self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-19 16:53:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
teleport/.drone.yml
Alan Parra 192e623406
chore: Bump Go to 1.20.6 (#29072) 
* chore: Bump Go to 1.20.6

* Run `make dronegen`
2023-07-13 19:49:42 +00:00

17003 lines
703 KiB
YAML
Raw Blame History

---
kind: pipeline
type: kubernetes
name: update-docs-webhook
trigger:
event:
include:
- push
exclude:
- pull_request
branch:
include:
- master
- branch/*
repo:
include:
- gravitational/teleport
clone:
disable: true
steps:
- name: Trigger docs deployment
image: plugins/webhook
settings:
urls:
from_secret: DOCS_DEPLOY_HOOK
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/gha.go (main.ghaMultiBuildPipeline)
################################################
kind: pipeline
type: kubernetes
name: push-build-linux-amd64
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- mkdir -pv /go/cache
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Delegate build to GitHub
image: golang:1.18-alpine
pull: if-not-exists
commands:
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e
-tag-workflow -timeout 2h30m0s -workflow release-linux.yaml -workflow-ref=${DRONE_BRANCH}
-input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_COMMIT}
-input "release-target=release-amd64-centos7" '
environment:
GHA_APP_KEY:
from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY
- name: Send Slack notification
image: plugins/slack:1.4.1
settings:
template: |-
*✘ Failed:* `{{ build.event }}` / `${DRONE_STAGE_NAME}` / <{{ build.link }}|Build: #{{ build.number }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}> Repo: <https://github.com/{{ repo.owner }}/{{ repo.name }}/|{{ repo.owner }}/{{ repo.name }}> Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ build.branch }}> Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
when:
status:
- failure
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/gha.go (main.ghaMultiBuildPipeline)
################################################
kind: pipeline
type: kubernetes
name: push-build-linux-386
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- mkdir -pv /go/cache
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Delegate build to GitHub
image: golang:1.18-alpine
pull: if-not-exists
commands:
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e
-tag-workflow -timeout 2h30m0s -workflow release-linux.yaml -workflow-ref=${DRONE_BRANCH}
-input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_COMMIT}
-input "release-target=release-386" '
environment:
GHA_APP_KEY:
from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY
- name: Send Slack notification
image: plugins/slack:1.4.1
settings:
template: |-
*✘ Failed:* `{{ build.event }}` / `${DRONE_STAGE_NAME}` / <{{ build.link }}|Build: #{{ build.number }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}> Repo: <https://github.com/{{ repo.owner }}/{{ repo.name }}/|{{ repo.owner }}/{{ repo.name }}> Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ build.branch }}> Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
when:
status:
- failure
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/gha.go (main.ghaMultiBuildPipeline)
################################################
kind: pipeline
type: kubernetes
name: push-build-linux-amd64-fips
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- mkdir -pv /go/cache
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Delegate build to GitHub
image: golang:1.18-alpine
pull: if-not-exists
commands:
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e
-tag-workflow -timeout 2h30m0s -workflow release-linux.yaml -workflow-ref=${DRONE_BRANCH}
-input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_COMMIT}
-input "release-target=release-amd64-centos7-fips" '
environment:
GHA_APP_KEY:
from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY
- name: Send Slack notification
image: plugins/slack:1.4.1
settings:
template: |-
*✘ Failed:* `{{ build.event }}` / `${DRONE_STAGE_NAME}` / <{{ build.link }}|Build: #{{ build.number }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}> Repo: <https://github.com/{{ repo.owner }}/{{ repo.name }}/|{{ repo.owner }}/{{ repo.name }}> Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ build.branch }}> Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
when:
status:
- failure
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/gha.go (main.ghaMultiBuildPipeline)
################################################
kind: pipeline
type: kubernetes
name: push-build-windows-amd64
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- mkdir -pv /go/cache
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Delegate build to GitHub
image: golang:1.18-alpine
pull: if-not-exists
commands:
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e
-tag-workflow -timeout 2h30m0s -workflow release-linux.yaml -workflow-ref=${DRONE_BRANCH}
-input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_COMMIT}
-input "release-target=release-windows-unsigned" '
environment:
GHA_APP_KEY:
from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY
- name: Send Slack notification
image: plugins/slack:1.4.1
settings:
template: |-
*✘ Failed:* `{{ build.event }}` / `${DRONE_STAGE_NAME}` / <{{ build.link }}|Build: #{{ build.number }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}> Repo: <https://github.com/{{ repo.owner }}/{{ repo.name }}/|{{ repo.owner }}/{{ repo.name }}> Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ build.branch }}> Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
when:
status:
- failure
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/windows.go (main.newWindowsPipeline)
################################################
kind: pipeline
type: exec
name: push-build-native-windows-amd64
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: C:/Drone/Workspace/push-build-native-windows-amd64
platform:
os: windows
arch: amd64
node:
buildbox_version: teleport14
clone:
disable: true
steps:
- name: Check out Teleport
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- $TeleportRev = if ($Env:DRONE_TAG -ne $null) { $Env:DRONE_TAG } else { $Env:DRONE_COMMIT
}
- New-Item -Path $TeleportSrc -ItemType Directory | Out-Null
- cd $TeleportSrc
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout $TeleportRev
environment:
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
- name: Checkout Submodules
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Enable-Git -Workspace $Workspace -PrivateKey $Env:GITHUB_PRIVATE_KEY
- cd $TeleportSrc
- git submodule update --init e
- Reset-Git -Workspace $Workspace
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
- name: Install Node Toolchain
commands:
- $ProgressPreference = 'SilentlyContinue'
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Push-Location "$TeleportSrc/build.assets"
- $NodeVersion = $(make print-node-version).Trim()
- Pop-Location
- Install-Node -NodeVersion $NodeVersion -ToolchainDir "$Workspace/toolchains"
environment:
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
- name: Install Go Toolchain
commands:
- $ProgressPreference = 'SilentlyContinue'
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Push-Location "$TeleportSrc/build.assets"
- $GoVersion = $(make print-go-version).TrimStart("go")
- Pop-Location
- Install-Go -GoVersion $GoVersion -ToolchainDir "$Workspace/toolchains"
environment:
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
- name: Build tsh
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $Env:GOCACHE = "$Workspace/gocache"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Enable-Go -ToolchainDir "$Workspace/toolchains"
- cd $TeleportSrc
- $Env:GCO_ENABLED=1
- go build -o build/tsh-unsigned.exe ./tool/tsh
environment:
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
- name: Sign tsh
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- cd $TeleportSrc
- ([System.Convert]::FromBase64String($ENV:WINDOWS_SIGNING_CERT)) | Set-Content
windows-signing-cert.pfx -Encoding Byte
- '& ''C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe''
sign /f windows-signing-cert.pfx /d Teleport /t http://timestamp.digicert.com
/du https://goteleport.com /fd sha256 build\tsh-unsigned.exe'
- mv build\tsh-unsigned.exe build\tsh.exe
- rm -r windows-signing-cert.pfx
environment:
WINDOWS_SIGNING_CERT:
from_secret: WINDOWS_SIGNING_CERT
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
- name: Build Teleport Connect
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Enable-Node -ToolchainDir "$Workspace/toolchains"
- Push-Location $TeleportSrc
- $TeleportVersion=$(make print-version).Trim()
- $Env:CONNECT_TSH_BIN_PATH="$TeleportSrc\build\tsh.exe"
- yarn install --frozen-lockfile
- yarn build-term
- yarn package-term "-c.extraMetadata.version=$TeleportVersion"
environment:
CSC_LINK:
from_secret: WINDOWS_SIGNING_CERT
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
- name: Build Windows Authentication Package
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $Env:GOCACHE = "$Workspace/gocache"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Enable-Go -ToolchainDir "$Workspace/toolchains"
- cd $TeleportSrc
- $TeleportVersion=$(make print-version).Trim()
- cd "$TeleportSrc\e\windowsauth"
- make VERSION=v$TeleportVersion all
- ([System.Convert]::FromBase64String($ENV:WINDOWS_SIGNING_CERT)) | Set-Content
windows-signing-cert.pfx -Encoding Byte
- '& ''C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe''
sign /f windows-signing-cert.pfx /d Teleport /t http://timestamp.digicert.com
/du https://goteleport.com /fd sha256 build/teleport-windows-auth-setup-v$TeleportVersion-amd64.exe'
- rm -r windows-signing-cert.pfx
environment:
WINDOWS_SIGNING_CERT:
from_secret: WINDOWS_SIGNING_CERT
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
- name: Clean up workspace (post)
commands:
- $ErrorActionPreference = 'Continue'
- Remove-Item -Recurse -Force -Path "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
environment:
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
when:
status:
- success
- failure
- name: Send Slack notification (exec)
commands:
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Send-ErrorMessage
environment:
SLACK_WEBHOOK_DEV_TELEPORT:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
when:
status:
- failure
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/relcli.go (main.relcliPipeline)
################################################
kind: pipeline
type: kubernetes
name: clean-up-previous-build
environment:
RELCLI_IMAGE: 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/relcli:master-57a5d42-20230412T1204687
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
clone:
disable: true
steps:
- name: Check if commit is tagged
image: alpine
commands:
- '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?''
&& exit 1)'
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Assume AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Pull relcli
image: docker:cli
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker pull $RELCLI_IMAGE
environment:
AWS_DEFAULT_REGION: us-west-2
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
- name: Clean up previously built artifacts
image: docker:git
commands:
- mkdir -p /tmpfs/creds
- echo "$RELEASES_CERT" | base64 -d > "$RELCLI_CERT"
- echo "$RELEASES_KEY" | base64 -d > "$RELCLI_KEY"
- trap "rm -rf /tmpfs/creds" EXIT
- |-
docker run -i -v /tmpfs/creds:/tmpfs/creds \
-e DRONE_REPO -e DRONE_TAG -e RELCLI_BASE_URL -e RELCLI_CERT -e RELCLI_KEY \
$RELCLI_IMAGE auto_destroy -f -v 6
environment:
RELCLI_BASE_URL: https://releases-prod.platform.teleport.sh
RELCLI_CERT: /tmpfs/creds/releases.crt
RELCLI_KEY: /tmpfs/creds/releases.key
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
volumes:
- name: dockersock
path: /var/run
- name: tmpfs
path: /tmpfs
- name: awsconfig
path: /root/.aws
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
volumes:
- name: tmpfs
temp:
medium: memory
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/windows.go (main.newWindowsPipeline)
################################################
kind: pipeline
type: exec
name: build-native-windows-amd64
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: C:/Drone/Workspace/build-native-windows-amd64
platform:
os: windows
arch: amd64
node:
buildbox_version: teleport14
clone:
disable: true
depends_on:
- clean-up-previous-build
concurrency:
limit: 1
steps:
- name: Check out Teleport
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- $TeleportRev = if ($Env:DRONE_TAG -ne $null) { $Env:DRONE_TAG } else { $Env:DRONE_COMMIT
}
- New-Item -Path $TeleportSrc -ItemType Directory | Out-Null
- cd $TeleportSrc
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout $TeleportRev
environment:
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Checkout Submodules
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Enable-Git -Workspace $Workspace -PrivateKey $Env:GITHUB_PRIVATE_KEY
- cd $TeleportSrc
- git submodule update --init e
- Reset-Git -Workspace $Workspace
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Install Node Toolchain
commands:
- $ProgressPreference = 'SilentlyContinue'
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Push-Location "$TeleportSrc/build.assets"
- $NodeVersion = $(make print-node-version).Trim()
- Pop-Location
- Install-Node -NodeVersion $NodeVersion -ToolchainDir "$Workspace/toolchains"
environment:
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Install Go Toolchain
commands:
- $ProgressPreference = 'SilentlyContinue'
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Push-Location "$TeleportSrc/build.assets"
- $GoVersion = $(make print-go-version).TrimStart("go")
- Pop-Location
- Install-Go -GoVersion $GoVersion -ToolchainDir "$Workspace/toolchains"
environment:
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Build Windows Authentication Package
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $Env:GOCACHE = "$Workspace/gocache"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Enable-Go -ToolchainDir "$Workspace/toolchains"
- cd $TeleportSrc
- $TeleportVersion=$(make print-version).Trim()
- cd "$TeleportSrc\e\windowsauth"
- make VERSION=v$TeleportVersion all
- ([System.Convert]::FromBase64String($ENV:WINDOWS_SIGNING_CERT)) | Set-Content
windows-signing-cert.pfx -Encoding Byte
- '& ''C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe''
sign /f windows-signing-cert.pfx /d Teleport /t http://timestamp.digicert.com
/du https://goteleport.com /fd sha256 build/teleport-windows-auth-setup-v$TeleportVersion-amd64.exe'
- rm -r windows-signing-cert.pfx
environment:
WINDOWS_SIGNING_CERT:
from_secret: WINDOWS_SIGNING_CERT
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Build tsh
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $Env:GOCACHE = "$Workspace/gocache"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Enable-Go -ToolchainDir "$Workspace/toolchains"
- cd $TeleportSrc
- $Env:GCO_ENABLED=1
- go build -o build/tsh-unsigned.exe ./tool/tsh
environment:
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Sign tsh
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- cd $TeleportSrc
- ([System.Convert]::FromBase64String($ENV:WINDOWS_SIGNING_CERT)) | Set-Content
windows-signing-cert.pfx -Encoding Byte
- '& ''C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe''
sign /f windows-signing-cert.pfx /d Teleport /t http://timestamp.digicert.com
/du https://goteleport.com /fd sha256 build\tsh-unsigned.exe'
- mv build\tsh-unsigned.exe build\tsh.exe
- rm -r windows-signing-cert.pfx
environment:
WINDOWS_SIGNING_CERT:
from_secret: WINDOWS_SIGNING_CERT
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Build Teleport Connect
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Enable-Node -ToolchainDir "$Workspace/toolchains"
- Push-Location $TeleportSrc
- $TeleportVersion=$(make print-version).Trim()
- $Env:CONNECT_TSH_BIN_PATH="$TeleportSrc\build\tsh.exe"
- yarn install --frozen-lockfile
- yarn build-term
- yarn package-term "-c.extraMetadata.version=$TeleportVersion"
environment:
CSC_LINK:
from_secret: WINDOWS_SIGNING_CERT
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Assume AWS Role
commands:
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- $AwsSharedCredentialsFile = "$Workspace/credentials"
- $SessionName = "drone-$Env:DRONE_REPO-$Env:DRONE_BUILD_NUMBER".replace("/", "-")
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Get-STSCallerIdentity
- Save-Role -RoleArn $Env:AWS_ROLE -RoleSessionName $SessionName -FilePath $AwsSharedCredentialsFile
- 'Get-ChildItem -Path Env: | Where-Object {($_.Name -Like "AWS_SECRET_ACCESS_KEY")
-or ($_.Name -Like "AWS_ACCESS_KEY_ID") } | Remove-Item'
- Get-STSCallerIdentity -ProfileLocation $AwsSharedCredentialsFile
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Upload Artifacts
commands:
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- $TeleportVersion=$Env:DRONE_TAG.TrimStart('v')
- $AwsSharedCredentialsFile = "$Workspace/credentials"
- $OutputsDir="$Workspace/outputs"
- New-Item -Path "$OutputsDir" -ItemType 'Directory' | Out-Null
- Get-ChildItem "$TeleportSrc/web/packages/teleterm/build/release
- Copy-Item -Path "$TeleportSrc/web/packages/teleterm/build/release/Teleport Connect
Setup*.exe" -Destination $OutputsDir
- Copy-Item -Path "$TeleportSrc/e/windowsauth/build/teleport-windows-auth-setup-*.exe"
-Destination $OutputsDir
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Format-FileHashes -PathGlob "$OutputsDir/*.exe"
- Copy-Artifacts -ProfileLocation $AwsSharedCredentialsFile -Path $OutputsDir -Bucket
$Env:AWS_S3_BUCKET -DstRoot "/teleport/tag/$TeleportVersion"
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Register artifacts
commands:
- $ErrorActionPreference = 'Stop'
- $ProgressPreference = 'SilentlyContinue'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- $OutputsDir = "$Workspace/outputs"
- $relcliUrl = 'https://cdn.teleport.dev/relcli-master-93a9f40-20230504T2005101-windows.exe'
- $relcliSha256 = '22d32a57a4b999e619162bebb96d0adf4b3df2596ef4c89b77154e7f96abbf30'
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Get-Relcli -Url $relcliUrl -Sha256 $relcliSha256 -Workspace $Workspace
- Register-Artifacts -Workspace $Workspace -Outputs $OutputsDir
environment:
RELCLI_BASE_URL: https://releases-prod.platform.teleport.sh
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Clean up workspace (post)
commands:
- $ErrorActionPreference = 'Continue'
- Remove-Item -Recurse -Force -Path "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
environment:
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
when:
status:
- success
- failure
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/gha.go (main.ghaMultiBuildPipeline)
################################################
kind: pipeline
type: kubernetes
name: push-build-linux-arm
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- mkdir -pv /go/cache
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Delegate build to GitHub
image: golang:1.18-alpine
pull: if-not-exists
commands:
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e
-tag-workflow -timeout 2h30m0s -workflow release-linux.yaml -workflow-ref=${DRONE_BRANCH}
