17481,10 @@ steps: - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -15867,6 +17500,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm @@ -15874,6 +17508,10 @@ steps: - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -15891,6 +17529,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm @@ -15898,6 +17537,10 @@ steps: - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -15915,6 +17558,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend @@ -15924,6 +17568,10 @@ steps: docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")) - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -15945,6 +17593,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat @@ -15959,6 +17608,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -15974,6 +17627,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat @@ -15988,6 +17642,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -16003,6 +17661,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat @@ -16017,6 +17676,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -16030,6 +17693,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm @@ -16038,6 +17702,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -16053,6 +17721,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm @@ -16061,6 +17730,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -16076,6 +17749,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") @@ -16086,6 +17760,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -16111,6 +17789,10 @@ volumes: temp: {} - name: dockersock temp: {} +- name: dockerconfig + temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -16151,15 +17833,25 @@ steps: - echo Found full semver "$(cat "/go/vars/full-version-v9")" for major version "v9" - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker depends_on: - Find the latest available semver for v9 - name: Wait for docker registry image: alpine + pull: if-not-exists commands: - apk add curl - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" @@ -16168,6 +17860,7 @@ steps: - Find the latest available semver for v9 - name: Check out code image: alpine/git:latest + pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" @@ -16193,6 +17886,7 @@ steps: - Find the latest available semver for v9 - name: Assume ECR - staging AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -16219,6 +17913,7 @@ steps: - Find the latest available semver for v9 - name: Assume ECR - authenticated-pull AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -16246,6 +17941,7 @@ steps: - Find the latest available semver for v9 - name: Assume ECR - production AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -16273,6 +17969,7 @@ steps: - Find the latest available semver for v9 - name: Assume S3 Download AWS Role for teleport image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -16367,6 +18064,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v9-amd64-builder" --target "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb @@ -16377,6 +18075,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -16428,6 +18130,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v9-arm-builder" --target "teleport" --platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb @@ -16438,6 +18141,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -16489,6 +18196,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v9-arm64-builder" --target "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb @@ -16499,6 +18207,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -16515,6 +18227,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing @@ -16537,6 +18250,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -16551,6 +18268,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing @@ -16573,6 +18291,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -16588,6 +18310,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing @@ -16610,6 +18333,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -16623,6 +18350,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -16635,6 +18363,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -16650,6 +18382,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -16662,6 +18395,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -16677,6 +18414,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -16689,6 +18427,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -16704,6 +18446,7 @@ steps: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 @@ -16716,6 +18459,10 @@ steps: - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -16732,6 +18479,7 @@ steps: commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm @@ -16744,6 +18492,10 @@ steps: - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -16761,6 +18513,7 @@ steps: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 @@ -16773,6 +18526,10 @@ steps: - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -16788,6 +18545,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat @@ -16795,6 +18553,10 @@ steps: - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -16812,6 +18574,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat @@ -16819,6 +18582,10 @@ steps: - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -16836,6 +18603,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat @@ -16844,6 +18612,10 @@ steps: docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version")) - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -16865,6 +18637,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 @@ -16878,6 +18651,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -16892,6 +18669,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm @@ -16905,6 +18683,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -16920,6 +18702,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 @@ -16933,6 +18716,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -16946,6 +18733,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm @@ -16954,6 +18742,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -16969,6 +18761,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm @@ -16977,6 +18770,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -16992,6 +18789,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend @@ -17002,6 +18800,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17013,6 +18815,7 @@ steps: - Tag and push image "teleport:v9-arm64" to ECR - production - name: Assume S3 Download AWS Role for teleport-ent image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -17107,6 +18910,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v9-amd64-builder" --target "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg @@ -17117,6 +18921,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17168,6 +18976,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v9-arm-builder" --target "teleport" --platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat @@ -17178,6 +18987,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17229,6 +19042,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v9-arm64-builder" --target "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg @@ -17239,6 +19053,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17255,6 +19073,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing @@ -17277,6 +19096,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17292,6 +19115,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing @@ -17314,6 +19138,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17329,6 +19157,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing @@ -17351,6 +19180,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17364,6 +19197,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -17376,6 +19210,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17391,6 +19229,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -17403,6 +19242,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17418,6 +19261,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, @@ -17430,6 +19274,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17445,6 +19293,7 @@ steps: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 @@ -17457,6 +19306,10 @@ steps: - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -17474,6 +19327,7 @@ steps: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm @@ -17486,6 +19340,10 @@ steps: - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -17503,6 +19361,7 @@ steps: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 @@ -17515,6 +19374,10 @@ steps: - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -17530,6 +19393,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm @@ -17537,6 +19401,10 @@ steps: - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -17554,6 +19422,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm @@ -17561,6 +19430,10 @@ steps: - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -17578,6 +19451,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend @@ -17587,6 +19461,10 @@ steps: "/go/var/full-version")) - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -17608,6 +19486,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat @@ -17622,6 +19501,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17637,6 +19520,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm @@ -17650,6 +19534,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17665,6 +19553,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat @@ -17679,6 +19568,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17692,6 +19585,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm @@ -17700,6 +19594,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17715,6 +19613,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm @@ -17723,6 +19622,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17738,6 +19641,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") @@ -17748,6 +19652,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17759,6 +19667,7 @@ steps: - Tag and push image "teleport-ent:v9-arm64" to ECR - production - name: Assume S3 Download AWS Role for teleport-ent-fips image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -17854,6 +19763,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v9-fips-amd64-builder" --target "teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips" @@ -17865,6 +19775,10 @@ steps: environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17881,6 +19795,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found @@ -17903,6 +19818,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17916,6 +19835,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing @@ -17926,6 +19846,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17939,6 +19863,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing @@ -17949,6 +19874,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17962,6 +19891,7 @@ steps: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing @@ -17972,6 +19902,10 @@ steps: - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -17985,6 +19919,7 @@ steps: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 @@ -17997,6 +19932,10 @@ steps: - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -18012,11 +19951,16 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -18032,11 +19976,16 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -18052,6 +20001,7 @@ steps: image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend @@ -18059,6 +20009,10 @@ steps: docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) - docker logout "quay.io" environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: @@ -18078,6 +20032,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat @@ -18092,6 +20047,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -18105,12 +20064,17 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -18124,12 +20088,17 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -18143,6 +20112,7 @@ steps: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips @@ -18151,6 +20121,10 @@ steps: - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws @@ -18174,6 +20148,10 @@ volumes: temp: {} - name: dockersock temp: {} +- name: dockerconfig + temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- ################################################ @@ -18212,13 +20190,23 @@ steps: && exit 1)' - name: Wait for docker image: docker + pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' + - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin + environment: + DOCKERHUB_PASSWORD: + from_secret: DOCKERHUB_READONLY_TOKEN + DOCKERHUB_USERNAME: + from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run + - name: dockerconfig + path: /root/.docker - name: Assume AWS Role image: amazon/aws-cli + pull: if-not-exists commands: - aws sts get-caller-identity - |- @@ -18290,15 +20278,19 @@ services: - name: dockersock path: /var/run volumes: -- name: dockersock - temp: {} - name: tmpfs temp: medium: memory - name: awsconfig temp: {} +- name: dockersock + temp: {} +- name: dockerconfig + temp: {} +image_pull_secrets: +- DOCKERHUB_CREDENTIALS --- kind: signature -hmac: 60f27fed9d0e5786d54bd22e6b07f18d62225d78be34cdfce01a391360249d9d +hmac: 9c4cdef9d7fd1b4b41929a4456e5b9e3370bd07f5f7acd13695012f29acff612 ... diff --git a/Makefile b/Makefile index 9192bd69760b6..336b9a2fe428c 100644 --- a/Makefile +++ b/Makefile @@ -898,12 +898,13 @@ update-api-import-path: # - build binaries with 'make release' # - run `make tag` and use its output to 'git tag' and 'git push --tags' .PHONY: update-tag +update-tag: TAG_REMOTE ?