--- kind: pipeline type: kubernetes name: update-docs-webhook trigger: event: include: - push exclude: - pull_request branch: include: - master - branch/* repo: include: - gravitational/teleport clone: disable: true steps: - name: Trigger docs deployment image: plugins/webhook settings: urls: from_secret: DOCS_DEPLOY_HOOK --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/push.go (main.pushPipeline) ################################################ kind: pipeline type: kubernetes name: push-build-linux-amd64 environment: BUILDBOX_VERSION: teleport13 GID: "1000" RUNTIME: go1.20.3 UID: "1000" trigger: event: include: - push exclude: - pull_request repo: include: - gravitational/* branch: include: - master - branch/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "${DRONE_COMMIT_SHA}" - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - mkdir -pv /go/cache - rm -f /root/.ssh/id_rsa environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Build artifacts image: docker pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - make -C build.assets release-amd64-centos7 - make -C build.assets teleterm environment: ARCH: amd64 GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Send Slack notification image: plugins/slack settings: webhook: from_secret: SLACK_WEBHOOK_DEV_TELEPORT template: - | *{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`) `${DRONE_STAGE_NAME}` artifact build failed. *Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately. Commit: Branch: Author: <{{ build.link }}|Visit Drone build page ↗> when: status: - failure services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/push.go (main.pushPipeline) ################################################ kind: pipeline type: kubernetes name: push-build-linux-386 environment: BUILDBOX_VERSION: teleport13 GID: "1000" RUNTIME: go1.20.3 UID: "1000" trigger: event: include: - push exclude: - pull_request repo: include: - gravitational/* branch: include: - master - branch/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "${DRONE_COMMIT_SHA}" - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - mkdir -pv /go/cache - rm -f /root/.ssh/id_rsa environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Build artifacts image: docker pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - make -C build.assets release-386 environment: ARCH: "386" GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Send Slack notification image: plugins/slack settings: webhook: from_secret: SLACK_WEBHOOK_DEV_TELEPORT template: - | *{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`) `${DRONE_STAGE_NAME}` artifact build failed. *Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately. Commit: Branch: Author: <{{ build.link }}|Visit Drone build page ↗> when: status: - failure services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/push.go (main.pushPipeline) ################################################ kind: pipeline type: kubernetes name: push-build-linux-amd64-fips environment: BUILDBOX_VERSION: teleport13 GID: "1000" RUNTIME: go1.20.3 UID: "1000" trigger: event: include: - push exclude: - pull_request repo: include: - gravitational/* branch: include: - master - branch/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "${DRONE_COMMIT_SHA}" - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - mkdir -pv /go/cache - rm -f /root/.ssh/id_rsa - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Build artifacts image: docker pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - make -C build.assets release-amd64-centos7-fips environment: ARCH: amd64 FIPS: "yes" GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Send Slack notification image: plugins/slack settings: webhook: from_secret: SLACK_WEBHOOK_DEV_TELEPORT template: - | *{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`) `${DRONE_STAGE_NAME}` artifact build failed. *Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately. Commit: Branch: Author: <{{ build.link }}|Visit Drone build page ↗> when: status: - failure services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/push.go (main.pushPipeline) ################################################ kind: pipeline type: kubernetes name: push-build-windows-amd64 environment: BUILDBOX_VERSION: teleport13 GID: "1000" RUNTIME: go1.20.3 UID: "1000" trigger: event: include: - push exclude: - pull_request repo: include: - gravitational/* branch: include: - master - branch/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "${DRONE_COMMIT_SHA}" - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - mkdir -pv /go/cache - rm -f /root/.ssh/id_rsa environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Build artifacts image: docker pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - make -C build.assets release-windows-unsigned environment: ARCH: amd64 GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: windows UID: "1000" volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Send Slack notification image: plugins/slack settings: webhook: from_secret: SLACK_WEBHOOK_DEV_TELEPORT template: - | *{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`) `${DRONE_STAGE_NAME}` artifact build failed. *Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately. Commit: Branch: Author: <{{ build.link }}|Visit Drone build page ↗> when: status: - failure services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/mac.go (main.newDarwinPipeline) ################################################ kind: pipeline type: exec name: push-build-darwin-amd64 trigger: event: include: - push exclude: - pull_request repo: include: - gravitational/* branch: include: - master - branch/* workspace: path: /tmp/push-build-darwin-amd64 platform: os: darwin arch: amd64 clone: disable: true concurrency: limit: 1 steps: - name: Set up exec runner storage commands: - set -u - mkdir -p $WORKSPACE_DIR - chmod -R u+rw $WORKSPACE_DIR - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh environment: WORKSPACE_DIR: /tmp/push-build-darwin-amd64 - name: Check out code commands: - set -u - mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa && chmod 600 $WORKSPACE_DIR/.ssh/id_rsa - ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null - chmod 600 $WORKSPACE_DIR/.ssh/known_hosts - GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts -F /dev/null' git submodule update --init e - rm -rf $WORKSPACE_DIR/.ssh - mkdir -p $WORKSPACE_DIR/go/cache environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY WORKSPACE_DIR: /tmp/push-build-darwin-amd64 - name: Install Go Toolchain commands: - set -u - mkdir -p /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains - curl --silent -O https://dl.google.com/go/$RUNTIME.darwin-amd64.tar.gz - tar -C /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains -xzf $RUNTIME.darwin-amd64.tar.gz - rm -rf $RUNTIME.darwin-amd64.tar.gz environment: RUNTIME: go1.20.3 - name: Install Rust Toolchain commands: - set -u - export PATH=/Users/$(whoami)/.cargo/bin:$PATH - mkdir -p /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains - export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets print-rust-version) - export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo - export RUST_HOME=$CARGO_HOME - export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup - rustup toolchain install $RUST_VERSION environment: WORKSPACE_DIR: /tmp/push-build-darwin-amd64 - name: Install Node Toolchain commands: - set -u - export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets print-node-version) - export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains - export NODE_DIR=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64 - mkdir -p $TOOLCHAIN_DIR - curl --silent -O https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-darwin-x64.tar.gz - tar -C $TOOLCHAIN_DIR -xzf node-v$NODE_VERSION-darwin-x64.tar.gz - rm -f node-v$NODE_VERSION-darwin-x64.tar.gz - export PATH=$NODE_DIR/bin:$PATH - corepack enable yarn - echo Node reporting version $(node --version) - echo Yarn reporting version $(yarn --version) environment: WORKSPACE_DIR: /tmp/push-build-darwin-amd64 - name: Build Mac artifacts (binaries and Teleport Connect) commands: - set -u - export HOME=/Users/$(whoami) - export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains - export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets print-node-version) - export NODE_HOME=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64 - export PATH=$NODE_HOME/bin:$PATH - export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets print-rust-version) - export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo - export RUST_HOME=$CARGO_HOME - export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup - export PATH=$CARGO_HOME/bin:/Users/build/.cargo/bin:$PATH - rustup override set $RUST_VERSION - export PATH=$TOOLCHAIN_DIR/go/bin:$PATH - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - build.assets/build-fido2-macos.sh build - export PKG_CONFIG_PATH="$(build.assets/build-fido2-macos.sh pkg_config_path)" - make clean release OS=$OS ARCH=$ARCH FIDO2=yes TOUCHID=yes PIV=yes - export VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport print-version) - export BUILD_NUMBER=$DRONE_BUILD_NUMBER - security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain - security find-identity -v - export CSC_NAME=0FFD3E3413AB4C599C53FBB1D8CA690915E33D83 - export CONNECT_TSH_BIN_PATH=$WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build/tsh - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - yarn install && yarn build-term && yarn package-term -c.extraMetadata.version=$VERSION environment: APPLE_PASSWORD: from_secret: APPLE_PASSWORD APPLE_USERNAME: from_secret: APPLE_USERNAME ARCH: amd64 BUILDBOX_PASSWORD: from_secret: BUILDBOX_PASSWORD GOCACHE: /tmp/push-build-darwin-amd64/go/cache GOPATH: /tmp/push-build-darwin-amd64/go OS: darwin WORKSPACE_DIR: /tmp/push-build-darwin-amd64 - name: Clean up toolchains (post) commands: - set -u - export PATH=/Users/$(whoami)/.cargo/bin:$PATH - export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo - export RUST_HOME=$CARGO_HOME - export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup - export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets print-rust-version) - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - rustup override unset - rustup toolchain uninstall $RUST_VERSION - rm -rf /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED environment: WORKSPACE_DIR: /tmp/push-build-darwin-amd64 when: status: - success - failure - name: Clean up exec runner storage (post) commands: - set -u - chmod -R u+rw $WORKSPACE_DIR - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh environment: WORKSPACE_DIR: /tmp/push-build-darwin-amd64 - name: Send Slack notification (exec) commands: - |2 export DRONE_BUILD_LINK="${DRONE_SYSTEM_PROTO}://${DRONE_SYSTEM_HOSTNAME}/${DRONE_REPO_OWNER}/${DRONE_REPO_NAME}/${DRONE_BUILD_NUMBER}" export GOOS=$(go env GOOS) export GOARCH=$(go env GOARCH) - |2- curl -sL -X POST -H 'Content-type: application/json' --data "{\"text\":\"Warning: \`${GOOS}-${GOARCH}\` artifact build failed for [\`${DRONE_REPO_NAME}\`] - please investigate immediately!\nBranch: \`${DRONE_BRANCH}\`\nCommit: \`${DRONE_COMMIT_SHA}\`\nLink: $DRONE_BUILD_LINK\"}" $SLACK_WEBHOOK_DEV_TELEPORT environment: SLACK_WEBHOOK_DEV_TELEPORT: from_secret: SLACK_WEBHOOK_DEV_TELEPORT when: status: - failure --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/windows.go (main.newWindowsPipeline) ################################################ kind: pipeline type: exec name: push-build-native-windows-amd64 trigger: event: include: - push exclude: - pull_request repo: include: - gravitational/* branch: include: - master - branch/* workspace: path: C:/Drone/Workspace/push-build-native-windows-amd64 platform: os: windows arch: amd64 node: buildbox_version: teleport13 clone: disable: true steps: - name: Check out Teleport commands: - $ErrorActionPreference = 'Stop' - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - $TeleportRev = if ($Env:DRONE_TAG -ne $null) { $Env:DRONE_TAG } else { $Env:DRONE_COMMIT } - New-Item -Path $TeleportSrc -ItemType Directory | Out-Null - cd $TeleportSrc - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout $TeleportRev environment: WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 - name: Checkout Submodules commands: - $ErrorActionPreference = 'Stop' - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - . "$TeleportSrc/build.assets/windows/build.ps1" - Enable-Git -Workspace $Workspace -PrivateKey $Env:GITHUB_PRIVATE_KEY - cd $TeleportSrc - git submodule update --init e - Reset-Git -Workspace $Workspace environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 - name: Install Node Toolchain commands: - $ProgressPreference = 'SilentlyContinue' - $ErrorActionPreference = 'Stop' - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - . "$TeleportSrc/build.assets/windows/build.ps1" - Push-Location "$TeleportSrc/build.assets" - $NodeVersion = $(make print-node-version).Trim() - Pop-Location - Install-Node -NodeVersion $NodeVersion -ToolchainDir "$Workspace/toolchains" environment: WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 - name: Install Go Toolchain commands: - $ProgressPreference = 'SilentlyContinue' - $ErrorActionPreference = 'Stop' - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - . "$TeleportSrc/build.assets/windows/build.ps1" - Push-Location "$TeleportSrc/build.assets" - $GoVersion = $(make print-go-version).TrimStart("go") - Pop-Location - Install-Go -GoVersion $GoVersion -ToolchainDir "$Workspace/toolchains" environment: WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 - name: Build tsh commands: - $ErrorActionPreference = 'Stop' - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - $Env:GOCACHE = "$Workspace/gocache" - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - . "$TeleportSrc/build.assets/windows/build.ps1" - Enable-Go -ToolchainDir "$Workspace/toolchains" - cd $TeleportSrc - $Env:GCO_ENABLED=1 - go build -o build/tsh-unsigned.exe ./tool/tsh environment: WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 - name: Sign tsh commands: - $ErrorActionPreference = 'Stop' - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - . "$TeleportSrc/build.assets/windows/build.ps1" - cd $TeleportSrc - ([System.Convert]::FromBase64String($ENV:WINDOWS_SIGNING_CERT)) | Set-Content windows-signing-cert.pfx -Encoding Byte - '& ''C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe'' sign /f windows-signing-cert.pfx /d Teleport /t http://timestamp.digicert.com /du https://goteleport.com /fd sha256 build\tsh-unsigned.exe' - mv build\tsh-unsigned.exe build\tsh.exe - rm -r windows-signing-cert.pfx environment: WINDOWS_SIGNING_CERT: from_secret: WINDOWS_SIGNING_CERT WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 - name: Build Teleport Connect commands: - $ErrorActionPreference = 'Stop' - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - . "$TeleportSrc/build.assets/windows/build.ps1" - Enable-Node -ToolchainDir "$Workspace/toolchains" - Push-Location $TeleportSrc - $TeleportVersion=$(make print-version).Trim() - $Env:CONNECT_TSH_BIN_PATH="$TeleportSrc\build\tsh.exe" - yarn install --frozen-lockfile - yarn build-term - yarn package-term "-c.extraMetadata.version=$TeleportVersion" environment: CSC_LINK: from_secret: WINDOWS_SIGNING_CERT WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 - name: Clean up workspace (post) commands: - $ErrorActionPreference = 'Continue' - Remove-Item -Recurse -Force -Path "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" environment: WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 when: status: - success - failure - name: Send Slack notification (exec) commands: - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - . "$TeleportSrc/build.assets/windows/build.ps1" - Send-ErrorMessage environment: SLACK_WEBHOOK_DEV_TELEPORT: from_secret: SLACK_WEBHOOK_DEV_TELEPORT WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 when: status: - failure --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/relcli.go (main.relcliPipeline) ################################################ kind: pipeline type: kubernetes name: clean-up-previous-build environment: RELCLI_IMAGE: 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/relcli:v1.1.76-35e77b7-20221117T1411084 trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* clone: disable: true steps: - name: Check if commit is tagged image: alpine commands: - '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?'' && exit 1)' - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Assume AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY AWS_ROLE: from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET volumes: - name: awsconfig path: /root/.aws - name: Pull relcli image: docker:cli commands: - apk add --no-cache aws-cli - aws ecr get-login-password | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - docker pull $RELCLI_IMAGE environment: AWS_DEFAULT_REGION: us-west-2 volumes: - name: dockersock path: /var/run - name: awsconfig path: /root/.aws - name: Clean up previously built artifacts image: docker:git commands: - mkdir -p /tmpfs/creds - echo "$RELEASES_CERT" | base64 -d > "$RELCLI_CERT" - echo "$RELEASES_KEY" | base64 -d > "$RELCLI_KEY" - trap "rm -rf /tmpfs/creds" EXIT - |- docker run -i -v /tmpfs/creds:/tmpfs/creds \ -e DRONE_REPO -e DRONE_TAG -e RELCLI_BASE_URL -e RELCLI_CERT -e RELCLI_KEY \ $RELCLI_IMAGE relcli auto_destroy -f -v 6 environment: RELCLI_BASE_URL: https://releases-prod.platform.teleport.sh RELCLI_CERT: /tmpfs/creds/releases.crt RELCLI_KEY: /tmpfs/creds/releases.key RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY volumes: - name: dockersock path: /var/run - name: tmpfs path: /tmpfs - name: awsconfig path: /root/.aws services: - name: Start Docker image: docker:dind privileged: true volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run volumes: - name: tmpfs temp: medium: memory - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/windows.go (main.newWindowsPipeline) ################################################ kind: pipeline type: exec name: build-native-windows-amd64 trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: C:/Drone/Workspace/build-native-windows-amd64 platform: os: windows arch: amd64 node: buildbox_version: teleport13 clone: disable: true depends_on: - clean-up-previous-build concurrency: limit: 1 steps: - name: Check out Teleport commands: - $ErrorActionPreference = 'Stop' - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - $TeleportRev = if ($Env:DRONE_TAG -ne $null) { $Env:DRONE_TAG } else { $Env:DRONE_COMMIT } - New-Item -Path $TeleportSrc -ItemType Directory | Out-Null - cd $TeleportSrc - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout $TeleportRev environment: WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 - name: Checkout Submodules commands: - $ErrorActionPreference = 'Stop' - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - . "$TeleportSrc/build.assets/windows/build.ps1" - Enable-Git -Workspace $Workspace -PrivateKey $Env:GITHUB_PRIVATE_KEY - cd $TeleportSrc - git submodule update --init e - Reset-Git -Workspace $Workspace environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 - name: Install Node Toolchain commands: - $ProgressPreference = 'SilentlyContinue' - $ErrorActionPreference = 'Stop' - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - . "$TeleportSrc/build.assets/windows/build.ps1" - Push-Location "$TeleportSrc/build.assets" - $NodeVersion = $(make print-node-version).Trim() - Pop-Location - Install-Node -NodeVersion $NodeVersion -ToolchainDir "$Workspace/toolchains" environment: WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 - name: Install Go Toolchain commands: - $ProgressPreference = 'SilentlyContinue' - $ErrorActionPreference = 'Stop' - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - . "$TeleportSrc/build.assets/windows/build.ps1" - Push-Location "$TeleportSrc/build.assets" - $GoVersion = $(make print-go-version).TrimStart("go") - Pop-Location - Install-Go -GoVersion $GoVersion -ToolchainDir "$Workspace/toolchains" environment: WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 - name: Build tsh commands: - $ErrorActionPreference = 'Stop' - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - $Env:GOCACHE = "$Workspace/gocache" - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - . "$TeleportSrc/build.assets/windows/build.ps1" - Enable-Go -ToolchainDir "$Workspace/toolchains" - cd $TeleportSrc - $Env:GCO_ENABLED=1 - go build -o build/tsh-unsigned.exe ./tool/tsh environment: WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 - name: Sign tsh commands: - $ErrorActionPreference = 'Stop' - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - . "$TeleportSrc/build.assets/windows/build.ps1" - cd $TeleportSrc - ([System.Convert]::FromBase64String($ENV:WINDOWS_SIGNING_CERT)) | Set-Content windows-signing-cert.pfx -Encoding Byte - '& ''C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe'' sign /f windows-signing-cert.pfx /d Teleport /t http://timestamp.digicert.com /du https://goteleport.com /fd sha256 build\tsh-unsigned.exe' - mv build\tsh-unsigned.exe build\tsh.exe - rm -r windows-signing-cert.pfx environment: WINDOWS_SIGNING_CERT: from_secret: WINDOWS_SIGNING_CERT WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 - name: Build Teleport Connect commands: - $ErrorActionPreference = 'Stop' - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - . "$TeleportSrc/build.assets/windows/build.ps1" - Enable-Node -ToolchainDir "$Workspace/toolchains" - Push-Location $TeleportSrc - $TeleportVersion=$(make print-version).Trim() - $Env:CONNECT_TSH_BIN_PATH="$TeleportSrc\build\tsh.exe" - yarn install --frozen-lockfile - yarn build-term - yarn package-term "-c.extraMetadata.version=$TeleportVersion" environment: CSC_LINK: from_secret: WINDOWS_SIGNING_CERT WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 - name: Assume AWS Role commands: - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - $AwsSharedCredentialsFile = "$Workspace/credentials" - $SessionName = "drone-$Env:DRONE_REPO-$Env:DRONE_BUILD_NUMBER".replace("/", "-") - . "$TeleportSrc/build.assets/windows/build.ps1" - Get-STSCallerIdentity - Save-Role -RoleArn $Env:AWS_ROLE -RoleSessionName $SessionName -FilePath $AwsSharedCredentialsFile - 'Get-ChildItem -Path Env: | Where-Object {($_.Name -Like "AWS_SECRET_ACCESS_KEY") -or ($_.Name -Like "AWS_ACCESS_KEY_ID") } | Remove-Item' - Get-STSCallerIdentity -ProfileLocation $AwsSharedCredentialsFile environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 - name: Upload Artifacts commands: - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - $TeleportVersion=$Env:DRONE_TAG.TrimStart('v') - $AwsSharedCredentialsFile = "$Workspace/credentials" - $OutputsDir="$Workspace/outputs" - New-Item -Path "$OutputsDir" -ItemType 'Directory' | Out-Null - Get-ChildItem "$TeleportSrc/web/packages/teleterm/build/release - Copy-Item -Path "$TeleportSrc/web/packages/teleterm/build/release/Teleport Connect Setup*.exe" -Destination $OutputsDir - . "$TeleportSrc/build.assets/windows/build.ps1" - Format-FileHashes -PathGlob "$OutputsDir/*.exe" - Copy-Artifacts -ProfileLocation $AwsSharedCredentialsFile -Path $OutputsDir -Bucket $Env:AWS_S3_BUCKET -DstRoot "/teleport/tag/$TeleportVersion" environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 - name: Register artifacts commands: - $ErrorActionPreference = 'Stop' - $ProgressPreference = 'SilentlyContinue' - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - $OutputsDir = "$Workspace/outputs" - $relcliUrl = 'https://cdn.teleport.dev/relcli-v1.1.76-windows.exe' - $relcliSha256 = '56dfdd9d1a09aac892fcd48eba035072dc6c151eaa2e1b21cf54786bb3c09520' - . "$TeleportSrc/build.assets/windows/build.ps1" - Get-Relcli -Url $relcliUrl -Sha256 $relcliSha256 -Workspace $Workspace - Register-Artifacts -Workspace $Workspace -Outputs $OutputsDir environment: RELCLI_BASE_URL: https://releases-prod.platform.teleport.sh RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 - name: Clean up workspace (post) commands: - $ErrorActionPreference = 'Continue' - Remove-Item -Recurse -Force -Path "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" environment: WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 when: status: - success - failure --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/push.go (main.pushPipeline) ################################################ kind: pipeline type: kubernetes name: push-build-linux-arm environment: BUILDBOX_VERSION: teleport13 GID: "1000" RUNTIME: go1.20.3 UID: "1000" trigger: event: include: - push exclude: - pull_request repo: include: - gravitational/* branch: include: - master - branch/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "${DRONE_COMMIT_SHA}" - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - mkdir -pv /go/cache - rm -f /root/.ssh/id_rsa environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Build artifacts image: docker pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - make -C build.assets release-arm environment: ARCH: arm GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Send Slack notification image: plugins/slack settings: webhook: from_secret: SLACK_WEBHOOK_DEV_TELEPORT template: - | *{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`) `${DRONE_STAGE_NAME}` artifact build failed. *Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately. Commit: Branch: Author: <{{ build.link }}|Visit Drone build page ↗> when: status: - failure services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/gha.go (main.ghaBuildPipeline) ################################################ kind: pipeline type: kubernetes name: push-build-linux-arm64 trigger: event: include: - push exclude: - pull_request repo: include: - gravitational/* branch: include: - master - branch/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "${DRONE_COMMIT_SHA}" - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - mkdir -pv /go/cache - rm -f /root/.ssh/id_rsa environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Delegate build to GitHub image: golang:1.18-alpine pull: if-not-exists commands: - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling" - 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e -tag-workflow -timeout 1h0m0s -workflow release-linux-arm64.yml -workflow-ref=${DRONE_BRANCH} -input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_COMMIT} -input "upload-artifacts=false" ' environment: GHA_APP_KEY: from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY - name: Send Slack notification image: plugins/slack settings: webhook: from_secret: SLACK_WEBHOOK_DEV_TELEPORT template: - | *{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`) `${DRONE_STAGE_NAME}` artifact build failed. *Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately. Commit: Branch: Author: <{{ build.link }}|Visit Drone build page ↗> when: status: - failure image_pull_secrets: - DOCKERHUB_CREDENTIALS --- kind: pipeline type: kubernetes name: teleport-docker-cron trigger: cron: - teleport-docker-cron repo: include: - gravitational/teleport workspace: path: /go clone: disable: false steps: - name: Set up variables and Dockerfile image: docker:git environment: # increment these variables when a new major/minor version is released to bump the automatic builds # this only needs to be done on the master branch, as that's the branch that the Drone cron is configured for # build major version images which are just teleport:x CURRENT_VERSION_ROOT: v12 PREVIOUS_VERSION_ONE_ROOT: v11 PREVIOUS_VERSION_TWO_ROOT: v10 commands: - apk --update --no-cache add curl go - mkdir -p /go/build && cd /go/build # CURRENT_VERSION - (cd /go/build.assets/tooling && go run ./cmd/query-latest $CURRENT_VERSION_ROOT > /go/build/CURRENT_VERSION_TAG.txt) - echo "$(cat /go/build/CURRENT_VERSION_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/CURRENT_VERSION_TAG_GENERIC.txt # PREVIOUS_VERSION_ONE - (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_ONE_ROOT > /go/build/PREVIOUS_VERSION_ONE_TAG.txt) - echo "$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt # PREVIOUS_VERSION_TWO - (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_TWO_ROOT > /go/build/PREVIOUS_VERSION_TWO_TAG.txt) - echo "$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt # list versions - for FILE in /go/build/*.txt; do echo $FILE; cat $FILE; done # wait for Docker to be ready - sleep 3 - name: Build/push Teleport Lab Docker image image: docker:git environment: OS: linux ARCH: amd64 settings: username: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME password: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD volumes: - name: dockersock path: /var/run commands: - export TELEPORT_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt | tr -d '^v') - export TELEPORT_LAB_IMAGE_NAME="quay.io/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)" # Check out code - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git init && git remote add origin ${DRONE_REMOTE_URL} - git fetch origin - git checkout -qf ${DRONE_COMMIT_SHA} # Build and push Teleport lab image - docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io - docker build --build-arg TELEPORT_TAG=$TELEPORT_TAG -t $TELEPORT_LAB_IMAGE_NAME /go/src/github.com/gravitational/teleport/docker/sshd - docker push $TELEPORT_LAB_IMAGE_NAME services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- kind: pipeline type: kubernetes name: teleport-docker-cron-ecr trigger: cron: - teleport-docker-cron-ecr repo: include: - gravitational/teleport workspace: path: /go clone: disable: false steps: - name: Set up variables and Dockerfile image: docker:git environment: # increment these variables when a new major/minor version is released to bump the automatic builds # this only needs to be done on the master branch, as that's the branch that the Drone cron is configured for # build major version images which are just teleport:x CURRENT_VERSION_ROOT: v12 PREVIOUS_VERSION_ONE_ROOT: v11 PREVIOUS_VERSION_TWO_ROOT: v10 commands: - apk --update --no-cache add curl go - mkdir -p /go/build && cd /go/build # CURRENT_VERSION - (cd /go/build.assets/tooling && go run ./cmd/query-latest $CURRENT_VERSION_ROOT > /go/build/CURRENT_VERSION_TAG.txt) - echo "$(cat /go/build/CURRENT_VERSION_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/CURRENT_VERSION_TAG_GENERIC.txt # PREVIOUS_VERSION_ONE - (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_ONE_ROOT > /go/build/PREVIOUS_VERSION_ONE_TAG.txt) - echo "$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt # PREVIOUS_VERSION_TWO - (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_TWO_ROOT > /go/build/PREVIOUS_VERSION_TWO_TAG.txt) - echo "$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt # list versions - for FILE in /go/build/*.txt; do echo $FILE; cat $FILE; done # wait for Docker to be ready - sleep 3 - name: Configure Staging AWS Profile image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile staging environment: AWS_ACCESS_KEY_ID: from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY AWS_SECRET_ACCESS_KEY: from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET AWS_ROLE: from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE volumes: - name: awsconfig path: /root/.aws - name: Configure Production AWS Profile image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile production environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY AWS_SECRET_ACCESS_KEY: from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET AWS_ROLE: from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE volumes: - name: awsconfig path: /root/.aws - name: Build/push Teleport Lab Docker image image: docker:git environment: OS: linux ARCH: amd64 volumes: - name: dockersock path: /var/run - name: awsconfig path: /root/.aws commands: - apk add --no-cache aws-cli - export CURRENT_DATE=$(date '+%Y%m%d%H%M') - export TELEPORT_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt | tr -d '^v') - export TELEPORT_LAB_IMAGE_NAME_STAGING="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-$CURRENT_DATE" - export TELEPORT_LAB_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)" # Check out code - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git init && git remote add origin ${DRONE_REMOTE_URL} - git fetch origin - git checkout -qf ${DRONE_COMMIT_SHA} # Authenticate to staging registry - aws ecr get-login-password --profile staging --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com # Build and push image - docker build --build-arg TELEPORT_TAG=$TELEPORT_TAG -t $TELEPORT_LAB_IMAGE_NAME_STAGING /go/src/github.com/gravitational/teleport/docker/sshd - docker push $TELEPORT_LAB_IMAGE_NAME_STAGING # Authenticate to production registry - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com - aws ecr-public get-login-password --profile production --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws # Push to production registry - docker tag $TELEPORT_LAB_IMAGE_NAME_STAGING $TELEPORT_LAB_IMAGE_NAME_PROD - docker push $TELEPORT_LAB_IMAGE_NAME_PROD services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} - name: awsconfig temp: {} --- kind: pipeline type: kubernetes name: teleport-helm-cron trigger: cron: - teleport-helm-cron repo: include: - gravitational/teleport workspace: path: /go clone: disable: true steps: - name: Check out code image: alpine/git pull: if-not-exists commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_COMMIT} - mkdir -p /go/chart - cd /go/chart - name: Assume AWS Role image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY AWS_ROLE: from_secret: PRODUCTION_CHARTS_AWS_ROLE volumes: - name: awsconfig path: /root/.aws - name: Download chart repo contents image: amazon/aws-cli environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws commands: - mkdir -p /go/chart # download all previously packaged chart versions from the S3 bucket - aws s3 sync s3://$AWS_S3_BUCKET/ /go/chart - name: Package helm charts image: alpine/helm:latest commands: - cd /go/chart - helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-cluster - helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-kube-agent # copy index.html to root of the S3 bucket - cp /go/src/github.com/gravitational/teleport/examples/chart/index.html /go/chart # this will index all previous versions of the charts downloaded from the S3 bucket, # plus the just-packaged charts listed above - helm repo index /go/chart - name: Upload to S3 image: amazon/aws-cli commands: - cd /go/chart - aws s3 sync . s3://$AWS_S3_BUCKET/ environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Send Slack notification image: plugins/slack settings: webhook: from_secret: SLACK_WEBHOOK_DEV_TELEPORT template: | *{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`) Details: The `teleport-helm-cron` job in Drone failed to publish Helm charts to S3. This is unusual and should be investigated. Commit: Branch: Author: <{{ build.link }}|Visit Drone build page ↗> when: status: [failure] volumes: - name: awsconfig temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go (main.tagPipeline) ################################################ kind: pipeline type: kubernetes name: build-linux-amd64-centos7 environment: BUILDBOX_VERSION: teleport13 RUNTIME: go1.20.3 trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - clean-up-previous-build steps: - name: Check out code image: docker:git pull: if-not-exists commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - |- VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" exit 1 fi echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Build artifacts image: docker pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - make -C build.assets release-amd64-centos7 environment: ARCH: amd64 GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Copy artifacts image: docker pull: if-not-exists commands: - cd /go/src/github.com/gravitational/teleport - find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - export VERSION=$(cat /go/.version.txt) - mv /go/artifacts/teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-v$${VERSION}-linux-amd64-centos7-bin.tar.gz - mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos7-bin.tar.gz - cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l - name: Assume AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Upload to S3 image: amazon/aws-cli pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Register artifacts image: docker pull: if-not-exists commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="Linux 64-bit (RHEL/CentOS 7.x compatible)" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go (main.tagPipeline) ################################################ kind: pipeline type: kubernetes name: build-linux-amd64-centos7-fips environment: BUILDBOX_VERSION: teleport13 RUNTIME: go1.20.3 trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - clean-up-previous-build steps: - name: Check out code image: docker:git pull: if-not-exists commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - |- VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" exit 1 fi echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Build artifacts image: docker pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - make -C build.assets release-amd64-centos7-fips environment: ARCH: amd64 FIPS: "yes" GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Copy artifacts image: docker pull: if-not-exists commands: - cd /go/src/github.com/gravitational/teleport - find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - export VERSION=$(cat /go/.version.txt) - mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos7-fips-bin.tar.gz - cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l - name: Assume AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Upload to S3 image: amazon/aws-cli pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Register artifacts image: docker pull: if-not-exists commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="Linux 64-bit (RHEL/CentOS 7.x compatible, FedRAMP/FIPS)" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go (main.tagPipeline) ################################################ kind: pipeline type: kubernetes name: build-linux-amd64 environment: BUILDBOX_VERSION: teleport13 RUNTIME: go1.20.3 trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - clean-up-previous-build steps: - name: Check out code image: docker:git pull: if-not-exists commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - |- VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" exit 1 fi echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Build artifacts image: docker pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - make -C build.assets release-amd64-centos7 - make -C build.assets teleterm environment: ARCH: amd64 GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Copy artifacts image: docker pull: if-not-exists commands: - cd /go/src/github.com/gravitational/teleport - find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - find /go/src/github.com/gravitational/teleport/web/packages/teleterm/build/release -maxdepth 1 \( -iname "teleport-connect*.tar.gz" -o -iname "teleport-connect*.rpm" -o -iname "teleport-connect*.deb" \) -print -exec cp {} /go/artifacts/ \; - cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l - |- cd /go/artifacts && for FILE in teleport-connect*.deb teleport-connect*.rpm; do sha256sum $FILE > $FILE.sha256; done && ls -l - name: Assume AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Upload to S3 image: amazon/aws-cli pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Register artifacts image: docker pull: if-not-exists commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="Linux 64-bit" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go (main.tagPipeline) ################################################ kind: pipeline type: kubernetes name: build-linux-amd64-fips environment: BUILDBOX_VERSION: teleport13 RUNTIME: go1.20.3 trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - clean-up-previous-build steps: - name: Check out code image: docker:git pull: if-not-exists commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - |- VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" exit 1 fi echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Build artifacts image: docker pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - make -C build.assets release-amd64-centos7-fips environment: ARCH: amd64 FIPS: "yes" GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Copy artifacts image: docker pull: if-not-exists commands: - cd /go/src/github.com/gravitational/teleport - find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l - name: Assume AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Upload to S3 image: amazon/aws-cli pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Register artifacts image: docker pull: if-not-exists commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="Linux 64-bit (FedRAMP/FIPS)" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go (main.tagPackagePipeline) ################################################ kind: pipeline type: kubernetes name: build-linux-amd64-centos7-rpm trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - build-linux-amd64-centos7 - clean-up-previous-build steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - |- VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" exit 1 fi echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Assume Download AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Download artifacts from S3 image: amazon/aws-cli commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-centos7-bin.tar.gz /go/artifacts/ - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-centos7-bin.tar.gz /go/artifacts/ environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Assume Build AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY AWS_ROLE: from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET volumes: - name: awsconfig path: /root/.aws - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar go - apk add --no-cache aws-cli - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - mkdir -m0700 $GNUPG_DIR - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR - chown -R root:root $GNUPG_DIR - make rpm - rm -rf $GNUPG_DIR environment: ARCH: amd64 ENT_TARBALL_PATH: /go/artifacts GNUPG_DIR: /tmpfs/gnupg GPG_RPM_SIGNING_ARCHIVE: from_secret: GPG_RPM_SIGNING_ARCHIVE OSS_TARBALL_PATH: /go/artifacts TMPDIR: /go volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: awsconfig path: /root/.aws - name: tmpfs path: /tmpfs - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; - find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; - name: Assume Upload AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Upload to S3 image: amazon/aws-cli pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="Linux 64-bit RPM (RHEL/CentOS 7.x compatible)" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind privileged: true volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} - name: tmpfs temp: medium: memory image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go (main.tagPackagePipeline) ################################################ kind: pipeline type: kubernetes name: build-linux-amd64-centos7-fips-rpm trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - build-linux-amd64-centos7-fips - clean-up-previous-build steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - |- VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" exit 1 fi echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Assume Download AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Download artifacts from S3 image: amazon/aws-cli commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-centos7-fips-bin.tar.gz /go/artifacts/ environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Assume Build AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY AWS_ROLE: from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET volumes: - name: awsconfig path: /root/.aws - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar go - apk add --no-cache aws-cli - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - mkdir -m0700 $GNUPG_DIR - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR - chown -R root:root $GNUPG_DIR - make -C e rpm - rm -rf $GNUPG_DIR environment: ARCH: amd64 ENT_TARBALL_PATH: /go/artifacts FIPS: "yes" GNUPG_DIR: /tmpfs/gnupg GPG_RPM_SIGNING_ARCHIVE: from_secret: GPG_RPM_SIGNING_ARCHIVE RUNTIME: fips TMPDIR: /go volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: awsconfig path: /root/.aws - name: tmpfs path: /tmpfs - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; - name: Assume Upload AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Upload to S3 image: amazon/aws-cli pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="Linux 64-bit RPM (RHEL/CentOS 7.x compatible, FedRAMP/FIPS)" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind privileged: true volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} - name: tmpfs temp: medium: memory image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go (main.tagPackagePipeline) ################################################ kind: pipeline type: kubernetes name: build-linux-amd64-deb trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - build-linux-amd64 - clean-up-previous-build steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - |- VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" exit 1 fi echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Assume Download AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Download artifacts from S3 image: amazon/aws-cli commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/ - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/ environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Assume Build AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY AWS_ROLE: from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET volumes: - name: awsconfig path: /root/.aws - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar - apk add --no-cache aws-cli - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - make deb environment: ARCH: amd64 ENT_TARBALL_PATH: /go/artifacts OSS_TARBALL_PATH: /go/artifacts TMPDIR: /go volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: awsconfig path: /root/.aws - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; - find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; - name: Assume Upload AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Upload to S3 image: amazon/aws-cli pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="Linux 64-bit DEB" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go (main.tagPackagePipeline) ################################################ kind: pipeline type: kubernetes name: build-linux-amd64-fips-deb trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - build-linux-amd64-fips - clean-up-previous-build steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - |- VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" exit 1 fi echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Assume Download AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Download artifacts from S3 image: amazon/aws-cli commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/artifacts/ environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Assume Build AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY AWS_ROLE: from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET volumes: - name: awsconfig path: /root/.aws - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar - apk add --no-cache aws-cli - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - make -C e deb environment: ARCH: amd64 ENT_TARBALL_PATH: /go/artifacts FIPS: "yes" RUNTIME: fips TMPDIR: /go volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: awsconfig path: /root/.aws - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; - name: Assume Upload AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Upload to S3 image: amazon/aws-cli pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="Linux 64-bit DEB (FedRAMP/FIPS)" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go (main.tagPipeline) ################################################ kind: pipeline type: kubernetes name: build-linux-386 environment: BUILDBOX_VERSION: teleport13 RUNTIME: go1.20.3 trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - clean-up-previous-build steps: - name: Check out code image: docker:git pull: if-not-exists commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - |- VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" exit 1 fi echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Build artifacts image: docker pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - make -C build.assets release-386 environment: ARCH: "386" GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Copy artifacts image: docker pull: if-not-exists commands: - cd /go/src/github.com/gravitational/teleport - find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l - name: Assume AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Upload to S3 image: amazon/aws-cli pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Register artifacts image: docker pull: if-not-exists commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="Linux 32-bit" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go (main.tagPackagePipeline) ################################################ kind: pipeline type: kubernetes name: build-linux-386-rpm trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - build-linux-386 - clean-up-previous-build steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - |- VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" exit 1 fi echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Assume Download AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Download artifacts from S3 image: amazon/aws-cli commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz /go/artifacts/ - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz /go/artifacts/ environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Assume Build AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY AWS_ROLE: from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET volumes: - name: awsconfig path: /root/.aws - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar go - apk add --no-cache aws-cli - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - mkdir -m0700 $GNUPG_DIR - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR - chown -R root:root $GNUPG_DIR - make rpm - rm -rf $GNUPG_DIR environment: ARCH: "386" ENT_TARBALL_PATH: /go/artifacts GNUPG_DIR: /tmpfs/gnupg GPG_RPM_SIGNING_ARCHIVE: from_secret: GPG_RPM_SIGNING_ARCHIVE OSS_TARBALL_PATH: /go/artifacts TMPDIR: /go volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: awsconfig path: /root/.aws - name: tmpfs path: /tmpfs - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; - find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; - name: Assume Upload AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Upload to S3 image: amazon/aws-cli pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="Linux 32-bit RPM" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind privileged: true volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} - name: tmpfs temp: medium: memory image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go (main.tagPackagePipeline) ################################################ kind: pipeline type: kubernetes name: build-linux-386-deb trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - build-linux-386 - clean-up-previous-build steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - |- VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" exit 1 fi echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Assume Download AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Download artifacts from S3 image: amazon/aws-cli commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz /go/artifacts/ - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz /go/artifacts/ environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Assume Build AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY AWS_ROLE: from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET volumes: - name: awsconfig path: /root/.aws - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar - apk add --no-cache aws-cli - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - make deb environment: ARCH: "386" ENT_TARBALL_PATH: /go/artifacts OSS_TARBALL_PATH: /go/artifacts TMPDIR: /go volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: awsconfig path: /root/.aws - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; - find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; - name: Assume Upload AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Upload to S3 image: amazon/aws-cli pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="Linux 32-bit DEB" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/mac.go (main.newDarwinPipeline) ################################################ kind: pipeline type: exec name: build-darwin-amd64 trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /tmp/build-darwin-amd64 platform: os: darwin arch: amd64 clone: disable: true depends_on: - clean-up-previous-build concurrency: limit: 1 steps: - name: Set up exec runner storage commands: - set -u - mkdir -p $WORKSPACE_DIR - chmod -R u+rw $WORKSPACE_DIR - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh environment: WORKSPACE_DIR: /tmp/build-darwin-amd64 - name: Check out code commands: - set -u - mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa && chmod 600 $WORKSPACE_DIR/.ssh/id_rsa - ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null - chmod 600 $WORKSPACE_DIR/.ssh/known_hosts - GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts -F /dev/null' git submodule update --init e - rm -rf $WORKSPACE_DIR/.ssh - mkdir -p $WORKSPACE_DIR/go/cache - mkdir -p $WORKSPACE_DIR/go/artifacts - echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt - cat $WORKSPACE_DIR/go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64 - name: Install Go Toolchain commands: - set -u - mkdir -p /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains - curl --silent -O https://dl.google.com/go/$RUNTIME.darwin-amd64.tar.gz - tar -C /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains -xzf $RUNTIME.darwin-amd64.tar.gz - rm -rf $RUNTIME.darwin-amd64.tar.gz environment: RUNTIME: go1.20.3 - name: Install Rust Toolchain commands: - set -u - export PATH=/Users/$(whoami)/.cargo/bin:$PATH - mkdir -p /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains - export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets print-rust-version) - export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo - export RUST_HOME=$CARGO_HOME - export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup - rustup toolchain install $RUST_VERSION environment: WORKSPACE_DIR: /tmp/build-darwin-amd64 - name: Install Node Toolchain commands: - set -u - export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets print-node-version) - export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains - export NODE_DIR=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64 - mkdir -p $TOOLCHAIN_DIR - curl --silent -O https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-darwin-x64.tar.gz - tar -C $TOOLCHAIN_DIR -xzf node-v$NODE_VERSION-darwin-x64.tar.gz - rm -f node-v$NODE_VERSION-darwin-x64.tar.gz - export PATH=$NODE_DIR/bin:$PATH - corepack enable yarn - echo Node reporting version $(node --version) - echo Yarn reporting version $(yarn --version) environment: WORKSPACE_DIR: /tmp/build-darwin-amd64 - name: Build Mac artifacts (binaries) commands: - set -u - export HOME=/Users/$(whoami) - export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains - export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets print-node-version) - export NODE_HOME=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64 - export PATH=$NODE_HOME/bin:$PATH - export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets print-rust-version) - export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo - export RUST_HOME=$CARGO_HOME - export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup - export PATH=$CARGO_HOME/bin:/Users/build/.cargo/bin:$PATH - rustup override set $RUST_VERSION - export PATH=$TOOLCHAIN_DIR/go/bin:$PATH - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - build.assets/build-fido2-macos.sh build - export PKG_CONFIG_PATH="$(build.assets/build-fido2-macos.sh pkg_config_path)" - make clean release OS=$OS ARCH=$ARCH FIDO2=yes TOUCHID=yes PIV=yes environment: APPLE_PASSWORD: from_secret: APPLE_PASSWORD APPLE_USERNAME: from_secret: APPLE_USERNAME ARCH: amd64 BUILDBOX_PASSWORD: from_secret: BUILDBOX_PASSWORD GOCACHE: /tmp/build-darwin-amd64/go/cache GOPATH: /tmp/build-darwin-amd64/go OS: darwin WORKSPACE_DIR: /tmp/build-darwin-amd64 - name: Copy Mac artifacts commands: - set -u - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - cp teleport*.tar.gz $WORKSPACE_DIR/go/artifacts - cp e/teleport-ent*.tar.gz $WORKSPACE_DIR/go/artifacts - cd $WORKSPACE_DIR/go/artifacts && for FILE in teleport*.tar.gz; do shasum -a 256 $FILE > $FILE.sha256; done && ls -l environment: WORKSPACE_DIR: /tmp/build-darwin-amd64 - name: Assume AWS Role commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /tmp/build-darwin-amd64/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64/credentials - name: Upload to S3 commands: - set -u - cd $WORKSPACE_DIR/go/artifacts - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64/credentials WORKSPACE_DIR: /tmp/build-darwin-amd64 - name: Register artifacts commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="MacOS Intel" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64 - name: Clean up toolchains (post) commands: - set -u - export PATH=/Users/$(whoami)/.cargo/bin:$PATH - export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo - export RUST_HOME=$CARGO_HOME - export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup - export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets print-rust-version) - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - rustup override unset - rustup toolchain uninstall $RUST_VERSION - rm -rf /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED environment: WORKSPACE_DIR: /tmp/build-darwin-amd64 when: status: - success - failure - name: Clean up exec runner storage (post) commands: - set -u - chmod -R u+rw $WORKSPACE_DIR - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh environment: WORKSPACE_DIR: /tmp/build-darwin-amd64 --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/mac.go (main.newDarwinPipeline) ################################################ kind: pipeline type: exec name: build-darwin-amd64-pkg trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /tmp/build-darwin-amd64-pkg platform: os: darwin arch: amd64 clone: disable: true depends_on: - build-darwin-amd64 concurrency: limit: 1 steps: - name: Set up exec runner storage commands: - set -u - mkdir -p $WORKSPACE_DIR - chmod -R u+rw $WORKSPACE_DIR - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh environment: WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg - name: Check out code commands: - set -u - mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa && chmod 600 $WORKSPACE_DIR/.ssh/id_rsa - ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null - chmod 600 $WORKSPACE_DIR/.ssh/known_hosts - GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts -F /dev/null' git submodule update --init e - rm -rf $WORKSPACE_DIR/.ssh - mkdir -p $WORKSPACE_DIR/go/cache - mkdir -p $WORKSPACE_DIR/go/artifacts - echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt - cat $WORKSPACE_DIR/go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg - name: Assume AWS Role commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /tmp/build-darwin-amd64-pkg/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg/credentials - name: Download built tarball artifacts from S3 commands: - set -u - export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt) - export S3_PATH="tag/$${DRONE_TAG##v}/" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-darwin-amd64-bin.tar.gz $WORKSPACE_DIR/go/artifacts/ - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-darwin-amd64-bin.tar.gz $WORKSPACE_DIR/go/artifacts/ environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg/credentials GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg - name: Build Mac pkg release artifacts commands: - set -u - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt) - export HOME=/Users/build - security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain - security find-identity -v - make pkg OS=$OS ARCH=$ARCH environment: APPLE_PASSWORD: from_secret: APPLE_PASSWORD APPLE_USERNAME: from_secret: APPLE_USERNAME ARCH: amd64 BUILDBOX_PASSWORD: from_secret: BUILDBOX_PASSWORD ENT_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts OS: darwin OSS_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg - name: Copy Mac pkg artifacts commands: - set -u - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - rm -rf $WORKSPACE_DIR/go/artifacts/*.tar.gz - cp build/teleport*.pkg e/build/teleport-ent*.pkg $WORKSPACE_DIR/go/artifacts/ - cd $WORKSPACE_DIR/go/artifacts && for FILE in *.pkg; do shasum -a 256 $FILE > $FILE.sha256; done && ls -l environment: WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg - name: Upload to S3 commands: - set -u - cd $WORKSPACE_DIR/go/artifacts - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg/credentials WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg - name: Register artifacts commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="MacOS Intel .pkg installer" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg - name: Clean up exec runner storage (post) commands: - set -u - chmod -R u+rw $WORKSPACE_DIR - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh environment: WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/mac.go (main.newDarwinPipeline) ################################################ kind: pipeline type: exec name: build-darwin-amd64-pkg-tsh trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /tmp/build-darwin-amd64-pkg-tsh platform: os: darwin arch: amd64 clone: disable: true depends_on: - build-darwin-amd64 concurrency: limit: 1 steps: - name: Set up exec runner storage commands: - set -u - mkdir -p $WORKSPACE_DIR - chmod -R u+rw $WORKSPACE_DIR - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh environment: WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh - name: Check out code commands: - set -u - mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa && chmod 600 $WORKSPACE_DIR/.ssh/id_rsa - ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null - chmod 600 $WORKSPACE_DIR/.ssh/known_hosts - GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts -F /dev/null' git submodule update --init e - rm -rf $WORKSPACE_DIR/.ssh - mkdir -p $WORKSPACE_DIR/go/cache - mkdir -p $WORKSPACE_DIR/go/artifacts - echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt - cat $WORKSPACE_DIR/go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh - name: Assume AWS Role commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /tmp/build-darwin-amd64-pkg-tsh/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg-tsh/credentials - name: Download built tarball artifacts from S3 commands: - set -u - export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt) - export S3_PATH="tag/$${DRONE_TAG##v}/" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-darwin-amd64-bin.tar.gz $WORKSPACE_DIR/go/artifacts/ - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-darwin-amd64-bin.tar.gz $WORKSPACE_DIR/go/artifacts/ environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg-tsh/credentials GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh - name: Build Mac pkg release artifacts commands: - set -u - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt) - export HOME=/Users/build - security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain - security find-identity -v - make pkg-tsh OS=$OS ARCH=$ARCH environment: APPLE_PASSWORD: from_secret: APPLE_PASSWORD APPLE_USERNAME: from_secret: APPLE_USERNAME ARCH: amd64 BUILDBOX_PASSWORD: from_secret: BUILDBOX_PASSWORD ENT_TARBALL_PATH: /tmp/build-darwin-amd64-pkg-tsh/go/artifacts OS: darwin OSS_TARBALL_PATH: /tmp/build-darwin-amd64-pkg-tsh/go/artifacts WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh - name: Copy Mac pkg artifacts commands: - set -u - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - rm -rf $WORKSPACE_DIR/go/artifacts/*.tar.gz - cp build/tsh*.pkg $WORKSPACE_DIR/go/artifacts/ - cd $WORKSPACE_DIR/go/artifacts && for FILE in *.pkg; do shasum -a 256 $FILE > $FILE.sha256; done && ls -l environment: WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh - name: Upload to S3 commands: - set -u - cd $WORKSPACE_DIR/go/artifacts - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg-tsh/credentials WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh - name: Register artifacts commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="MacOS Intel .pkg installer (tsh client only)" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh - name: Clean up exec runner storage (post) commands: - set -u - chmod -R u+rw $WORKSPACE_DIR - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh environment: WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go (main.tagPipeline) ################################################ kind: pipeline type: kubernetes name: build-linux-arm environment: BUILDBOX_VERSION: teleport13 RUNTIME: go1.20.3 trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - clean-up-previous-build steps: - name: Check out code image: docker:git pull: if-not-exists commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - |- VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" exit 1 fi echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Build artifacts image: docker pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - make -C build.assets release-arm environment: ARCH: arm GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Copy artifacts image: docker pull: if-not-exists commands: - cd /go/src/github.com/gravitational/teleport - find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l - name: Assume AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Upload to S3 image: amazon/aws-cli pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Register artifacts image: docker pull: if-not-exists commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="Linux ARMv7 (32-bit)" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/gha.go (main.ghaBuildPipeline) ################################################ kind: pipeline type: kubernetes name: build-linux-arm64 trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - clean-up-previous-build steps: - name: Check out code image: docker:git pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "${DRONE_COMMIT_SHA}" - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - mkdir -pv /go/cache - rm -f /root/.ssh/id_rsa environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Delegate build to GitHub image: golang:1.18-alpine pull: if-not-exists commands: - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling" - 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e -tag-workflow -timeout 1h0m0s -workflow release-linux-arm64.yml -workflow-ref=${DRONE_TAG} -input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_TAG} -input "upload-artifacts=true" ' environment: GHA_APP_KEY: from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go (main.tagPackagePipeline) ################################################ kind: pipeline type: kubernetes name: build-linux-arm64-deb trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - build-linux-arm64 - clean-up-previous-build steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - |- VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" exit 1 fi echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Assume Download AWS Role image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Download artifacts from S3 image: amazon/aws-cli commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm64-bin.tar.gz /go/artifacts/ - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm64-bin.tar.gz /go/artifacts/ environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Assume Build AWS Role image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY AWS_ROLE: from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET volumes: - name: awsconfig path: /root/.aws - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar - apk add --no-cache aws-cli - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - make deb environment: ARCH: arm64 ENT_TARBALL_PATH: /go/artifacts OSS_TARBALL_PATH: /go/artifacts TMPDIR: /go volumes: - name: dockersock path: /var/run - name: awsconfig path: /root/.aws - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; - find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; - name: Assume Upload AWS Role image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Upload to S3 image: amazon/aws-cli commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="Linux ARM64/ARMv8 (64-bit) DEB" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} - name: awsconfig temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go (main.tagPackagePipeline) ################################################ kind: pipeline type: kubernetes name: build-linux-arm-deb trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - build-linux-arm - clean-up-previous-build steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - |- VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" exit 1 fi echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Assume Download AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Download artifacts from S3 image: amazon/aws-cli commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm-bin.tar.gz /go/artifacts/ - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm-bin.tar.gz /go/artifacts/ environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Assume Build AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY AWS_ROLE: from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET volumes: - name: awsconfig path: /root/.aws - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar - apk add --no-cache aws-cli - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - make deb environment: ARCH: arm ENT_TARBALL_PATH: /go/artifacts OSS_TARBALL_PATH: /go/artifacts TMPDIR: /go volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: awsconfig path: /root/.aws - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; - find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; - name: Assume Upload AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Upload to S3 image: amazon/aws-cli pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="Linux ARMv7 (32-bit) DEB" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go (main.tagPackagePipeline) ################################################ kind: pipeline type: kubernetes name: build-linux-arm64-rpm trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - build-linux-arm64 - clean-up-previous-build steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - |- VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" exit 1 fi echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Assume Download AWS Role image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Download artifacts from S3 image: amazon/aws-cli commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm64-bin.tar.gz /go/artifacts/ - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm64-bin.tar.gz /go/artifacts/ environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Assume Build AWS Role image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY AWS_ROLE: from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET volumes: - name: awsconfig path: /root/.aws - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar go - apk add --no-cache aws-cli - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - mkdir -m0700 $GNUPG_DIR - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR - chown -R root:root $GNUPG_DIR - make rpm - rm -rf $GNUPG_DIR environment: ARCH: arm64 ENT_TARBALL_PATH: /go/artifacts GNUPG_DIR: /tmpfs/gnupg GPG_RPM_SIGNING_ARCHIVE: from_secret: GPG_RPM_SIGNING_ARCHIVE OSS_TARBALL_PATH: /go/artifacts TMPDIR: /go volumes: - name: dockersock path: /var/run - name: awsconfig path: /root/.aws - name: tmpfs path: /tmpfs - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; - find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; - name: Assume Upload AWS Role image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Upload to S3 image: amazon/aws-cli commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="Linux ARM64/ARMv8 (64-bit) RPM" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind privileged: true volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run volumes: - name: dockersock temp: {} - name: awsconfig temp: {} - name: tmpfs temp: medium: memory --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go (main.tagPackagePipeline) ################################################ kind: pipeline type: kubernetes name: build-linux-arm-rpm trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - build-linux-arm - clean-up-previous-build steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - |- VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" exit 1 fi echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Assume Download AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Download artifacts from S3 image: amazon/aws-cli commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm-bin.tar.gz /go/artifacts/ - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm-bin.tar.gz /go/artifacts/ environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Assume Build AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY AWS_ROLE: from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET volumes: - name: awsconfig path: /root/.aws - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar go - apk add --no-cache aws-cli - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - mkdir -m0700 $GNUPG_DIR - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR - chown -R root:root $GNUPG_DIR - make rpm - rm -rf $GNUPG_DIR environment: ARCH: arm ENT_TARBALL_PATH: /go/artifacts GNUPG_DIR: /tmpfs/gnupg GPG_RPM_SIGNING_ARCHIVE: from_secret: GPG_RPM_SIGNING_ARCHIVE OSS_TARBALL_PATH: /go/artifacts TMPDIR: /go volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: awsconfig path: /root/.aws - name: tmpfs path: /tmpfs - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; - find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; - name: Assume Upload AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Upload to S3 image: amazon/aws-cli pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Register artifacts image: docker commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="Linux ARMv7 (32-bit) RPM" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind privileged: true volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} - name: tmpfs temp: medium: memory image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go (main.tagPipeline) ################################################ kind: pipeline type: kubernetes name: build-windows-amd64 environment: BUILDBOX_VERSION: teleport13 RUNTIME: go1.20.3 trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - clean-up-previous-build steps: - name: Check out code image: docker:git pull: if-not-exists commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - |- VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" exit 1 fi echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Build artifacts image: docker pull: if-not-exists commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - echo -n "$WINDOWS_SIGNING_CERT" | base64 -d > windows-signing-cert.pfx - make -C build.assets release-windows - rm -f windows-signing-cert.pfx environment: ARCH: amd64 GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: windows UID: "1000" WINDOWS_SIGNING_CERT: from_secret: WINDOWS_SIGNING_CERT volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Copy artifacts image: docker pull: if-not-exists commands: - cd /go/src/github.com/gravitational/teleport - find . -maxdepth 1 -iname "teleport*.zip" -print -exec cp {} /go/artifacts \; - export VERSION=$(cat /go/.version.txt) - cp /go/artifacts/teleport-v$${VERSION}-windows-amd64-bin.zip /go/artifacts/teleport-ent-v$${VERSION}-windows-amd64-bin.zip - cd /go/artifacts && for FILE in teleport*.zip; do sha256sum $FILE > $FILE.sha256; done && ls -l - name: Assume AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws - name: Upload to S3 image: amazon/aws-cli pull: if-not-exists commands: - cd /go/artifacts/ - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws - name: Register artifacts image: docker pull: if-not-exists commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="Windows 64-bit (tsh client only)" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="windows" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- kind: pipeline type: kubernetes name: build-oss-amis trigger: event: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* depends_on: - build-linux-amd64 workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} # set version - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt - name: Assume Download AWS Role image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY AWS_ROLE: from_secret: AWS_ROLE volumes: - name: awsconfig path: /root/.aws - name: Download built tarball artifacts from S3 image: amazon/aws-cli environment: AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_REGION: us-west-2 volumes: - name: awsconfig path: /root/.aws commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files - name: Assume Packer AWS Role image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_PACKER_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_PACKER_SECRET_ACCESS_KEY AWS_ROLE: from_secret: AWS_PACKER_ROLE volumes: - name: awsconfig path: /root/.aws - name: Build OSS AMIs image: hashicorp/packer:1.7.6 volumes: - name: dockersock path: /var/run - name: awsconfig path: /root/.aws commands: - apk add --no-cache aws-cli jq make - cd /go/src/github.com/gravitational/teleport/assets/aws - export TELEPORT_VERSION=$(cat /go/.version.txt) - export PUBLIC_AMI_NAME=gravitational-teleport-ami-oss-$TELEPORT_VERSION - | if [ "${DRONE_BUILD_EVENT}" = "tag" ]; then echo "---> Building production OSS AMIs" echo "---> Note: these AMIs will not be made public until the 'promote' step is run" make oss-ci-build else echo "---> Building debug OSS AMIs" make oss fi - name: Assume S3 Timestamp Sync AWS Role image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY AWS_ROLE: from_secret: AWS_ROLE volumes: - name: awsconfig path: /root/.aws - name: Sync OSS build timestamp to S3 image: amazon/aws-cli environment: AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_REGION: us-west-2 volumes: - name: awsconfig path: /root/.aws commands: - export VERSION=$(cat /go/.version.txt) - aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/oss_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/ services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} - name: awsconfig temp: {} --- kind: pipeline type: kubernetes name: build-ent-amis trigger: event: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* depends_on: - build-linux-amd64 - build-linux-amd64-fips workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} # set version - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt - name: Assume Download AWS Role image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY AWS_ROLE: from_secret: AWS_ROLE volumes: - name: awsconfig path: /root/.aws - name: Download built tarball artifacts from S3 image: amazon/aws-cli environment: AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_REGION: us-west-2 volumes: - name: awsconfig path: /root/.aws commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files - name: Assume Packer AWS Role image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_PACKER_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_PACKER_SECRET_ACCESS_KEY AWS_ROLE: from_secret: AWS_PACKER_ROLE volumes: - name: awsconfig path: /root/.aws - name: Build Enterprise AMIs image: hashicorp/packer:1.7.6 volumes: - name: dockersock path: /var/run - name: awsconfig path: /root/.aws commands: - apk add --no-cache aws-cli jq make - cd /go/src/github.com/gravitational/teleport/assets/aws - export TELEPORT_VERSION=$(cat /go/.version.txt) - export PUBLIC_AMI_NAME=gravitational-teleport-ami-ent-$TELEPORT_VERSION - export FIPS_AMI_NAME=gravitational-teleport-ami-ent-$TELEPORT_VERSION-fips - | if [ "${DRONE_BUILD_EVENT}" = "tag" ]; then echo "---> Building production Enterprise AMIs" echo "---> Note: these AMIs will not be made public until the 'promote' step is run" make ent-ci-build else echo "---> Building debug Enterprise AMIs" make ent fi - name: Assume S3 Timestamp Sync AWS Role image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY AWS_ROLE: from_secret: AWS_ROLE volumes: - name: awsconfig path: /root/.aws - name: Sync Enterprise build timestamp to S3 image: amazon/aws-cli environment: AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_REGION: us-west-2 volumes: - name: awsconfig path: /root/.aws commands: - export VERSION=$(cat /go/.version.txt) - aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/ent_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/ services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} - name: awsconfig temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/buildbox.go (main.buildboxPipeline) ################################################ kind: pipeline type: kubernetes name: build-buildboxes environment: BUILDBOX_VERSION: teleport13 GID: "1000" UID: "1000" trigger: event: include: - push repo: include: - gravitational/teleport branch: include: - master - branch/* workspace: path: /go/src/github.com/gravitational/teleport clone: disable: true steps: - name: Check out code image: docker:git commands: - git clone --depth 1 --single-branch --branch ${DRONE_SOURCE_BRANCH:-master} https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_COMMIT} - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Configure Staging AWS Profile image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile staging environment: AWS_ACCESS_KEY_ID: from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_KEY AWS_ROLE: from_secret: STAGING_BUILDBOX_DRONE_ECR_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_SECRET volumes: - name: awsconfig path: /root/.aws - name: Configure Production AWS Profile image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile production environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY AWS_ROLE: from_secret: PRODUCTION_BUILDBOX_DRONE_ECR_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_SECRET volumes: - name: awsconfig path: /root/.aws - name: Build and push buildbox image: docker pull: if-not-exists commands: - apk add --no-cache make aws-cli - chown -R $UID:$GID /go - aws ecr get-login-password --profile staging --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - make -C build.assets buildbox - docker tag public.ecr.aws/gravitational/teleport-buildbox:$BUILDBOX_VERSION 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA - docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com - aws ecr-public get-login-password --profile production --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - docker push public.ecr.aws/gravitational/teleport-buildbox:$BUILDBOX_VERSION volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Build and push buildbox-fips image: docker pull: if-not-exists commands: - apk add --no-cache make aws-cli - chown -R $UID:$GID /go - aws ecr get-login-password --profile staging --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - make -C build.assets buildbox-fips - docker tag public.ecr.aws/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA - docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com - aws ecr-public get-login-password --profile production --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - docker push public.ecr.aws/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Build and push buildbox-arm image: docker pull: if-not-exists commands: - apk add --no-cache make aws-cli - chown -R $UID:$GID /go - aws ecr get-login-password --profile staging --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - make -C build.assets buildbox-arm - docker tag public.ecr.aws/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA - docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com - aws ecr-public get-login-password --profile production --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - docker push public.ecr.aws/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Build and push buildbox-centos7 image: docker pull: if-not-exists commands: - apk add --no-cache make aws-cli - chown -R $UID:$GID /go - aws ecr get-login-password --profile staging --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - make -C build.assets buildbox-centos7 - docker tag public.ecr.aws/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA - docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com - aws ecr-public get-login-password --profile production --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - docker push public.ecr.aws/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Build and push buildbox-centos7-fips image: docker pull: if-not-exists commands: - apk add --no-cache make aws-cli - chown -R $UID:$GID /go - aws ecr get-login-password --profile staging --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - make -C build.assets buildbox-centos7-fips - docker tag public.ecr.aws/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA - docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA - docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com - aws ecr-public get-login-password --profile production --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - docker push public.ecr.aws/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/os_repos.go (main.buildNeverTriggerPipeline) ################################################ kind: pipeline type: kubernetes name: migrate-apt-new-repos trigger: event: include: - custom repo: include: - non-existent-repository branch: include: - non-existent-branch clone: disable: true steps: - name: Placeholder image: alpine:latest commands: - echo "This command, step, and pipeline never runs" image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/os_repos.go (main.