From 25ae5c497a2328d301916384923a15a54a49cada Mon Sep 17 00:00:00 2001 From: Jon Azpiazu Date: Tue, 9 Nov 2021 10:22:32 +0100 Subject: [PATCH 01/12] Add initial script to add the retention labels to existing image --- scripts/enforce_labels.bash | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 scripts/enforce_labels.bash diff --git a/scripts/enforce_labels.bash b/scripts/enforce_labels.bash new file mode 100644 index 0000000..056296b --- /dev/null +++ b/scripts/enforce_labels.bash @@ -0,0 +1,23 @@ +#!/bin/bash + +image_name="$1" + +declare -A enforced_labels=( ["com.jfrog.artifactory.retention.maxCount"]="10" ["com.jfrog.artifactory.retention.maxDays"]="7") + +if ! docker inspect --type=image $1 > /dev/null ; then + echo "Error: image does not exist" + exit 0 +fi + +for label in "${!enforced_labels[@]}" ; do + if ! docker inspect -f "{{json .Config.Labels }}" $image_name | jq -e '.['\"$label\"']' ; then + echo "Key not found" + echo "$label = ${enforced_labels[$label]}" + label_args+=" --label $label=\"${enforced_labels[$label]}\"" + fi +done + +if [ -v label_args ]; then + run_command="echo \"FROM $image_name\" | docker build $label_args -t $image_name -" + eval "$run_command" +fi -- GitLab From 2c21e985f8adc8096866742e7e60290edca2a9c7 Mon Sep 17 00:00:00 2001 From: Jon Azpiazu Date: Tue, 9 Nov 2021 10:37:35 +0100 Subject: [PATCH 02/12] Minor style fixes to script --- scripts/enforce_labels.bash | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/scripts/enforce_labels.bash b/scripts/enforce_labels.bash index 056296b..26f8dbd 100644 --- a/scripts/enforce_labels.bash +++ b/scripts/enforce_labels.bash @@ -1,16 +1,21 @@ #!/bin/bash +if [ "$#" -ne 1 ]; then + echo "Usage: $0 IMAGE_NAME" + exit 1 +fi + image_name="$1" declare -A enforced_labels=( ["com.jfrog.artifactory.retention.maxCount"]="10" ["com.jfrog.artifactory.retention.maxDays"]="7") -if ! docker inspect --type=image $1 > /dev/null ; then +if ! docker inspect --type=image "$1" > /dev/null ; then echo "Error: image does not exist" exit 0 fi for label in "${!enforced_labels[@]}" ; do - if ! docker inspect -f "{{json .Config.Labels }}" $image_name | jq -e '.['\"$label\"']' ; then + if ! docker inspect -f "{{json .Config.Labels }}" "$image_name" | jq -e '.['\"$label\"']' ; then echo "Key not found" echo "$label = ${enforced_labels[$label]}" label_args+=" --label $label=\"${enforced_labels[$label]}\"" @@ -19,5 +24,5 @@ done if [ -v label_args ]; then run_command="echo \"FROM $image_name\" | docker build $label_args -t $image_name -" - eval "$run_command" + echo "$run_command" fi -- GitLab From 4c1a078485ba04d2c9d09e13283eef3dceef7be3 Mon Sep 17 00:00:00 2001 From: Jon Azpiazu Date: Tue, 9 Nov 2021 12:23:10 +0100 Subject: [PATCH 03/12] Skip debug mode and reduce verbosity --- scripts/enforce_labels.bash | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/enforce_labels.bash b/scripts/enforce_labels.bash index 26f8dbd..b888a45 100644 --- a/scripts/enforce_labels.bash +++ b/scripts/enforce_labels.bash @@ -15,7 +15,7 @@ if ! docker inspect --type=image "$1" > /dev/null ; then fi for label in "${!enforced_labels[@]}" ; do - if ! docker inspect -f "{{json .Config.Labels }}" "$image_name" | jq -e '.['\"$label\"']' ; then + if ! docker inspect -f "{{json .Config.Labels }}" "$image_name" | jq -e '.