-input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_COMMIT}
-input "release-target=release-arm" '
environment:
GHA_APP_KEY:
from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY
- name: Send Slack notification
image: plugins/slack:1.4.1
settings:
template: |-
*✘ Failed:* `{{ build.event }}` / `${DRONE_STAGE_NAME}` / <{{ build.link }}|Build: #{{ build.number }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}> Repo: <https://github.com/{{ repo.owner }}/{{ repo.name }}/|{{ repo.owner }}/{{ repo.name }}> Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ build.branch }}> Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
when:
status:
- failure
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/gha.go (main.ghaMultiBuildPipeline)
################################################
kind: pipeline
type: kubernetes
name: push-build-linux-arm64
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- mkdir -pv /go/cache
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Delegate build to GitHub
image: golang:1.18-alpine
pull: if-not-exists
commands:
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e
-tag-workflow -timeout 2h30m0s -workflow release-linux-arm64.yml -workflow-ref=${DRONE_BRANCH}
-input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_COMMIT}
-input "upload-artifacts=false" '
environment:
GHA_APP_KEY:
from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY
- name: Send Slack notification
image: plugins/slack:1.4.1
settings:
template: |-
*✘ Failed:* `{{ build.event }}` / `${DRONE_STAGE_NAME}` / <{{ build.link }}|Build: #{{ build.number }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}> Repo: <https://github.com/{{ repo.owner }}/{{ repo.name }}/|{{ repo.owner }}/{{ repo.name }}> Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ build.branch }}> Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
when:
status:
- failure
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
kind: pipeline
type: kubernetes
name: teleport-docker-cron-ecr
trigger:
cron:
- teleport-docker-cron-ecr
repo:
include:
- gravitational/teleport
workspace:
path: /go
clone:
disable: false
steps:
- name: Set up variables and Dockerfile
image: docker:git
environment:
# increment these variables when a new major/minor version is released to bump the automatic builds
# this only needs to be done on the master branch, as that's the branch that the Drone cron is configured for
# build major version images which are just teleport:x
CURRENT_VERSION_ROOT: v12
PREVIOUS_VERSION_ONE_ROOT: v11
PREVIOUS_VERSION_TWO_ROOT: v10
commands:
- apk --update --no-cache add curl go
- mkdir -p /go/build && cd /go/build
# CURRENT_VERSION
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $CURRENT_VERSION_ROOT > /go/build/CURRENT_VERSION_TAG.txt)
- echo "$(cat /go/build/CURRENT_VERSION_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/CURRENT_VERSION_TAG_GENERIC.txt
# PREVIOUS_VERSION_ONE
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_ONE_ROOT > /go/build/PREVIOUS_VERSION_ONE_TAG.txt)
- echo "$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt
# PREVIOUS_VERSION_TWO
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_TWO_ROOT > /go/build/PREVIOUS_VERSION_TWO_TAG.txt)
- echo "$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt
# list versions
- for FILE in /go/build/*.txt; do echo $FILE; cat $FILE; done
# wait for Docker to be ready
- sleep 3
- name: Configure Staging AWS Profile
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile staging
environment:
AWS_ACCESS_KEY_ID:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
AWS_SECRET_ACCESS_KEY:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
AWS_ROLE:
from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Configure Production AWS Profile
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile production
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
AWS_ROLE:
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Build/push Teleport Lab Docker image
image: docker:git
environment:
OS: linux
ARCH: amd64
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
commands:
- apk add --no-cache aws-cli
- export CURRENT_DATE=$(date '+%Y%m%d%H%M')
- export TELEPORT_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt | tr -d '^v')
- export TELEPORT_LAB_IMAGE_NAME_STAGING="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-$CURRENT_DATE"
- export TELEPORT_LAB_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
# Check out code
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git init && git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin
- git checkout -qf ${DRONE_COMMIT_SHA}
# Authenticate to staging registry
- aws ecr get-login-password --profile staging --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
# Build and push image
- docker build --build-arg TELEPORT_TAG=$TELEPORT_TAG -t $TELEPORT_LAB_IMAGE_NAME_STAGING /go/src/github.com/gravitational/teleport/docker/sshd
- docker push $TELEPORT_LAB_IMAGE_NAME_STAGING
# Authenticate to production registry
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
- aws ecr-public get-login-password --profile production --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws
# Push to production registry
- docker tag $TELEPORT_LAB_IMAGE_NAME_STAGING $TELEPORT_LAB_IMAGE_NAME_PROD
- docker push $TELEPORT_LAB_IMAGE_NAME_PROD
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: awsconfig
temp: {}
---
kind: pipeline
type: kubernetes
name: teleport-helm-cron
trigger:
cron:
- teleport-helm-cron
repo:
include:
- gravitational/teleport
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: alpine/git
pull: if-not-exists
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_COMMIT}
- mkdir -p /go/chart
- cd /go/chart
- name: Assume AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: PRODUCTION_CHARTS_AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Download chart repo contents
image: amazon/aws-cli
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
commands:
- mkdir -p /go/chart
# download all previously packaged chart versions from the S3 bucket
- aws s3 sync s3://$AWS_S3_BUCKET/ /go/chart
- name: Package helm charts
image: alpine/helm:latest
commands:
- cd /go/chart
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-cluster
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-kube-agent
# copy index.html to root of the S3 bucket
- cp /go/src/github.com/gravitational/teleport/examples/chart/index.html /go/chart
# this will index all previous versions of the charts downloaded from the S3 bucket,
# plus the just-packaged charts listed above
- helm repo index /go/chart
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/chart
- aws s3 sync . s3://$AWS_S3_BUCKET/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Send Slack notification
image: plugins/slack:1.4.1
settings:
template: |
*✘ Failed:* `{{ build.event }}` / `${DRONE_STAGE_NAME}` / <{{ build.link }}|Build: #{{ build.number }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}> Repo: <https://github.com/{{ repo.owner }}/{{ repo.name }}/|{{ repo.owner }}/{{ repo.name }}> Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ build.branch }}> Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
when:
status: [failure]
volumes:
- name: awsconfig
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-centos7
environment:
BUILDBOX_VERSION: teleport14
RUNTIME: go1.20.6
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Build artifacts
image: docker
pull: if-not-exists
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-amd64-centos7
environment:
ARCH: amd64
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Copy artifacts
image: docker
pull: if-not-exists
commands:
- cd /go/src/github.com/gravitational/teleport
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- export VERSION=$(cat /go/.version.txt)
- mv /go/artifacts/teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
- mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Assume AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
pull: if-not-exists
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
pull: if-not-exists
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 64-bit (RHEL/CentOS 7.x compatible)"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-centos7-fips
environment:
BUILDBOX_VERSION: teleport14
RUNTIME: go1.20.6
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Build artifacts
image: docker
pull: if-not-exists
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- make -C build.assets release-amd64-centos7-fips
environment:
ARCH: amd64
FIPS: "yes"
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Copy artifacts
image: docker
pull: if-not-exists
commands:
- cd /go/src/github.com/gravitational/teleport
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- export VERSION=$(cat /go/.version.txt)
- mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos7-fips-bin.tar.gz
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Assume AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
pull: if-not-exists
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
pull: if-not-exists
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 64-bit (RHEL/CentOS 7.x compatible, FedRAMP/FIPS)"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64
environment:
BUILDBOX_VERSION: teleport14
RUNTIME: go1.20.6
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Build artifacts
image: docker
pull: if-not-exists
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- make -C build.assets release-amd64-centos7
- make -C build.assets teleterm
environment:
ARCH: amd64
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Copy artifacts
image: docker
pull: if-not-exists
commands:
- cd /go/src/github.com/gravitational/teleport
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- find /go/src/github.com/gravitational/teleport/web/packages/teleterm/build/release
-maxdepth 1 \( -iname "teleport-connect*.tar.gz" -o -iname "teleport-connect*.rpm"
-o -iname "teleport-connect*.deb" \) -print -exec cp {} /go/artifacts/ \;
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- |-
cd /go/artifacts && for FILE in teleport-connect*.deb teleport-connect*.rpm; do
sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Assume AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
pull: if-not-exists
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
pull: if-not-exists
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 64-bit"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-fips
environment:
BUILDBOX_VERSION: teleport14
RUNTIME: go1.20.6
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Build artifacts
image: docker
pull: if-not-exists
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- make -C build.assets release-amd64-centos7-fips
environment:
ARCH: amd64
FIPS: "yes"
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Copy artifacts
image: docker
pull: if-not-exists
commands:
- cd /go/src/github.com/gravitational/teleport
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Assume AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
pull: if-not-exists
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
pull: if-not-exists
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 64-bit (FedRAMP/FIPS)"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-centos7-rpm
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-amd64-centos7
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Assume Download AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Build AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar go
- apk add --no-cache aws-cli
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- mkdir -m0700 $GNUPG_DIR
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
- chown -R root:root $GNUPG_DIR
- make rpm
- rm -rf $GNUPG_DIR
environment:
ARCH: amd64
ENT_TARBALL_PATH: /go/artifacts
GNUPG_DIR: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: awsconfig
path: /root/.aws
- name: tmpfs
path: /tmpfs
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- name: Assume Upload AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
pull: if-not-exists
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 64-bit RPM (RHEL/CentOS 7.x compatible)"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
- name: tmpfs
temp:
medium: memory
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-centos7-fips-rpm
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-amd64-centos7-fips
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Assume Download AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-centos7-fips-bin.tar.gz
/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Build AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar go
- apk add --no-cache aws-cli
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- mkdir -m0700 $GNUPG_DIR
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
- chown -R root:root $GNUPG_DIR
- make -C e rpm
- rm -rf $GNUPG_DIR
environment:
ARCH: amd64
ENT_TARBALL_PATH: /go/artifacts
FIPS: "yes"
GNUPG_DIR: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
RUNTIME: fips
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: awsconfig
path: /root/.aws
- name: tmpfs
path: /tmpfs
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- name: Assume Upload AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
pull: if-not-exists
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 64-bit RPM (RHEL/CentOS 7.x compatible, FedRAMP/FIPS)"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
- name: tmpfs
temp:
medium: memory
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-deb
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-amd64
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Assume Download AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz
/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Build AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- apk add --no-cache aws-cli
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- make deb
environment:
ARCH: amd64
ENT_TARBALL_PATH: /go/artifacts
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: awsconfig
path: /root/.aws
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- name: Assume Upload AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
pull: if-not-exists
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 64-bit DEB"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-fips-deb
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-amd64-fips
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Assume Download AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz
/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Build AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- apk add --no-cache aws-cli
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- make -C e deb
environment:
ARCH: amd64
ENT_TARBALL_PATH: /go/artifacts
FIPS: "yes"
RUNTIME: fips
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: awsconfig
path: /root/.aws
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- name: Assume Upload AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
pull: if-not-exists
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 64-bit DEB (FedRAMP/FIPS)"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-386
environment:
BUILDBOX_VERSION: teleport14
RUNTIME: go1.20.6
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Build artifacts
image: docker
pull: if-not-exists
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-386
environment:
ARCH: "386"
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Copy artifacts
image: docker
pull: if-not-exists
commands:
- cd /go/src/github.com/gravitational/teleport
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Assume AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
pull: if-not-exists
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
pull: if-not-exists
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 32-bit"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-386-rpm
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-386
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Assume Download AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz
/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Build AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar go
- apk add --no-cache aws-cli
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- mkdir -m0700 $GNUPG_DIR
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
- chown -R root:root $GNUPG_DIR
- make rpm
- rm -rf $GNUPG_DIR
environment:
ARCH: "386"
ENT_TARBALL_PATH: /go/artifacts
GNUPG_DIR: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: awsconfig
path: /root/.aws
- name: tmpfs
path: /tmpfs
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- name: Assume Upload AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
pull: if-not-exists
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 32-bit RPM"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
- name: tmpfs
temp:
medium: memory
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-386-deb
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-386
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Assume Download AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz
/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Build AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- apk add --no-cache aws-cli
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- make deb
environment:
ARCH: "386"
ENT_TARBALL_PATH: /go/artifacts
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: awsconfig
path: /root/.aws
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- name: Assume Upload AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
pull: if-not-exists
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 32-bit DEB"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/gha.go (main.ghaMultiBuildPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-darwin-amd64
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- mkdir -pv /go/cache
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Delegate build to GitHub
image: golang:1.18-alpine
pull: if-not-exists
commands:
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e
-tag-workflow -timeout 2h30m0s -workflow release-mac.yaml -workflow-ref=${DRONE_TAG}
-input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_TAG} -input
"build-packages=true" -input "release-artifacts=true" '
environment:
GHA_APP_KEY:
from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY
- name: Send Slack notification
image: plugins/slack:1.4.1
settings:
template: |-
*✘ Failed:* `{{ build.event }}` / `${DRONE_STAGE_NAME}` / <{{ build.link }}|Build: #{{ build.number }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}> Repo: <https://github.com/{{ repo.owner }}/{{ repo.name }}/|{{ repo.owner }}/{{ repo.name }}> Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ build.branch }}> Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
when:
status:
- failure
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-arm
environment:
BUILDBOX_VERSION: teleport14
RUNTIME: go1.20.6
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Build artifacts
image: docker
pull: if-not-exists