= origin update-tag: @test $(VERSION) git tag $(GITTAG) git tag api/$(GITTAG) (cd e && git tag $(GITTAG) && git push origin $(GITTAG)) - git push origin $(GITTAG) && git push origin api/$(GITTAG) + git push $(TAG_REMOTE) $(GITTAG) && git push $(TAG_REMOTE) api/$(GITTAG) .PHONY: test-package test-package: remove-temp-files diff --git a/dronegen/aws.go b/dronegen/aws.go index 366f7d7e6e68a..e2b0280d6d8cc 100644 --- a/dronegen/aws.go +++ b/dronegen/aws.go @@ -93,6 +93,7 @@ func kubernetesAssumeAwsRoleStep(s kubernetesRoleSettings) step { return step{ Name: s.name, Image: "amazon/aws-cli", + Pull: "if-not-exists", Environment: map[string]value{ "AWS_ACCESS_KEY_ID": s.awsAccessKeyID, "AWS_SECRET_ACCESS_KEY": s.awsSecretAccessKey, @@ -125,6 +126,7 @@ func kubernetesUploadToS3Step(s kubernetesS3Settings) step { return step{ Name: "Upload to S3", Image: "amazon/aws-cli", + Pull: "if-not-exists", Environment: map[string]value{ "AWS_S3_BUCKET": {fromSecret: "AWS_S3_BUCKET"}, "AWS_REGION": {raw: s.region}, diff --git a/dronegen/buildbox.go b/dronegen/buildbox.go index 75aa73db5e018..b4a696ca03feb 100644 --- a/dronegen/buildbox.go +++ b/dronegen/buildbox.go @@ -69,7 +69,8 @@ func buildboxPipelineStep(buildboxName string, fips bool) step { return step{ Name: "Build and push " + buildboxName, Image: "docker", - Volumes: []volumeRef{volumeRefDocker, volumeRefAwsConfig}, + Pull: "if-not-exists", + Volumes: []volumeRef{volumeRefAwsConfig, volumeRefDocker, volumeRefDockerConfig}, Commands: []string{ `apk add --no-cache make aws-cli`, `chown -R $UID:$GID /go`, @@ -101,7 +102,7 @@ func buildboxPipeline() pipeline { // only on master for now; add the release branch name when forking a new release series. p.Trigger = pushTriggerForBranch("master", "branch/*") p.Workspace = workspace{Path: "/go/src/github.com/gravitational/teleport"} - p.Volumes = []volume{volumeDocker, volumeAwsConfig} + p.Volumes = []volume{volumeAwsConfig, volumeDocker, volumeDockerConfig} p.Services = []service{ dockerService(), } diff --git a/dronegen/common.go b/dronegen/common.go index 63ac021f026fd..2039052aa63e2 100644 --- a/dronegen/common.go +++ b/dronegen/common.go @@ -86,6 +86,25 @@ var ( Name: "awsconfig", Path: "/root/.aws", } + + // volumeDockerConfig is a temporary volume for storing docker + // credentials for use with the Docker-in-Docker service we use + // to isolate the host machines docker daemon from the one used + // during the build. Mount this any time you use `volumeDocker` + // + // Drone claims to destroy the the temp volumes after a workflow + // has run, so it should be safe to write credentials etc. + volumeDockerConfig = volume{ + Name: "dockerconfig", + Temp: &volumeTemp{}, + } + + // volumeRefDockerConfig is how you reference the docker config + // volume in a workflow step + volumeRefDockerConfig = volumeRef{ + Name: "dockerconfig", + Path: "/root/.docker", + } ) var buildboxVersion value @@ -242,18 +261,6 @@ func dockerRegistryService() service { } } -// dockerVolumes returns a slice of volumes -// It includes the Docker socket volume by default, plus any extra volumes passed in -func dockerVolumes(v ...volume) []volume { - return append(v, volumeDocker) -} - -// dockerVolumeRefs returns a slice of volumeRefs -// It includes the Docker socket volumeRef as a default, plus any extra volumeRefs passed in -func dockerVolumeRefs(v ...volumeRef) []volumeRef { - return append(v, volumeRefDocker) -} - // releaseMakefileTarget gets the correct Makefile target for a given arch/fips/centos combo func releaseMakefileTarget(b buildType) string { makefileTarget := fmt.Sprintf("release-%s", b.arch) @@ -283,10 +290,16 @@ func waitForDockerStep() step { return step{ Name: "Wait for docker", Image: "docker", + Pull: "if-not-exists", Commands: []string{ `timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'`, + `printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin`, + }, + Volumes: []volumeRef{volumeRefDocker, volumeRefDockerConfig}, + Environment: map[string]value{ + "DOCKERHUB_USERNAME": {fromSecret: "DOCKERHUB_USERNAME"}, + "DOCKERHUB_PASSWORD": {fromSecret: "DOCKERHUB_READONLY_TOKEN"}, }, - Volumes: []volumeRef{volumeRefDocker}, } } @@ -295,6 +308,7 @@ func waitForDockerRegistryStep() step { return step{ Name: "Wait for docker registry", Image: "alpine", + Pull: "if-not-exists", Commands: []string{ "apk add curl", fmt.Sprintf(`timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %%{http_code} http://%s/)" != "200" ]; do sleep 1; done'`, LocalRegistrySocket), @@ -306,6 +320,7 @@ func verifyTaggedStep() step { return step{ Name: "Verify build is tagged", Image: "alpine:latest", + Pull: "if-not-exists", Commands: []string{ "[ -n ${DRONE_TAG} ] || (echo 'DRONE_TAG is not set. Is the commit tagged?' && exit 1)", }, @@ -317,6 +332,7 @@ func cloneRepoStep(clonePath, commit string) step { return step{ Name: "Check out code", Image: "alpine/git:latest", + Pull: "if-not-exists", Commands: cloneRepoCommands(clonePath, commit), } } diff --git a/dronegen/container_image_products.go b/dronegen/container_image_products.go index 240fbab06ba46..147a201a1e0d9 100644 --- a/dronegen/container_image_products.go +++ b/dronegen/container_image_products.go @@ -478,7 +478,7 @@ func (p *Product) createBuildStep(arch string, version *ReleaseVersion, publicEc step := step{ Name: p.GetBuildStepName(arch, version), Image: "docker", - Volumes: dockerVolumeRefs(volumeRefAwsConfig), + Volumes: []volumeRef{volumeRefAwsConfig, volumeRefDocker}, // no docker config volume, as this will race Environment: envVars, Commands: commands, DependsOn: getStepNames(publicEcrPullRegistry.SetupSteps), diff --git a/dronegen/container_images_release_version.go b/dronegen/container_images_release_version.go index 4dd0e69b989a1..7e5d74811c283 100644 --- a/dronegen/container_images_release_version.go +++ b/dronegen/container_images_release_version.go @@ -48,7 +48,7 @@ func (rv *ReleaseVersion) buildVersionPipeline(triggerSetupSteps []step, flags * dockerService(), dockerRegistryService(), } - pipeline.Volumes = dockerVolumes(volumeAwsConfig) + pipeline.Volumes = []volume{volumeAwsConfig, volumeDocker, volumeDockerConfig} pipeline.Environment = map[string]value{ "DEBIAN_FRONTEND": { raw: "noninteractive", diff --git a/dronegen/container_images_repos.go b/dronegen/container_images_repos.go index fa46b62fd710e..13d78c6e79fb9 100644 --- a/dronegen/container_images_repos.go +++ b/dronegen/container_images_repos.go @@ -62,6 +62,7 @@ func NewEcrContainerRepo(accessKeyIDSecret, secretAccessKeySecret, roleSecret, d loginCommands := []string{ "apk add --no-cache aws-cli", fmt.Sprintf("aws %s get-login-password --region=%s | docker login -u=\"AWS\" --password-stdin %s", loginSubcommand, ecrRegion, domain), + `printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin`, } if guaranteeUnique { @@ -72,7 +73,9 @@ func NewEcrContainerRepo(accessKeyIDSecret, secretAccessKeySecret, roleSecret, d Name: repoName, IsImmutable: isImmutable, EnvironmentVars: map[string]value{ - "AWS_PROFILE": {raw: profileName}, + "AWS_PROFILE": {raw: profileName}, + "DOCKERHUB_USERNAME": {fromSecret: "DOCKERHUB_USERNAME"}, + "DOCKERHUB_PASSWORD": {fromSecret: "DOCKERHUB_READONLY_TOKEN"}, }, RegistryDomain: domain, RegistryOrg: registryOrg, @@ -112,17 +115,16 @@ func NewQuayContainerRepo(dockerUsername, dockerPassword string) *ContainerRepo Name: "Quay", IsImmutable: false, EnvironmentVars: map[string]value{ - "QUAY_USERNAME": { - fromSecret: dockerUsername, - }, - "QUAY_PASSWORD": { - fromSecret: dockerPassword, - }, + "QUAY_USERNAME": {fromSecret: dockerUsername}, + "QUAY_PASSWORD": {fromSecret: dockerPassword}, + "DOCKERHUB_USERNAME": {fromSecret: "DOCKERHUB_USERNAME"}, + "DOCKERHUB_PASSWORD": {fromSecret: "DOCKERHUB_READONLY_TOKEN"}, }, RegistryDomain: ProductionRegistryQuay, RegistryOrg: registryOrg, LoginCommands: []string{ fmt.Sprintf("docker login -u=\"$QUAY_USERNAME\" -p=\"$QUAY_PASSWORD\" %q", ProductionRegistryQuay), + `printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin`, }, } } @@ -254,7 +256,7 @@ func (cr *ContainerRepo) pullPushStep(image *Image, dependencySteps []string) (s return step{ Name: fmt.Sprintf("Pull %s and push it to %s", image.GetDisplayName(), localRepo.Name), Image: "docker", - Volumes: dockerVolumeRefs(volumeRefAwsConfig), + Volumes: []volumeRef{volumeRefAwsConfig, volumeRefDocker}, // no docker