['\"$label\"']' > /dev/null ; then echo "Key not found" echo "$label = ${enforced_labels[$label]}" label_args+=" --label $label=\"${enforced_labels[$label]}\"" @@ -24,5 +24,5 @@ done if [ -v label_args ]; then run_command="echo \"FROM $image_name\" | docker build $label_args -t $image_name -" - echo "$run_command" + eval "$run_command" fi -- GitLab From 5ffba0f4e04401a3ed4d898d6e71ca37068a28f4 Mon Sep 17 00:00:00 2001 From: Jon Azpiazu Date: Tue, 9 Nov 2021 12:32:36 +0100 Subject: [PATCH 04/12] Fix shellcheck complains --- scripts/enforce_labels.bash | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/enforce_labels.bash b/scripts/enforce_labels.bash index b888a45..8f6f195 100644 --- a/scripts/enforce_labels.bash +++ b/scripts/enforce_labels.bash @@ -9,20 +9,20 @@ image_name="$1" declare -A enforced_labels=( ["com.jfrog.artifactory.retention.maxCount"]="10" ["com.jfrog.artifactory.retention.maxDays"]="7") -if ! docker inspect --type=image "$1" > /dev/null ; then +if ! docker inspect --type=image "$1" > /dev/null ; then echo "Error: image does not exist" exit 0 fi -for label in "${!enforced_labels[@]}" ; do - if ! docker inspect -f "{{json .Config.Labels }}" "$image_name" | jq -e '.['\"$label\"']' > /dev/null ; then - echo "Key not found" +for label in "${!enforced_labels[@]}" ; do + if ! docker inspect -f "{{json .Config.Labels }}" "$image_name" | jq -e '.['\""$label"\"']' > /dev/null ; then + echo "Key not found" echo "$label = ${enforced_labels[$label]}" label_args+=" --label $label=\"${enforced_labels[$label]}\"" - fi + fi done -if [ -v label_args ]; then +if [ -n "${label_args+x}" ]; then run_command="echo \"FROM $image_name\" | docker build $label_args -t $image_name -" eval "$run_command" fi -- GitLab From 3518b83b58a4217dc53cfe4f6a6667f1f84309e5 Mon Sep 17 00:00:00 2001 From: Jon Azpiazu Date: Tue, 9 Nov 2021 12:52:48 +0100 Subject: [PATCH 05/12] Add enforce labels to ddeploy job --- ci-templates/industrial-ci-templates.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ci-templates/industrial-ci-templates.yml b/ci-templates/industrial-ci-templates.yml index 4ab2d62..70a1d12 100644 --- a/ci-templates/industrial-ci-templates.yml +++ b/ci-templates/industrial-ci-templates.yml @@ -42,6 +42,7 @@ - ddeploy --yaml ${DDEPLOY_YAML} # Get ID of image created by ddeploy - 'DOCKER_ID=$(docker images --format="{{.ID}}" | head -1)' + - bash <(curl -Ls https://git.code.tecnalia.com/tecnalia_robotics-public/gitlab_templates/-/raw/43-force-ddeploy-options-e-g-image-retention/scripts/enforce_labels.bash) ${DOCKER_ID} # Tag and push with the branch or tag name. - echo "Pushing to ${DOCKER_PUSH_REGISTRY}/${DOCKER_PUSH_NAME}:${DOCKER_PUSH_TAG}" - docker tag ${DOCKER_ID} ${DOCKER_PUSH_REGISTRY}/${DOCKER_PUSH_NAME}:${DOCKER_PUSH_TAG} -- GitLab From 9c5cc8c9dc7154877ae80af6d95d77b71dc48c0f Mon Sep 17 00:00:00 2001 From: Jon Azpiazu Date: Tue, 9 Nov 2021 13:32:08 +0100 Subject: [PATCH 06/12] Add some debugging --- ci-templates/industrial-ci-templates.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci-templates/industrial-ci-templates.yml b/ci-templates/industrial-ci-templates.yml index 70a1d12..c4141f4 100644 --- a/ci-templates/industrial-ci-templates.yml +++ b/ci-templates/industrial-ci-templates.yml @@ -42,7 +42,7 @@ - ddeploy --yaml ${DDEPLOY_YAML} # Get ID of image created by ddeploy - 'DOCKER_ID=$(docker images --format="{{.ID}}" | head -1)' - - bash <(curl -Ls https://git.code.tecnalia.com/tecnalia_robotics-public/gitlab_templates/-/raw/43-force-ddeploy-options-e-g-image-retention/scripts/enforce_labels.bash) ${DOCKER_ID} + - bash -xv <(curl -Ls