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-arm
environment:
ARCH: arm
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Copy artifacts
image: docker
pull: if-not-exists
commands:
- cd /go/src/github.com/gravitational/teleport
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Assume AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
pull: if-not-exists
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
pull: if-not-exists
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux ARMv7 (32-bit)"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/gha.go (main.ghaMultiBuildPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-arm64
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- mkdir -pv /go/cache
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Delegate build to GitHub
image: golang:1.18-alpine
pull: if-not-exists
commands:
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e
-tag-workflow -timeout 2h30m0s -workflow release-linux-arm64.yml -workflow-ref=${DRONE_TAG}
-input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_TAG} -input
"upload-artifacts=true" '
environment:
GHA_APP_KEY:
from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-arm64-deb
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-arm64
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Assume Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm64-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm64-bin.tar.gz
/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Build AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- apk add --no-cache aws-cli
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- make deb
environment:
ARCH: arm64
ENT_TARBALL_PATH: /go/artifacts
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- name: Assume Upload AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux ARM64/ARMv8 (64-bit) DEB"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: awsconfig
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-arm-deb
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-arm
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Assume Download AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm-bin.tar.gz
/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Build AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- apk add --no-cache aws-cli
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- make deb
environment:
ARCH: arm
ENT_TARBALL_PATH: /go/artifacts
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: awsconfig
path: /root/.aws
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- name: Assume Upload AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
pull: if-not-exists
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux ARMv7 (32-bit) DEB"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-arm64-rpm
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-arm64
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Assume Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm64-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm64-bin.tar.gz
/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Build AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar go
- apk add --no-cache aws-cli
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- mkdir -m0700 $GNUPG_DIR
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
- chown -R root:root $GNUPG_DIR
- make rpm
- rm -rf $GNUPG_DIR
environment:
ARCH: arm64
ENT_TARBALL_PATH: /go/artifacts
GNUPG_DIR: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
- name: tmpfs
path: /tmpfs
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- name: Assume Upload AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux ARM64/ARMv8 (64-bit) RPM"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: awsconfig
temp: {}
- name: tmpfs
temp:
medium: memory
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-arm-rpm
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-arm
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Assume Download AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm-bin.tar.gz
/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Build AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar go
- apk add --no-cache aws-cli
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- mkdir -m0700 $GNUPG_DIR
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
- chown -R root:root $GNUPG_DIR
- make rpm
- rm -rf $GNUPG_DIR
environment:
ARCH: arm
ENT_TARBALL_PATH: /go/artifacts
GNUPG_DIR: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: awsconfig
path: /root/.aws
- name: tmpfs
path: /tmpfs
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- name: Assume Upload AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
pull: if-not-exists
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux ARMv7 (32-bit) RPM"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
- name: tmpfs
temp:
medium: memory
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-windows-amd64
environment:
BUILDBOX_VERSION: teleport14
RUNTIME: go1.20.6
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Build artifacts
image: docker
pull: if-not-exists
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- echo -n "$WINDOWS_SIGNING_CERT" | base64 -d > windows-signing-cert.pfx
- make -C build.assets release-windows
- rm -f windows-signing-cert.pfx
environment:
ARCH: amd64
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: windows
UID: "1000"
WINDOWS_SIGNING_CERT:
from_secret: WINDOWS_SIGNING_CERT
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Copy artifacts
image: docker
pull: if-not-exists
commands:
- cd /go/src/github.com/gravitational/teleport
- find . -maxdepth 1 -iname "teleport*.zip" -print -exec cp {} /go/artifacts \;
- export VERSION=$(cat /go/.version.txt)
- cp /go/artifacts/teleport-v$${VERSION}-windows-amd64-bin.zip /go/artifacts/teleport-ent-v$${VERSION}-windows-amd64-bin.zip
- cd /go/artifacts && for FILE in teleport*.zip; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Assume AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
pull: if-not-exists
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
pull: if-not-exists
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Windows 64-bit (tsh client only)"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="windows" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
kind: pipeline
type: kubernetes
name: build-oss-amis
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
depends_on:
- build-linux-amd64
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Assume Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Download built tarball artifacts from S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_REGION: us-west-2
volumes:
- name: awsconfig
path: /root/.aws
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
- name: Assume Packer AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_PACKER_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_PACKER_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_PACKER_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Build OSS AMIs
image: hashicorp/packer:1.7.6
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
commands:
- apk add --no-cache aws-cli jq make
- cd /go/src/github.com/gravitational/teleport/assets/aws
- export TELEPORT_VERSION=$(cat /go/.version.txt)
- export PUBLIC_AMI_NAME=gravitational-teleport-ami-oss-$TELEPORT_VERSION
- |
if [ "${DRONE_BUILD_EVENT}" = "tag" ]; then
echo "---> Building production OSS AMIs"
echo "---> Note: these AMIs will not be made public until the 'promote' step is run"
make oss-ci-build
else
echo "---> Building debug OSS AMIs"
make oss
fi
- name: Assume S3 Timestamp Sync AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Sync OSS build timestamp to S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_REGION: us-west-2
volumes:
- name: awsconfig
path: /root/.aws
commands:
- export VERSION=$(cat /go/.version.txt)
- aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/oss_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: awsconfig
temp: {}
---
kind: pipeline
type: kubernetes
name: build-ent-amis
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
depends_on:
- build-linux-amd64
- build-linux-amd64-fips
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Assume Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Download built tarball artifacts from S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_REGION: us-west-2
volumes:
- name: awsconfig
path: /root/.aws
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
- name: Assume Packer AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_PACKER_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_PACKER_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_PACKER_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Build Enterprise AMIs
image: hashicorp/packer:1.7.6
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
commands:
- apk add --no-cache aws-cli jq make
- cd /go/src/github.com/gravitational/teleport/assets/aws
- export TELEPORT_VERSION=$(cat /go/.version.txt)
- export PUBLIC_AMI_NAME=gravitational-teleport-ami-ent-$TELEPORT_VERSION
- export FIPS_AMI_NAME=gravitational-teleport-ami-ent-$TELEPORT_VERSION-fips
- |
if [ "${DRONE_BUILD_EVENT}" = "tag" ]; then
echo "---> Building production Enterprise AMIs"
echo "---> Note: these AMIs will not be made public until the 'promote' step is run"
make ent-ci-build
else
echo "---> Building debug Enterprise AMIs"
make ent
fi
- name: Assume S3 Timestamp Sync AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Sync Enterprise build timestamp to S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_REGION: us-west-2
volumes:
- name: awsconfig
path: /root/.aws
commands:
- export VERSION=$(cat /go/.version.txt)
- aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/ent_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: awsconfig
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/buildbox.go (main.buildboxPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-buildboxes
environment:
BUILDBOX_VERSION: teleport14
GID: "1000"
UID: "1000"
trigger:
event:
include:
- push
repo:
include:
- gravitational/teleport
branch:
include:
- master
- branch/*
workspace:
path: /go/src/github.com/gravitational/teleport
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- git clone --depth 1 --single-branch --branch ${DRONE_SOURCE_BRANCH:-master} https://github.com/gravitational/${DRONE_REPO_NAME}.git
.
- git checkout ${DRONE_COMMIT}
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Configure Staging AWS Profile
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile staging
environment:
AWS_ACCESS_KEY_ID:
from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: STAGING_BUILDBOX_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Configure Production AWS Profile
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile production
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: PRODUCTION_BUILDBOX_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build and push buildbox
image: docker
pull: if-not-exists
commands:
- apk add --no-cache make aws-cli
- chown -R $UID:$GID /go
- aws ecr get-login-password --profile staging --region=us-west-2 | docker login
-u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
- make -C build.assets buildbox
- docker tag public.ecr.aws/gravitational/teleport-buildbox:$BUILDBOX_VERSION 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
- docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
- aws ecr-public get-login-password --profile production --region=us-east-1 | docker
login -u="AWS" --password-stdin public.ecr.aws
- docker push public.ecr.aws/gravitational/teleport-buildbox:$BUILDBOX_VERSION
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Build and push buildbox-arm
image: docker
pull: if-not-exists
commands:
- apk add --no-cache make aws-cli
- chown -R $UID:$GID /go
- aws ecr get-login-password --profile staging --region=us-west-2 | docker login
-u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
- make -C build.assets buildbox-arm
- docker tag public.ecr.aws/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
- docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
- aws ecr-public get-login-password --profile production --region=us-east-1 | docker
login -u="AWS" --password-stdin public.ecr.aws
- docker push public.ecr.aws/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Build and push buildbox-centos7
image: docker
pull: if-not-exists
commands:
- apk add --no-cache make aws-cli
- chown -R $UID:$GID /go
- aws ecr get-login-password --profile staging --region=us-west-2 | docker login
-u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
- make -C build.assets buildbox-centos7
- docker tag public.ecr.aws/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
- docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
- aws ecr-public get-login-password --profile production --region=us-east-1 | docker
login -u="AWS" --password-stdin public.ecr.aws
- docker push public.ecr.aws/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Build and push buildbox-centos7-fips
image: docker
pull: if-not-exists
commands:
- apk add --no-cache make aws-cli
- chown -R $UID:$GID /go
- aws ecr get-login-password --profile staging --region=us-west-2 | docker login
-u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
- make -C build.assets buildbox-centos7-fips
- docker tag public.ecr.aws/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
- docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
- aws ecr-public get-login-password --profile production --region=us-east-1 | docker
login -u="AWS" --password-stdin public.ecr.aws
- docker push public.ecr.aws/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/gha.go (main.ghaMultiBuildPipeline)
################################################
kind: pipeline
type: kubernetes
name: publish-os-package-repos
trigger:
event:
include:
- promote
target:
include:
- production
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- mkdir -pv /go/cache
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Determine if release should go to development or production
image: golang:1.18-alpine
commands:
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- mkdir -pv "/go/vars"
- (go run ./cmd/check -tag ${DRONE_TAG} -check prerelease && echo "promote" || echo
"build") > "/go/vars/release-environment.txt"
- name: Publish Teleport to stable/${DRONE_TAG} apt repo
image: golang:1.18-alpine
pull: if-not-exists
commands:
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e
-tag-workflow -series-run -timeout 12h0m0s -workflow deploy-packages.yaml -workflow-ref=refs/heads/master
-input "artifact-tag=${DRONE_TAG}" -input "environment=$(cat "/go/vars/release-environment.txt")"
-input "package-name-filter=$($DRONE_REPO_PRIVATE && echo "*ent*" || echo "")"
-input "package-to-test=teleport-ent" -input "release-channel=stable" -input "repo-type=apt"
-input "version-channel=${DRONE_TAG}" '
environment:
GHA_APP_KEY:
from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY
- name: Publish Teleport to stable/${DRONE_TAG} yum repo
image: golang:1.18-alpine
pull: if-not-exists
commands:
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e
-tag-workflow -series-run -timeout 12h0m0s -workflow deploy-packages.yaml -workflow-ref=refs/heads/master
-input "artifact-tag=${DRONE_TAG}" -input "environment=$(cat "/go/vars/release-environment.txt")"
-input "package-name-filter=$($DRONE_REPO_PRIVATE && echo "*ent*" || echo "")"
-input "package-to-test=teleport-ent" -input "release-channel=stable" -input "repo-type=yum"
-input "version-channel=${DRONE_TAG}" '
environment:
GHA_APP_KEY:
from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY
- name: Publish teleport-ent-updater to stable/cloud apt repo
image: golang:1.18-alpine
pull: if-not-exists
commands:
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e
-tag-workflow -series-run -timeout 12h0m0s -workflow deploy-packages.yaml -workflow-ref=refs/heads/master
-input "artifact-tag=${DRONE_TAG}" -input "environment=$(cat "/go/vars/release-environment.txt")"
-input "package-name-filter=teleport-ent-updater*" -input "release-channel=stable"
-input "repo-type=apt" -input "version-channel=cloud" '
environment:
GHA_APP_KEY:
from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY
- name: Publish teleport-ent-updater to stable/cloud yum repo
image: golang:1.18-alpine
pull: if-not-exists
commands:
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e
-tag-workflow -series-run -timeout 12h0m0s -workflow deploy-packages.yaml -workflow-ref=refs/heads/master
-input "artifact-tag=${DRONE_TAG}" -input "environment=$(cat "/go/vars/release-environment.txt")"
-input "package-name-filter=teleport-ent-updater*" -input "release-channel=stable"
-input "repo-type=yum" -input "version-channel=cloud" '
environment:
GHA_APP_KEY:
from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
kind: pipeline
type: kubernetes
name: promote-build
trigger:
event:
- promote
target:
- production
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check if commit is tagged
image: alpine
commands:
- "[ -n ${DRONE_TAG} ] || (echo 'DRONE_TAG is not set. Is the commit tagged?' && exit 1)"
- name: Assume Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- mkdir -p /go/artifacts
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/ /go/artifacts/
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_REGION: us-west-2
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Upload AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: PRODUCTION_AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload artifacts to production S3
image: amazon/aws-cli
environment:
AWS_REGION: us-east-1
AWS_S3_BUCKET:
from_secret: PRODUCTION_AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
commands:
- cd /go/artifacts/
- aws s3 sync --acl public-read . s3://$AWS_S3_BUCKET/teleport/${DRONE_TAG##v}
- name: Check out code
image: docker:git
commands:
- |
mkdir -p /go/src/github.com/gravitational/teleport
cd /go/src/github.com/gravitational/teleport
git init && git remote add origin ${DRONE_REMOTE_URL}
git fetch origin +refs/tags/${DRONE_TAG}:
git checkout -qf FETCH_HEAD
- name: Assume AMI Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Download AMI timestamps
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
commands:
- mkdir -p /go/src/github.com/gravitational/teleport/assets/aws/files/build
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/ami/${DRONE_TAG##v}/ /go/src/github.com/gravitational/teleport/assets/aws/files/build
- name: Assume AMI Publish AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: PRODUCTION_AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Make AMIs public
image: docker
volumes:
- name: awsconfig
path: /root/.aws
commands:
- apk add --no-cache aws-cli bash jq make
- cd /go/src/github.com/gravitational/teleport/assets/aws
- |
make change-amis-to-public-oss
make change-amis-to-public-ent
make change-amis-to-public-ent-fips
- name: "Helm: Assume Download AWS Role"
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: PRODUCTION_CHARTS_AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