config volume, as this will race Environment: cr.EnvironmentVars, Commands: commands, DependsOn: dependencySteps, @@ -304,7 +306,7 @@ func (cr *ContainerRepo) tagAndPushStep(buildStepDetails *buildStepOutput, image step := step{ Name: fmt.Sprintf("Tag and push image %q to %s", buildStepDetails.BuiltImage.GetDisplayName(), cr.Name), Image: "docker", - Volumes: dockerVolumeRefs(volumeRefAwsConfig), + Volumes: []volumeRef{volumeRefAwsConfig, volumeRefDocker}, // no docker config volume, as this will race Environment: cr.EnvironmentVars, Commands: commands, DependsOn: dependencySteps, @@ -332,7 +334,7 @@ func (cr *ContainerRepo) createAndPushManifestStep(manifestImage *Image, pushSte return step{ Name: fmt.Sprintf("Create manifest and push %q to %s", manifestImage.GetDisplayName(), cr.Name), Image: "docker", - Volumes: dockerVolumeRefs(volumeRefAwsConfig), + Volumes: []volumeRef{volumeRefAwsConfig, volumeRefDocker}, // no docker config volume, as this will race Environment: cr.EnvironmentVars, Commands: cr.buildCommandsWithLogin(commands), DependsOn: pushStepNames, diff --git a/dronegen/gha.go b/dronegen/gha.go index 5fd36d5747283..8ffdfc07886df 100644 --- a/dronegen/gha.go +++ b/dronegen/gha.go @@ -41,6 +41,7 @@ func ghaBuildPipeline(b ghaBuildType) pipeline { { Name: "Check out code", Image: "docker:git", + Pull: "if-not-exists", Environment: map[string]value{ "GITHUB_PRIVATE_KEY": {fromSecret: "GITHUB_PRIVATE_KEY"}, }, @@ -49,6 +50,7 @@ func ghaBuildPipeline(b ghaBuildType) pipeline { { Name: "Delegate build to GitHub", Image: fmt.Sprintf("golang:%s-alpine", GoVersion), + Pull: "if-not-exists", Environment: map[string]value{ "GHA_APP_KEY": {fromSecret: "GITHUB_WORKFLOW_APP_PRIVATE_KEY"}, }, diff --git a/dronegen/main.go b/dronegen/main.go index 517b80fd518e4..5ce4e6998ad31 100644 --- a/dronegen/main.go +++ b/dronegen/main.go @@ -39,6 +39,22 @@ func main() { pipelines = append(pipelines, buildContainerImagePipelines()...) pipelines = append(pipelines, publishReleasePipeline()) + // Inject the Drone-level dockerhub credentials into all non-exec + // pipelines. Drone will then use the docker credentials file in + // the named secret as its credentials when pulling images from + // dockerhub. + // + // Exec pipelines do not have the `image_pull_secrets` option, as + // their steps are invoked directly on the host runner and not + // into a per-step container. + for pidx := range pipelines { + p := &pipelines[pidx] + if p.Type == "exec" { + continue + } + p.ImagePullSecrets = append(p.ImagePullSecrets, "DOCKERHUB_CREDENTIALS") + } + if err := writePipelines(".drone.yml", pipelines); err != nil { fmt.Println("failed writing drone pipelines:", err) os.Exit(1) diff --git a/dronegen/push.go b/dronegen/push.go index 566f20a639fea..80802c2e15961 100644 --- a/dronegen/push.go +++ b/dronegen/push.go @@ -121,7 +121,7 @@ func pushPipeline(b buildType) pipeline { } p.Trigger = triggerPush p.Workspace = workspace{Path: "/go"} - p.Volumes = []volume{volumeDocker} + p.Volumes = []volume{volumeDocker, volumeDockerConfig} p.Services = []service{ dockerService(), } @@ -129,6 +129,7 @@ func pushPipeline(b buildType) pipeline { { Name: "Check out code", Image: "docker:git", + Pull: "if-not-exists", Environment: map[string]value{ "GITHUB_PRIVATE_KEY": {fromSecret: "GITHUB_PRIVATE_KEY"}, }, @@ -138,8 +139,9 @@ func pushPipeline(b buildType) pipeline { { Name: "Build artifacts", Image: "docker", + Pull: "if-not-exists", Environment: pushEnvironment, - Volumes: []volumeRef{volumeRefDocker}, + Volumes: []volumeRef{volumeRefDocker, volumeRefDockerConfig}, Commands: pushBuildCommands(b), }, sendErrorToSlackStep(), diff --git a/dronegen/relcli.go b/dronegen/relcli.go index c119bb7132215..f6f4fc7464568 100644 --- a/dronegen/relcli.go +++ b/dronegen/relcli.go @@ -44,11 +44,7 @@ func relcliPipeline(trigger trigger, name string, stepName string, command strin } p.Services = []service{dockerService(volumeRefTmpfs)} - p.Volumes = []volume{ - volumeDocker, - volumeTmpfs, - volumeAwsConfig, - } + p.Volumes = []volume{volumeTmpfs, volumeAwsConfig, volumeDocker, volumeDockerConfig} return p } @@ -60,10 +56,7 @@ func pullRelcliStep(awsConfigVolumeRef volumeRef) step { Environment: map[string]value{ "AWS_DEFAULT_REGION": {raw: "us-west-2"}, }, - Volumes: []volumeRef{ - volumeRefDocker, - volumeRefAwsConfig, - }, + Volumes: []volumeRef{volumeRefDocker, volumeRefAwsConfig}, Commands: []string{ `apk add --no-cache aws-cli`, `aws ecr get-login-password | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com`, @@ -83,11 +76,7 @@ func executeRelcliStep(name string, command string) step { "RELCLI_CERT": {raw: "/tmpfs/creds/releases.crt"}, "RELCLI_KEY": {raw: "/tmpfs/creds/releases.key"}, }, - Volumes: []volumeRef{ - volumeRefDocker, - volumeRefTmpfs, - volumeRefAwsConfig, - }, + Volumes: []volumeRef{volumeRefDocker, volumeRefTmpfs, volumeRefAwsConfig}, Commands: []string{ `mkdir -p /tmpfs/creds`, `echo "$RELEASES_CERT" | base64 -d > "$RELCLI_CERT"`, diff --git a/dronegen/tag.go b/dronegen/tag.go index d361fdfb7745b..6cd23d0645e62 100644 --- a/dronegen/tag.go +++ b/dronegen/tag.go @@ -254,7 +254,7 @@ func tagPipeline(b buildType) pipeline { p.Trigger = triggerTag p.DependsOn = []string{tagCleanupPipelineName} p.Workspace = workspace{Path: "/go"} - p.Volumes = []volume{volumeAwsConfig, volumeDocker} + p.Volumes = []volume{volumeAwsConfig, volumeDocker, volumeDockerConfig} p.Services = []service{ dockerService(), } @@ -262,6 +262,7 @@ func tagPipeline(b buildType) pipeline { { Name: "Check out code", Image: "docker:git", + Pull: "if-not-exists", Environment: map[string]value{ "GITHUB_PRIVATE_KEY": {fromSecret: "GITHUB_PRIVATE_KEY"}, }, @@ -271,13 +272,15 @@ func tagPipeline(b buildType) pipeline { { Name: "Build artifacts", Image: "docker", + Pull: "if-not-exists", Environment: tagEnvironment, - Volumes: []volumeRef{volumeRefDocker}, + Volumes: []volumeRef{volumeRefDocker, volumeRefDockerConfig}, Commands: tagBuildCommands(b), }, { Name: "Copy artifacts", Image: "docker", + Pull: "if-not-exists", Commands: tagCopyArtifactCommands(b), }, kubernetesAssumeAwsRoleStep(kubernetesRoleSettings{ @@ -297,6 +300,7 @@ func tagPipeline(b buildType) pipeline { { Name: "Register artifacts", Image: "docker", + Pull: "if-not-exists", Commands: tagCreateReleaseAssetCommands(b, "", extraQualifications), Environment: map[string]value{ "RELEASES_CERT": {fromSecret: "RELEASES_CERT"}, @@ -445,12 +449,10 @@ func tagPackagePipeline(packageType string, b buildType) pipeline { environment["OSS_TARBALL_PATH"] = value{raw: "/go/artifacts"} } - packageDockerVolumes := []volume{ - volumeDocker, - volumeAwsConfig, - } + packageDockerVolumes := []volume{volumeAwsConfig, volumeDocker, volumeDockerConfig} packageDockerVolumeRefs := []volumeRef{ volumeRefDocker, + volumeRefDockerConfig, volumeRefAwsConfig, } packageDockerService := dockerService() diff --git a/dronegen/types.go b/dronegen/types.go index 58d1496c0de89..75a11c5e7c8af 100644 --- a/dronegen/types.go +++ b/dronegen/types.go @@ -29,20 +29,21 @@ import ( type pipeline struct { comment string - Kind string `yaml:"kind"` - Type string `yaml:"type"` - Name string `yaml:"name"` - Environment map[string]value `yaml:"environment,omitempty"` - Trigger trigger `yaml:"trigger"` - Workspace workspace `yaml:"workspace,omitempty"` - Platform platform `yaml:"platform,omitempty"` - Node map[string]value `yaml:"node,omitempty"` - Clone clone `yaml:"clone,omitempty"` - DependsOn []string `yaml:"depends_on,omitempty"` - Concurrency concurrency `yaml:"concurrency,omitempty"` - Steps []step `yaml:"steps"` - Services []service `yaml:"services,omitempty"` - Volumes []volume `yaml:"volumes,omitempty"` + Kind string `yaml:"kind"` + Type string `yaml:"type"` + Name string `yaml:"name"` + Environment map[string]value `yaml:"environment,omitempty"` + Trigger trigger `yaml:"trigger"` + Workspace workspace `yaml:"workspace,omitempty"` + Platform platform `yaml:"platform,omitempty"` + Node map[string]value `yaml:"node,omitempty"` + Clone clone `yaml:"clone,omitempty"` + DependsOn []string `yaml:"depends_on,omitempty"` + Concurrency concurrency `yaml:"concurrency,omitempty"` + Steps []step `yaml:"steps"` + Services []service `yaml:"services,omitempty"` + Volumes []volume `yaml:"volumes,omitempty"` + ImagePullSecrets []string `yaml:"image_pull_secrets,omitempty"` } func newKubePipeline(name string) pipeline { @@ -170,6 +171,7 @@ type volumeRef struct { type step struct { Name string `yaml:"name"` Image string `yaml:"image,omitempty"` + Pull string `yaml:"pull,omitempty"` Commands []string `yaml:"commands,omitempty"` Environment map[string]value `yaml:"environment,omitempty"` Volumes []volumeRef `yaml:"volumes,omitempty"`