(*OsPackageToolPipelineBuilder).buildBaseOsPackagePipeline) ################################################ kind: pipeline type: kubernetes name: publish-apt-new-repos trigger: event: include: - promote target: include: - production repo: include: - gravitational/teleport - gravitational/teleport-private workspace: path: /go clone: disable: true steps: - name: Verify build is tagged image: alpine:latest pull: if-not-exists commands: - '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?'' && exit 1)' - name: Check out code image: alpine/git:latest pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "${DRONE_TAG}" - name: Assume Download AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws depends_on: - Verify build is tagged - Check out code - name: Download artifacts for "${DRONE_TAG}" image: amazon/aws-cli commands: - mkdir -pv "$ARTIFACT_PATH" - rm -rf "$ARTIFACT_PATH"/* - if [ "${DRONE_REPO_PRIVATE}" = true ]; then ENT_FILTER="*ent"; fi - FILTER="$${ENT_FILTER}*.deb*" - aws s3 sync --no-progress --delete --exclude "*" --include "$FILTER" s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/ "$ARTIFACT_PATH" environment: ARTIFACT_PATH: /go/artifacts AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume Download AWS Role - Verify build is tagged - Check out code - name: Assume Upload AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: APT_REPO_NEW_AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: APT_REPO_NEW_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: APT_REPO_NEW_AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws depends_on: - Download artifacts for "${DRONE_TAG}" - Verify build is tagged - Check out code - name: Check if tag is prerelease image: golang:1.18-alpine commands: - apk add git - mkdir -pv "/tmp/repo" - cd "/tmp/repo" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "${DRONE_TAG}" - cd "/tmp/repo/build.assets/tooling" - go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> This is a prerelease, not continuing promotion for ${DRONE_TAG}' && exit 78) depends_on: - Assume Upload AWS Role - Verify build is tagged - Check out code - name: Publish debs to APT repos for "${DRONE_TAG}" image: golang:1.18-bullseye commands: - apt update - apt install -y aptly - mkdir -pv -m0700 "$GNUPGHOME" - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME - chown -R root:root "$GNUPGHOME" - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling" - export VERSION="${DRONE_TAG}" - export RELEASE_CHANNEL="stable" - go run ./cmd/build-os-package-repos apt -bucket "$REPO_S3_BUCKET" -local-bucket-path "$BUCKET_CACHE_PATH" -version-channel "$VERSION" -release-channel "$RELEASE_CHANNEL" -artifact-path "$ARTIFACT_PATH" -log-level 4 -aptly-root-dir "$APTLY_ROOT_DIR" environment: APTLY_ROOT_DIR: /mnt/aptly ARTIFACT_PATH: /go/artifacts AWS_REGION: us-west-2 BUCKET_CACHE_PATH: /tmp/bucket DEBIAN_FRONTEND: noninteractive GNUPGHOME: /tmpfs/gnupg GPG_RPM_SIGNING_ARCHIVE: from_secret: GPG_RPM_SIGNING_ARCHIVE REPO_S3_BUCKET: from_secret: APT_REPO_NEW_AWS_S3_BUCKET volumes: - name: apt-persistence path: /mnt - name: tmpfs path: /tmpfs - name: awsconfig path: /root/.aws depends_on: - Check if tag is prerelease - Verify build is tagged - Check out code volumes: - name: apt-persistence claim: name: drone-s3-aptrepo-pvc - name: tmpfs temp: medium: memory - name: awsconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/os_repos.go (main.buildNeverTriggerPipeline) ################################################ kind: pipeline type: kubernetes name: migrate-yum-new-repos trigger: event: include: - custom repo: include: - non-existent-repository branch: include: - non-existent-branch clone: disable: true steps: - name: Placeholder image: alpine:latest commands: - echo "This command, step, and pipeline never runs" image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/os_repos.go (main.(*OsPackageToolPipelineBuilder).buildBaseOsPackagePipeline) ################################################ kind: pipeline type: kubernetes name: publish-yum-new-repos trigger: event: include: - promote target: include: - production repo: include: - gravitational/teleport - gravitational/teleport-private workspace: path: /go clone: disable: true steps: - name: Verify build is tagged image: alpine:latest pull: if-not-exists commands: - '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?'' && exit 1)' - name: Check out code image: alpine/git:latest pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "${DRONE_TAG}" - name: Assume Download AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws depends_on: - Verify build is tagged - Check out code - name: Download artifacts for "${DRONE_TAG}" image: amazon/aws-cli commands: - mkdir -pv "$ARTIFACT_PATH" - rm -rf "$ARTIFACT_PATH"/* - if [ "${DRONE_REPO_PRIVATE}" = true ]; then ENT_FILTER="*ent"; fi - FILTER="$${ENT_FILTER}*.rpm*" - aws s3 sync --no-progress --delete --exclude "*" --include "$FILTER" s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/ "$ARTIFACT_PATH" environment: ARTIFACT_PATH: /go/artifacts AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume Download AWS Role - Verify build is tagged - Check out code - name: Assume Upload AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: YUM_REPO_NEW_AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: YUM_REPO_NEW_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: YUM_REPO_NEW_AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws depends_on: - Download artifacts for "${DRONE_TAG}" - Verify build is tagged - Check out code - name: Check if tag is prerelease image: golang:1.18-alpine commands: - apk add git - mkdir -pv "/tmp/repo" - cd "/tmp/repo" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "${DRONE_TAG}" - cd "/tmp/repo/build.assets/tooling" - go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> This is a prerelease, not continuing promotion for ${DRONE_TAG}' && exit 78) depends_on: - Assume Upload AWS Role - Verify build is tagged - Check out code - name: Publish rpms to YUM repos for "${DRONE_TAG}" image: golang:1.18-bullseye commands: - apt update - apt install -y createrepo-c - mkdir -pv "$CACHE_DIR" - mkdir -pv -m0700 "$GNUPGHOME" - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME - chown -R root:root "$GNUPGHOME" - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling" - export VERSION="${DRONE_TAG}" - export RELEASE_CHANNEL="stable" - go run ./cmd/build-os-package-repos yum -bucket "$REPO_S3_BUCKET" -local-bucket-path "$BUCKET_CACHE_PATH" -version-channel "$VERSION" -release-channel "$RELEASE_CHANNEL" -artifact-path "$ARTIFACT_PATH" -log-level 4 -cache-dir "$CACHE_DIR" environment: ARTIFACT_PATH: /go/artifacts AWS_REGION: us-west-2 BUCKET_CACHE_PATH: /mnt/bucket CACHE_DIR: /mnt/createrepo_cache DEBIAN_FRONTEND: noninteractive GNUPGHOME: /tmpfs/gnupg GPG_RPM_SIGNING_ARCHIVE: from_secret: GPG_RPM_SIGNING_ARCHIVE REPO_S3_BUCKET: from_secret: YUM_REPO_NEW_AWS_S3_BUCKET volumes: - name: yum-persistence path: /mnt - name: tmpfs path: /tmpfs - name: awsconfig path: /root/.aws depends_on: - Check if tag is prerelease - Verify build is tagged - Check out code volumes: - name: yum-persistence claim: name: drone-s3-yumrepo-pvc - name: tmpfs temp: medium: memory - name: awsconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- kind: pipeline type: kubernetes name: promote-build trigger: event: - promote target: - production repo: include: - gravitational/* workspace: path: /go clone: disable: true steps: - name: Check if commit is tagged image: alpine commands: - "[ -n ${DRONE_TAG} ] || (echo 'DRONE_TAG is not set. Is the commit tagged?' && exit 1)" - name: Assume Download AWS Role image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY AWS_ROLE: from_secret: AWS_ROLE volumes: - name: awsconfig path: /root/.aws - name: Download artifacts from S3 image: amazon/aws-cli commands: - mkdir -p /go/artifacts - aws s3 sync s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/ /go/artifacts/ environment: AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_REGION: us-west-2 volumes: - name: awsconfig path: /root/.aws - name: Assume Upload AWS Role image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY AWS_ROLE: from_secret: PRODUCTION_AWS_ROLE volumes: - name: awsconfig path: /root/.aws - name: Upload artifacts to production S3 image: amazon/aws-cli environment: AWS_REGION: us-east-1 AWS_S3_BUCKET: from_secret: PRODUCTION_AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws commands: - cd /go/artifacts/ - aws s3 sync --acl public-read . s3://$AWS_S3_BUCKET/teleport/${DRONE_TAG##v} - name: Check out code image: docker:git commands: - | mkdir -p /go/src/github.com/gravitational/teleport cd /go/src/github.com/gravitational/teleport git init && git remote add origin ${DRONE_REMOTE_URL} git fetch origin +refs/tags/${DRONE_TAG}: git checkout -qf FETCH_HEAD - name: Assume AMI Download AWS Role image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY AWS_ROLE: from_secret: AWS_ROLE volumes: - name: awsconfig path: /root/.aws - name: Download AMI timestamps image: amazon/aws-cli environment: AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws commands: - mkdir -p /go/src/github.com/gravitational/teleport/assets/aws/files/build - aws s3 sync s3://$AWS_S3_BUCKET/teleport/ami/${DRONE_TAG##v}/ /go/src/github.com/gravitational/teleport/assets/aws/files/build - name: Assume AMI Publish AWS Role image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY AWS_ROLE: from_secret: PRODUCTION_AWS_ROLE volumes: - name: awsconfig path: /root/.aws - name: Make AMIs public image: docker volumes: - name: awsconfig path: /root/.aws commands: - apk add --no-cache aws-cli bash jq make - cd /go/src/github.com/gravitational/teleport/assets/aws - | make change-amis-to-public-oss make change-amis-to-public-ent make change-amis-to-public-ent-fips - name: "Helm: Assume Download AWS Role" image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY AWS_ROLE: from_secret: PRODUCTION_CHARTS_AWS_ROLE volumes: - name: awsconfig path: /root/.aws # Download all previously packaged charts. This is needed to rebuild the # index and re-publish the repository. - name: "Helm: Download chart repository" image: amazon/aws-cli environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws commands: - mkdir -p /go/chart - aws s3 sync s3://$AWS_S3_BUCKET/ /go/chart - name: "Helm: Package chart repository" image: alpine/helm:latest commands: - cd /go/chart - helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-cluster - helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-kube-agent # copy index.html to root of the S3 bucket. - cp /go/src/github.com/gravitational/teleport/examples/chart/index.html /go/chart # this will index all previous versions of the charts downloaded from the S3 bucket, # plus the just-packaged charts listed above - helm repo index /go/chart - ls /go/chart - name: "Helm: Assume Upload AWS Role" image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY AWS_ROLE: from_secret: PRODUCTION_CHARTS_AWS_ROLE volumes: - name: awsconfig path: /root/.aws - name: "Helm: Publish chart repository to S3" image: amazon/aws-cli environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws commands: - cd /go/chart/ - aws s3 sync . s3://$AWS_S3_BUCKET/ # NOTE: all mandatory steps for a release promotion need to go BEFORE this # step, as there is a chance that everything afterwards will be skipped. # # this step exits early and skips all remaining steps in the pipeline if the # tag looks like a pre-release, to avoid pushing pre-release RPMs and DEBs to # our yum / apt repos. - name: Check if repo is public image: alpine commands: - if [ "${DRONE_REPO}" != "gravitational/teleport" ]; then echo "---> Not publishing ${DRONE_REPO} packages to RPM and DEB repos" && exit 78; fi - name: Check if tag is prerelease image: golang:1.17-alpine commands: - cd /go/src/github.com/gravitational/teleport/build.assets/tooling - go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> Not publishing ${DRONE_TAG} packages to RPM and DEB repos' && exit 78) - name: Assume RPM Repo AWS Role image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: RPMREPO_AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: RPMREPO_AWS_SECRET_ACCESS_KEY AWS_ROLE: from_secret: RPMREPO_AWS_ROLE volumes: - name: awsconfig path: /root/.aws - name: Download RPM repo contents image: amazon/aws-cli environment: AWS_S3_BUCKET: from_secret: RPMREPO_AWS_S3_BUCKET volumes: - name: rpmrepo path: /rpmrepo - name: awsconfig path: /root/.aws commands: - mkdir -p /rpmrepo/teleport/cache # we explicitly want to delete anything present locally which has been deleted # from the upstream S3 bucket - aws s3 sync s3://$AWS_S3_BUCKET/teleport/ /rpmrepo/teleport/ --delete - mkdir -p /rpmrepo/teleport/${DRONE_TAG##v} - cp -a /go/artifacts/*.rpm /rpmrepo/teleport/${DRONE_TAG##v}/ # we do this using a CentOS 7 container to make sure that the repo files are # compatible with older versions, also there's no createrepo package in alpine main - name: Regenerate RPM repo metadata image: centos:7 volumes: - name: rpmrepo path: /rpmrepo commands: - yum -y install createrepo - createrepo --cachedir /rpmrepo/teleport/cache --update /rpmrepo/teleport # This step requires centos:8 to get gpg 2.2+ # centos:7's gpg 2.0 doesn't understand the format of GPG_RPM_SIGNING_ARCHIVE - name: Sign RPM repo metadata image: centos:8 volumes: - name: rpmrepo path: /rpmrepo # for in-memory tmpfs for key material - name: tmpfs path: /tmpfs environment: GNUPGHOME: /tmpfs/gnupg GPG_RPM_SIGNING_ARCHIVE: from_secret: GPG_RPM_SIGNING_ARCHIVE commands: - | # extract signing key mkdir -m0700 $GNUPGHOME echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME chown -R root:root $GNUPGHOME # Sign rpm repo metadata (yum clients will automatically look for and verify repodata/repomd.xml.asc) - gpg --batch --yes --detach-sign --armor /rpmrepo/teleport/repodata/repomd.xml - cat /rpmrepo/teleport/repodata/repomd.xml.asc - rm -rf $GNUPGHOME - name: Sync RPM repo changes to S3 image: amazon/aws-cli environment: AWS_S3_BUCKET: from_secret: RPMREPO_AWS_S3_BUCKET volumes: - name: rpmrepo path: /rpmrepo - name: awsconfig path: /root/.aws commands: - aws s3 sync /rpmrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/ # This step skips all remaining steps in the pipeline if the tag # is not the highest semver *ever* released, to avoid publishing DEBs # that would cause apt users to downgrade. For more info see: # https://github.com/gravitational/teleport/issues/8166 - name: Check if tag is latest image: golang:1.17-alpine commands: - cd /go/src/github.com/gravitational/teleport/build.assets/tooling - go run ./cmd/check -tag ${DRONE_TAG} -check latest || (echo '---> Not publishing ${DRONE_REPO} packages to DEB repo' && exit 78) - name: Assume Deb Repo AWS Role image: amazon/aws-cli commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: DEBREPO_AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: DEBREPO_AWS_SECRET_ACCESS_KEY AWS_ROLE: from_secret: DEBREPO_AWS_ROLE volumes: - name: awsconfig path: /root/.aws - name: Download DEB repo contents image: amazon/aws-cli environment: AWS_S3_BUCKET: from_secret: DEBREPO_AWS_S3_BUCKET volumes: - name: debrepo path: /debrepo - name: awsconfig path: /root/.aws commands: # we explicitly want to delete anything present locally which has been deleted # from the upstream S3 bucket - mkdir -p /debrepo/teleport - aws s3 sync s3://$AWS_S3_BUCKET/teleport /debrepo/teleport --delete - name: Build DEB repo image: ubuntu:20.04 environment: DEBIAN_FRONTEND: noninteractive GNUPGHOME: /tmpfs/gnupg GPG_RPM_SIGNING_ARCHIVE: from_secret: GPG_RPM_SIGNING_ARCHIVE volumes: - name: dockersock path: /var/run - name: debrepo path: /debrepo # for in-memory tmpfs for key material - name: tmpfs path: /tmpfs commands: - | # install needed tools apt-get -y update && apt-get -y install curl gzip gnupg2 reprepro tar - | # write config files mkdir -p /go/reprepro/teleport/conf /go/reprepro/teleport/public # we have to keep listing "arm" even though it's not a real debian arch # because we have released packages for it that are currently in the # repo bucket, and reprepro will error out if it's told to includedeb a # package for an architecture that's not in its configuration cat << EOF > /go/reprepro/teleport/conf/distributions Origin: teleport Label: teleport Codename: stable Architectures: i386 amd64 arm armhf arm64 Components: main Description: apt repository for teleport SignWith: 6282C411 EOF cat << EOF > /go/reprepro/teleport/conf/options verbose basedir /go/reprepro/teleport EOF - | # extract signing key mkdir -m0700 $GNUPGHOME echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME chown -R root:root $GNUPGHOME - | # create repo cd /go/reprepro/teleport reprepro --outdir /go/reprepro/teleport/public includedeb stable /go/artifacts/teleport*.deb - | # clean up gnupg rm -rf $GNUPGHOME - | # copy artifacts to PVC cp -r /go/reprepro/teleport /debrepo/ - name: Sync DEB repo changes to S3 image: amazon/aws-cli environment: AWS_S3_BUCKET: from_secret: DEBREPO_AWS_S3_BUCKET volumes: - name: debrepo path: /debrepo - name: awsconfig path: /root/.aws commands: - aws s3 sync /debrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/ services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run - name: tmpfs path: /tmpfs volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: tmpfs temp: medium: memory # these persistent volumes cache RPMs/DEBs near Drone so that we don't need to download the # entire repo contents from S3 every time to build the repo, we just sync any differences - name: rpmrepo claim: name: drone-s3-rpmrepo-pvc - name: debrepo claim: name: drone-s3-debrepo-pvc --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/gha.go (main.ghaBuildPipeline) ################################################ kind: pipeline type: kubernetes name: promote-teleport-oci-distroless-images trigger: event: include: - promote target: include: - production - promote-distroless repo: include: - gravitational/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "${DRONE_COMMIT_SHA}" - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - mkdir -pv /go/cache - rm -f /root/.ssh/id_rsa environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Delegate build to GitHub image: golang:1.18-alpine pull: if-not-exists commands: - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling" - 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e -tag-workflow -timeout 1h0m0s -workflow promote-teleport-oci-distroless.yml -workflow-ref=${DRONE_TAG} -input "release-source-tag=${DRONE_TAG}" ' environment: GHA_APP_KEY: from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/gha.go (main.ghaBuildPipeline) ################################################ kind: pipeline type: kubernetes name: promote-teleport-kube-agent-updater-oci-images trigger: event: include: - promote target: include: - production - promote-updater repo: include: - gravitational/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "${DRONE_COMMIT_SHA}" - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - mkdir -pv /go/cache - rm -f /root/.ssh/id_rsa environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Delegate build to GitHub image: golang:1.18-alpine pull: if-not-exists commands: - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling" - 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e -tag-workflow -timeout 1h0m0s -workflow promote-teleport-kube-agent-updater-oci.yml -workflow-ref=${DRONE_TAG} -input "release-source-tag=${DRONE_TAG}" ' environment: GHA_APP_KEY: from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/mac.go (main.newDarwinPipeline) ################################################ kind: pipeline type: exec name: build-darwin-amd64-connect trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /tmp/build-darwin-amd64-connect platform: os: darwin arch: amd64 clone: disable: true depends_on: - build-darwin-amd64-pkg-tsh concurrency: limit: 1 steps: - name: Set up exec runner storage commands: - set -u - mkdir -p $WORKSPACE_DIR - chmod -R u+rw $WORKSPACE_DIR - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh environment: WORKSPACE_DIR: /tmp/build-darwin-amd64-connect - name: Check out code commands: - set -u - mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa && chmod 600 $WORKSPACE_DIR/.ssh/id_rsa - ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null - chmod 600 $WORKSPACE_DIR/.ssh/known_hosts - GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts -F /dev/null' git submodule update --init e - rm -rf $WORKSPACE_DIR/.ssh - mkdir -p $WORKSPACE_DIR/go/cache - mkdir -p $WORKSPACE_DIR/go/artifacts - echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt - cat $WORKSPACE_DIR/go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-connect - name: Install Node Toolchain commands: - set -u - export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets print-node-version) - export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains - export NODE_DIR=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64 - mkdir -p $TOOLCHAIN_DIR - curl --silent -O https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-darwin-x64.tar.gz - tar -C $TOOLCHAIN_DIR -xzf node-v$NODE_VERSION-darwin-x64.tar.gz - rm -f node-v$NODE_VERSION-darwin-x64.tar.gz - export PATH=$NODE_DIR/bin:$PATH - corepack enable yarn - echo Node reporting version $(node --version) - echo Yarn reporting version $(yarn --version) environment: WORKSPACE_DIR: /tmp/build-darwin-amd64-connect - name: Assume AWS Role commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /tmp/build-darwin-amd64-connect/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-connect/credentials - name: Download tsh.pkg artifact from S3 commands: - set -u - export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt) - export S3_PATH="tag/$${DRONE_TAG##v}/" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}tsh-$${VERSION}.pkg $WORKSPACE_DIR/go/src/github.com/gravitational/ environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-connect/credentials GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-connect - name: Build Mac artifacts (Teleport Connect) commands: - set -u - export HOME=/Users/$(whoami) - export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains - export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets print-node-version) - export NODE_HOME=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64 - export PATH=$NODE_HOME/bin:$PATH - export VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport print-version) - export BUILD_NUMBER=$DRONE_BUILD_NUMBER - security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain - security find-identity -v - export CSC_NAME=0FFD3E3413AB4C599C53FBB1D8CA690915E33D83 - cd $WORKSPACE_DIR/go/src/github.com/gravitational - pkgutil --expand-full tsh-$${VERSION}.pkg tsh - export CONNECT_TSH_APP_PATH=$WORKSPACE_DIR/go/src/github.com/gravitational/tsh/Payload/tsh.app - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - yarn install && yarn build-term && yarn package-term -c.extraMetadata.version=$VERSION environment: APPLE_PASSWORD: from_secret: APPLE_PASSWORD APPLE_USERNAME: from_secret: APPLE_USERNAME ARCH: amd64 BUILDBOX_PASSWORD: from_secret: BUILDBOX_PASSWORD GOCACHE: /tmp/build-darwin-amd64-connect/go/cache GOPATH: /tmp/build-darwin-amd64-connect/go OS: darwin WORKSPACE_DIR: /tmp/build-darwin-amd64-connect - name: Copy dmg artifact commands: - set -u - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/web/packages/teleterm/build/release - cp *.dmg $WORKSPACE_DIR/go/artifacts - cd $WORKSPACE_DIR/go/artifacts && for FILE in *.dmg; do shasum -a 256 "$FILE" > "$FILE.sha256"; done && ls -l environment: WORKSPACE_DIR: /tmp/build-darwin-amd64-connect - name: Upload to S3 commands: - set -u - cd $WORKSPACE_DIR/go/artifacts - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-connect/credentials WORKSPACE_DIR: /tmp/build-darwin-amd64-connect - name: Register artifact commands: - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - which curl || apk add --no-cache curl - |- cd "$WORKSPACE_DIR/go/artifacts" find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do # Skip files that are not results of this build # (e.g. tarballs from which OS packages are made) [ -f "$file.sha256" ] || continue name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z description="MacOS Intel" products="$name" if [ "$name" = "tsh" ]; then products="teleport teleport-ent" elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then description="Teleport Connect" products="teleport teleport-ent" fi shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" release_params="" # List of "-F releaseId=XXX" parameters to curl for product in $products; do status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then echo "curl HTTP status: $status_code" cat $WORKSPACE_DIR/curl_out.txt exit 1 fi release_params="$release_params -F releaseId=$product@$VERSION" done curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done environment: RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-connect - name: Clean up toolchains (post) commands: - set -u - rm -rf /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED environment: WORKSPACE_DIR: /tmp/build-darwin-amd64-connect when: status: - success - failure - name: Clean up exec runner storage (post) commands: - set -u - chmod -R u+rw $WORKSPACE_DIR - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh environment: WORKSPACE_DIR: /tmp/build-darwin-amd64-connect --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline) ################################################ kind: pipeline type: kubernetes name: teleport-container-images-branch-tag environment: DEBIAN_FRONTEND: noninteractive trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - clean-up-previous-build steps: - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Wait for docker registry image: alpine pull: if-not-exists commands: - apk add curl - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" != "200" ]; do sleep 1; done' - name: Check out code image: alpine/git:latest pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "$DRONE_TAG" - name: Build full semver image: alpine commands: - mkdir -pv $(dirname "/go/var/full-version") - echo $DRONE_TAG | sed 's/v//' > "/go/var/full-version" - echo $(cat "/go/var/full-version") - name: Assume ECR - staging AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile ecr-staging environment: AWS_ACCESS_KEY_ID: from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY AWS_ROLE: from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET volumes: - name: awsconfig path: /root/.aws - name: Assume ECR - authenticated-pull AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile ecr-authenticated-pull environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY AWS_ROLE: from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume ECR - staging AWS Role - name: Assume S3 Download AWS Role for teleport image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile s3-download-teleport environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws depends_on: - Wait for docker - Wait for docker registry - Check out code - Build full semver - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport image: alpine/git:latest commands: - mkdir -pv "/tmp/repo" - cd "/tmp/repo" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "$DRONE_TAG" - mkdir -pv $(dirname "/go/build/Dockerfile-teleport") - cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport" depends_on: - Wait for docker - Wait for docker registry - Check out code - Build full semver - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - name: Download "teleport_v13-tag_amd64.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat "/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb environment: AWS_PROFILE: s3-download-teleport AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport - name: Build teleport image "teleport:v13-amd64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-v13-amd64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v13-amd64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-v13-amd64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-v13-amd64-builder" --config "/tmp/teleport-v13-amd64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v13-amd64-builder" --target "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-v13-amd64-builder" - rm -rf "/tmp/teleport-v13-amd64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport_v13-tag_amd64.deb" artifacts from S3 - name: Download "teleport_v13-tag_arm.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat "/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb environment: AWS_PROFILE: s3-download-teleport AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport - name: Build teleport image "teleport:v13-arm" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-v13-arm-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v13-arm-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-v13-arm-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-v13-arm-builder" --config "/tmp/teleport-v13-arm-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v13-arm-builder" --target "teleport" --platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-v13-arm-builder" - rm -rf "/tmp/teleport-v13-arm-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport_v13-tag_arm.deb" artifacts from S3 - name: Download "teleport_v13-tag_arm64.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat "/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb environment: AWS_PROFILE: s3-download-teleport AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport - name: Build teleport image "teleport:v13-arm64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-v13-arm64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v13-arm64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-v13-arm64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-v13-arm64-builder" --config "/tmp/teleport-v13-arm64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v13-arm64-builder" --target "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-v13-arm64-builder" - rm -rf "/tmp/teleport-v13-arm64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport_v13-tag_arm64.deb" artifacts from S3 - name: Tag and push image "teleport:v13-amd64" to ECR - staging image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-amd64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v13-amd64" - name: Tag and push image "teleport:v13-arm" to ECR - staging image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v13-arm" - name: Tag and push image "teleport:v13-arm64" to ECR - staging image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v13-arm64" - name: Create manifest and push "teleport:full" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version") --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v13-amd64" to ECR - staging - Tag and push image "teleport:v13-arm" to ECR - staging - Tag and push image "teleport:v13-arm64" to ECR - staging - name: Assume S3 Download AWS Role for teleport-ent image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile s3-download-teleport-ent environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws depends_on: - Wait for docker - Wait for docker registry - Check out code - Build full semver - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent image: alpine/git:latest commands: - mkdir -pv "/tmp/repo" - cd "/tmp/repo" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "$DRONE_TAG" - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent") - cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport-ent" depends_on: - Wait for docker - Wait for docker registry - Check out code - Build full semver - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - name: Download "teleport-ent_v13-tag_amd64.