https://git.code.tecnalia.com/tecnalia_robotics-public/gitlab_templates/-/raw/43-force-ddeploy-options-e-g-image-retention/scripts/enforce_labels.bash) "${DOCKER_ID}" # Tag and push with the branch or tag name. - echo "Pushing to ${DOCKER_PUSH_REGISTRY}/${DOCKER_PUSH_NAME}:${DOCKER_PUSH_TAG}" - docker tag ${DOCKER_ID} ${DOCKER_PUSH_REGISTRY}/${DOCKER_PUSH_NAME}:${DOCKER_PUSH_TAG} -- GitLab From 10cdfb0e84a1953b224312036f7180009909ee04 Mon Sep 17 00:00:00 2001 From: Jon Azpiazu Date: Tue, 9 Nov 2021 14:05:52 +0100 Subject: [PATCH 07/12] Make sure bash is installed, as is needed by the enforce_labels script --- ci-templates/industrial-ci-templates.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci-templates/industrial-ci-templates.yml b/ci-templates/industrial-ci-templates.yml index c4141f4..6423af6 100644 --- a/ci-templates/industrial-ci-templates.yml +++ b/ci-templates/industrial-ci-templates.yml @@ -22,7 +22,7 @@ DOCKER_PUSH_TAG: ${CI_COMMIT_REF_SLUG} DDEPLOY_YAML: ddeploy.yaml before_script: - - apk add --update python3 git py3-pip git-lfs + - apk add --update python3 git py3-pip git-lfs bash # forward the SSH authentication into the Docker executor - "which ssh-agent || ( apk update && apk add openssh-client )" - eval $(ssh-agent -s) -- GitLab From 19433cc2ca67da78d7e575799f45a594739cfb07 Mon Sep 17 00:00:00 2001 From: Jon Azpiazu Date: Tue, 9 Nov 2021 14:31:56 +0100 Subject: [PATCH 08/12] Redo calling remote script to avoid sh problems --- ci-templates/industrial-ci-templates.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci-templates/industrial-ci-templates.yml b/ci-templates/industrial-ci-templates.yml index 6423af6..4e54919 100644 --- a/ci-templates/industrial-ci-templates.yml +++ b/ci-templates/industrial-ci-templates.yml @@ -42,7 +42,7 @@ - ddeploy --yaml ${DDEPLOY_YAML} # Get ID of image created by ddeploy - 'DOCKER_ID=$(docker images --format="{{.ID}}" | head -1)' - - bash -xv <(curl -Ls https://git.code.tecnalia.com/tecnalia_robotics-public/gitlab_templates/-/raw/43-force-ddeploy-options-e-g-image-retention/scripts/enforce_labels.bash) "${DOCKER_ID}" + - curl -Ls https://git.code.tecnalia.com/tecnalia_robotics-public/gitlab_templates/-/raw/43-force-ddeploy-options-e-g-image-retention/scripts/enforce_labels.bash | bash -s -- ${DOCKER_ID} # Tag and push with the branch or tag name. - echo "Pushing to ${DOCKER_PUSH_REGISTRY}/${DOCKER_PUSH_NAME}:${DOCKER_PUSH_TAG}" - docker tag ${DOCKER_ID} ${DOCKER_PUSH_REGISTRY}/${DOCKER_PUSH_NAME}:${DOCKER_PUSH_TAG} -- GitLab From 11498a78b7757bec9af73c80b9cae4ccd74ac0df Mon Sep 17 00:00:00 2001 From: Jon Azpiazu Date: Tue, 9 Nov 2021 15:18:09 +0100 Subject: [PATCH 09/12] Fix requirements --- ci-templates/industrial-ci-templates.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci-templates/industrial-ci-templates.yml b/ci-templates/industrial-ci-templates.yml index 4e54919..b59a8ef 100644 --- a/ci-templates/industrial-ci-templates.yml +++ b/ci-templates/industrial-ci-templates.yml @@ -22,7 +22,7 @@ DOCKER_PUSH_TAG: ${CI_COMMIT_REF_SLUG} DDEPLOY_YAML: ddeploy.yaml before_script: - - apk add --update python3 git py3-pip git-lfs bash + - apk add --update python3 git py3-pip git-lfs bash curl # forward the SSH authentication into the Docker executor - "which ssh-agent || ( apk update && apk add openssh-client )" - eval $(ssh-agent -s) -- GitLab From bb00a01f3264e34f03664382afe3a903ef1ab32e Mon Sep 17 00:00:00 2001 From: Jon Azpiazu Date: Thu, 11 Nov 2021 11:09:38 +0100 Subject: [PATCH 10/12] Add missing dependency --- ci-templates/industrial-ci-templates.