# Download all previously packaged charts. This is needed to rebuild the
# index and re-publish the repository.
- name: "Helm: Download chart repository"
image: amazon/aws-cli
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
commands:
- mkdir -p /go/chart
- aws s3 sync s3://$AWS_S3_BUCKET/ /go/chart
- name: "Helm: Package chart repository"
image: alpine/helm:latest
commands:
- cd /go/chart
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-cluster
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-kube-agent
# copy index.html to root of the S3 bucket.
- cp /go/src/github.com/gravitational/teleport/examples/chart/index.html /go/chart
# this will index all previous versions of the charts downloaded from the S3 bucket,
# plus the just-packaged charts listed above
- helm repo index /go/chart
- ls /go/chart
- name: "Helm: Assume Upload AWS Role"
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: PRODUCTION_CHARTS_AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: "Helm: Publish chart repository to S3"
image: amazon/aws-cli
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
commands:
- cd /go/chart/
- aws s3 sync . s3://$AWS_S3_BUCKET/
# NOTE: all mandatory steps for a release promotion need to go BEFORE this
# step, as there is a chance that everything afterwards will be skipped.
#
# this step exits early and skips all remaining steps in the pipeline if the
# tag looks like a pre-release, to avoid pushing pre-release RPMs and DEBs to
# our yum / apt repos.
- name: Check if repo is public
image: alpine
commands:
- if [ "${DRONE_REPO}" != "gravitational/teleport" ]; then echo "---> Not publishing ${DRONE_REPO} packages to RPM and DEB repos" && exit 78; fi
- name: Check if tag is prerelease
image: golang:1.17-alpine
commands:
- cd /go/src/github.com/gravitational/teleport/build.assets/tooling
- go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> Not publishing ${DRONE_TAG} packages to RPM and DEB repos' && exit 78)
- name: Assume RPM Repo AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: RPMREPO_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: RPMREPO_AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: RPMREPO_AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Download RPM repo contents
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: RPMREPO_AWS_S3_BUCKET
volumes:
- name: rpmrepo
path: /rpmrepo
- name: awsconfig
path: /root/.aws
commands:
- mkdir -p /rpmrepo/teleport/cache
# we explicitly want to delete anything present locally which has been deleted
# from the upstream S3 bucket
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/ /rpmrepo/teleport/ --delete
- mkdir -p /rpmrepo/teleport/${DRONE_TAG##v}
- cp -a /go/artifacts/*.rpm /rpmrepo/teleport/${DRONE_TAG##v}/
# we do this using a CentOS 7 container to make sure that the repo files are
# compatible with older versions, also there's no createrepo package in alpine main
- name: Regenerate RPM repo metadata
image: centos:7
volumes:
- name: rpmrepo
path: /rpmrepo
commands:
- yum -y install createrepo
- createrepo --cachedir /rpmrepo/teleport/cache --update /rpmrepo/teleport
# This step requires centos:8 to get gpg 2.2+
# centos:7's gpg 2.0 doesn't understand the format of GPG_RPM_SIGNING_ARCHIVE
- name: Sign RPM repo metadata
image: centos:8
volumes:
- name: rpmrepo
path: /rpmrepo
# for in-memory tmpfs for key material
- name: tmpfs
path: /tmpfs
environment:
GNUPGHOME: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
commands:
- |
# extract signing key
mkdir -m0700 $GNUPGHOME
echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME
chown -R root:root $GNUPGHOME
# Sign rpm repo metadata (yum clients will automatically look for and verify repodata/repomd.xml.asc)
- gpg --batch --yes --detach-sign --armor /rpmrepo/teleport/repodata/repomd.xml
- cat /rpmrepo/teleport/repodata/repomd.xml.asc
- rm -rf $GNUPGHOME
- name: Sync RPM repo changes to S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: RPMREPO_AWS_S3_BUCKET
volumes:
- name: rpmrepo
path: /rpmrepo
- name: awsconfig
path: /root/.aws
commands:
- aws s3 sync /rpmrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/
# This step skips all remaining steps in the pipeline if the tag
# is not the highest semver *ever* released, to avoid publishing DEBs
# that would cause apt users to downgrade. For more info see:
# https://github.com/gravitational/teleport/issues/8166
- name: Check if tag is latest
image: golang:1.17-alpine
commands:
- cd /go/src/github.com/gravitational/teleport/build.assets/tooling
- go run ./cmd/check -tag ${DRONE_TAG} -check latest || (echo '---> Not publishing ${DRONE_REPO} packages to DEB repo' && exit 78)
- name: Assume Deb Repo AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: DEBREPO_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: DEBREPO_AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: DEBREPO_AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Download DEB repo contents
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: DEBREPO_AWS_S3_BUCKET
volumes:
- name: debrepo
path: /debrepo
- name: awsconfig
path: /root/.aws
commands:
# we explicitly want to delete anything present locally which has been deleted
# from the upstream S3 bucket
- mkdir -p /debrepo/teleport
- aws s3 sync s3://$AWS_S3_BUCKET/teleport /debrepo/teleport --delete
- name: Build DEB repo
image: ubuntu:20.04
environment:
DEBIAN_FRONTEND: noninteractive
GNUPGHOME: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
volumes:
- name: dockersock
path: /var/run
- name: debrepo
path: /debrepo
# for in-memory tmpfs for key material
- name: tmpfs
path: /tmpfs
commands:
- |
# install needed tools
apt-get -y update && apt-get -y install curl gzip gnupg2 reprepro tar
- |
# write config files
mkdir -p /go/reprepro/teleport/conf /go/reprepro/teleport/public
# we have to keep listing "arm" even though it's not a real debian arch
# because we have released packages for it that are currently in the
# repo bucket, and reprepro will error out if it's told to includedeb a
# package for an architecture that's not in its configuration
cat << EOF > /go/reprepro/teleport/conf/distributions
Origin: teleport
Label: teleport
Codename: stable
Architectures: i386 amd64 arm armhf arm64
Components: main
Description: apt repository for teleport
SignWith: 6282C411
EOF
cat << EOF > /go/reprepro/teleport/conf/options
verbose
basedir /go/reprepro/teleport
EOF
- |
# extract signing key
mkdir -m0700 $GNUPGHOME
echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME
chown -R root:root $GNUPGHOME
- |
# create repo
cd /go/reprepro/teleport
reprepro --outdir /go/reprepro/teleport/public includedeb stable /go/artifacts/teleport*.deb
- |
# clean up gnupg
rm -rf $GNUPGHOME
- |
# copy artifacts to PVC
cp -r /go/reprepro/teleport /debrepo/
- name: Sync DEB repo changes to S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: DEBREPO_AWS_S3_BUCKET
volumes:
- name: debrepo
path: /debrepo
- name: awsconfig
path: /root/.aws
commands:
- aws s3 sync /debrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: tmpfs
path: /tmpfs
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: tmpfs
temp:
medium: memory
# these persistent volumes cache RPMs/DEBs near Drone so that we don't need to download the
# entire repo contents from S3 every time to build the repo, we just sync any differences
- name: rpmrepo
claim:
name: drone-s3-rpmrepo-pvc
- name: debrepo
claim:
name: drone-s3-debrepo-pvc
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/gha.go (main.ghaMultiBuildPipeline)
################################################
kind: pipeline
type: kubernetes
name: promote-teleport-oci-distroless-images
trigger:
event:
include:
- promote
target:
include:
- production
- promote-distroless
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- mkdir -pv /go/cache
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Delegate build to GitHub
image: golang:1.18-alpine
pull: if-not-exists
commands:
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e
-tag-workflow -timeout 2h30m0s -workflow promote-teleport-oci-distroless.yml -workflow-ref=${DRONE_TAG}
-input "release-source-tag=${DRONE_TAG}" '
environment:
GHA_APP_KEY:
from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/gha.go (main.ghaMultiBuildPipeline)
################################################
kind: pipeline
type: kubernetes
name: promote-teleport-hardened-amis
trigger:
event:
include:
- promote
target:
include:
- production
- promote-hardened-amis
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- mkdir -pv /go/cache
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Delegate build to GitHub
image: golang:1.18-alpine
pull: if-not-exists
commands:
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e
-tag-workflow -timeout 2h30m0s -workflow promote-teleport-hardened-amis.yaml -workflow-ref=${DRONE_TAG}
-input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_TAG} -input
"release-source-tag=${DRONE_TAG}" '
environment:
GHA_APP_KEY:
from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/gha.go (main.ghaMultiBuildPipeline)
################################################
kind: pipeline
type: kubernetes
name: promote-teleport-kube-agent-updater-oci-images
trigger:
event:
include:
- promote
target:
include:
- production
- promote-updater
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- mkdir -pv /go/cache
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Delegate build to GitHub
image: golang:1.18-alpine
pull: if-not-exists
commands:
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e
-tag-workflow -timeout 2h30m0s -workflow promote-teleport-kube-agent-updater-oci.yml
-workflow-ref=${DRONE_TAG} -input "release-source-tag=${DRONE_TAG}" '
environment:
GHA_APP_KEY:
from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline)
################################################
kind: pipeline
type: kubernetes
name: teleport-container-images-branch-tag
environment:
DEBIAN_FRONTEND: noninteractive
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- clean-up-previous-build
steps:
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Wait for docker registry
image: alpine
pull: if-not-exists
commands:
- apk add curl
- timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)"
!= "200" ]; do sleep 1; done'
- name: Check out code
image: alpine/git:latest
pull: if-not-exists
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "$DRONE_TAG"
- name: Build full semver
image: alpine
commands:
- mkdir -pv $(dirname "/go/var/full-version")
- echo $DRONE_TAG | sed 's/v//' > "/go/var/full-version"
- echo $(cat "/go/var/full-version")
- name: Assume ECR - staging AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-staging
environment:
AWS_ACCESS_KEY_ID:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume ECR - authenticated-pull AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-authenticated-pull
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume ECR - staging AWS Role
- name: Assume S3 Download AWS Role for teleport
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Wait for docker
- Wait for docker registry
- Check out code
- Build full semver
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
image: alpine/git:latest
commands:
- mkdir -pv "/tmp/repo"
- cd "/tmp/repo"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "$DRONE_TAG"
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport")
- cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport"
depends_on:
- Wait for docker
- Wait for docker registry
- Check out code
- Build full semver
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- name: Download "teleport_v14-tag_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v14-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v14-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v14-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v14-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v14-amd64-builder" --config "/tmp/teleport-v14-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-v14-amd64-builder" --target "teleport"
--platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v14-amd64-builder"
- rm -rf "/tmp/teleport-v14-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v14-tag_amd64.deb" artifacts from S3
- name: Download "teleport_v14-tag_arm.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v14-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v14-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v14-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v14-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v14-arm-builder" --config "/tmp/teleport-v14-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-v14-arm-builder" --target "teleport"
--platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v14-arm-builder"
- rm -rf "/tmp/teleport-v14-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v14-tag_arm.deb" artifacts from S3
- name: Download "teleport_v14-tag_arm64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v14-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v14-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v14-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v14-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v14-arm64-builder" --config "/tmp/teleport-v14-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-v14-arm64-builder" --target "teleport"
--platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v14-arm64-builder"
- rm -rf "/tmp/teleport-v14-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v14-tag_arm64.deb" artifacts from S3
- name: Tag and push image "teleport:v14-amd64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-amd64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v14-amd64"
- name: Tag and push image "teleport:v14-arm" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping'
|| (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v14-arm"
- name: Tag and push image "teleport:v14-arm64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v14-arm64"
- name: Create manifest and push "teleport:full" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping'
|| (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version") --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version"))
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v14-amd64" to ECR - staging
- Tag and push image "teleport:v14-arm" to ECR - staging
- Tag and push image "teleport:v14-arm64" to ECR - staging
- name: Assume S3 Download AWS Role for teleport-ent
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport-ent
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Wait for docker
- Wait for docker registry
- Check out code
- Build full semver
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
image: alpine/git:latest
commands:
- mkdir -pv "/tmp/repo"
- cd "/tmp/repo"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "$DRONE_TAG"
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent")
- cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport-ent"
depends_on:
- Wait for docker
- Wait for docker registry
- Check out code
- Build full semver
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- name: Download "teleport-ent_v14-tag_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v14-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v14-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v14-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v14-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v14-amd64-builder" --config "/tmp/teleport-ent-v14-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-ent-v14-amd64-builder" --target
"teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v14-amd64-builder"
- rm -rf "/tmp/teleport-ent-v14-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v14-tag_amd64.deb" artifacts from S3
- name: Download "teleport-ent_v14-tag_arm.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v14-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v14-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v14-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v14-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v14-arm-builder" --config "/tmp/teleport-ent-v14-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-ent-v14-arm-builder" --target "teleport"
--platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
--file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat
"/go/var/full-version")_arm.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v14-arm-builder"
- rm -rf "/tmp/teleport-ent-v14-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v14-tag_arm.deb" artifacts from S3
- name: Download "teleport-ent_v14-tag_arm64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v14-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v14-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v14-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v14-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v14-arm64-builder" --config "/tmp/teleport-ent-v14-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-ent-v14-arm64-builder" --target
"teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v14-arm64-builder"
- rm -rf "/tmp/teleport-ent-v14-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v14-tag_arm64.deb" artifacts from S3
- name: Tag and push image "teleport-ent:v14-amd64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v14-amd64"
- name: Tag and push image "teleport-ent:v14-arm" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping'
|| (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v14-arm"
- name: Tag and push image "teleport-ent:v14-arm64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v14-arm64"
- name: Create manifest and push "teleport-ent:full" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping'
|| (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version") --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version"))
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v14-amd64" to ECR - staging
- Tag and push image "teleport-ent:v14-arm" to ECR - staging
- Tag and push image "teleport-ent:v14-arm64" to ECR - staging
- name: Assume S3 Download AWS Role for teleport-ent-fips
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport-ent-fips
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Wait for docker
- Wait for docker registry
- Check out code
- Build full semver
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for
teleport-ent-fips
image: alpine/git:latest
commands:
- mkdir -pv "/tmp/repo"
- cd "/tmp/repo"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "$DRONE_TAG"
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips")
- cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport-ent-fips"
depends_on:
- Wait for docker
- Wait for docker registry
- Check out code
- Build full semver
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- name: Download "teleport-ent_v14-tag-fips_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent-fips
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent-fips
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips
- name: Build teleport-ent-fips image "teleport-ent:v14-fips-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v14-fips-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v14-fips-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v14-fips-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v14-fips-amd64-builder" --config "/tmp/teleport-ent-v14-fips-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-ent-v14-fips-amd64-builder" --target
"teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips"
--build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v14-fips-amd64-builder"
- rm -rf "/tmp/teleport-ent-v14-fips-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v14-tag-fips_amd64.deb" artifacts from S3
- name: Tag and push image "teleport-ent:v14-fips-amd64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent-fips image "teleport-ent:v14-fips-amd64"
- name: Create manifest and push "teleport-ent:full-fips" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping'
|| (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v14-fips-amd64" to ECR - staging
