Improve package build pipeline:

- Add docker container tags for "latest_BRANCH" - Prevent different branches from overwriting deb repo artifacts - Manual approval always required before pushing to prod
2025-11-19 10:05:48 +00:00 · 2019-07-15 12:10:42 -07:00
parent caa5c9e223
commit a3060516c6
3 changed files with 23 additions and 28 deletions
--- a/Builds/containers/gitlab-ci/pkgbuild.yml
+++ b/Builds/containers/gitlab-ci/pkgbuild.yml
@@ -17,9 +17,6 @@ variables:
  # also need to define this variable ONLY for the primary
  # build/publish pipeline on the mainline repo:
  #   IS_PRIMARY_REPO = "true"
-  # and if you want to pause for manual approval before
-  # pushing to pkg repos:
-  #   REQUIRE_APPROVAL = "true"

 stages:
  - build_containers
@@ -42,7 +39,9 @@ stages:
  image:
    name: docker:latest
  services:
-    - docker:dind
+    # workaround for TLS issues - consider going back
+    # back to unversioned `dind` when issues are resolved
+    - docker:18-dind
  tags:
    - docker-4xlarge

@@ -53,16 +52,6 @@ stages:
    variables:
      - $IS_PRIMARY_REPO == "true"

-.only_primary_manual_template: &only_primary_manual
-  only:
-    refs:
-      - /^(master|release|develop)$/
-    variables:
-      - $IS_PRIMARY_REPO == "true"
-      - $REQUIRE_APPROVAL == "true"
-  when: manual
-  allow_failure: false
-
 .smoketest_local_template: &run_local_smoketest
  tags:
    - xlarge
@@ -253,7 +242,9 @@ tag_bld_images:
  image:
    name: docker:latest
  services:
-    - docker:dind
+    # workaround for TLS issues - consider going back
+    # back to unversioned `dind` when issues are resolved
+    - docker:18-dind
  tags:
    - docker-large
  dependencies:
@@ -396,17 +387,18 @@ debian_9_verify_repo_test:
 ##                                                                     ##
 ##  wait for manual approval before proceeding to next stage           ##
 ##  which pushes to prod repo.                                         ##
-##  ONLY RUNS FOR PRIMARY BRANCHES/REPO and when                       ##
-##  REQUIRE_APPROVAL is set to true.                                   ##
+##  ONLY RUNS FOR PRIMARY BRANCHES/REPO                                ##
 ##                                                                     ##
 #########################################################################
 wait_before_push_prod:
  stage: wait_approval_prod
  image:
    name: alpine:latest
-  <<: *only_primary_manual
+  <<: *only_primary
  script:
    - echo "proceeding to next stage"
+  when: manual
+  allow_failure: false

 #########################################################################
 ##                                                                     ##
--- a/Builds/containers/gitlab-ci/push_to_artifactory.sh
+++ b/Builds/containers/gitlab-ci/push_to_artifactory.sh
@@ -31,10 +31,10 @@ for deb in ${RIPPLED_PKG} ${RIPPLED_DEV_PKG} ${RIPPLED_DBG_PKG} ; do
    echo "\"${deb}\"": | tee -a "${TOPDIR}/files.info"
    ca="${CURLARGS}"
    if [ "${action}" = "PUT" ] ; then
-        url="https://${ARTIFACTORY_HOST}/artifactory/${DEB_REPO}/pool/${deb}${DEB_MATRIX}"
+        url="https://${ARTIFACTORY_HOST}/artifactory/${DEB_REPO}/pool/${COMPONENT}/${deb}${DEB_MATRIX}"
        ca="${ca} -T${deb}"
    elif [ "${action}" = "GET" ] ; then
-        url="https://${ARTIFACTORY_HOST}/artifactory/api/storage/${DEB_REPO}/pool/${deb}"
+        url="https://${ARTIFACTORY_HOST}/artifactory/api/storage/${DEB_REPO}/pool/${COMPONENT}/${deb}"
    fi
    echo "file info request url --> ${url}"
    eval "curl ${ca} \"${url}\"" | jq -M "${filter}" | tee -a "${TOPDIR}/files.info"
--- a/Builds/containers/gitlab-ci/tag_docker_image.sh
+++ b/Builds/containers/gitlab-ci/tag_docker_image.sh
@@ -6,12 +6,15 @@ docker login -u rippled \
 source build/rpm/packages/build_vars
 docker pull "${ARTIFACTORY_HUB}/${RPM_CONTAINER_NAME}:${CI_COMMIT_SHA}"
 docker pull "${ARTIFACTORY_HUB}/${DPKG_CONTAINER_NAME}:${CI_COMMIT_SHA}"
-docker tag \
-    "${ARTIFACTORY_HUB}/${RPM_CONTAINER_NAME}:${CI_COMMIT_SHA}" \
-    "${ARTIFACTORY_HUB}/${RPM_CONTAINER_NAME}:${rippled_version}_${CI_COMMIT_REF_SLUG}"
-docker tag \
-    "${ARTIFACTORY_HUB}/${DPKG_CONTAINER_NAME}:${CI_COMMIT_SHA}" \
-    "${ARTIFACTORY_HUB}/${DPKG_CONTAINER_NAME}:${rippled_version}_${CI_COMMIT_REF_SLUG}"
-docker push "${ARTIFACTORY_HUB}/${RPM_CONTAINER_NAME}"
-docker push "${ARTIFACTORY_HUB}/${DPKG_CONTAINER_NAME}"
+# tag/push two labels...one using the current rippled version and one just using "latest"
+for label in ${rippled_version} latest ; do
+    docker tag \
+        "${ARTIFACTORY_HUB}/${RPM_CONTAINER_NAME}:${CI_COMMIT_SHA}" \
+        "${ARTIFACTORY_HUB}/${RPM_CONTAINER_NAME}:${label}_${CI_COMMIT_REF_SLUG}"
+    docker tag \
+        "${ARTIFACTORY_HUB}/${DPKG_CONTAINER_NAME}:${CI_COMMIT_SHA}" \
+        "${ARTIFACTORY_HUB}/${DPKG_CONTAINER_NAME}:${label}_${CI_COMMIT_REF_SLUG}"
+    docker push "${ARTIFACTORY_HUB}/${RPM_CONTAINER_NAME}"
+    docker push "${ARTIFACTORY_HUB}/${DPKG_CONTAINER_NAME}"
+done