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb environment: AWS_PROFILE: s3-download-teleport-ent AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport-ent - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent - name: Build teleport-ent image "teleport-ent:v13-amd64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-ent-v13-amd64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v13-amd64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-ent-v13-amd64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-ent-v13-amd64-builder" --config "/tmp/teleport-ent-v13-amd64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v13-amd64-builder" --target "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-ent-v13-amd64-builder" - rm -rf "/tmp/teleport-ent-v13-amd64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport-ent_v13-tag_amd64.deb" artifacts from S3 - name: Download "teleport-ent_v13-tag_arm.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat "/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb environment: AWS_PROFILE: s3-download-teleport-ent AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport-ent - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent - name: Build teleport-ent image "teleport-ent:v13-arm" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-ent-v13-arm-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v13-arm-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-ent-v13-arm-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-ent-v13-arm-builder" --config "/tmp/teleport-ent-v13-arm-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v13-arm-builder" --target "teleport" --platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-ent-v13-arm-builder" - rm -rf "/tmp/teleport-ent-v13-arm-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport-ent_v13-tag_arm.deb" artifacts from S3 - name: Download "teleport-ent_v13-tag_arm64.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb environment: AWS_PROFILE: s3-download-teleport-ent AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport-ent - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent - name: Build teleport-ent image "teleport-ent:v13-arm64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-ent-v13-arm64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v13-arm64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-ent-v13-arm64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-ent-v13-arm64-builder" --config "/tmp/teleport-ent-v13-arm64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v13-arm64-builder" --target "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-ent-v13-arm64-builder" - rm -rf "/tmp/teleport-ent-v13-arm64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport-ent_v13-tag_arm64.deb" artifacts from S3 - name: Tag and push image "teleport-ent:v13-amd64" to ECR - staging image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v13-amd64" - name: Tag and push image "teleport-ent:v13-arm" to ECR - staging image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v13-arm" - name: Tag and push image "teleport-ent:v13-arm64" to ECR - staging image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v13-arm64" - name: Create manifest and push "teleport-ent:full" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v13-amd64" to ECR - staging - Tag and push image "teleport-ent:v13-arm" to ECR - staging - Tag and push image "teleport-ent:v13-arm64" to ECR - staging - name: Assume S3 Download AWS Role for teleport-ent-fips image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile s3-download-teleport-ent-fips environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws depends_on: - Wait for docker - Wait for docker registry - Check out code - Build full semver - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips image: alpine/git:latest commands: - mkdir -pv "/tmp/repo" - cd "/tmp/repo" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "$DRONE_TAG" - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips") - cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport-ent-fips" depends_on: - Wait for docker - Wait for docker registry - Check out code - Build full semver - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - name: Download "teleport-ent_v13-tag-fips_amd64.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb environment: AWS_PROFILE: s3-download-teleport-ent-fips AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport-ent-fips - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips - name: Build teleport-ent-fips image "teleport-ent:v13-fips-amd64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-ent-v13-fips-amd64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v13-fips-amd64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-ent-v13-fips-amd64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-ent-v13-fips-amd64-builder" --config "/tmp/teleport-ent-v13-fips-amd64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v13-fips-amd64-builder" --target "teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips" --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-ent-v13-fips-amd64-builder" - rm -rf "/tmp/teleport-ent-v13-fips-amd64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport-ent_v13-tag-fips_amd64.deb" artifacts from S3 - name: Tag and push image "teleport-ent:v13-fips-amd64" to ECR - staging image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent-fips image "teleport-ent:v13-fips-amd64" - name: Create manifest and push "teleport-ent:full-fips" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v13-fips-amd64" to ECR - staging - name: Build teleport-operator image "teleport-operator:v13-amd64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - mkdir -pv "/tmp/teleport-operator-v13-amd64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v13-amd64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-operator-v13-amd64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-operator-v13-amd64-builder" --config "/tmp/teleport-operator-v13-amd64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v13-amd64-builder" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 --file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile" --build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport13 --build-arg COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport - docker logout "public.ecr.aws" - docker buildx rm "teleport-operator-v13-amd64-builder" - rm -rf "/tmp/teleport-operator-v13-amd64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Wait for docker - Wait for docker registry - Check out code - Build full semver - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - name: Build teleport-operator image "teleport-operator:v13-arm" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - mkdir -pv "/tmp/teleport-operator-v13-arm-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v13-arm-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-operator-v13-arm-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-operator-v13-arm-builder" --config "/tmp/teleport-operator-v13-arm-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v13-arm-builder" --platform "linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm --file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile" --build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport13 --build-arg COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport - docker logout "public.ecr.aws" - docker buildx rm "teleport-operator-v13-arm-builder" - rm -rf "/tmp/teleport-operator-v13-arm-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Wait for docker - Wait for docker registry - Check out code - Build full semver - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - name: Build teleport-operator image "teleport-operator:v13-arm64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - mkdir -pv "/tmp/teleport-operator-v13-arm64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v13-arm64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-operator-v13-arm64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-operator-v13-arm64-builder" --config "/tmp/teleport-operator-v13-arm64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v13-arm64-builder" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 --file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile" --build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport13 --build-arg COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport - docker logout "public.ecr.aws" - docker buildx rm "teleport-operator-v13-arm64-builder" - rm -rf "/tmp/teleport-operator-v13-arm64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Wait for docker - Wait for docker registry - Check out code - Build full semver - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - name: Tag and push image "teleport-operator:v13-amd64" to ECR - staging image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v13-amd64" - name: Tag and push image "teleport-operator:v13-arm" to ECR - staging image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v13-arm" - name: Tag and push image "teleport-operator:v13-arm64" to ECR - staging image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v13-arm64" - name: Create manifest and push "teleport-operator:full" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v13-amd64" to ECR - staging - Tag and push image "teleport-operator:v13-arm" to ECR - staging - Tag and push image "teleport-operator:v13-arm64" to ECR - staging services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run - name: drone-docker-registry image: registry:2 privileged: false volumes: [] volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/gha.go (main.ghaBuildPipeline) ################################################ kind: pipeline type: kubernetes name: build-teleport-oci-distroless-images trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - clean-up-previous-build - build-linux-amd64-deb - build-linux-arm64-deb steps: - name: Check out code image: docker:git pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "${DRONE_COMMIT_SHA}" - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - mkdir -pv /go/cache - rm -f /root/.ssh/id_rsa environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Delegate build to GitHub image: golang:1.18-alpine pull: if-not-exists commands: - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling" - 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e -tag-workflow -timeout 1h0m0s -workflow release-teleport-oci-distroless.yml -workflow-ref=${DRONE_TAG} -input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_TAG} ' environment: GHA_APP_KEY: from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/gha.go (main.ghaBuildPipeline) ################################################ kind: pipeline type: kubernetes name: build-teleport-kube-agent-updater-oci-images trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "${DRONE_COMMIT_SHA}" - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - mkdir -pv /go/cache - rm -f /root/.ssh/id_rsa environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Delegate build to GitHub image: golang:1.18-alpine pull: if-not-exists commands: - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling" - 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e -tag-workflow -timeout 1h0m0s -workflow release-teleport-kube-agent-udpater-oci.yml -workflow-ref=${DRONE_TAG} -input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_TAG} ' environment: GHA_APP_KEY: from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline) ################################################ kind: pipeline type: kubernetes name: teleport-container-images-branch-promote environment: DEBIAN_FRONTEND: noninteractive trigger: event: include: - promote target: include: - production - promote-docker repo: include: - gravitational/* workspace: path: /go clone: disable: true steps: - name: Verify build is tagged image: alpine:latest pull: if-not-exists commands: - '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?'' && exit 1)' - name: Record if tag ($DRONE_TAG) is prerelease image: golang:1.18-alpine commands: - apk add git - mkdir -pv "/tmp/repo" - cd "/tmp/repo" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "${DRONE_TAG}" - mkdir -pv $(dirname "/go/vars/release-is-prerelease") - cd "/tmp/repo/build.assets/tooling" - go run ./cmd/check -tag $DRONE_TAG -check prerelease &> /dev/null || echo 'Version is a prerelease' > "/go/vars/release-is-prerelease" - printf 'Version is '; [ ! -f "/go/vars/release-is-prerelease" ] && printf 'not '; echo 'a prerelease' - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker depends_on: - Verify build is tagged - Record if tag ($DRONE_TAG) is prerelease - name: Wait for docker registry image: alpine pull: if-not-exists commands: - apk add curl - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" != "200" ]; do sleep 1; done' depends_on: - Verify build is tagged - Record if tag ($DRONE_TAG) is prerelease - name: Check out code image: alpine/git:latest pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "$DRONE_TAG" depends_on: - Verify build is tagged - Record if tag ($DRONE_TAG) is prerelease - name: Build major, minor, and full semvers image: alpine commands: - mkdir -pv $(dirname "/go/var/major-version") - echo $DRONE_TAG | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version" - echo $(cat "/go/var/major-version") - mkdir -pv $(dirname "/go/var/minor-version") - echo $DRONE_TAG | sed 's/v//' | cut -d'.' -f "1,2" > "/go/var/minor-version" - echo $(cat "/go/var/minor-version") - mkdir -pv $(dirname "/go/var/full-version") - echo $DRONE_TAG | sed 's/v//' > "/go/var/full-version" - echo $(cat "/go/var/full-version") depends_on: - Verify build is tagged - Record if tag ($DRONE_TAG) is prerelease - name: Assume ECR - staging AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile ecr-staging environment: AWS_ACCESS_KEY_ID: from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY AWS_ROLE: from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET volumes: - name: awsconfig path: /root/.aws depends_on: - Verify build is tagged - Record if tag ($DRONE_TAG) is prerelease - name: Assume ECR - production AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile ecr-production environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY AWS_ROLE: from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume ECR - staging AWS Role - Verify build is tagged - Record if tag ($DRONE_TAG) is prerelease - name: Pull teleport:v13-amd64 and push it to Local Registry image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-amd64 - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-amd64 drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 - docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Verify build is tagged - Record if tag ($DRONE_TAG) is prerelease - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - production AWS Role - name: Pull teleport:v13-arm and push it to Local Registry image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm - docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Verify build is tagged - Record if tag ($DRONE_TAG) is prerelease - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - production AWS Role - name: Pull teleport:v13-arm64 and push it to Local Registry image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm64 - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm64 drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 - docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Verify build is tagged - Record if tag ($DRONE_TAG) is prerelease - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - production AWS Role - name: Tag and push image "teleport:v13-amd64" to Quay image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Pull teleport:v13-amd64 and push it to Local Registry - name: Tag and push image "teleport:v13-arm" to Quay image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Pull teleport:v13-arm and push it to Local Registry - name: Tag and push image "teleport:v13-arm64" to Quay image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Pull teleport:v13-arm64 and push it to Local Registry - name: Create manifest and push "teleport:major" to Quay image: docker commands: - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not "; printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v13-amd64" to Quay - Tag and push image "teleport:v13-arm" to Quay - Tag and push image "teleport:v13-arm64" to Quay - name: Create manifest and push "teleport:minor" to Quay image: docker commands: - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not "; printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v13-amd64" to Quay - Tag and push image "teleport:v13-arm" to Quay - Tag and push image "teleport:v13-arm64" to Quay - name: Create manifest and push "teleport:full" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version")) - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v13-amd64" to Quay - Tag and push image "teleport:v13-arm" to Quay - Tag and push image "teleport:v13-arm64" to Quay - name: Tag and push image "teleport:v13-amd64" to ECR - production image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Pull teleport:v13-amd64 and push it to Local Registry - name: Tag and push image "teleport:v13-arm" to ECR - production image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Pull teleport:v13-arm and push it to Local Registry - name: Tag and push image "teleport:v13-arm64" to ECR - production image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Pull teleport:v13-arm64 and push it to Local Registry - name: Create manifest and push "teleport:major" to ECR - production image: docker commands: - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not "; printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v13-amd64" to ECR - production - Tag and push image "teleport:v13-arm" to ECR - production - Tag and push image "teleport:v13-arm64" to ECR - production - name: Create manifest and push "teleport:minor" to ECR - production image: docker commands: - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not "; printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v13-amd64" to ECR - production - Tag and push image "teleport:v13-arm" to ECR - production - Tag and push image "teleport:v13-arm64" to ECR - production - name: Create manifest and push "teleport:full" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")) - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v13-amd64" to ECR - production - Tag and push image "teleport:v13-arm" to ECR - production - Tag and push image "teleport:v13-arm64" to ECR - production - name: Pull teleport-ent:v13-amd64 and push it to Local Registry image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 - docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Verify build is tagged - Record if tag ($DRONE_TAG) is prerelease - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - production AWS Role - name: Pull teleport-ent:v13-arm and push it to Local Registry image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm - docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Verify build is tagged - Record if tag ($DRONE_TAG) is prerelease - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - production AWS Role - name: Pull teleport-ent:v13-arm64 and push it to Local Registry image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 - docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Verify build is tagged - Record if tag ($DRONE_TAG) is prerelease - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - production AWS Role - name: Tag and push image "teleport-ent:v13-amd64" to Quay image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Pull teleport-ent:v13-amd64 and push it to Local Registry - name: Tag and push image "teleport-ent:v13-arm" to Quay image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Pull teleport-ent:v13-arm and push it to Local Registry - name: Tag and push image "teleport-ent:v13-arm64" to Quay image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Pull teleport-ent:v13-arm64 and push it to Local Registry - name: Create manifest and push "teleport-ent:major" to Quay image: docker commands: - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not "; printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v13-amd64" to Quay - Tag and push image "teleport-ent:v13-arm" to Quay - Tag and push image "teleport-ent:v13-arm64" to Quay - name: Create manifest and push "teleport-ent:minor" to Quay image: docker commands: - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not "; printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v13-amd64" to Quay - Tag and push image "teleport-ent:v13-arm" to Quay - Tag and push image "teleport-ent:v13-arm64" to Quay - name: Create manifest and push "teleport-ent:full" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")) - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v13-amd64" to Quay - Tag and push image "teleport-ent:v13-arm" to Quay - Tag and push image "teleport-ent:v13-arm64" to Quay - name: Tag and push image "teleport-ent:v13-amd64" to ECR - production image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Pull teleport-ent:v13-amd64 and push it to Local Registry - name: Tag and push image "teleport-ent:v13-arm" to ECR - production image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Pull teleport-ent:v13-arm and push it to Local Registry - name: Tag and push image "teleport-ent:v13-arm64" to ECR - production image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Pull teleport-ent:v13-arm64 and push it to Local Registry - name: Create manifest and push "teleport-ent:major" to ECR - production image: docker commands: - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not "; printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v13-amd64" to ECR - production - Tag and push image "teleport-ent:v13-arm" to ECR - production - Tag and push image "teleport-ent:v13-arm64" to ECR - production - name: Create manifest and push "teleport-ent:minor" to ECR - production image: docker commands: - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not "; printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v13-amd64" to ECR - production - Tag and push image "teleport-ent:v13-arm" to ECR - production - Tag and push image "teleport-ent:v13-arm64" to ECR - production - name: Create manifest and push "teleport-ent:full" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")) - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v13-amd64" to ECR - production - Tag and push image "teleport-ent:v13-arm" to ECR - production - Tag and push image "teleport-ent:v13-arm64" to ECR - production - name: Pull teleport-ent:v13-fips-amd64 and push it to Local Registry image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Verify build is tagged - Record if tag ($DRONE_TAG) is prerelease - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - production AWS Role - name: Tag and push image "teleport-ent:v13-fips-amd64" to Quay image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Pull teleport-ent:v13-fips-amd64 and push it to Local Registry - name: Create manifest and push "teleport-ent:major-fips" to Quay image: docker commands: - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not "; printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v13-fips-amd64" to Quay - name: Create manifest and push "teleport-ent:minor-fips" to Quay image: docker commands: - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not "; printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v13-fips-amd64" to Quay - name: Create manifest and push "teleport-ent:full-fips" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v13-fips-amd64" to Quay - name: Tag and push image "teleport-ent:v13-fips-amd64" to ECR - production image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Pull teleport-ent:v13-fips-amd64 and push it to Local Registry - name: Create manifest and push "teleport-ent:major-fips" to ECR - production image: docker commands: - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not "; printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v13-fips-amd64" to ECR - production - name: Create manifest and push "teleport-ent:minor-fips" to ECR - production image: docker commands: - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not "; printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v13-fips-amd64" to ECR - production - name: Create manifest and push "teleport-ent:full-fips" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v13-fips-amd64" to ECR - production - name: Pull teleport-operator:v13-amd64 and push it to Local Registry image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Verify build is tagged - Record if tag ($DRONE_TAG) is prerelease - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - production AWS Role - name: Pull teleport-operator:v13-arm and push it to Local Registry image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Verify build is tagged - Record if tag ($DRONE_TAG) is prerelease - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - production AWS Role - name: Pull teleport-operator:v13-arm64 and push it to Local Registry image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" - docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Verify build is tagged - Record if tag ($DRONE_TAG) is prerelease - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - production AWS Role - name: Tag and push image "teleport-operator:v13-amd64" to Quay image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Pull teleport-operator:v13-amd64 and push it to Local Registry - name: Tag and push image "teleport-operator:v13-arm" to Quay image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Pull teleport-operator:v13-arm and push it to Local Registry - name: Tag and push image "teleport-operator:v13-arm64" to Quay image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Pull teleport-operator:v13-arm64 and push it to Local Registry - name: Create manifest and push "teleport-operator:major" to Quay image: docker commands: - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not "; printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v13-amd64" to Quay - Tag and push image "teleport-operator:v13-arm" to Quay - Tag and push image "teleport-operator:v13-arm64" to Quay - name: Create manifest and push "teleport-operator:minor" to Quay image: docker commands: - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not "; printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v13-amd64" to Quay - Tag and push image "teleport-operator:v13-arm" to Quay - Tag and push image "teleport-operator:v13-arm64" to Quay - name: Create manifest and push "teleport-operator:full" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")) - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v13-amd64" to Quay - Tag and push image "teleport-operator:v13-arm" to Quay - Tag and push image "teleport-operator:v13-arm64" to Quay - name: Tag and push image "teleport-operator:v13-amd64" to ECR - production image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Pull teleport-operator:v13-amd64 and push it to Local Registry - name: Tag and push image "teleport-operator:v13-arm" to ECR - production image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Pull teleport-operator:v13-arm and push it to Local Registry - name: Tag and push image "teleport-operator:v13-arm64" to ECR - production image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Pull teleport-operator:v13-arm64 and push it to Local Registry - name: Create manifest and push "teleport-operator:major" to ECR - production image: docker commands: - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not "; printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v13-amd64" to ECR - production - Tag and push image "teleport-operator:v13-arm" to ECR - production - Tag and push image "teleport-operator:v13-arm64" to ECR - production - name: Create manifest and push "teleport-operator:minor" to ECR - production image: docker commands: - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not "; printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease ] && echo "skipping" || echo "continuing" - '[ -f /go/vars/release-is-prerelease ] && exit 0' - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v13-amd64" to ECR - production - Tag and push image "teleport-operator:v13-arm" to ECR - production - Tag and push image "teleport-operator:v13-arm64" to ECR - production - name: Create manifest and push "teleport-operator:full" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")) - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v13-amd64" to ECR - production - Tag and push image "teleport-operator:v13-arm" to ECR - production - Tag and push image "teleport-operator:v13-arm64" to ECR - production services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run - name: drone-docker-registry image: registry:2 privileged: false volumes: [] volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline) ################################################ kind: pipeline type: kubernetes name: teleport-container-images-current-version-cron environment: DEBIAN_FRONTEND: noninteractive trigger: cron: include: - teleport-container-images-cron repo: include: - gravitational/teleport workspace: path: /go clone: disable: true steps: - name: Find the latest available semver for v12 image: golang:1.18 commands: - mkdir -pv "/tmp/teleport" - cd "/tmp/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "branch/v12" - mkdir -pv $(dirname "/go/vars/full-version-v12") - cd "/tmp/teleport/build.assets/tooling/cmd/query-latest" - go run . "v12" | sed 's/v//' > "/go/vars/full-version-v12" - echo Found full semver "$(cat "/go/vars/full-version-v12")" for major version "v12" - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker depends_on: - Find the latest available semver for v12 - name: Wait for docker registry image: alpine pull: if-not-exists commands: - apk add curl - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" != "200" ]; do sleep 1; done' depends_on: - Find the latest available semver for v12 - name: Check out code image: alpine/git:latest pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "v$(cat '/go/vars/full-version-v12')" depends_on: - Find the latest available semver for v12 - name: Build major, minor, and full semvers image: alpine commands: - mkdir -pv $(dirname "/go/var/major-version") - echo v$(cat '/go/vars/full-version-v12') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version" - echo $(cat "/go/var/major-version") - mkdir -pv $(dirname "/go/var/minor-version") - echo v$(cat '/go/vars/full-version-v12') | sed 's/v//' | cut -d'.' -f "1,2" > "/go/var/minor-version" - echo $(cat "/go/var/minor-version") - mkdir -pv $(dirname "/go/var/full-version") - echo v$(cat '/go/vars/full-version-v12') | sed 's/v//' > "/go/var/full-version" - echo $(cat "/go/var/full-version") depends_on: - Find the latest available semver for v12 - name: Assume ECR - staging AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile ecr-staging environment: AWS_ACCESS_KEY_ID: from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY AWS_ROLE: from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET volumes: - name: awsconfig path: /root/.aws depends_on: - Find the latest available semver for v12 - name: Assume ECR - authenticated-pull AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile ecr-authenticated-pull environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY AWS_ROLE: from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume ECR - staging AWS Role - Find the latest available semver for v12 - name: Assume ECR - production AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile ecr-production environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY AWS_ROLE: from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume ECR - authenticated-pull AWS Role - Find the latest available semver for v12 - name: Assume S3 Download AWS Role for teleport image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile s3-download-teleport environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws depends_on: - Find the latest available semver for v12 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport image: alpine/git:latest commands: - mkdir -pv "/tmp/repo" - cd "/tmp/repo" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "v$(cat '/go/vars/full-version-v12')" - mkdir -pv $(dirname "/go/build/Dockerfile-teleport") - cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport" depends_on: - Find the latest available semver for v12 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Download "teleport_v12-tag_amd64.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat "/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb environment: AWS_PROFILE: s3-download-teleport AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport - name: Build teleport image "teleport:v12-amd64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-v12-amd64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v12-amd64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-v12-amd64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-v12-amd64-builder" --config "/tmp/teleport-v12-amd64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v12-amd64-builder" --target "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-v12-amd64-builder" - rm -rf "/tmp/teleport-v12-amd64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport_v12-tag_amd64.deb" artifacts from S3 - name: Download "teleport_v12-tag_arm.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat "/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb environment: AWS_PROFILE: s3-download-teleport AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport - name: Build teleport image "teleport:v12-arm" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-v12-arm-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v12-arm-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-v12-arm-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-v12-arm-builder" --config "/tmp/teleport-v12-arm-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v12-arm-builder" --target "teleport" --platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-v12-arm-builder" - rm -rf "/tmp/teleport-v12-arm-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport_v12-tag_arm.deb" artifacts from S3 - name: Download "teleport_v12-tag_arm64.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat "/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb environment: AWS_PROFILE: s3-download-teleport AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport - name: Build teleport image "teleport:v12-arm64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-v12-arm64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v12-arm64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-v12-arm64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-v12-arm64-builder" --config "/tmp/teleport-v12-arm64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v12-arm64-builder" --target "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-v12-arm64-builder" - rm -rf "/tmp/teleport-v12-arm64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport_v12-tag_arm64.deb" artifacts from S3 - name: Tag and push image "teleport:v12-amd64" to ECR - staging image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v12-amd64" - name: Tag and push image "teleport:v12-arm" to ECR - staging image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v12-arm" - name: Tag and push image "teleport:v12-arm64" to ECR - staging image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v12-arm64" - name: Create manifest and push "teleport:major-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v12-amd64" to ECR - staging - Tag and push image "teleport:v12-arm" to ECR - staging - Tag and push image "teleport:v12-arm64" to ECR - staging - name: Create manifest and push "teleport:minor-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v12-amd64" to ECR - staging - Tag and push image "teleport:v12-arm" to ECR - staging - Tag and push image "teleport:v12-arm64" to ECR - staging - name: Create manifest and push "teleport:full-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v12-amd64" to ECR - staging - Tag and push image "teleport:v12-arm" to ECR - staging - Tag and push image "teleport:v12-arm64" to ECR - staging - name: Tag and push image "teleport:v12-amd64" to Quay image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v12-amd64" - name: Tag and push image "teleport:v12-arm" to Quay image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v12-arm" - name: Tag and push image "teleport:v12-arm64" to Quay image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v12-arm64" - name: Create manifest and push "teleport:major" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v12-amd64" to Quay - Tag and push image "teleport:v12-arm" to Quay - Tag and push image "teleport:v12-arm64" to Quay - name: Create manifest and push "teleport:minor" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v12-amd64" to Quay - Tag and push image "teleport:v12-arm" to Quay - Tag and push image "teleport:v12-arm64" to Quay - name: Create manifest and push "teleport:full" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version")) - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v12-amd64" to Quay - Tag and push image "teleport:v12-arm" to Quay - Tag and push image "teleport:v12-arm64" to Quay - name: Tag and push image "teleport:v12-amd64" to ECR - production image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v12-amd64" - name: Tag and push image "teleport:v12-arm" to ECR - production image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v12-arm" - name: Tag and push image "teleport:v12-arm64" to ECR - production image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v12-arm64" - name: Create manifest and push "teleport:major" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v12-amd64" to ECR - production - Tag and push image "teleport:v12-arm" to ECR - production - Tag and push image "teleport:v12-arm64" to ECR - production - name: Create manifest and push "teleport:minor" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v12-amd64" to ECR - production - Tag and push image "teleport:v12-arm" to ECR - production - Tag and push image "teleport:v12-arm64" to ECR - production - name: Create manifest and push "teleport:full" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")) - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v12-amd64" to ECR - production - Tag and push image "teleport:v12-arm" to ECR - production - Tag and push image "teleport:v12-arm64" to ECR - production - name: Assume S3 Download AWS Role for teleport-ent image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile s3-download-teleport-ent environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws depends_on: - Find the latest available semver for v12 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent image: alpine/git:latest commands: - mkdir -pv "/tmp/repo" - cd "/tmp/repo" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "v$(cat '/go/vars/full-version-v12')" - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent") - cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport-ent" depends_on: - Find the latest available semver for v12 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Download "teleport-ent_v12-tag_amd64.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb environment: AWS_PROFILE: s3-download-teleport-ent AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport-ent - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent - name: Build teleport-ent image "teleport-ent:v12-amd64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-ent-v12-amd64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v12-amd64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-ent-v12-amd64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-ent-v12-amd64-builder" --config "/tmp/teleport-ent-v12-amd64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v12-amd64-builder" --target "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-ent-v12-amd64-builder" - rm -rf "/tmp/teleport-ent-v12-amd64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport-ent_v12-tag_amd64.deb" artifacts from S3 - name: Download "teleport-ent_v12-tag_arm.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat "/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb environment: AWS_PROFILE: s3-download-teleport-ent AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport-ent - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent - name: Build teleport-ent image "teleport-ent:v12-arm" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-ent-v12-arm-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v12-arm-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-ent-v12-arm-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-ent-v12-arm-builder" --config "/tmp/teleport-ent-v12-arm-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v12-arm-builder" --target "teleport" --platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-ent-v12-arm-builder" - rm -rf "/tmp/teleport-ent-v12-arm-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport-ent_v12-tag_arm.deb" artifacts from S3 - name: Download "teleport-ent_v12-tag_arm64.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb environment: AWS_PROFILE: s3-download-teleport-ent AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport-ent - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent - name: Build teleport-ent image "teleport-ent:v12-arm64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-ent-v12-arm64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v12-arm64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-ent-v12-arm64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-ent-v12-arm64-builder" --config "/tmp/teleport-ent-v12-arm64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v12-arm64-builder" --target "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-ent-v12-arm64-builder" - rm -rf "/tmp/teleport-ent-v12-arm64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport-ent_v12-tag_arm64.deb" artifacts from S3 - name: Tag and push image "teleport-ent:v12-amd64" to ECR - staging image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v12-amd64" - name: Tag and push image "teleport-ent:v12-arm" to ECR - staging image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v12-arm" - name: Tag and push image "teleport-ent:v12-arm64" to ECR - staging image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v12-arm64" - name: Create manifest and push "teleport-ent:major-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v12-amd64" to ECR - staging - Tag and push image "teleport-ent:v12-arm" to ECR - staging - Tag and push image "teleport-ent:v12-arm64" to ECR - staging - name: Create manifest and push "teleport-ent:minor-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v12-amd64" to ECR - staging - Tag and push image "teleport-ent:v12-arm" to ECR - staging - Tag and push image "teleport-ent:v12-arm64" to ECR - staging - name: Create manifest and push "teleport-ent:full-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v12-amd64" to ECR - staging - Tag and push image "teleport-ent:v12-arm" to ECR - staging - Tag and push image "teleport-ent:v12-arm64" to ECR - staging - name: Tag and push image "teleport-ent:v12-amd64" to Quay image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v12-amd64" - name: Tag and push image "teleport-ent:v12-arm" to Quay image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v12-arm" - name: Tag and push image "teleport-ent:v12-arm64" to Quay image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v12-arm64" - name: Create manifest and push "teleport-ent:major" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v12-amd64" to Quay - Tag and push image "teleport-ent:v12-arm" to Quay - Tag and push image "teleport-ent:v12-arm64" to Quay - name: Create manifest and push "teleport-ent:minor" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v12-amd64" to Quay - Tag and push image "teleport-ent:v12-arm" to Quay - Tag and push image "teleport-ent:v12-arm64" to Quay - name: Create manifest and push "teleport-ent:full" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")) - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v12-amd64" to Quay - Tag and push image "teleport-ent:v12-arm" to Quay - Tag and push image "teleport-ent:v12-arm64" to Quay - name: Tag and push image "teleport-ent:v12-amd64" to ECR - production image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v12-amd64" - name: Tag and push image "teleport-ent:v12-arm" to ECR - production image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v12-arm" - name: Tag and push image "teleport-ent:v12-arm64" to ECR - production image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v12-arm64" - name: Create manifest and push "teleport-ent:major" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v12-amd64" to ECR - production - Tag and push image "teleport-ent:v12-arm" to ECR - production - Tag and push image "teleport-ent:v12-arm64" to ECR - production - name: Create manifest and push "teleport-ent:minor" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v12-amd64" to ECR - production - Tag and push image "teleport-ent:v12-arm" to ECR - production - Tag and push image "teleport-ent:v12-arm64" to ECR - production - name: Create manifest and push "teleport-ent:full" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")) - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v12-amd64" to ECR - production - Tag and push image "teleport-ent:v12-arm" to ECR - production - Tag and push image "teleport-ent:v12-arm64" to ECR - production - name: Assume S3 Download AWS Role for teleport-ent-fips image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile s3-download-teleport-ent-fips environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws depends_on: - Find the latest available semver for v12 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips image: alpine/git:latest commands: - mkdir -pv "/tmp/repo" - cd "/tmp/repo" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "v$(cat '/go/vars/full-version-v12')" - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips") - cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport-ent-fips" depends_on: - Find the latest available semver for v12 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Download "teleport-ent_v12-tag-fips_amd64.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb environment: AWS_PROFILE: s3-download-teleport-ent-fips AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport-ent-fips - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips - name: Build teleport-ent-fips image "teleport-ent:v12-fips-amd64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-ent-v12-fips-amd64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v12-fips-amd64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-ent-v12-fips-amd64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-ent-v12-fips-amd64-builder" --config "/tmp/teleport-ent-v12-fips-amd64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v12-fips-amd64-builder" --target "teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips" --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-ent-v12-fips-amd64-builder" - rm -rf "/tmp/teleport-ent-v12-fips-amd64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport-ent_v12-tag-fips_amd64.deb" artifacts from S3 - name: Tag and push image "teleport-ent:v12-fips-amd64" to ECR - staging image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips-amd64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent-fips image "teleport-ent:v12-fips-amd64" - name: Create manifest and push "teleport-ent:major-$TIMESTAMP-fips" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v12-fips-amd64" to ECR - staging - name: Create manifest and push "teleport-ent:minor-$TIMESTAMP-fips" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v12-fips-amd64" to ECR - staging - name: Create manifest and push "teleport-ent:full-$TIMESTAMP-fips" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v12-fips-amd64" to ECR - staging - name: Tag and push image "teleport-ent:v12-fips-amd64" to Quay image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent-fips image "teleport-ent:v12-fips-amd64" - name: Create manifest and push "teleport-ent:major-fips" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v12-fips-amd64" to Quay - name: Create manifest and push "teleport-ent:minor-fips" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v12-fips-amd64" to Quay - name: Create manifest and push "teleport-ent:full-fips" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v12-fips-amd64" to Quay - name: Tag and push image "teleport-ent:v12-fips-amd64" to ECR - production image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent-fips image "teleport-ent:v12-fips-amd64" - name: Create manifest and push "teleport-ent:major-fips" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v12-fips-amd64" to ECR - production - name: Create manifest and push "teleport-ent:minor-fips" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v12-fips-amd64" to ECR - production - name: Create manifest and push "teleport-ent:full-fips" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v12-fips-amd64" to ECR - production - name: Build teleport-operator image "teleport-operator:v12-amd64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - mkdir -pv "/tmp/teleport-operator-v12-amd64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v12-amd64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-operator-v12-amd64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-operator-v12-amd64-builder" --config "/tmp/teleport-operator-v12-amd64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v12-amd64-builder" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 --file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile" --build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport13 --build-arg COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport - docker logout "public.ecr.aws" - docker buildx rm "teleport-operator-v12-amd64-builder" - rm -rf "/tmp/teleport-operator-v12-amd64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Find the latest available semver for v12 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Build teleport-operator image "teleport-operator:v12-arm" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - mkdir -pv "/tmp/teleport-operator-v12-arm-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v12-arm-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-operator-v12-arm-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-operator-v12-arm-builder" --config "/tmp/teleport-operator-v12-arm-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v12-arm-builder" --platform "linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm --file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile" --build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport13 --build-arg COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport - docker logout "public.ecr.aws" - docker buildx rm "teleport-operator-v12-arm-builder" - rm -rf "/tmp/teleport-operator-v12-arm-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Find the latest available semver for v12 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Build teleport-operator image "teleport-operator:v12-arm64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - mkdir -pv "/tmp/teleport-operator-v12-arm64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v12-arm64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-operator-v12-arm64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-operator-v12-arm64-builder" --config "/tmp/teleport-operator-v12-arm64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v12-arm64-builder" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 --file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile" --build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport13 --build-arg COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport - docker logout "public.ecr.aws" - docker buildx rm "teleport-operator-v12-arm64-builder" - rm -rf "/tmp/teleport-operator-v12-arm64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Find the latest available semver for v12 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Tag and push image "teleport-operator:v12-amd64" to ECR - staging image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v12-amd64" - name: Tag and push image "teleport-operator:v12-arm" to ECR - staging image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v12-arm" - name: Tag and push image "teleport-operator:v12-arm64" to ECR - staging image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v12-arm64" - name: Create manifest and push "teleport-operator:major-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v12-amd64" to ECR - staging - Tag and push image "teleport-operator:v12-arm" to ECR - staging - Tag and push image "teleport-operator:v12-arm64" to ECR - staging - name: Create manifest and push "teleport-operator:minor-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v12-amd64" to ECR - staging - Tag and push image "teleport-operator:v12-arm" to ECR - staging - Tag and push image "teleport-operator:v12-arm64" to ECR - staging - name: Create manifest and push "teleport-operator:full-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v12-amd64" to ECR - staging - Tag and push image "teleport-operator:v12-arm" to ECR - staging - Tag and push image "teleport-operator:v12-arm64" to ECR - staging - name: Tag and push image "teleport-operator:v12-amd64" to Quay image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v12-amd64" - name: Tag and push image "teleport-operator:v12-arm" to Quay image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v12-arm" - name: Tag and push image "teleport-operator:v12-arm64" to Quay image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v12-arm64" - name: Create manifest and push "teleport-operator:major" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v12-amd64" to Quay - Tag and push image "teleport-operator:v12-arm" to Quay - Tag and push image "teleport-operator:v12-arm64" to Quay - name: Create manifest and push "teleport-operator:minor" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v12-amd64" to Quay - Tag and push image "teleport-operator:v12-arm" to Quay - Tag and push image "teleport-operator:v12-arm64" to Quay - name: Create manifest and push "teleport-operator:full" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")) - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v12-amd64" to Quay - Tag and push image "teleport-operator:v12-arm" to Quay - Tag and push image "teleport-operator:v12-arm64" to Quay - name: Tag and push image "teleport-operator:v12-amd64" to ECR - production image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v12-amd64" - name: Tag and push image "teleport-operator:v12-arm" to ECR - production image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v12-arm" - name: Tag and push image "teleport-operator:v12-arm64" to ECR - production image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v12-arm64" - name: Create manifest and push "teleport-operator:major" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v12-amd64" to ECR - production - Tag and push image "teleport-operator:v12-arm" to ECR - production - Tag and push image "teleport-operator:v12-arm64" to ECR - production - name: Create manifest and push "teleport-operator:minor" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v12-amd64" to ECR - production - Tag and push image "teleport-operator:v12-arm" to ECR - production - Tag and push image "teleport-operator:v12-arm64" to ECR - production - name: Create manifest and push "teleport-operator:full" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")) - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v12-amd64" to ECR - production - Tag and push image "teleport-operator:v12-arm" to ECR - production - Tag and push image "teleport-operator:v12-arm64" to ECR - production services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run - name: drone-docker-registry image: registry:2 privileged: false volumes: [] volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline) ################################################ kind: pipeline type: kubernetes name: teleport-container-images-previous-version-1-cron environment: DEBIAN_FRONTEND: noninteractive trigger: cron: include: - teleport-container-images-cron repo: include: - gravitational/teleport workspace: path: /go clone: disable: true steps: - name: Find the latest available semver for v11 image: golang:1.18 commands: - mkdir -pv "/tmp/teleport" - cd "/tmp/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "branch/v11" - mkdir -pv $(dirname "/go/vars/full-version-v11") - cd "/tmp/teleport/build.assets/tooling/cmd/query-latest" - go run . "v11" | sed 's/v//' > "/go/vars/full-version-v11" - echo Found full semver "$(cat "/go/vars/full-version-v11")" for major version "v11" - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker depends_on: - Find the latest available semver for v11 - name: Wait for docker registry image: alpine pull: if-not-exists commands: - apk add curl - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" != "200" ]; do sleep 1; done' depends_on: - Find the latest available semver for v11 - name: Check out code image: alpine/git:latest pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "v$(cat '/go/vars/full-version-v11')" depends_on: - Find the latest available semver for v11 - name: Build major, minor, and full semvers image: alpine commands: - mkdir -pv $(dirname "/go/var/major-version") - echo v$(cat '/go/vars/full-version-v11') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version" - echo $(cat "/go/var/major-version") - mkdir -pv $(dirname "/go/var/minor-version") - echo v$(cat '/go/vars/full-version-v11') | sed 's/v//' | cut -d'.' -f "1,2" > "/go/var/minor-version" - echo $(cat "/go/var/minor-version") - mkdir -pv $(dirname "/go/var/full-version") - echo v$(cat '/go/vars/full-version-v11') | sed 's/v//' > "/go/var/full-version" - echo $(cat "/go/var/full-version") depends_on: - Find the latest available semver for v11 - name: Assume ECR - staging AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile ecr-staging environment: AWS_ACCESS_KEY_ID: from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY AWS_ROLE: from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET volumes: - name: awsconfig path: /root/.aws depends_on: - Find the latest available semver for v11 - name: Assume ECR - authenticated-pull AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile ecr-authenticated-pull environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY AWS_ROLE: from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume ECR - staging AWS Role - Find the latest available semver for v11 - name: Assume ECR - production AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile ecr-production environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY AWS_ROLE: from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume ECR - authenticated-pull AWS Role - Find the latest available semver for v11 - name: Assume S3 Download AWS Role for teleport image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile s3-download-teleport environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws depends_on: - Find the latest available semver for v11 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport image: alpine/git:latest commands: - mkdir -pv "/tmp/repo" - cd "/tmp/repo" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "v$(cat '/go/vars/full-version-v11')" - mkdir -pv $(dirname "/go/build/Dockerfile-teleport") - cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport" depends_on: - Find the latest available semver for v11 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Download "teleport_v11-tag_amd64.