- name: Build teleport-operator image "teleport-operator:v14-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v14-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v14-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v14-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v14-amd64-builder" --config "/tmp/teleport-operator-v14-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-operator-v14-amd64-builder" --platform
"linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
--file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile"
--build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport14
--build-arg COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v14-amd64-builder"
- rm -rf "/tmp/teleport-operator-v14-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Wait for docker
- Wait for docker registry
- Check out code
- Build full semver
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- name: Build teleport-operator image "teleport-operator:v14-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v14-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v14-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v14-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v14-arm-builder" --config "/tmp/teleport-operator-v14-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-operator-v14-arm-builder" --platform
"linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
--file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile"
--build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport14
--build-arg COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v14-arm-builder"
- rm -rf "/tmp/teleport-operator-v14-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Wait for docker
- Wait for docker registry
- Check out code
- Build full semver
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- name: Build teleport-operator image "teleport-operator:v14-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v14-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v14-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v14-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v14-arm64-builder" --config "/tmp/teleport-operator-v14-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-operator-v14-arm64-builder" --platform
"linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
--file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile"
--build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport14
--build-arg COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v14-arm64-builder"
- rm -rf "/tmp/teleport-operator-v14-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Wait for docker
- Wait for docker registry
- Check out code
- Build full semver
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- name: Tag and push image "teleport-operator:v14-amd64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v14-amd64"
- name: Tag and push image "teleport-operator:v14-arm" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping'
|| (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v14-arm"
- name: Tag and push image "teleport-operator:v14-arm64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v14-arm64"
- name: Create manifest and push "teleport-operator:full" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping'
|| (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version") --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version"))
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v14-amd64" to ECR - staging
- Tag and push image "teleport-operator:v14-arm" to ECR - staging
- Tag and push image "teleport-operator:v14-arm64" to ECR - staging
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: drone-docker-registry
image: registry:2
privileged: false
volumes: []
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/gha.go (main.ghaMultiBuildPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-teleport-oci-distroless-images
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- clean-up-previous-build
- build-linux-amd64-deb
- build-linux-amd64-fips-deb
- build-linux-arm64-deb
- build-linux-arm-deb
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- mkdir -pv /go/cache
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Delegate build to GitHub
image: golang:1.18-alpine
pull: if-not-exists
commands:
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e
-tag-workflow -timeout 2h30m0s -workflow release-teleport-oci-distroless.yml -workflow-ref=${DRONE_TAG}
-input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_TAG} '
environment:
GHA_APP_KEY:
from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/gha.go (main.ghaMultiBuildPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-teleport-hardened-amis
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- clean-up-previous-build
- build-linux-amd64-deb
- build-linux-amd64-fips-deb
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- mkdir -pv /go/cache
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Delegate build to GitHub
image: golang:1.18-alpine
pull: if-not-exists
commands:
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e
-tag-workflow -timeout 2h30m0s -workflow release-teleport-hardened-amis.yaml -workflow-ref=${DRONE_TAG}
-input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_TAG} '
environment:
GHA_APP_KEY:
from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/gha.go (main.ghaMultiBuildPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-teleport-kube-agent-updater-oci-images
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
pull: if-not-exists
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- mkdir -pv /go/cache
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Delegate build to GitHub
image: golang:1.18-alpine
pull: if-not-exists
commands:
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e
-tag-workflow -timeout 2h30m0s -workflow release-teleport-kube-agent-updater-oci.yml
-workflow-ref=${DRONE_TAG} -input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_TAG} '
environment:
GHA_APP_KEY:
from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline)
################################################
kind: pipeline
type: kubernetes
name: teleport-container-images-branch-promote
environment:
DEBIAN_FRONTEND: noninteractive
trigger:
event:
include:
- promote
target:
include:
- production
- promote-docker
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Verify build is tagged
image: alpine:latest
pull: if-not-exists
commands:
- '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?''
&& exit 1)'
- name: Record if tag ($DRONE_TAG) is prerelease
image: golang:1.18-alpine
commands:
- apk add git
- mkdir -pv "/tmp/repo"
- cd "/tmp/repo"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_TAG}"
- mkdir -pv $(dirname "/go/vars/release-is-prerelease")
- cd "/tmp/repo/build.assets/tooling"
- go run ./cmd/check -tag $DRONE_TAG -check prerelease &> /dev/null || echo 'Version
is a prerelease' > "/go/vars/release-is-prerelease"
- printf 'Version is '; [ ! -f "/go/vars/release-is-prerelease" ] && printf 'not
'; echo 'a prerelease'
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
depends_on:
- Verify build is tagged
- Record if tag ($DRONE_TAG) is prerelease
- name: Wait for docker registry
image: alpine
pull: if-not-exists
commands:
- apk add curl
- timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)"
!= "200" ]; do sleep 1; done'
depends_on:
- Verify build is tagged
- Record if tag ($DRONE_TAG) is prerelease
- name: Check out code
image: alpine/git:latest
pull: if-not-exists
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "$DRONE_TAG"
depends_on:
- Verify build is tagged
- Record if tag ($DRONE_TAG) is prerelease
- name: Build major, minor, and full semvers
image: alpine
commands:
- mkdir -pv $(dirname "/go/var/major-version")
- echo $DRONE_TAG | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version"
- echo $(cat "/go/var/major-version")
- mkdir -pv $(dirname "/go/var/minor-version")
- echo $DRONE_TAG | sed 's/v//' | cut -d'.' -f "1,2" > "/go/var/minor-version"
- echo $(cat "/go/var/minor-version")
- mkdir -pv $(dirname "/go/var/full-version")
- echo $DRONE_TAG | sed 's/v//' > "/go/var/full-version"
- echo $(cat "/go/var/full-version")
depends_on:
- Verify build is tagged
- Record if tag ($DRONE_TAG) is prerelease
- name: Assume ECR - staging AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-staging
environment:
AWS_ACCESS_KEY_ID:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Verify build is tagged
- Record if tag ($DRONE_TAG) is prerelease
- name: Assume ECR - production AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-production
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume ECR - staging AWS Role
- Verify build is tagged
- Record if tag ($DRONE_TAG) is prerelease
- name: Pull teleport:v14-amd64 and push it to Local Registry
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-amd64
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-amd64 drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
- docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- Record if tag ($DRONE_TAG) is prerelease
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - production AWS Role
- name: Pull teleport:v14-arm and push it to Local Registry
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-arm
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-arm drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- Record if tag ($DRONE_TAG) is prerelease
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - production AWS Role
- name: Pull teleport:v14-arm64 and push it to Local Registry
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-arm64
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-arm64 drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
- docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- Record if tag ($DRONE_TAG) is prerelease
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - production AWS Role
- name: Tag and push image "teleport:v14-amd64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport:v14-amd64 and push it to Local Registry
- name: Tag and push image "teleport:v14-arm" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport:v14-arm and push it to Local Registry
- name: Tag and push image "teleport:v14-arm64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport:v14-arm64 and push it to Local Registry
- name: Create manifest and push "teleport:major" to ECR - production
image: docker
commands:
- printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
] && echo "skipping" || echo "continuing"
- '[ -f /go/vars/release-is-prerelease ] && exit 0'
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v14-amd64" to ECR - production
- Tag and push image "teleport:v14-arm" to ECR - production
- Tag and push image "teleport:v14-arm64" to ECR - production
- name: Create manifest and push "teleport:minor" to ECR - production
image: docker
commands:
- printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
] && echo "skipping" || echo "continuing"
- '[ -f /go/vars/release-is-prerelease ] && exit 0'
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v14-amd64" to ECR - production
- Tag and push image "teleport:v14-arm" to ECR - production
- Tag and push image "teleport:v14-arm64" to ECR - production
- name: Create manifest and push "teleport:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker
manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v14-amd64" to ECR - production
- Tag and push image "teleport:v14-arm" to ECR - production
- Tag and push image "teleport:v14-arm64" to ECR - production
- name: Pull teleport-ent:v14-amd64 and push it to Local Registry
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64 drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
- docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- Record if tag ($DRONE_TAG) is prerelease
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - production AWS Role
- name: Pull teleport-ent:v14-arm and push it to Local Registry
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
- docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- Record if tag ($DRONE_TAG) is prerelease
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - production AWS Role
- name: Pull teleport-ent:v14-arm64 and push it to Local Registry
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64 drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
- docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- Record if tag ($DRONE_TAG) is prerelease
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - production AWS Role
- name: Tag and push image "teleport-ent:v14-amd64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-ent:v14-amd64 and push it to Local Registry
- name: Tag and push image "teleport-ent:v14-arm" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
&& docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-ent:v14-arm and push it to Local Registry
- name: Tag and push image "teleport-ent:v14-arm64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-ent:v14-arm64 and push it to Local Registry
- name: Create manifest and push "teleport-ent:major" to ECR - production
image: docker
commands:
- printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
] && echo "skipping" || echo "continuing"
- '[ -f /go/vars/release-is-prerelease ] && exit 0'
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v14-amd64" to ECR - production
- Tag and push image "teleport-ent:v14-arm" to ECR - production
- Tag and push image "teleport-ent:v14-arm64" to ECR - production
- name: Create manifest and push "teleport-ent:minor" to ECR - production
image: docker
commands:
- printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
] && echo "skipping" || echo "continuing"
- '[ -f /go/vars/release-is-prerelease ] && exit 0'
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v14-amd64" to ECR - production
- Tag and push image "teleport-ent:v14-arm" to ECR - production
- Tag and push image "teleport-ent:v14-arm64" to ECR - production
- name: Create manifest and push "teleport-ent:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v14-amd64" to ECR - production
- Tag and push image "teleport-ent:v14-arm" to ECR - production
- Tag and push image "teleport-ent:v14-arm64" to ECR - production
- name: Pull teleport-ent:v14-fips-amd64 and push it to Local Registry
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64
- docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- Record if tag ($DRONE_TAG) is prerelease
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - production AWS Role
- name: Tag and push image "teleport-ent:v14-fips-amd64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-ent:v14-fips-amd64 and push it to Local Registry
- name: Create manifest and push "teleport-ent:major-fips" to ECR - production
image: docker
commands:
- printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
] && echo "skipping" || echo "continuing"
- '[ -f /go/vars/release-is-prerelease ] && exit 0'
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v14-fips-amd64" to ECR - production
- name: Create manifest and push "teleport-ent:minor-fips" to ECR - production
image: docker
commands:
- printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
] && echo "skipping" || echo "continuing"
- '[ -f /go/vars/release-is-prerelease ] && exit 0'
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v14-fips-amd64" to ECR - production
- name: Create manifest and push "teleport-ent:full-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips)
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v14-fips-amd64" to ECR - production
- name: Pull teleport-operator:v14-amd64 and push it to Local Registry
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64 drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64
- docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- Record if tag ($DRONE_TAG) is prerelease
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - production AWS Role
- name: Pull teleport-operator:v14-arm and push it to Local Registry
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm
- docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- Record if tag ($DRONE_TAG) is prerelease
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - production AWS Role
- name: Pull teleport-operator:v14-arm64 and push it to Local Registry
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64 drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64
- docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- Record if tag ($DRONE_TAG) is prerelease
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - production AWS Role
- name: Tag and push image "teleport-operator:v14-amd64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-operator:v14-amd64 and push it to Local Registry
- name: Tag and push image "teleport-operator:v14-arm" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-operator:v14-arm and push it to Local Registry
- name: Tag and push image "teleport-operator:v14-arm64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-operator:v14-arm64 and push it to Local Registry
- name: Create manifest and push "teleport-operator:major" to ECR - production
image: docker
commands:
- printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
] && echo "skipping" || echo "continuing"
- '[ -f /go/vars/release-is-prerelease ] && exit 0'
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v14-amd64" to ECR - production
- Tag and push image "teleport-operator:v14-arm" to ECR - production
- Tag and push image "teleport-operator:v14-arm64" to ECR - production
- name: Create manifest and push "teleport-operator:minor" to ECR - production
image: docker
commands:
- printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
] && echo "skipping" || echo "continuing"
- '[ -f /go/vars/release-is-prerelease ] && exit 0'
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v14-amd64" to ECR - production
- Tag and push image "teleport-operator:v14-arm" to ECR - production
- Tag and push image "teleport-operator:v14-arm64" to ECR - production
- name: Create manifest and push "teleport-operator:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
&& docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v14-amd64" to ECR - production
- Tag and push image "teleport-operator:v14-arm" to ECR - production
- Tag and push image "teleport-operator:v14-arm64" to ECR - production
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: drone-docker-registry
image: registry:2
privileged: false
volumes: []
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline)
################################################
kind: pipeline
type: kubernetes
name: teleport-container-images-current-version-cron
environment:
DEBIAN_FRONTEND: noninteractive
trigger:
cron:
include:
- teleport-container-images-cron
repo:
include:
- gravitational/teleport
workspace:
path: /go
clone:
disable: true
steps:
- name: Find the latest available semver for v13
image: golang:1.18
commands:
- mkdir -pv "/tmp/teleport"
- cd "/tmp/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "branch/v13"
- mkdir -pv $(dirname "/go/vars/full-version-v13")
- cd "/tmp/teleport/build.assets/tooling/cmd/query-latest"
- go run . "v13" | sed 's/v//' > "/go/vars/full-version-v13"
- echo Found full semver "$(cat "/go/vars/full-version-v13")" for major version
"v13"
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
depends_on:
- Find the latest available semver for v13
- name: Wait for docker registry
image: alpine
pull: if-not-exists
commands:
- apk add curl
- timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)"
!= "200" ]; do sleep 1; done'
depends_on:
- Find the latest available semver for v13
- name: Check out code
image: alpine/git:latest
pull: if-not-exists
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "v$(cat '/go/vars/full-version-v13')"
depends_on:
- Find the latest available semver for v13
- name: Build major, minor, and full semvers
image: alpine
commands:
- mkdir -pv $(dirname "/go/var/major-version")
