[docker] publish to docker.io/diem/ in release/master

femialex · Jan 26, 2021 · a80f51a · a80f51a
1 parent 6aee189
commit a80f51a
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 13 deletions.
diff --git a/.github/actions/dockerhub_login/action.yml b/.github/actions/dockerhub_login/action.yml
@@ -21,7 +21,7 @@ runs:
   steps:
     - run: |
         echo "$DOCKERHUB_PASSWORD" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin
-        if [ -n ${DOCKERHUB_KEY_MATERIAL} ] && [ -n ${DOCKERHUB_KEY_NAME} ] && [ -n DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE ]; then
+        if [ -n ${DOCKERHUB_KEY_MATERIAL} ] && [ -n ${DOCKERHUB_KEY_NAME} ] && [ -n ${DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE} ]; then
           mkdir -p ~/.docker/trust/private/
           echo ${DOCKERHUB_KEY_MATERIAL} | base64 -d > ~/.docker/trust/private/${DOCKERHUB_KEY_NAME}.key
           chmod 600 ~/.docker/trust/private/${DOCKERHUB_KEY_NAME}.key

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -77,6 +77,14 @@ jobs:
           exit $success
         env:
           DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKERHUB_KEY_PASSWORD }}
+      - name: Republish to diem.
+        if: ${{ always() && github.ref != 'refs/heads/auto' }}
+        run: |
+          GIT_REV=$(git rev-parse --short=8 HEAD)
+          BRANCH=$(echo "$GITHUB_REF" | sed 's|.*/||' )
+          docker/docker_republish.sh -t ${BRANCH}_${GIT_REV}
+        env:
+          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKERHUB_KEY_PASSWORD }}
       - name: docker image pruning.
         if: ${{ github.ref != 'refs/heads/auto' }}
         run: |
@@ -89,4 +97,4 @@ jobs:
           GIT_REV=$(git rev-parse --short=8 HEAD)
           aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | \
           docker login --username AWS --password-stdin "${AWS_ECR_ACCOUNT_URL}"
-          docker/dockerhub_to_novi_ecr.sh -t ${BRANCH}_${GIT_REV} -r ${AWS_ECR_ACCOUNT_URL}
+          docker/docker_republish.sh -t ${BRANCH}_${GIT_REV} -r ${AWS_ECR_ACCOUNT_URL} -d
diff --git a/docker/dockerhub_to_novi_ecr.sh → docker/docker_republish.sh b/docker/dockerhub_to_novi_ecr.sh → docker/docker_republish.sh
@@ -10,20 +10,22 @@
 
 function usage {
   echo "Usage:"
-  echo "Copies a diem dockerhub image to aws ecr"
-  echo "dockerhub_to_ecr.sh -t <dockerhub_tag> [ -r <REPO> ]"
+  echo "Copies a diem dockerhub image to another docker location (server / repo / tag )"
+  echo "docker_republish.sh -t <dockerhub_tag> [ -r <REPO> ]"
   echo "-t the tag that exists in hub.docker.com."
   echo "-o override tag that should be pushed to target repo."
   echo "-r target repo of image push"
+  echo "-d disable signing for target repository (ecr requires this)"
   echo "-h this message"
 }
 
 DOCKERHUB_TAG=;
 OUTPUT_TAG=;
 TARGET_REPO=docker.io
+DISABLE_TRUST=false
 
 #parse args
-while getopts "t:o:r:h" arg; do
+while getopts "t:o:r:dh" arg; do
   case $arg in
     t)
       DOCKERHUB_TAG=$OPTARG
@@ -34,6 +36,9 @@ while getopts "t:o:r:h" arg; do
     r)
       TARGET_REPO=$OPTARG
       ;;
+    d)
+      DISABLE_TRUST=true
+      ;;
     *)
       usage;
       exit 0;
@@ -58,7 +63,9 @@ docker pull --disable-content-trust=false docker.io/libra/validator_tcb:"$DOCKER
 docker pull --disable-content-trust=false docker.io/libra/cluster_test:"$DOCKERHUB_TAG"
 docker pull --disable-content-trust=false docker.io/libra/client:"$DOCKERHUB_TAG"
 
-export DOCKER_CONTENT_TRUST=0
+if [[ $DISABLE_TRUST == "true" ]]; then
+  export DOCKER_CONTENT_TRUST=0
+fi
 
 #Push the proper locations to novi ecr.
 docker tag libra/init:"$DOCKERHUB_TAG" "$TARGET_REPO"/diem/init:"$OUTPUT_TAG"
@@ -69,12 +76,12 @@ docker tag libra/validator_tcb:"$DOCKERHUB_TAG" "$TARGET_REPO"/diem/validator_tc
 docker tag libra/cluster_test:"$DOCKERHUB_TAG" "$TARGET_REPO"/diem/cluster_test:"$OUTPUT_TAG"
 docker tag libra/client:"$DOCKERHUB_TAG" "$TARGET_REPO"/diem/client:"$OUTPUT_TAG"
 
-docker push --disable-content-trust=true "$TARGET_REPO"/diem/init:"$OUTPUT_TAG"
-docker push --disable-content-trust=true "$TARGET_REPO"/diem/faucet:"$OUTPUT_TAG"
-docker push --disable-content-trust=true "$TARGET_REPO"/diem/tools:"$OUTPUT_TAG"
-docker push --disable-content-trust=true "$TARGET_REPO"/diem/validator:"$OUTPUT_TAG"
-docker push --disable-content-trust=true "$TARGET_REPO"/diem/validator_tcb:"$OUTPUT_TAG"
-docker push --disable-content-trust=true "$TARGET_REPO"/diem/cluster_test:"$OUTPUT_TAG"
-docker push --disable-content-trust=true "$TARGET_REPO"/diem/client:"$OUTPUT_TAG"
+docker push --disable-content-trust="$DISABLE_TRUST" "$TARGET_REPO"/diem/init:"$OUTPUT_TAG"
+docker push --disable-content-trust="$DISABLE_TRUST" "$TARGET_REPO"/diem/faucet:"$OUTPUT_TAG"
+docker push --disable-content-trust="$DISABLE_TRUST" "$TARGET_REPO"/diem/tools:"$OUTPUT_TAG"
+docker push --disable-content-trust="$DISABLE_TRUST" "$TARGET_REPO"/diem/validator:"$OUTPUT_TAG"
+docker push --disable-content-trust="$DISABLE_TRUST" "$TARGET_REPO"/diem/validator_tcb:"$OUTPUT_TAG"
+docker push --disable-content-trust="$DISABLE_TRUST" "$TARGET_REPO"/diem/cluster_test:"$OUTPUT_TAG"
+docker push --disable-content-trust="$DISABLE_TRUST" "$TARGET_REPO"/diem/client:"$OUTPUT_TAG"
 
 set +x