From a3060516c6ffedb2ca6e4e129bd40a26068f1371 Mon Sep 17 00:00:00 2001
From: Mike Ellery <mellery451@gmail.com>
Date: Mon, 15 Jul 2019 12:10:42 -0700
Subject: [PATCH] Improve package build pipeline:

- Add docker container tags for "latest_BRANCH"
- Prevent different branches from overwriting deb repo artifacts
- Manual approval always required before pushing to prod
---
 Builds/containers/gitlab-ci/pkgbuild.yml      | 28 +++++++------------
 .../gitlab-ci/push_to_artifactory.sh          |  4 +--
 .../containers/gitlab-ci/tag_docker_image.sh  | 19 +++++++------
 3 files changed, 23 insertions(+), 28 deletions(-)

diff --git a/Builds/containers/gitlab-ci/pkgbuild.yml b/Builds/containers/gitlab-ci/pkgbuild.yml
index c3b5ddc7a..66e1b206c 100644
--- a/Builds/containers/gitlab-ci/pkgbuild.yml
+++ b/Builds/containers/gitlab-ci/pkgbuild.yml
@@ -17,9 +17,6 @@ variables:
   # also need to define this variable ONLY for the primary
   # build/publish pipeline on the mainline repo:
   #   IS_PRIMARY_REPO = "true"
-  # and if you want to pause for manual approval before
-  # pushing to pkg repos:
-  #   REQUIRE_APPROVAL = "true"
 
 stages:
   - build_containers
@@ -42,7 +39,9 @@ stages:
   image:
     name: docker:latest
   services:
-    - docker:dind
+    # workaround for TLS issues - consider going back
+    # back to unversioned `dind` when issues are resolved
+    - docker:18-dind
   tags:
     - docker-4xlarge
 
@@ -53,16 +52,6 @@ stages:
     variables:
       - $IS_PRIMARY_REPO == "true"
 
-.only_primary_manual_template: &only_primary_manual
-  only:
-    refs:
-      - /^(master|release|develop)$/
-    variables:
-      - $IS_PRIMARY_REPO == "true"
-      - $REQUIRE_APPROVAL == "true"
-  when: manual
-  allow_failure: false
-
 .smoketest_local_template: &run_local_smoketest
   tags:
     - xlarge
@@ -253,7 +242,9 @@ tag_bld_images:
   image:
     name: docker:latest
   services:
-    - docker:dind
+    # workaround for TLS issues - consider going back
+    # back to unversioned `dind` when issues are resolved
+    - docker:18-dind
   tags:
     - docker-large
   dependencies:
@@ -396,17 +387,18 @@ debian_9_verify_repo_test:
 ##                                                                     ##
 ##  wait for manual approval before proceeding to next stage           ##
 ##  which pushes to prod repo.                                         ##
-##  ONLY RUNS FOR PRIMARY BRANCHES/REPO and when                       ##
-##  REQUIRE_APPROVAL is set to true.                                   ##
+##  ONLY RUNS FOR PRIMARY BRANCHES/REPO                                ##
 ##                                                                     ##
 #########################################################################
 wait_before_push_prod:
   stage: wait_approval_prod
   image:
     name: alpine:latest
-  <<: *only_primary_manual
+  <<: *only_primary
   script:
     - echo "proceeding to next stage"
+  when: manual
+  allow_failure: false
 
 #########################################################################
 ##                                                                     ##
diff --git a/Builds/containers/gitlab-ci/push_to_artifactory.sh b/Builds/containers/gitlab-ci/push_to_artifactory.sh
index 43efb668d..a52227cbe 100644
--- a/Builds/containers/gitlab-ci/push_to_artifactory.sh
+++ b/Builds/containers/gitlab-ci/push_to_artifactory.sh
@@ -31,10 +31,10 @@ for deb in ${RIPPLED_PKG} ${RIPPLED_DEV_PKG} ${RIPPLED_DBG_PKG} ; do
     echo "\"${deb}\"": | tee -a "${TOPDIR}/files.info"
     ca="${CURLARGS}"
     if [ "${action}" = "PUT" ] ; then
-        url="https://${ARTIFACTORY_HOST}/artifactory/${DEB_REPO}/pool/${deb}${DEB_MATRIX}"
+        url="https://${ARTIFACTORY_HOST}/artifactory/${DEB_REPO}/pool/${COMPONENT}/${deb}${DEB_MATRIX}"
         ca="${ca} -T${deb}"
     elif [ "${action}" = "GET" ] ; then
-        url="https://${ARTIFACTORY_HOST}/artifactory/api/storage/${DEB_REPO}/pool/${deb}"
+        url="https://${ARTIFACTORY_HOST}/artifactory/api/storage/${DEB_REPO}/pool/${COMPONENT}/${deb}"
     fi
     echo "file info request url --> ${url}"
     eval "curl ${ca} \"${url}\"" | jq -M "${filter}" | tee -a "${TOPDIR}/files.info"
diff --git a/Builds/containers/gitlab-ci/tag_docker_image.sh b/Builds/containers/gitlab-ci/tag_docker_image.sh
index ea072dab1..52a811a73 100644
--- a/Builds/containers/gitlab-ci/tag_docker_image.sh
+++ b/Builds/containers/gitlab-ci/tag_docker_image.sh
@@ -6,12 +6,15 @@ docker login -u rippled \
 source build/rpm/packages/build_vars
 docker pull "${ARTIFACTORY_HUB}/${RPM_CONTAINER_NAME}:${CI_COMMIT_SHA}"
 docker pull "${ARTIFACTORY_HUB}/${DPKG_CONTAINER_NAME}:${CI_COMMIT_SHA}"
-docker tag \
-    "${ARTIFACTORY_HUB}/${RPM_CONTAINER_NAME}:${CI_COMMIT_SHA}" \
-    "${ARTIFACTORY_HUB}/${RPM_CONTAINER_NAME}:${rippled_version}_${CI_COMMIT_REF_SLUG}"
-docker tag \
-    "${ARTIFACTORY_HUB}/${DPKG_CONTAINER_NAME}:${CI_COMMIT_SHA}" \
-    "${ARTIFACTORY_HUB}/${DPKG_CONTAINER_NAME}:${rippled_version}_${CI_COMMIT_REF_SLUG}"
-docker push "${ARTIFACTORY_HUB}/${RPM_CONTAINER_NAME}"
-docker push "${ARTIFACTORY_HUB}/${DPKG_CONTAINER_NAME}"
+# tag/push two labels...one using the current rippled version and one just using "latest"
+for label in ${rippled_version} latest ; do
+    docker tag \
+        "${ARTIFACTORY_HUB}/${RPM_CONTAINER_NAME}:${CI_COMMIT_SHA}" \
+        "${ARTIFACTORY_HUB}/${RPM_CONTAINER_NAME}:${label}_${CI_COMMIT_REF_SLUG}"
+    docker tag \
+        "${ARTIFACTORY_HUB}/${DPKG_CONTAINER_NAME}:${CI_COMMIT_SHA}" \
+        "${ARTIFACTORY_HUB}/${DPKG_CONTAINER_NAME}:${label}_${CI_COMMIT_REF_SLUG}"
+    docker push "${ARTIFACTORY_HUB}/${RPM_CONTAINER_NAME}"
+    docker push "${ARTIFACTORY_HUB}/${DPKG_CONTAINER_NAME}"
+done