- echo v$(cat '/go/vars/full-version-v13') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version"
- echo $(cat "/go/var/major-version")
- mkdir -pv $(dirname "/go/var/minor-version")
- echo v$(cat '/go/vars/full-version-v13') | sed 's/v//' | cut -d'.' -f "1,2" >
"/go/var/minor-version"
- echo $(cat "/go/var/minor-version")
- mkdir -pv $(dirname "/go/var/full-version")
- echo v$(cat '/go/vars/full-version-v13') | sed 's/v//' > "/go/var/full-version"
- echo $(cat "/go/var/full-version")
depends_on:
- Find the latest available semver for v13
- name: Assume ECR - staging AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-staging
environment:
AWS_ACCESS_KEY_ID:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v13
- name: Assume ECR - authenticated-pull AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-authenticated-pull
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume ECR - staging AWS Role
- Find the latest available semver for v13
- name: Assume ECR - production AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-production
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v13
- name: Assume S3 Download AWS Role for teleport
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v13
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
image: alpine/git:latest
commands:
- mkdir -pv "/tmp/repo"
- cd "/tmp/repo"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "v$(cat '/go/vars/full-version-v13')"
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport")
- cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport"
depends_on:
- Find the latest available semver for v13
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download "teleport_v13-tag_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v13-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v13-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v13-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v13-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v13-amd64-builder" --config "/tmp/teleport-v13-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-v13-amd64-builder" --target "teleport"
--platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v13-amd64-builder"
- rm -rf "/tmp/teleport-v13-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v13-tag_amd64.deb" artifacts from S3
- name: Download "teleport_v13-tag_arm.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v13-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v13-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v13-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v13-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v13-arm-builder" --config "/tmp/teleport-v13-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-v13-arm-builder" --target "teleport"
--platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v13-arm-builder"
- rm -rf "/tmp/teleport-v13-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v13-tag_arm.deb" artifacts from S3
- name: Download "teleport_v13-tag_arm64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v13-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v13-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v13-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v13-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v13-arm64-builder" --config "/tmp/teleport-v13-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-v13-arm64-builder" --target "teleport"
--platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v13-arm64-builder"
- rm -rf "/tmp/teleport-v13-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v13-tag_arm64.deb" artifacts from S3
- name: Tag and push image "teleport:v13-amd64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v13-amd64"
- name: Tag and push image "teleport:v13-arm" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v13-arm"
- name: Tag and push image "teleport:v13-arm64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v13-arm64"
- name: Create manifest and push "teleport:major-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v13-amd64" to ECR - staging
- Tag and push image "teleport:v13-arm" to ECR - staging
- Tag and push image "teleport:v13-arm64" to ECR - staging
- name: Create manifest and push "teleport:minor-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v13-amd64" to ECR - staging
- Tag and push image "teleport:v13-arm" to ECR - staging
- Tag and push image "teleport:v13-arm64" to ECR - staging
- name: Create manifest and push "teleport:full-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v13-amd64" to ECR - staging
- Tag and push image "teleport:v13-arm" to ECR - staging
- Tag and push image "teleport:v13-arm64" to ECR - staging
- name: Tag and push image "teleport:v13-amd64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v13-amd64"
- name: Tag and push image "teleport:v13-arm" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v13-arm"
- name: Tag and push image "teleport:v13-arm64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v13-arm64"
- name: Create manifest and push "teleport:major" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v13-amd64" to ECR - production
- Tag and push image "teleport:v13-arm" to ECR - production
- Tag and push image "teleport:v13-arm64" to ECR - production
- name: Create manifest and push "teleport:minor" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v13-amd64" to ECR - production
- Tag and push image "teleport:v13-arm" to ECR - production
- Tag and push image "teleport:v13-arm64" to ECR - production
- name: Create manifest and push "teleport:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker
manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v13-amd64" to ECR - production
- Tag and push image "teleport:v13-arm" to ECR - production
- Tag and push image "teleport:v13-arm64" to ECR - production
- name: Assume S3 Download AWS Role for teleport-ent
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport-ent
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v13
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
image: alpine/git:latest
commands:
- mkdir -pv "/tmp/repo"
- cd "/tmp/repo"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "v$(cat '/go/vars/full-version-v13')"
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent")
- cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport-ent"
depends_on:
- Find the latest available semver for v13
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download "teleport-ent_v13-tag_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v13-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v13-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v13-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v13-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v13-amd64-builder" --config "/tmp/teleport-ent-v13-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-ent-v13-amd64-builder" --target
"teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v13-amd64-builder"
- rm -rf "/tmp/teleport-ent-v13-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v13-tag_amd64.deb" artifacts from S3
- name: Download "teleport-ent_v13-tag_arm.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v13-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v13-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v13-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v13-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v13-arm-builder" --config "/tmp/teleport-ent-v13-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-ent-v13-arm-builder" --target "teleport"
--platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
--file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat
"/go/var/full-version")_arm.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v13-arm-builder"
- rm -rf "/tmp/teleport-ent-v13-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v13-tag_arm.deb" artifacts from S3
- name: Download "teleport-ent_v13-tag_arm64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v13-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v13-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v13-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v13-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v13-arm64-builder" --config "/tmp/teleport-ent-v13-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-ent-v13-arm64-builder" --target
"teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v13-arm64-builder"
- rm -rf "/tmp/teleport-ent-v13-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v13-tag_arm64.deb" artifacts from S3
- name: Tag and push image "teleport-ent:v13-amd64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v13-amd64"
- name: Tag and push image "teleport-ent:v13-arm" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v13-arm"
- name: Tag and push image "teleport-ent:v13-arm64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v13-arm64"
- name: Create manifest and push "teleport-ent:major-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v13-amd64" to ECR - staging
- Tag and push image "teleport-ent:v13-arm" to ECR - staging
- Tag and push image "teleport-ent:v13-arm64" to ECR - staging
- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v13-amd64" to ECR - staging
- Tag and push image "teleport-ent:v13-arm" to ECR - staging
- Tag and push image "teleport-ent:v13-arm64" to ECR - staging
- name: Create manifest and push "teleport-ent:full-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v13-amd64" to ECR - staging
- Tag and push image "teleport-ent:v13-arm" to ECR - staging
- Tag and push image "teleport-ent:v13-arm64" to ECR - staging
- name: Tag and push image "teleport-ent:v13-amd64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v13-amd64"
- name: Tag and push image "teleport-ent:v13-arm" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
&& docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v13-arm"
- name: Tag and push image "teleport-ent:v13-arm64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v13-arm64"
- name: Create manifest and push "teleport-ent:major" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v13-amd64" to ECR - production
- Tag and push image "teleport-ent:v13-arm" to ECR - production
- Tag and push image "teleport-ent:v13-arm64" to ECR - production
- name: Create manifest and push "teleport-ent:minor" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v13-amd64" to ECR - production
- Tag and push image "teleport-ent:v13-arm" to ECR - production
- Tag and push image "teleport-ent:v13-arm64" to ECR - production
- name: Create manifest and push "teleport-ent:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v13-amd64" to ECR - production
- Tag and push image "teleport-ent:v13-arm" to ECR - production
- Tag and push image "teleport-ent:v13-arm64" to ECR - production
- name: Assume S3 Download AWS Role for teleport-ent-fips
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport-ent-fips
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v13
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for
teleport-ent-fips
image: alpine/git:latest
commands:
- mkdir -pv "/tmp/repo"
- cd "/tmp/repo"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "v$(cat '/go/vars/full-version-v13')"
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips")
- cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport-ent-fips"
depends_on:
- Find the latest available semver for v13
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download "teleport-ent_v13-tag-fips_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent-fips
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent-fips
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips
- name: Build teleport-ent-fips image "teleport-ent:v13-fips-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v13-fips-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v13-fips-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v13-fips-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v13-fips-amd64-builder" --config "/tmp/teleport-ent-v13-fips-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-ent-v13-fips-amd64-builder" --target
"teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips"
--build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v13-fips-amd64-builder"
- rm -rf "/tmp/teleport-ent-v13-fips-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v13-tag-fips_amd64.deb" artifacts from S3
- name: Tag and push image "teleport-ent:v13-fips-amd64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent-fips image "teleport-ent:v13-fips-amd64"
- name: Create manifest and push "teleport-ent:major-$TIMESTAMP-fips" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v13-fips-amd64" to ECR - staging
- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP-fips" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v13-fips-amd64" to ECR - staging
- name: Create manifest and push "teleport-ent:full-$TIMESTAMP-fips" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v13-fips-amd64" to ECR - staging
- name: Tag and push image "teleport-ent:v13-fips-amd64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent-fips image "teleport-ent:v13-fips-amd64"
- name: Create manifest and push "teleport-ent:major-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v13-fips-amd64" to ECR - production
- name: Create manifest and push "teleport-ent:minor-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v13-fips-amd64" to ECR - production
- name: Create manifest and push "teleport-ent:full-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips)
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v13-fips-amd64" to ECR - production
- name: Build teleport-operator image "teleport-operator:v13-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v13-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v13-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v13-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v13-amd64-builder" --config "/tmp/teleport-operator-v13-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-operator-v13-amd64-builder" --platform
"linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
--file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile"
--build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport14
--build-arg COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v13-amd64-builder"
- rm -rf "/tmp/teleport-operator-v13-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v13
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Build teleport-operator image "teleport-operator:v13-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v13-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v13-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v13-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v13-arm-builder" --config "/tmp/teleport-operator-v13-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-operator-v13-arm-builder" --platform
"linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
--file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile"
--build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport14
--build-arg COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v13-arm-builder"
- rm -rf "/tmp/teleport-operator-v13-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v13
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Build teleport-operator image "teleport-operator:v13-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v13-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v13-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v13-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v13-arm64-builder" --config "/tmp/teleport-operator-v13-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-operator-v13-arm64-builder" --platform
"linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
--file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile"
--build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport14
--build-arg COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v13-arm64-builder"
- rm -rf "/tmp/teleport-operator-v13-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v13
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Tag and push image "teleport-operator:v13-amd64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v13-amd64"
- name: Tag and push image "teleport-operator:v13-arm" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v13-arm"
- name: Tag and push image "teleport-operator:v13-arm64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v13-arm64"
- name: Create manifest and push "teleport-operator:major-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v13-amd64" to ECR - staging
- Tag and push image "teleport-operator:v13-arm" to ECR - staging
- Tag and push image "teleport-operator:v13-arm64" to ECR - staging
- name: Create manifest and push "teleport-operator:minor-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v13-amd64" to ECR - staging
- Tag and push image "teleport-operator:v13-arm" to ECR - staging
- Tag and push image "teleport-operator:v13-arm64" to ECR - staging
- name: Create manifest and push "teleport-operator:full-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v13-amd64" to ECR - staging
- Tag and push image "teleport-operator:v13-arm" to ECR - staging
- Tag and push image "teleport-operator:v13-arm64" to ECR - staging
- name: Tag and push image "teleport-operator:v13-amd64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v13-amd64"
- name: Tag and push image "teleport-operator:v13-arm" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v13-arm"
- name: Tag and push image "teleport-operator:v13-arm64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v13-arm64"
- name: Create manifest and push "teleport-operator:major" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v13-amd64" to ECR - production
- Tag and push image "teleport-operator:v13-arm" to ECR - production
- Tag and push image "teleport-operator:v13-arm64" to ECR - production
- name: Create manifest and push "teleport-operator:minor" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v13-amd64" to ECR - production
- Tag and push image "teleport-operator:v13-arm" to ECR - production
- Tag and push image "teleport-operator:v13-arm64" to ECR - production
- name: Create manifest and push "teleport-operator:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
&& docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v13-amd64" to ECR - production
- Tag and push image "teleport-operator:v13-arm" to ECR - production
- Tag and push image "teleport-operator:v13-arm64" to ECR - production
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: drone-docker-registry
image: registry:2
privileged: false
volumes: []
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline)
################################################
kind: pipeline
type: kubernetes
name: teleport-container-images-previous-version-1-cron
environment:
DEBIAN_FRONTEND: noninteractive
trigger:
cron:
include:
- teleport-container-images-cron
repo:
include:
- gravitational/teleport
workspace:
path: /go
clone:
disable: true
steps:
- name: Find the latest available semver for v12
image: golang:1.18
commands:
- mkdir -pv "/tmp/teleport"
- cd "/tmp/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "branch/v12"
- mkdir -pv $(dirname "/go/vars/full-version-v12")
- cd "/tmp/teleport/build.assets/tooling/cmd/query-latest"
- go run . "v12" | sed 's/v//' > "/go/vars/full-version-v12"
- echo Found full semver "$(cat "/go/vars/full-version-v12")" for major version
"v12"
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
depends_on:
- Find the latest available semver for v12
- name: Wait for docker registry
image: alpine
pull: if-not-exists
commands:
- apk add curl
- timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)"
!= "200" ]; do sleep 1; done'
depends_on:
- Find the latest available semver for v12
- name: Check out code
image: alpine/git:latest
pull: if-not-exists
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "v$(cat '/go/vars/full-version-v12')"
depends_on:
- Find the latest available semver for v12