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat "/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb environment: AWS_PROFILE: s3-download-teleport AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport - name: Build teleport image "teleport:v11-amd64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-v11-amd64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-amd64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-v11-amd64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-v11-amd64-builder" --config "/tmp/teleport-v11-amd64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v11-amd64-builder" --target "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-v11-amd64-builder" - rm -rf "/tmp/teleport-v11-amd64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport_v11-tag_amd64.deb" artifacts from S3 - name: Download "teleport_v11-tag_arm.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat "/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb environment: AWS_PROFILE: s3-download-teleport AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport - name: Build teleport image "teleport:v11-arm" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-v11-arm-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-arm-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-v11-arm-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-v11-arm-builder" --config "/tmp/teleport-v11-arm-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v11-arm-builder" --target "teleport" --platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-v11-arm-builder" - rm -rf "/tmp/teleport-v11-arm-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport_v11-tag_arm.deb" artifacts from S3 - name: Download "teleport_v11-tag_arm64.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat "/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb environment: AWS_PROFILE: s3-download-teleport AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport - name: Build teleport image "teleport:v11-arm64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-v11-arm64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-arm64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-v11-arm64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-v11-arm64-builder" --config "/tmp/teleport-v11-arm64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v11-arm64-builder" --target "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-v11-arm64-builder" - rm -rf "/tmp/teleport-v11-arm64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport_v11-tag_arm64.deb" artifacts from S3 - name: Tag and push image "teleport:v11-amd64" to ECR - staging image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v11-amd64" - name: Tag and push image "teleport:v11-arm" to ECR - staging image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v11-arm" - name: Tag and push image "teleport:v11-arm64" to ECR - staging image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v11-arm64" - name: Create manifest and push "teleport:major-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v11-amd64" to ECR - staging - Tag and push image "teleport:v11-arm" to ECR - staging - Tag and push image "teleport:v11-arm64" to ECR - staging - name: Create manifest and push "teleport:minor-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v11-amd64" to ECR - staging - Tag and push image "teleport:v11-arm" to ECR - staging - Tag and push image "teleport:v11-arm64" to ECR - staging - name: Create manifest and push "teleport:full-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v11-amd64" to ECR - staging - Tag and push image "teleport:v11-arm" to ECR - staging - Tag and push image "teleport:v11-arm64" to ECR - staging - name: Tag and push image "teleport:v11-amd64" to Quay image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v11-amd64" - name: Tag and push image "teleport:v11-arm" to Quay image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v11-arm" - name: Tag and push image "teleport:v11-arm64" to Quay image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v11-arm64" - name: Create manifest and push "teleport:major" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v11-amd64" to Quay - Tag and push image "teleport:v11-arm" to Quay - Tag and push image "teleport:v11-arm64" to Quay - name: Create manifest and push "teleport:minor" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v11-amd64" to Quay - Tag and push image "teleport:v11-arm" to Quay - Tag and push image "teleport:v11-arm64" to Quay - name: Create manifest and push "teleport:full" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version")) - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v11-amd64" to Quay - Tag and push image "teleport:v11-arm" to Quay - Tag and push image "teleport:v11-arm64" to Quay - name: Tag and push image "teleport:v11-amd64" to ECR - production image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v11-amd64" - name: Tag and push image "teleport:v11-arm" to ECR - production image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v11-arm" - name: Tag and push image "teleport:v11-arm64" to ECR - production image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v11-arm64" - name: Create manifest and push "teleport:major" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v11-amd64" to ECR - production - Tag and push image "teleport:v11-arm" to ECR - production - Tag and push image "teleport:v11-arm64" to ECR - production - name: Create manifest and push "teleport:minor" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v11-amd64" to ECR - production - Tag and push image "teleport:v11-arm" to ECR - production - Tag and push image "teleport:v11-arm64" to ECR - production - name: Create manifest and push "teleport:full" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")) - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v11-amd64" to ECR - production - Tag and push image "teleport:v11-arm" to ECR - production - Tag and push image "teleport:v11-arm64" to ECR - production - name: Assume S3 Download AWS Role for teleport-ent image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile s3-download-teleport-ent environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws depends_on: - Find the latest available semver for v11 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent image: alpine/git:latest commands: - mkdir -pv "/tmp/repo" - cd "/tmp/repo" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "v$(cat '/go/vars/full-version-v11')" - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent") - cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport-ent" depends_on: - Find the latest available semver for v11 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Download "teleport-ent_v11-tag_amd64.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb environment: AWS_PROFILE: s3-download-teleport-ent AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport-ent - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent - name: Build teleport-ent image "teleport-ent:v11-amd64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-ent-v11-amd64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-ent-v11-amd64-builder" --config "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v11-amd64-builder" --target "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-ent-v11-amd64-builder" - rm -rf "/tmp/teleport-ent-v11-amd64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport-ent_v11-tag_amd64.deb" artifacts from S3 - name: Download "teleport-ent_v11-tag_arm.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat "/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb environment: AWS_PROFILE: s3-download-teleport-ent AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport-ent - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent - name: Build teleport-ent image "teleport-ent:v11-arm" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-ent-v11-arm-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-ent-v11-arm-builder" --config "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v11-arm-builder" --target "teleport" --platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-ent-v11-arm-builder" - rm -rf "/tmp/teleport-ent-v11-arm-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport-ent_v11-tag_arm.deb" artifacts from S3 - name: Download "teleport-ent_v11-tag_arm64.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb environment: AWS_PROFILE: s3-download-teleport-ent AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport-ent - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent - name: Build teleport-ent image "teleport-ent:v11-arm64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-ent-v11-arm64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-ent-v11-arm64-builder" --config "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v11-arm64-builder" --target "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-ent-v11-arm64-builder" - rm -rf "/tmp/teleport-ent-v11-arm64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport-ent_v11-tag_arm64.deb" artifacts from S3 - name: Tag and push image "teleport-ent:v11-amd64" to ECR - staging image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v11-amd64" - name: Tag and push image "teleport-ent:v11-arm" to ECR - staging image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v11-arm" - name: Tag and push image "teleport-ent:v11-arm64" to ECR - staging image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v11-arm64" - name: Create manifest and push "teleport-ent:major-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v11-amd64" to ECR - staging - Tag and push image "teleport-ent:v11-arm" to ECR - staging - Tag and push image "teleport-ent:v11-arm64" to ECR - staging - name: Create manifest and push "teleport-ent:minor-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v11-amd64" to ECR - staging - Tag and push image "teleport-ent:v11-arm" to ECR - staging - Tag and push image "teleport-ent:v11-arm64" to ECR - staging - name: Create manifest and push "teleport-ent:full-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v11-amd64" to ECR - staging - Tag and push image "teleport-ent:v11-arm" to ECR - staging - Tag and push image "teleport-ent:v11-arm64" to ECR - staging - name: Tag and push image "teleport-ent:v11-amd64" to Quay image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v11-amd64" - name: Tag and push image "teleport-ent:v11-arm" to Quay image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v11-arm" - name: Tag and push image "teleport-ent:v11-arm64" to Quay image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v11-arm64" - name: Create manifest and push "teleport-ent:major" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v11-amd64" to Quay - Tag and push image "teleport-ent:v11-arm" to Quay - Tag and push image "teleport-ent:v11-arm64" to Quay - name: Create manifest and push "teleport-ent:minor" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v11-amd64" to Quay - Tag and push image "teleport-ent:v11-arm" to Quay - Tag and push image "teleport-ent:v11-arm64" to Quay - name: Create manifest and push "teleport-ent:full" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")) - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v11-amd64" to Quay - Tag and push image "teleport-ent:v11-arm" to Quay - Tag and push image "teleport-ent:v11-arm64" to Quay - name: Tag and push image "teleport-ent:v11-amd64" to ECR - production image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v11-amd64" - name: Tag and push image "teleport-ent:v11-arm" to ECR - production image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v11-arm" - name: Tag and push image "teleport-ent:v11-arm64" to ECR - production image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v11-arm64" - name: Create manifest and push "teleport-ent:major" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v11-amd64" to ECR - production - Tag and push image "teleport-ent:v11-arm" to ECR - production - Tag and push image "teleport-ent:v11-arm64" to ECR - production - name: Create manifest and push "teleport-ent:minor" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v11-amd64" to ECR - production - Tag and push image "teleport-ent:v11-arm" to ECR - production - Tag and push image "teleport-ent:v11-arm64" to ECR - production - name: Create manifest and push "teleport-ent:full" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")) - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v11-amd64" to ECR - production - Tag and push image "teleport-ent:v11-arm" to ECR - production - Tag and push image "teleport-ent:v11-arm64" to ECR - production - name: Assume S3 Download AWS Role for teleport-ent-fips image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile s3-download-teleport-ent-fips environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws depends_on: - Find the latest available semver for v11 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips image: alpine/git:latest commands: - mkdir -pv "/tmp/repo" - cd "/tmp/repo" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "v$(cat '/go/vars/full-version-v11')" - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips") - cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport-ent-fips" depends_on: - Find the latest available semver for v11 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Download "teleport-ent_v11-tag-fips_amd64.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb environment: AWS_PROFILE: s3-download-teleport-ent-fips AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport-ent-fips - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips - name: Build teleport-ent-fips image "teleport-ent:v11-fips-amd64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-ent-v11-fips-amd64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-ent-v11-fips-amd64-builder" --config "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v11-fips-amd64-builder" --target "teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips" --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-ent-v11-fips-amd64-builder" - rm -rf "/tmp/teleport-ent-v11-fips-amd64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport-ent_v11-tag-fips_amd64.deb" artifacts from S3 - name: Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips-amd64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent-fips image "teleport-ent:v11-fips-amd64" - name: Create manifest and push "teleport-ent:major-$TIMESTAMP-fips" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging - name: Create manifest and push "teleport-ent:minor-$TIMESTAMP-fips" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging - name: Create manifest and push "teleport-ent:full-$TIMESTAMP-fips" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging - name: Tag and push image "teleport-ent:v11-fips-amd64" to Quay image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent-fips image "teleport-ent:v11-fips-amd64" - name: Create manifest and push "teleport-ent:major-fips" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v11-fips-amd64" to Quay - name: Create manifest and push "teleport-ent:minor-fips" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v11-fips-amd64" to Quay - name: Create manifest and push "teleport-ent:full-fips" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v11-fips-amd64" to Quay - name: Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent-fips image "teleport-ent:v11-fips-amd64" - name: Create manifest and push "teleport-ent:major-fips" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production - name: Create manifest and push "teleport-ent:minor-fips" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production - name: Create manifest and push "teleport-ent:full-fips" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production - name: Build teleport-operator image "teleport-operator:v11-amd64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - mkdir -pv "/tmp/teleport-operator-v11-amd64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-operator-v11-amd64-builder" --config "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v11-amd64-builder" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 --file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile" --build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport13 --build-arg COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport - docker logout "public.ecr.aws" - docker buildx rm "teleport-operator-v11-amd64-builder" - rm -rf "/tmp/teleport-operator-v11-amd64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Find the latest available semver for v11 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Build teleport-operator image "teleport-operator:v11-arm" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - mkdir -pv "/tmp/teleport-operator-v11-arm-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-operator-v11-arm-builder" --config "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v11-arm-builder" --platform "linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm --file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile" --build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport13 --build-arg COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport - docker logout "public.ecr.aws" - docker buildx rm "teleport-operator-v11-arm-builder" - rm -rf "/tmp/teleport-operator-v11-arm-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Find the latest available semver for v11 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Build teleport-operator image "teleport-operator:v11-arm64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - mkdir -pv "/tmp/teleport-operator-v11-arm64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-operator-v11-arm64-builder" --config "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v11-arm64-builder" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 --file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile" --build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport13 --build-arg COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport - docker logout "public.ecr.aws" - docker buildx rm "teleport-operator-v11-arm64-builder" - rm -rf "/tmp/teleport-operator-v11-arm64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Find the latest available semver for v11 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Tag and push image "teleport-operator:v11-amd64" to ECR - staging image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v11-amd64" - name: Tag and push image "teleport-operator:v11-arm" to ECR - staging image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v11-arm" - name: Tag and push image "teleport-operator:v11-arm64" to ECR - staging image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v11-arm64" - name: Create manifest and push "teleport-operator:major-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v11-amd64" to ECR - staging - Tag and push image "teleport-operator:v11-arm" to ECR - staging - Tag and push image "teleport-operator:v11-arm64" to ECR - staging - name: Create manifest and push "teleport-operator:minor-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v11-amd64" to ECR - staging - Tag and push image "teleport-operator:v11-arm" to ECR - staging - Tag and push image "teleport-operator:v11-arm64" to ECR - staging - name: Create manifest and push "teleport-operator:full-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v11-amd64" to ECR - staging - Tag and push image "teleport-operator:v11-arm" to ECR - staging - Tag and push image "teleport-operator:v11-arm64" to ECR - staging - name: Tag and push image "teleport-operator:v11-amd64" to Quay image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v11-amd64" - name: Tag and push image "teleport-operator:v11-arm" to Quay image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v11-arm" - name: Tag and push image "teleport-operator:v11-arm64" to Quay image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v11-arm64" - name: Create manifest and push "teleport-operator:major" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v11-amd64" to Quay - Tag and push image "teleport-operator:v11-arm" to Quay - Tag and push image "teleport-operator:v11-arm64" to Quay - name: Create manifest and push "teleport-operator:minor" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v11-amd64" to Quay - Tag and push image "teleport-operator:v11-arm" to Quay - Tag and push image "teleport-operator:v11-arm64" to Quay - name: Create manifest and push "teleport-operator:full" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")) - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v11-amd64" to Quay - Tag and push image "teleport-operator:v11-arm" to Quay - Tag and push image "teleport-operator:v11-arm64" to Quay - name: Tag and push image "teleport-operator:v11-amd64" to ECR - production image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v11-amd64" - name: Tag and push image "teleport-operator:v11-arm" to ECR - production image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v11-arm" - name: Tag and push image "teleport-operator:v11-arm64" to ECR - production image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v11-arm64" - name: Create manifest and push "teleport-operator:major" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v11-amd64" to ECR - production - Tag and push image "teleport-operator:v11-arm" to ECR - production - Tag and push image "teleport-operator:v11-arm64" to ECR - production - name: Create manifest and push "teleport-operator:minor" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v11-amd64" to ECR - production - Tag and push image "teleport-operator:v11-arm" to ECR - production - Tag and push image "teleport-operator:v11-arm64" to ECR - production - name: Create manifest and push "teleport-operator:full" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")) - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v11-amd64" to ECR - production - Tag and push image "teleport-operator:v11-arm" to ECR - production - Tag and push image "teleport-operator:v11-arm64" to ECR - production services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run - name: drone-docker-registry image: registry:2 privileged: false volumes: [] volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline) ################################################ kind: pipeline type: kubernetes name: teleport-container-images-previous-version-2-cron environment: DEBIAN_FRONTEND: noninteractive trigger: cron: include: - teleport-container-images-cron repo: include: - gravitational/teleport workspace: path: /go clone: disable: true steps: - name: Find the latest available semver for v10 image: golang:1.18 commands: - mkdir -pv "/tmp/teleport" - cd "/tmp/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "branch/v10" - mkdir -pv $(dirname "/go/vars/full-version-v10") - cd "/tmp/teleport/build.assets/tooling/cmd/query-latest" - go run . "v10" | sed 's/v//' > "/go/vars/full-version-v10" - echo Found full semver "$(cat "/go/vars/full-version-v10")" for major version "v10" - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker depends_on: - Find the latest available semver for v10 - name: Wait for docker registry image: alpine pull: if-not-exists commands: - apk add curl - timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)" != "200" ]; do sleep 1; done' depends_on: - Find the latest available semver for v10 - name: Check out code image: alpine/git:latest pull: if-not-exists commands: - mkdir -pv "/go/src/github.com/gravitational/teleport" - cd "/go/src/github.com/gravitational/teleport" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "v$(cat '/go/vars/full-version-v10')" depends_on: - Find the latest available semver for v10 - name: Build major, minor, and full semvers image: alpine commands: - mkdir -pv $(dirname "/go/var/major-version") - echo v$(cat '/go/vars/full-version-v10') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version" - echo $(cat "/go/var/major-version") - mkdir -pv $(dirname "/go/var/minor-version") - echo v$(cat '/go/vars/full-version-v10') | sed 's/v//' | cut -d'.' -f "1,2" > "/go/var/minor-version" - echo $(cat "/go/var/minor-version") - mkdir -pv $(dirname "/go/var/full-version") - echo v$(cat '/go/vars/full-version-v10') | sed 's/v//' > "/go/var/full-version" - echo $(cat "/go/var/full-version") depends_on: - Find the latest available semver for v10 - name: Assume ECR - staging AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile ecr-staging environment: AWS_ACCESS_KEY_ID: from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY AWS_ROLE: from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET volumes: - name: awsconfig path: /root/.aws depends_on: - Find the latest available semver for v10 - name: Assume ECR - authenticated-pull AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile ecr-authenticated-pull environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY AWS_ROLE: from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume ECR - staging AWS Role - Find the latest available semver for v10 - name: Assume ECR - production AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile ecr-production environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY AWS_ROLE: from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume ECR - authenticated-pull AWS Role - Find the latest available semver for v10 - name: Assume S3 Download AWS Role for teleport image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile s3-download-teleport environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws depends_on: - Find the latest available semver for v10 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport image: alpine/git:latest commands: - mkdir -pv "/tmp/repo" - cd "/tmp/repo" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "v$(cat '/go/vars/full-version-v10')" - mkdir -pv $(dirname "/go/build/Dockerfile-teleport") - cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport" depends_on: - Find the latest available semver for v10 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Download "teleport_v10-tag_amd64.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat "/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb environment: AWS_PROFILE: s3-download-teleport AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport - name: Build teleport image "teleport:v10-amd64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-v10-amd64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v10-amd64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-v10-amd64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-v10-amd64-builder" --config "/tmp/teleport-v10-amd64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v10-amd64-builder" --target "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-v10-amd64-builder" - rm -rf "/tmp/teleport-v10-amd64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport_v10-tag_amd64.deb" artifacts from S3 - name: Download "teleport_v10-tag_arm.