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci-templates/industrial-ci-templates.yml b/ci-templates/industrial-ci-templates.yml index b59a8ef..e164a99 100644 --- a/ci-templates/industrial-ci-templates.yml +++ b/ci-templates/industrial-ci-templates.yml @@ -22,7 +22,7 @@ DOCKER_PUSH_TAG: ${CI_COMMIT_REF_SLUG} DDEPLOY_YAML: ddeploy.yaml before_script: - - apk add --update python3 git py3-pip git-lfs bash curl + - apk add --update python3 git py3-pip git-lfs bash curl jq # forward the SSH authentication into the Docker executor - "which ssh-agent || ( apk update && apk add openssh-client )" - eval $(ssh-agent -s) -- GitLab From 58a0bce5c986eb8a1cc5041894fc8c0a269f6b4d Mon Sep 17 00:00:00 2001 From: Jon Azpiazu Date: Tue, 23 Nov 2021 09:46:11 +0100 Subject: [PATCH 11/12] Add comments to script --- scripts/enforce_labels.bash | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/scripts/enforce_labels.bash b/scripts/enforce_labels.bash index 8f6f195..f0ab26d 100644 --- a/scripts/enforce_labels.bash +++ b/scripts/enforce_labels.bash @@ -1,4 +1,7 @@ #!/bin/bash +# From a given list of labels, check which of them are already defined in the provided docker image; if any of the labels +# is not defined, a new image with the same name is generated with the label(s) added. +# Labels already defined are not modified. if [ "$#" -ne 1 ]; then echo "Usage: $0 IMAGE_NAME" @@ -7,6 +10,7 @@ fi image_name="$1" +# list of labels to be enforced declare -A enforced_labels=( ["com.jfrog.artifactory.retention.maxCount"]="10" ["com.jfrog.artifactory.retention.maxDays"]="7") if ! docker inspect --type=image "$1" > /dev/null ; then @@ -14,14 +18,17 @@ if ! docker inspect --type=image "$1" > /dev/null ; then exit 0 fi +# check if every label is defined for label in "${!enforced_labels[@]}" ; do if ! docker inspect -f "{{json .Config.Labels }}" "$image_name" | jq -e '.['\""$label"\"']' > /dev/null ; then echo "Key not found" echo "$label = ${enforced_labels[$label]}" + # add missing label to the arguments to be provided to `docker build` label_args+=" --label $label=\"${enforced_labels[$label]}\"" fi done +# generate new image if [ -n "${label_args+x}" ]; then run_command="echo \"FROM $image_name\" | docker build $label_args -t $image_name -" eval "$run_command" -- GitLab From d3a1ed9531cdcffc9254a8a976e24f66b4fb56ad Mon Sep 17 00:00:00 2001 From: Jon Azpiazu Date: Tue, 23 Nov 2021 09:48:34 +0100 Subject: [PATCH 12/12] Fix branch name before merging --- ci-templates/industrial-ci-templates.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci-templates/industrial-ci-templates.yml b/ci-templates/industrial-ci-templates.yml index e164a99..a8ef12a 100644 --- a/ci-templates/industrial-ci-templates.yml +++ b/ci-templates/industrial-ci-templates.yml @@ -42,7 +42,7 @@ - ddeploy --yaml ${DDEPLOY_YAML} # Get ID of image created by ddeploy - 'DOCKER_ID=$(docker images --format="{{.ID}}" | head -1)' - - curl -Ls https://git.code.tecnalia.com/tecnalia_robotics-public/gitlab_templates/-/raw/43-force-ddeploy-options-e-g-image-retention/scripts/enforce_labels.bash | bash -s -- ${DOCKER_ID} + - curl -Ls https://git.code.tecnalia.com/tecnalia_robotics-public/gitlab_templates/raw/master/scripts/enforce_labels.bash | bash -s -- ${DOCKER_ID} # Tag and push with the branch or tag name. - echo "Pushing to ${DOCKER_PUSH_REGISTRY}/${DOCKER_PUSH_NAME}:${DOCKER_PUSH_TAG}" - docker tag ${DOCKER_ID} ${DOCKER_PUSH_REGISTRY}/${DOCKER_PUSH_NAME}:${DOCKER_PUSH_TAG} -- GitLab