- name: Build major, minor, and full semvers
image: alpine
commands:
- mkdir -pv $(dirname "/go/var/major-version")
- echo v$(cat '/go/vars/full-version-v12') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version"
- echo $(cat "/go/var/major-version")
- mkdir -pv $(dirname "/go/var/minor-version")
- echo v$(cat '/go/vars/full-version-v12') | sed 's/v//' | cut -d'.' -f "1,2" >
"/go/var/minor-version"
- echo $(cat "/go/var/minor-version")
- mkdir -pv $(dirname "/go/var/full-version")
- echo v$(cat '/go/vars/full-version-v12') | sed 's/v//' > "/go/var/full-version"
- echo $(cat "/go/var/full-version")
depends_on:
- Find the latest available semver for v12
- name: Assume ECR - staging AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-staging
environment:
AWS_ACCESS_KEY_ID:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v12
- name: Assume ECR - authenticated-pull AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-authenticated-pull
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume ECR - staging AWS Role
- Find the latest available semver for v12
- name: Assume ECR - production AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-production
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v12
- name: Assume S3 Download AWS Role for teleport
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v12
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
image: alpine/git:latest
commands:
- mkdir -pv "/tmp/repo"
- cd "/tmp/repo"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "v$(cat '/go/vars/full-version-v12')"
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport")
- cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport"
depends_on:
- Find the latest available semver for v12
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download "teleport_v12-tag_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v12-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v12-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v12-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v12-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v12-amd64-builder" --config "/tmp/teleport-v12-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-v12-amd64-builder" --target "teleport"
--platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v12-amd64-builder"
- rm -rf "/tmp/teleport-v12-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v12-tag_amd64.deb" artifacts from S3
- name: Download "teleport_v12-tag_arm.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v12-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v12-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v12-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v12-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v12-arm-builder" --config "/tmp/teleport-v12-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-v12-arm-builder" --target "teleport"
--platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v12-arm-builder"
- rm -rf "/tmp/teleport-v12-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v12-tag_arm.deb" artifacts from S3
- name: Download "teleport_v12-tag_arm64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v12-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v12-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v12-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v12-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v12-arm64-builder" --config "/tmp/teleport-v12-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-v12-arm64-builder" --target "teleport"
--platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v12-arm64-builder"
- rm -rf "/tmp/teleport-v12-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v12-tag_arm64.deb" artifacts from S3
- name: Tag and push image "teleport:v12-amd64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v12-amd64"
- name: Tag and push image "teleport:v12-arm" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v12-arm"
- name: Tag and push image "teleport:v12-arm64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v12-arm64"
- name: Create manifest and push "teleport:major-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v12-amd64" to ECR - staging
- Tag and push image "teleport:v12-arm" to ECR - staging
- Tag and push image "teleport:v12-arm64" to ECR - staging
- name: Create manifest and push "teleport:minor-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v12-amd64" to ECR - staging
- Tag and push image "teleport:v12-arm" to ECR - staging
- Tag and push image "teleport:v12-arm64" to ECR - staging
- name: Create manifest and push "teleport:full-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v12-amd64" to ECR - staging
- Tag and push image "teleport:v12-arm" to ECR - staging
- Tag and push image "teleport:v12-arm64" to ECR - staging
- name: Tag and push image "teleport:v12-amd64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v12-amd64"
- name: Tag and push image "teleport:v12-arm" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v12-arm"
- name: Tag and push image "teleport:v12-arm64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v12-arm64"
- name: Create manifest and push "teleport:major" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v12-amd64" to ECR - production
- Tag and push image "teleport:v12-arm" to ECR - production
- Tag and push image "teleport:v12-arm64" to ECR - production
- name: Create manifest and push "teleport:minor" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v12-amd64" to ECR - production
- Tag and push image "teleport:v12-arm" to ECR - production
- Tag and push image "teleport:v12-arm64" to ECR - production
- name: Create manifest and push "teleport:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker
manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v12-amd64" to ECR - production
- Tag and push image "teleport:v12-arm" to ECR - production
- Tag and push image "teleport:v12-arm64" to ECR - production
- name: Assume S3 Download AWS Role for teleport-ent
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport-ent
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v12
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
image: alpine/git:latest
commands:
- mkdir -pv "/tmp/repo"
- cd "/tmp/repo"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "v$(cat '/go/vars/full-version-v12')"
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent")
- cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport-ent"
depends_on:
- Find the latest available semver for v12
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download "teleport-ent_v12-tag_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v12-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v12-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v12-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v12-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v12-amd64-builder" --config "/tmp/teleport-ent-v12-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-ent-v12-amd64-builder" --target
"teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v12-amd64-builder"
- rm -rf "/tmp/teleport-ent-v12-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v12-tag_amd64.deb" artifacts from S3
- name: Download "teleport-ent_v12-tag_arm.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v12-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v12-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v12-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v12-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v12-arm-builder" --config "/tmp/teleport-ent-v12-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-ent-v12-arm-builder" --target "teleport"
--platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
--file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat
"/go/var/full-version")_arm.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v12-arm-builder"
- rm -rf "/tmp/teleport-ent-v12-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v12-tag_arm.deb" artifacts from S3
- name: Download "teleport-ent_v12-tag_arm64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v12-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v12-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v12-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v12-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v12-arm64-builder" --config "/tmp/teleport-ent-v12-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-ent-v12-arm64-builder" --target
"teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v12-arm64-builder"
- rm -rf "/tmp/teleport-ent-v12-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v12-tag_arm64.deb" artifacts from S3
- name: Tag and push image "teleport-ent:v12-amd64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v12-amd64"
- name: Tag and push image "teleport-ent:v12-arm" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v12-arm"
- name: Tag and push image "teleport-ent:v12-arm64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v12-arm64"
- name: Create manifest and push "teleport-ent:major-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v12-amd64" to ECR - staging
- Tag and push image "teleport-ent:v12-arm" to ECR - staging
- Tag and push image "teleport-ent:v12-arm64" to ECR - staging
- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v12-amd64" to ECR - staging
- Tag and push image "teleport-ent:v12-arm" to ECR - staging
- Tag and push image "teleport-ent:v12-arm64" to ECR - staging
- name: Create manifest and push "teleport-ent:full-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v12-amd64" to ECR - staging
- Tag and push image "teleport-ent:v12-arm" to ECR - staging
- Tag and push image "teleport-ent:v12-arm64" to ECR - staging
- name: Tag and push image "teleport-ent:v12-amd64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v12-amd64"
- name: Tag and push image "teleport-ent:v12-arm" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
&& docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v12-arm"
- name: Tag and push image "teleport-ent:v12-arm64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v12-arm64"
- name: Create manifest and push "teleport-ent:major" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v12-amd64" to ECR - production
- Tag and push image "teleport-ent:v12-arm" to ECR - production
- Tag and push image "teleport-ent:v12-arm64" to ECR - production
- name: Create manifest and push "teleport-ent:minor" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v12-amd64" to ECR - production
- Tag and push image "teleport-ent:v12-arm" to ECR - production
- Tag and push image "teleport-ent:v12-arm64" to ECR - production
- name: Create manifest and push "teleport-ent:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v12-amd64" to ECR - production
- Tag and push image "teleport-ent:v12-arm" to ECR - production
- Tag and push image "teleport-ent:v12-arm64" to ECR - production
- name: Assume S3 Download AWS Role for teleport-ent-fips
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport-ent-fips
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v12
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for
teleport-ent-fips
image: alpine/git:latest
commands:
- mkdir -pv "/tmp/repo"
- cd "/tmp/repo"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "v$(cat '/go/vars/full-version-v12')"
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips")
- cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport-ent-fips"
depends_on:
- Find the latest available semver for v12
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download "teleport-ent_v12-tag-fips_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent-fips
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent-fips
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips
- name: Build teleport-ent-fips image "teleport-ent:v12-fips-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v12-fips-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v12-fips-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v12-fips-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v12-fips-amd64-builder" --config "/tmp/teleport-ent-v12-fips-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-ent-v12-fips-amd64-builder" --target
"teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips"
--build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v12-fips-amd64-builder"
- rm -rf "/tmp/teleport-ent-v12-fips-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v12-tag-fips_amd64.deb" artifacts from S3
- name: Tag and push image "teleport-ent:v12-fips-amd64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent-fips image "teleport-ent:v12-fips-amd64"
- name: Create manifest and push "teleport-ent:major-$TIMESTAMP-fips" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v12-fips-amd64" to ECR - staging
- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP-fips" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v12-fips-amd64" to ECR - staging
- name: Create manifest and push "teleport-ent:full-$TIMESTAMP-fips" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v12-fips-amd64" to ECR - staging
- name: Tag and push image "teleport-ent:v12-fips-amd64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent-fips image "teleport-ent:v12-fips-amd64"
- name: Create manifest and push "teleport-ent:major-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v12-fips-amd64" to ECR - production
- name: Create manifest and push "teleport-ent:minor-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v12-fips-amd64" to ECR - production
- name: Create manifest and push "teleport-ent:full-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips)
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v12-fips-amd64" to ECR - production
- name: Build teleport-operator image "teleport-operator:v12-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v12-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v12-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v12-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v12-amd64-builder" --config "/tmp/teleport-operator-v12-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-operator-v12-amd64-builder" --platform
"linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
--file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile"
--build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport14
--build-arg COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v12-amd64-builder"
- rm -rf "/tmp/teleport-operator-v12-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v12
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Build teleport-operator image "teleport-operator:v12-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v12-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v12-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v12-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v12-arm-builder" --config "/tmp/teleport-operator-v12-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-operator-v12-arm-builder" --platform
"linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
--file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile"
--build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport14
--build-arg COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v12-arm-builder"
- rm -rf "/tmp/teleport-operator-v12-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v12
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Build teleport-operator image "teleport-operator:v12-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v12-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v12-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v12-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v12-arm64-builder" --config "/tmp/teleport-operator-v12-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-operator-v12-arm64-builder" --platform
"linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
--file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile"
--build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport14
--build-arg COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v12-arm64-builder"
- rm -rf "/tmp/teleport-operator-v12-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v12
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Tag and push image "teleport-operator:v12-amd64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v12-amd64"
- name: Tag and push image "teleport-operator:v12-arm" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v12-arm"
- name: Tag and push image "teleport-operator:v12-arm64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v12-arm64"
- name: Create manifest and push "teleport-operator:major-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v12-amd64" to ECR - staging
- Tag and push image "teleport-operator:v12-arm" to ECR - staging
- Tag and push image "teleport-operator:v12-arm64" to ECR - staging
- name: Create manifest and push "teleport-operator:minor-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v12-amd64" to ECR - staging
- Tag and push image "teleport-operator:v12-arm" to ECR - staging
- Tag and push image "teleport-operator:v12-arm64" to ECR - staging
- name: Create manifest and push "teleport-operator:full-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v12-amd64" to ECR - staging
- Tag and push image "teleport-operator:v12-arm" to ECR - staging
- Tag and push image "teleport-operator:v12-arm64" to ECR - staging
- name: Tag and push image "teleport-operator:v12-amd64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v12-amd64"
- name: Tag and push image "teleport-operator:v12-arm" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v12-arm"
- name: Tag and push image "teleport-operator:v12-arm64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v12-arm64"
- name: Create manifest and push "teleport-operator:major" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v12-amd64" to ECR - production
- Tag and push image "teleport-operator:v12-arm" to ECR - production
- Tag and push image "teleport-operator:v12-arm64" to ECR - production
- name: Create manifest and push "teleport-operator:minor" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v12-amd64" to ECR - production
- Tag and push image "teleport-operator:v12-arm" to ECR - production
- Tag and push image "teleport-operator:v12-arm64" to ECR - production
- name: Create manifest and push "teleport-operator:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
&& docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v12-amd64" to ECR - production
- Tag and push image "teleport-operator:v12-arm" to ECR - production
- Tag and push image "teleport-operator:v12-arm64" to ECR - production
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: drone-docker-registry
image: registry:2
privileged: false
volumes: []
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline)
################################################
kind: pipeline
type: kubernetes
name: teleport-container-images-previous-version-2-cron
environment:
DEBIAN_FRONTEND: noninteractive
trigger:
cron:
include:
- teleport-container-images-cron
repo:
include:
- gravitational/teleport
workspace:
path: /go
clone:
disable: true
steps:
- name: Find the latest available semver for v11
image: golang:1.18
commands:
- mkdir -pv "/tmp/teleport"
- cd "/tmp/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "branch/v11"
- mkdir -pv $(dirname "/go/vars/full-version-v11")
- cd "/tmp/teleport/build.assets/tooling/cmd/query-latest"
- go run . "v11" | sed 's/v//' > "/go/vars/full-version-v11"
- echo Found full semver "$(cat "/go/vars/full-version-v11")" for major version
"v11"
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
depends_on:
- Find the latest available semver for v11
- name: Wait for docker registry
image: alpine
pull: if-not-exists
commands:
- apk add curl
- timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)"
!= "200" ]; do sleep 1; done'
depends_on:
- Find the latest available semver for v11
- name: Check out code
image: alpine/git:latest
pull: if-not-exists
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "v$(cat '/go/vars/full-version-v11')"