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat "/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb environment: AWS_PROFILE: s3-download-teleport AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport - name: Build teleport image "teleport:v10-arm" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-v10-arm-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v10-arm-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-v10-arm-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-v10-arm-builder" --config "/tmp/teleport-v10-arm-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v10-arm-builder" --target "teleport" --platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-v10-arm-builder" - rm -rf "/tmp/teleport-v10-arm-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport_v10-tag_arm.deb" artifacts from S3 - name: Download "teleport_v10-tag_arm64.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat "/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb environment: AWS_PROFILE: s3-download-teleport AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport - name: Build teleport image "teleport:v10-arm64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-v10-arm64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v10-arm64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-v10-arm64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-v10-arm64-builder" --config "/tmp/teleport-v10-arm64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-v10-arm64-builder" --target "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-v10-arm64-builder" - rm -rf "/tmp/teleport-v10-arm64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport_v10-tag_arm64.deb" artifacts from S3 - name: Tag and push image "teleport:v10-amd64" to ECR - staging image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v10-amd64" - name: Tag and push image "teleport:v10-arm" to ECR - staging image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v10-arm" - name: Tag and push image "teleport:v10-arm64" to ECR - staging image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v10-arm64" - name: Create manifest and push "teleport:major-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v10-amd64" to ECR - staging - Tag and push image "teleport:v10-arm" to ECR - staging - Tag and push image "teleport:v10-arm64" to ECR - staging - name: Create manifest and push "teleport:minor-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v10-amd64" to ECR - staging - Tag and push image "teleport:v10-arm" to ECR - staging - Tag and push image "teleport:v10-arm64" to ECR - staging - name: Create manifest and push "teleport:full-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v10-amd64" to ECR - staging - Tag and push image "teleport:v10-arm" to ECR - staging - Tag and push image "teleport:v10-arm64" to ECR - staging - name: Tag and push image "teleport:v10-amd64" to Quay image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v10-amd64" - name: Tag and push image "teleport:v10-arm" to Quay image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v10-arm" - name: Tag and push image "teleport:v10-arm64" to Quay image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v10-arm64" - name: Create manifest and push "teleport:major" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v10-amd64" to Quay - Tag and push image "teleport:v10-arm" to Quay - Tag and push image "teleport:v10-arm64" to Quay - name: Create manifest and push "teleport:minor" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v10-amd64" to Quay - Tag and push image "teleport:v10-arm" to Quay - Tag and push image "teleport:v10-arm64" to Quay - name: Create manifest and push "teleport:full" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version")) - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v10-amd64" to Quay - Tag and push image "teleport:v10-arm" to Quay - Tag and push image "teleport:v10-arm64" to Quay - name: Tag and push image "teleport:v10-amd64" to ECR - production image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v10-amd64" - name: Tag and push image "teleport:v10-arm" to ECR - production image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v10-arm" - name: Tag and push image "teleport:v10-arm64" to ECR - production image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport image "teleport:v10-arm64" - name: Create manifest and push "teleport:major" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v10-amd64" to ECR - production - Tag and push image "teleport:v10-arm" to ECR - production - Tag and push image "teleport:v10-arm64" to ECR - production - name: Create manifest and push "teleport:minor" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v10-amd64" to ECR - production - Tag and push image "teleport:v10-arm" to ECR - production - Tag and push image "teleport:v10-arm64" to ECR - production - name: Create manifest and push "teleport:full" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")) - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport:v10-amd64" to ECR - production - Tag and push image "teleport:v10-arm" to ECR - production - Tag and push image "teleport:v10-arm64" to ECR - production - name: Assume S3 Download AWS Role for teleport-ent image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile s3-download-teleport-ent environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws depends_on: - Find the latest available semver for v10 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent image: alpine/git:latest commands: - mkdir -pv "/tmp/repo" - cd "/tmp/repo" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "v$(cat '/go/vars/full-version-v10')" - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent") - cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport-ent" depends_on: - Find the latest available semver for v10 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Download "teleport-ent_v10-tag_amd64.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb environment: AWS_PROFILE: s3-download-teleport-ent AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport-ent - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent - name: Build teleport-ent image "teleport-ent:v10-amd64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-ent-v10-amd64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-amd64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-ent-v10-amd64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-ent-v10-amd64-builder" --config "/tmp/teleport-ent-v10-amd64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v10-amd64-builder" --target "teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-ent-v10-amd64-builder" - rm -rf "/tmp/teleport-ent-v10-amd64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport-ent_v10-tag_amd64.deb" artifacts from S3 - name: Download "teleport-ent_v10-tag_arm.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat "/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb environment: AWS_PROFILE: s3-download-teleport-ent AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport-ent - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent - name: Build teleport-ent image "teleport-ent:v10-arm" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-ent-v10-arm-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-arm-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-ent-v10-arm-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-ent-v10-arm-builder" --config "/tmp/teleport-ent-v10-arm-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v10-arm-builder" --target "teleport" --platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-ent-v10-arm-builder" - rm -rf "/tmp/teleport-ent-v10-arm-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport-ent_v10-tag_arm.deb" artifacts from S3 - name: Download "teleport-ent_v10-tag_arm64.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb environment: AWS_PROFILE: s3-download-teleport-ent AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport-ent - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent - name: Build teleport-ent image "teleport-ent:v10-arm64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-ent-v10-arm64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-arm64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-ent-v10-arm64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-ent-v10-arm64-builder" --config "/tmp/teleport-ent-v10-arm64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v10-arm64-builder" --target "teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-ent-v10-arm64-builder" - rm -rf "/tmp/teleport-ent-v10-arm64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport-ent_v10-tag_arm64.deb" artifacts from S3 - name: Tag and push image "teleport-ent:v10-amd64" to ECR - staging image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v10-amd64" - name: Tag and push image "teleport-ent:v10-arm" to ECR - staging image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v10-arm" - name: Tag and push image "teleport-ent:v10-arm64" to ECR - staging image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v10-arm64" - name: Create manifest and push "teleport-ent:major-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v10-amd64" to ECR - staging - Tag and push image "teleport-ent:v10-arm" to ECR - staging - Tag and push image "teleport-ent:v10-arm64" to ECR - staging - name: Create manifest and push "teleport-ent:minor-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v10-amd64" to ECR - staging - Tag and push image "teleport-ent:v10-arm" to ECR - staging - Tag and push image "teleport-ent:v10-arm64" to ECR - staging - name: Create manifest and push "teleport-ent:full-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v10-amd64" to ECR - staging - Tag and push image "teleport-ent:v10-arm" to ECR - staging - Tag and push image "teleport-ent:v10-arm64" to ECR - staging - name: Tag and push image "teleport-ent:v10-amd64" to Quay image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v10-amd64" - name: Tag and push image "teleport-ent:v10-arm" to Quay image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v10-arm" - name: Tag and push image "teleport-ent:v10-arm64" to Quay image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v10-arm64" - name: Create manifest and push "teleport-ent:major" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v10-amd64" to Quay - Tag and push image "teleport-ent:v10-arm" to Quay - Tag and push image "teleport-ent:v10-arm64" to Quay - name: Create manifest and push "teleport-ent:minor" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v10-amd64" to Quay - Tag and push image "teleport-ent:v10-arm" to Quay - Tag and push image "teleport-ent:v10-arm64" to Quay - name: Create manifest and push "teleport-ent:full" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")) - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v10-amd64" to Quay - Tag and push image "teleport-ent:v10-arm" to Quay - Tag and push image "teleport-ent:v10-arm64" to Quay - name: Tag and push image "teleport-ent:v10-amd64" to ECR - production image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v10-amd64" - name: Tag and push image "teleport-ent:v10-arm" to ECR - production image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v10-arm" - name: Tag and push image "teleport-ent:v10-arm64" to ECR - production image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent image "teleport-ent:v10-arm64" - name: Create manifest and push "teleport-ent:major" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v10-amd64" to ECR - production - Tag and push image "teleport-ent:v10-arm" to ECR - production - Tag and push image "teleport-ent:v10-arm64" to ECR - production - name: Create manifest and push "teleport-ent:minor" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v10-amd64" to ECR - production - Tag and push image "teleport-ent:v10-arm" to ECR - production - Tag and push image "teleport-ent:v10-arm64" to ECR - production - name: Create manifest and push "teleport-ent:full" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64 && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")) - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v10-amd64" to ECR - production - Tag and push image "teleport-ent:v10-arm" to ECR - production - Tag and push image "teleport-ent:v10-arm64" to ECR - production - name: Assume S3 Download AWS Role for teleport-ent-fips image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ >> /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile s3-download-teleport-ent-fips environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_ROLE: from_secret: AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY volumes: - name: awsconfig path: /root/.aws depends_on: - Find the latest available semver for v10 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips image: alpine/git:latest commands: - mkdir -pv "/tmp/repo" - cd "/tmp/repo" - git init - git remote add origin ${DRONE_REMOTE_URL} - git fetch origin --tags - git checkout -qf "v$(cat '/go/vars/full-version-v10')" - mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips") - cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport-ent-fips" depends_on: - Find the latest available semver for v10 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Download "teleport-ent_v10-tag-fips_amd64.deb" artifacts from S3 image: amazon/aws-cli commands: - END_TIME=$(( $(date +%s) + 3600 )) - TIMED_OUT=true - while [ $(date +%s) -lt $${END_TIME?} ]; do - SUCCESS=true - aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr -s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb || SUCCESS=false - '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;' - echo 'Condition not met yet, waiting another 60 seconds...' - sleep 60 - done - '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [ "$SUCCESS" = "true" ]'' && exit 1' - mkdir -pv "/go/build" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb environment: AWS_PROFILE: s3-download-teleport-ent-fips AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET volumes: - name: awsconfig path: /root/.aws depends_on: - Assume S3 Download AWS Role for teleport-ent-fips - Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips - name: Build teleport-ent-fips image "teleport-ent:v10-fips-amd64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/build" && cd "/go/build" - mkdir -pv "/tmp/teleport-ent-v10-fips-amd64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-fips-amd64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-ent-v10-fips-amd64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-ent-v10-fips-amd64-builder" --config "/tmp/teleport-ent-v10-fips-amd64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-ent-v10-fips-amd64-builder" --target "teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips" --build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb /go/build - docker logout "public.ecr.aws" - docker buildx rm "teleport-ent-v10-fips-amd64-builder" - rm -rf "/tmp/teleport-ent-v10-fips-amd64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Download "teleport-ent_v10-tag-fips_amd64.deb" artifacts from S3 - name: Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips-amd64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent-fips image "teleport-ent:v10-fips-amd64" - name: Create manifest and push "teleport-ent:major-$TIMESTAMP-fips" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/major-version")-$TIMESTAMP-fips) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging - name: Create manifest and push "teleport-ent:minor-$TIMESTAMP-fips" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/minor-version")-$TIMESTAMP-fips) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging - name: Create manifest and push "teleport-ent:full-$TIMESTAMP-fips" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat "/go/var/full-version")-$TIMESTAMP-fips) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging - name: Tag and push image "teleport-ent:v10-fips-amd64" to Quay image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent-fips image "teleport-ent:v10-fips-amd64" - name: Create manifest and push "teleport-ent:major-fips" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v10-fips-amd64" to Quay - name: Create manifest and push "teleport-ent:minor-fips" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v10-fips-amd64" to Quay - name: Create manifest and push "teleport-ent:full-fips" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v10-fips-amd64" to Quay - name: Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64) - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-ent-fips image "teleport-ent:v10-fips-amd64" - name: Create manifest and push "teleport-ent:major-fips" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production - name: Create manifest and push "teleport-ent:minor-fips" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64 - docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production - name: Create manifest and push "teleport-ent:full-fips" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 && docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips) - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production - name: Build teleport-operator image "teleport-operator:v10-amd64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - mkdir -pv "/tmp/teleport-operator-v10-amd64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-operator-v10-amd64-builder" --config "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v10-amd64-builder" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 --file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile" --build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport13 --build-arg COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport - docker logout "public.ecr.aws" - docker buildx rm "teleport-operator-v10-amd64-builder" - rm -rf "/tmp/teleport-operator-v10-amd64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Find the latest available semver for v10 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Build teleport-operator image "teleport-operator:v10-arm" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - mkdir -pv "/tmp/teleport-operator-v10-arm-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-operator-v10-arm-builder" --config "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v10-arm-builder" --platform "linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm --file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile" --build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport13 --build-arg COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport - docker logout "public.ecr.aws" - docker buildx rm "teleport-operator-v10-arm-builder" - rm -rf "/tmp/teleport-operator-v10-arm-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Find the latest available semver for v10 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Build teleport-operator image "teleport-operator:v10-arm64" image: docker commands: - docker run --privileged --rm tonistiigi/binfmt --install all - mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport" - mkdir -pv "/tmp/teleport-operator-v10-arm64-builder" - echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml" - echo ' http = true' >> "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml" - docker buildx create --driver "docker-container" --driver-opt "network=host" --name "teleport-operator-v10-arm64-builder" --config "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml" - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker buildx build --push --builder "teleport-operator-v10-arm64-builder" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 --file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile" --build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport13 --build-arg COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport - docker logout "public.ecr.aws" - docker buildx rm "teleport-operator-v10-arm64-builder" - rm -rf "/tmp/teleport-operator-v10-arm64-builder" environment: AWS_PROFILE: ecr-authenticated-pull DOCKER_BUILDKIT: "1" DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Assume ECR - authenticated-pull AWS Role - Find the latest available semver for v10 - Wait for docker - Wait for docker registry - Check out code - Build major, minor, and full semvers - Assume ECR - staging AWS Role - Assume ECR - authenticated-pull AWS Role - Assume ECR - production AWS Role - name: Tag and push image "teleport-operator:v10-amd64" to ECR - staging image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-amd64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v10-amd64" - name: Tag and push image "teleport-operator:v10-arm" to ECR - staging image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v10-arm" - name: Tag and push image "teleport-operator:v10-arm64" to ECR - staging image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm64) - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v10-arm64" - name: Create manifest and push "teleport-operator:major-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/major-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v10-amd64" to ECR - staging - Tag and push image "teleport-operator:v10-arm" to ECR - staging - Tag and push image "teleport-operator:v10-arm64" to ECR - staging - name: Create manifest and push "teleport-operator:minor-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/minor-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v10-amd64" to ECR - staging - Tag and push image "teleport-operator:v10-arm" to ECR - staging - Tag and push image "teleport-operator:v10-arm64" to ECR - staging - name: Create manifest and push "teleport-operator:full-$TIMESTAMP" to ECR - staging image: docker commands: - apk add --no-cache aws-cli - aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M') - docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat "/go/var/full-version")-$TIMESTAMP) - docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com" environment: AWS_PROFILE: ecr-staging DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v10-amd64" to ECR - staging - Tag and push image "teleport-operator:v10-arm" to ECR - staging - Tag and push image "teleport-operator:v10-arm64" to ECR - staging - name: Tag and push image "teleport-operator:v10-amd64" to Quay image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v10-amd64" - name: Tag and push image "teleport-operator:v10-arm" to Quay image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v10-arm" - name: Tag and push image "teleport-operator:v10-arm64" to Quay image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v10-arm64" - name: Create manifest and push "teleport-operator:major" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v10-amd64" to Quay - Tag and push image "teleport-operator:v10-arm" to Quay - Tag and push image "teleport-operator:v10-arm64" to Quay - name: Create manifest and push "teleport-operator:minor" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version") - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v10-amd64" to Quay - Tag and push image "teleport-operator:v10-arm" to Quay - Tag and push image "teleport-operator:v10-arm64" to Quay - name: Create manifest and push "teleport-operator:full" to Quay image: docker commands: - docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io" - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")) - docker logout "quay.io" environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME QUAY_PASSWORD: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD QUAY_USERNAME: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v10-amd64" to Quay - Tag and push image "teleport-operator:v10-arm" to Quay - Tag and push image "teleport-operator:v10-arm64" to Quay - name: Tag and push image "teleport-operator:v10-amd64" to ECR - production image: docker commands: - docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v10-amd64" - name: Tag and push image "teleport-operator:v10-arm" to ECR - production image: docker commands: - docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v10-arm" - name: Tag and push image "teleport-operator:v10-arm64" to ECR - production image: docker commands: - docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64) - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Build teleport-operator image "teleport-operator:v10-arm64" - name: Create manifest and push "teleport-operator:major" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64 --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v10-amd64" to ECR - production - Tag and push image "teleport-operator:v10-arm" to ECR - production - Tag and push image "teleport-operator:v10-arm64" to ECR - production - name: Create manifest and push "teleport-operator:minor" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64 --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64 - docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version") - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v10-amd64" to ECR - production - Tag and push image "teleport-operator:v10-arm" to ECR - production - Tag and push image "teleport-operator:v10-arm64" to ECR - production - name: Create manifest and push "teleport-operator:full" to ECR - production image: docker commands: - apk add --no-cache aws-cli - aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 && docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")) - docker logout "public.ecr.aws" environment: AWS_PROFILE: ecr-production DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: awsconfig path: /root/.aws - name: dockersock path: /var/run depends_on: - Tag and push image "teleport-operator:v10-amd64" to ECR - production - Tag and push image "teleport-operator:v10-arm" to ECR - production - Tag and push image "teleport-operator:v10-arm64" to ECR - production services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run - name: drone-docker-registry image: registry:2 privileged: false volumes: [] volumes: - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/relcli.go (main.relcliPipeline) ################################################ kind: pipeline type: kubernetes name: publish-rlz environment: RELCLI_IMAGE: 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/relcli:v1.1.76-35e77b7-20221117T1411084 trigger: event: include: - promote target: include: - production repo: include: - gravitational/* clone: disable: true depends_on: - promote-build - teleport-container-images-branch-promote - publish-apt-new-repos - publish-yum-new-repos - promote-teleport-oci-distroless-images - promote-teleport-kube-agent-updater-oci-images steps: - name: Check if commit is tagged image: alpine commands: - '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?'' && exit 1)' - name: Wait for docker image: docker pull: if-not-exists commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin environment: DOCKERHUB_PASSWORD: from_secret: DOCKERHUB_READONLY_TOKEN DOCKERHUB_USERNAME: from_secret: DOCKERHUB_USERNAME volumes: - name: dockersock path: /var/run - name: dockerconfig path: /root/.docker - name: Assume AWS Role image: amazon/aws-cli pull: if-not-exists commands: - aws sts get-caller-identity - |- printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ $(aws sts assume-role \ --role-arn "$AWS_ROLE" \ --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ --output text) \ > /root/.aws/credentials - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - aws sts get-caller-identity --profile default environment: AWS_ACCESS_KEY_ID: from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY AWS_ROLE: from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE AWS_SECRET_ACCESS_KEY: from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET volumes: - name: awsconfig path: /root/.aws - name: Pull relcli image: docker:cli commands: - apk add --no-cache aws-cli - aws ecr get-login-password | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com - docker pull $RELCLI_IMAGE environment: AWS_DEFAULT_REGION: us-west-2 volumes: - name: dockersock path: /var/run - name: awsconfig path: /root/.aws - name: Publish in Release API image: docker:git commands: - mkdir -p /tmpfs/creds - echo "$RELEASES_CERT" | base64 -d > "$RELCLI_CERT" - echo "$RELEASES_KEY" | base64 -d > "$RELCLI_KEY" - trap "rm -rf /tmpfs/creds" EXIT - |- docker run -i -v /tmpfs/creds:/tmpfs/creds \ -e DRONE_REPO -e DRONE_TAG -e RELCLI_BASE_URL -e RELCLI_CERT -e RELCLI_KEY \ $RELCLI_IMAGE relcli auto_publish -f -v 6 environment: RELCLI_BASE_URL: https://releases-prod.platform.teleport.sh RELCLI_CERT: /tmpfs/creds/releases.crt RELCLI_KEY: /tmpfs/creds/releases.key RELEASES_CERT: from_secret: RELEASES_CERT RELEASES_KEY: from_secret: RELEASES_KEY volumes: - name: dockersock path: /var/run - name: tmpfs path: /tmpfs - name: awsconfig path: /root/.aws services: - name: Start Docker image: docker:dind privileged: true volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run volumes: - name: tmpfs temp: medium: memory - name: awsconfig temp: {} - name: dockersock temp: {} - name: dockerconfig temp: {} image_pull_secrets: - DOCKERHUB_CREDENTIALS --- kind: signature hmac: c255d7bcc4b43ec74779c9871d4e62027758bf42023e4144c59a4fb5116a96f8 ...