depends_on:
- Find the latest available semver for v11
- name: Build major, minor, and full semvers
image: alpine
commands:
- mkdir -pv $(dirname "/go/var/major-version")
- echo v$(cat '/go/vars/full-version-v11') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version"
- echo $(cat "/go/var/major-version")
- mkdir -pv $(dirname "/go/var/minor-version")
- echo v$(cat '/go/vars/full-version-v11') | sed 's/v//' | cut -d'.' -f "1,2" >
"/go/var/minor-version"
- echo $(cat "/go/var/minor-version")
- mkdir -pv $(dirname "/go/var/full-version")
- echo v$(cat '/go/vars/full-version-v11') | sed 's/v//' > "/go/var/full-version"
- echo $(cat "/go/var/full-version")
depends_on:
- Find the latest available semver for v11
- name: Assume ECR - staging AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-staging
environment:
AWS_ACCESS_KEY_ID:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v11
- name: Assume ECR - authenticated-pull AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-authenticated-pull
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume ECR - staging AWS Role
- Find the latest available semver for v11
- name: Assume ECR - production AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-production
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v11
- name: Assume S3 Download AWS Role for teleport
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v11
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
image: alpine/git:latest
commands:
- mkdir -pv "/tmp/repo"
- cd "/tmp/repo"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "v$(cat '/go/vars/full-version-v11')"
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport")
- cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport"
depends_on:
- Find the latest available semver for v11
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download "teleport_v11-tag_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v11-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v11-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v11-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v11-amd64-builder" --config "/tmp/teleport-v11-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-v11-amd64-builder" --target "teleport"
--platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v11-amd64-builder"
- rm -rf "/tmp/teleport-v11-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v11-tag_amd64.deb" artifacts from S3
- name: Download "teleport_v11-tag_arm.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v11-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v11-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v11-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v11-arm-builder" --config "/tmp/teleport-v11-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-v11-arm-builder" --target "teleport"
--platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v11-arm-builder"
- rm -rf "/tmp/teleport-v11-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v11-tag_arm.deb" artifacts from S3
- name: Download "teleport_v11-tag_arm64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v11-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v11-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v11-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v11-arm64-builder" --config "/tmp/teleport-v11-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-v11-arm64-builder" --target "teleport"
--platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v11-arm64-builder"
- rm -rf "/tmp/teleport-v11-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v11-tag_arm64.deb" artifacts from S3
- name: Tag and push image "teleport:v11-amd64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v11-amd64"
- name: Tag and push image "teleport:v11-arm" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v11-arm"
- name: Tag and push image "teleport:v11-arm64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v11-arm64"
- name: Create manifest and push "teleport:major-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to ECR - staging
- Tag and push image "teleport:v11-arm" to ECR - staging
- Tag and push image "teleport:v11-arm64" to ECR - staging
- name: Create manifest and push "teleport:minor-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to ECR - staging
- Tag and push image "teleport:v11-arm" to ECR - staging
- Tag and push image "teleport:v11-arm64" to ECR - staging
- name: Create manifest and push "teleport:full-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to ECR - staging
- Tag and push image "teleport:v11-arm" to ECR - staging
- Tag and push image "teleport:v11-arm64" to ECR - staging
- name: Tag and push image "teleport:v11-amd64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v11-amd64"
- name: Tag and push image "teleport:v11-arm" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v11-arm"
- name: Tag and push image "teleport:v11-arm64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v11-arm64"
- name: Create manifest and push "teleport:major" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to ECR - production
- Tag and push image "teleport:v11-arm" to ECR - production
- Tag and push image "teleport:v11-arm64" to ECR - production
- name: Create manifest and push "teleport:minor" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to ECR - production
- Tag and push image "teleport:v11-arm" to ECR - production
- Tag and push image "teleport:v11-arm64" to ECR - production
- name: Create manifest and push "teleport:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker
manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to ECR - production
- Tag and push image "teleport:v11-arm" to ECR - production
- Tag and push image "teleport:v11-arm64" to ECR - production
- name: Assume S3 Download AWS Role for teleport-ent
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport-ent
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v11
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
image: alpine/git:latest
commands:
- mkdir -pv "/tmp/repo"
- cd "/tmp/repo"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "v$(cat '/go/vars/full-version-v11')"
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent")
- cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport-ent"
depends_on:
- Find the latest available semver for v11
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download "teleport-ent_v11-tag_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v11-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v11-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v11-amd64-builder" --config "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-ent-v11-amd64-builder" --target
"teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v11-amd64-builder"
- rm -rf "/tmp/teleport-ent-v11-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v11-tag_amd64.deb" artifacts from S3
- name: Download "teleport-ent_v11-tag_arm.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v11-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v11-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v11-arm-builder" --config "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-ent-v11-arm-builder" --target "teleport"
--platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
--file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat
"/go/var/full-version")_arm.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v11-arm-builder"
- rm -rf "/tmp/teleport-ent-v11-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v11-tag_arm.deb" artifacts from S3
- name: Download "teleport-ent_v11-tag_arm64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v11-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v11-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v11-arm64-builder" --config "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-ent-v11-arm64-builder" --target
"teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v11-arm64-builder"
- rm -rf "/tmp/teleport-ent-v11-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v11-tag_arm64.deb" artifacts from S3
- name: Tag and push image "teleport-ent:v11-amd64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v11-amd64"
- name: Tag and push image "teleport-ent:v11-arm" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v11-arm"
- name: Tag and push image "teleport-ent:v11-arm64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v11-arm64"
- name: Create manifest and push "teleport-ent:major-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to ECR - staging
- Tag and push image "teleport-ent:v11-arm" to ECR - staging
- Tag and push image "teleport-ent:v11-arm64" to ECR - staging
- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to ECR - staging
- Tag and push image "teleport-ent:v11-arm" to ECR - staging
- Tag and push image "teleport-ent:v11-arm64" to ECR - staging
- name: Create manifest and push "teleport-ent:full-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to ECR - staging
- Tag and push image "teleport-ent:v11-arm" to ECR - staging
- Tag and push image "teleport-ent:v11-arm64" to ECR - staging
- name: Tag and push image "teleport-ent:v11-amd64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v11-amd64"
- name: Tag and push image "teleport-ent:v11-arm" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
&& docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v11-arm"
- name: Tag and push image "teleport-ent:v11-arm64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v11-arm64"
- name: Create manifest and push "teleport-ent:major" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to ECR - production
- Tag and push image "teleport-ent:v11-arm" to ECR - production
- Tag and push image "teleport-ent:v11-arm64" to ECR - production
- name: Create manifest and push "teleport-ent:minor" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to ECR - production
- Tag and push image "teleport-ent:v11-arm" to ECR - production
- Tag and push image "teleport-ent:v11-arm64" to ECR - production
- name: Create manifest and push "teleport-ent:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to ECR - production
- Tag and push image "teleport-ent:v11-arm" to ECR - production
- Tag and push image "teleport-ent:v11-arm64" to ECR - production
- name: Assume S3 Download AWS Role for teleport-ent-fips
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport-ent-fips
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v11
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for
teleport-ent-fips
image: alpine/git:latest
commands:
- mkdir -pv "/tmp/repo"
- cd "/tmp/repo"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "v$(cat '/go/vars/full-version-v11')"
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips")
- cp "/tmp/repo/build.assets/charts/Dockerfile" "/go/build/Dockerfile-teleport-ent-fips"
depends_on:
- Find the latest available semver for v11
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download "teleport-ent_v11-tag-fips_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent-fips
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent-fips
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips
- name: Build teleport-ent-fips image "teleport-ent:v11-fips-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v11-fips-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v11-fips-amd64-builder" --config "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-ent-v11-fips-amd64-builder" --target
"teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips"
--build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v11-fips-amd64-builder"
- rm -rf "/tmp/teleport-ent-v11-fips-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v11-tag-fips_amd64.deb" artifacts from S3
- name: Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent-fips image "teleport-ent:v11-fips-amd64"
- name: Create manifest and push "teleport-ent:major-$TIMESTAMP-fips" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging
- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP-fips" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging
- name: Create manifest and push "teleport-ent:full-$TIMESTAMP-fips" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging
- name: Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent-fips image "teleport-ent:v11-fips-amd64"
- name: Create manifest and push "teleport-ent:major-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production
- name: Create manifest and push "teleport-ent:minor-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production
- name: Create manifest and push "teleport-ent:full-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips)
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production
- name: Build teleport-operator image "teleport-operator:v11-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v11-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v11-amd64-builder" --config "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-operator-v11-amd64-builder" --platform
"linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
--file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile"
--build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport14
--build-arg COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v11-amd64-builder"
- rm -rf "/tmp/teleport-operator-v11-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v11
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Build teleport-operator image "teleport-operator:v11-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v11-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v11-arm-builder" --config "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-operator-v11-arm-builder" --platform
"linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
--file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile"
--build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport14
--build-arg COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v11-arm-builder"
- rm -rf "/tmp/teleport-operator-v11-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v11
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Build teleport-operator image "teleport-operator:v11-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v11-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v11-arm64-builder" --config "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker buildx build --push --builder "teleport-operator-v11-arm64-builder" --platform
"linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
--file "/go/src/github.com/gravitational/teleport/integrations/operator/Dockerfile"
--build-arg BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport14
--build-arg COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v11-arm64-builder"
- rm -rf "/tmp/teleport-operator-v11-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v11
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Tag and push image "teleport-operator:v11-amd64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v11-amd64"
- name: Tag and push image "teleport-operator:v11-arm" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v11-arm"
- name: Tag and push image "teleport-operator:v11-arm64" to ECR - staging
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v11-arm64"
- name: Create manifest and push "teleport-operator:major-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to ECR - staging
- Tag and push image "teleport-operator:v11-arm" to ECR - staging
- Tag and push image "teleport-operator:v11-arm64" to ECR - staging
- name: Create manifest and push "teleport-operator:minor-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to ECR - staging
- Tag and push image "teleport-operator:v11-arm" to ECR - staging
- Tag and push image "teleport-operator:v11-arm64" to ECR - staging
- name: Create manifest and push "teleport-operator:full-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to ECR - staging
- Tag and push image "teleport-operator:v11-arm" to ECR - staging
- Tag and push image "teleport-operator:v11-arm64" to ECR - staging
- name: Tag and push image "teleport-operator:v11-amd64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/amd64" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v11-amd64"
- name: Tag and push image "teleport-operator:v11-arm" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v11-arm"
- name: Tag and push image "teleport-operator:v11-arm64" to ECR - production
image: docker
commands:
- docker pull --platform "linux/arm64" drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v11-arm64"
- name: Create manifest and push "teleport-operator:major" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to ECR - production
- Tag and push image "teleport-operator:v11-arm" to ECR - production
- Tag and push image "teleport-operator:v11-arm64" to ECR - production
- name: Create manifest and push "teleport-operator:minor" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to ECR - production
- Tag and push image "teleport-operator:v11-arm" to ECR - production
- Tag and push image "teleport-operator:v11-arm64" to ECR - production
- name: Create manifest and push "teleport-operator:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
&& docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to ECR - production
- Tag and push image "teleport-operator:v11-arm" to ECR - production
- Tag and push image "teleport-operator:v11-arm64" to ECR - production
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: drone-docker-registry
image: registry:2
privileged: false
volumes: []
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/relcli.go (main.relcliPipeline)
################################################
kind: pipeline
type: kubernetes
name: publish-rlz
environment:
RELCLI_IMAGE: 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/relcli:master-57a5d42-20230412T1204687
trigger:
event:
include:
- promote
target:
include:
- production
repo:
include:
- gravitational/*
clone:
disable: true
depends_on:
- promote-build
- teleport-container-images-branch-promote
- publish-os-package-repos
- promote-teleport-oci-distroless-images
- promote-teleport-hardened-amis
- promote-teleport-kube-agent-updater-oci-images
steps:
- name: Check if commit is tagged
image: alpine
commands:
- '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?''
&& exit 1)'
- name: Wait for docker
image: docker
pull: if-not-exists
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
- printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin
environment:
DOCKERHUB_PASSWORD:
from_secret: DOCKERHUB_READONLY_TOKEN
DOCKERHUB_USERNAME:
from_secret: DOCKERHUB_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: dockerconfig
path: /root/.docker
- name: Assume AWS Role
image: amazon/aws-cli
pull: if-not-exists
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Pull relcli
image: docker:cli
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker pull $RELCLI_IMAGE
environment:
AWS_DEFAULT_REGION: us-west-2
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
- name: Publish in Release API
image: docker:git
commands:
- mkdir -p /tmpfs/creds
- echo "$RELEASES_CERT" | base64 -d > "$RELCLI_CERT"
- echo "$RELEASES_KEY" | base64 -d > "$RELCLI_KEY"
- trap "rm -rf /tmpfs/creds" EXIT
- |-
docker run -i -v /tmpfs/creds:/tmpfs/creds \
-e DRONE_REPO -e DRONE_TAG -e RELCLI_BASE_URL -e RELCLI_CERT -e RELCLI_KEY \
$RELCLI_IMAGE auto_publish -f -v 6
environment:
RELCLI_BASE_URL: https://releases-prod.platform.teleport.sh
RELCLI_CERT: /tmpfs/creds/releases.crt
RELCLI_KEY: /tmpfs/creds/releases.key
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
volumes:
- name: dockersock
path: /var/run
- name: tmpfs
path: /tmpfs
- name: awsconfig
path: /root/.aws
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
volumes:
- name: tmpfs
temp:
medium: memory
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: dockerconfig
temp: {}
image_pull_secrets:
- DOCKERHUB_CREDENTIALS
---
kind: signature
hmac: 63429af209bce97709198988b9aea6e920c092c0d05a73cd7cea10cdbb8f9121
...
Reference in a new issue View git blame Copy permalink