self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-20 17:23:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
teleport/.drone.yml
Rafał Cieślak 726330f5b2
Remove DEBUG env var from Connect macOS dronegen (#18899) 
It was added in effort to debug flaky Connect builds (#15836).

However, we discovered that the v11.1.0 macOS version of Connect stopped
working. This was likely due to upgrade of electron-builder which recently
updated its process of building native deps
(electron-userland/electron-builder#7196).

In the Node.js ecosystem, the DEBUG env var is typically used to control
which packages emit debug messages [1]. However, after the update of
electron-builder, the env var also changed the behavior of one of the
packages responsible for building the apps.

This was confirmed by inspecting file tree between different app bundles
and running the build locally with DEBUG set to electron-*.

[1] https://www.npmjs.com/package/debug
2022-11-30 18:02:53 +01:00

18273 lines
759 KiB
YAML
Raw Blame History

---
kind: pipeline
type: kubernetes
name: update-docs-webhook
trigger:
event:
include:
- push
exclude:
- pull_request
branch:
include:
- master
- branch/*
repo:
include:
- gravitational/teleport
clone:
disable: true
steps:
- name: Trigger docs deployment
image: plugins/webhook
settings:
urls:
from_secret: DOCS_DEPLOY_HOOK
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/push.go (main.pushPipeline)
################################################
kind: pipeline
type: kubernetes
name: push-build-linux-amd64
environment:
BUILDBOX_VERSION: teleport12
GID: "1000"
RUNTIME: go1.19.2
UID: "1000"
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/webapps
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- git submodule update --init webassets || true
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- mkdir -pv /go/cache
- cd /go/src/github.com/gravitational/webapps
- git clone https://github.com/gravitational/webapps.git .
- git checkout "$(/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh)"
- git submodule update --init packages/webapps.e
- cd -
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- make -C build.assets release-amd64-centos7
- make -C build.assets teleterm
environment:
ARCH: amd64
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Send Slack notification
image: plugins/slack
settings:
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
template:
- |
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
`${DRONE_STAGE_NAME}` artifact build failed.
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
<{{ build.link }}|Visit Drone build page ↗>
when:
status:
- failure
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/push.go (main.pushPipeline)
################################################
kind: pipeline
type: kubernetes
name: push-build-linux-386
environment:
BUILDBOX_VERSION: teleport12
GID: "1000"
RUNTIME: go1.19.2
UID: "1000"
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- git submodule update --init webassets || true
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- mkdir -pv /go/cache
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-386
environment:
ARCH: "386"
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Send Slack notification
image: plugins/slack
settings:
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
template:
- |
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
`${DRONE_STAGE_NAME}` artifact build failed.
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
<{{ build.link }}|Visit Drone build page ↗>
when:
status:
- failure
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/push.go (main.pushPipeline)
################################################
kind: pipeline
type: kubernetes
name: push-build-linux-amd64-fips
environment:
BUILDBOX_VERSION: teleport12
GID: "1000"
RUNTIME: go1.19.2
UID: "1000"
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- git submodule update --init webassets || true
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- mkdir -pv /go/cache
- rm -f /root/.ssh/id_rsa
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- make -C build.assets release-amd64-centos7-fips
environment:
ARCH: amd64
FIPS: "yes"
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Send Slack notification
image: plugins/slack
settings:
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
template:
- |
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
`${DRONE_STAGE_NAME}` artifact build failed.
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
<{{ build.link }}|Visit Drone build page ↗>
when:
status:
- failure
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/push.go (main.pushPipeline)
################################################
kind: pipeline
type: kubernetes
name: push-build-windows-amd64
environment:
BUILDBOX_VERSION: teleport12
GID: "1000"
RUNTIME: go1.19.2
UID: "1000"
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- git submodule update --init webassets || true
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- mkdir -pv /go/cache
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-windows-unsigned
environment:
ARCH: amd64
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: windows
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Send Slack notification
image: plugins/slack
settings:
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
template:
- |
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
`${DRONE_STAGE_NAME}` artifact build failed.
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
<{{ build.link }}|Visit Drone build page ↗>
when:
status:
- failure
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/mac.go (main.newDarwinPipeline)
################################################
kind: pipeline
type: exec
name: push-build-darwin-amd64
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: /tmp/push-build-darwin-amd64
platform:
os: darwin
arch: amd64
clone:
disable: true
concurrency:
limit: 1
steps:
- name: Set up exec runner storage
commands:
- set -u
- mkdir -p $WORKSPACE_DIR
- chmod -R u+rw $WORKSPACE_DIR
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
environment:
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
- name: Check out code
commands:
- set -u
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
- git clone https://github.com/gravitational/webapps.git .
- git checkout $($WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh)
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
-F /dev/null' git submodule update --init packages/webapps.e
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
-F /dev/null' git submodule update --init e
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
-F /dev/null' git submodule update --init --recursive webassets || true
- rm -rf $WORKSPACE_DIR/.ssh
- mkdir -p $WORKSPACE_DIR/go/cache
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
- name: Install Go Toolchain
commands:
- set -u
- mkdir -p /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
- curl --silent -O https://dl.google.com/go/$RUNTIME.darwin-amd64.tar.gz
- tar -C /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains -xzf $RUNTIME.darwin-amd64.tar.gz
- rm -rf $RUNTIME.darwin-amd64.tar.gz
environment:
RUNTIME: go1.19.2
- name: Install Rust Toolchain
commands:
- set -u
- export PATH=/Users/$(whoami)/.cargo/bin:$PATH
- mkdir -p /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
print-rust-version)
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
- export RUST_HOME=$CARGO_HOME
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
- rustup toolchain install $RUST_VERSION
environment:
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
- name: Install Node Toolchain
commands:
- set -u
- export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
print-node-version)
- export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
- export NODE_DIR=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64
- mkdir -p $TOOLCHAIN_DIR
- curl --silent -O https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-darwin-x64.tar.gz
- tar -C $TOOLCHAIN_DIR -xzf node-v$NODE_VERSION-darwin-x64.tar.gz
- rm -f node-v$NODE_VERSION-darwin-x64.tar.gz
- export PATH=$NODE_DIR/bin:$PATH
- corepack enable yarn
- echo Node reporting version $(node --version)
- echo Yarn reporting version $(yarn --version)
environment:
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
- name: Build Mac artifacts (binaries and Teleport Connect)
commands:
- set -u
- export HOME=/Users/$(whoami)
- export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
- export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
print-node-version)
- export NODE_HOME=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64
- export PATH=$NODE_HOME/bin:$PATH
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
print-rust-version)
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
- export RUST_HOME=$CARGO_HOME
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
- export PATH=$CARGO_HOME/bin:/Users/build/.cargo/bin:$PATH
- rustup override set $RUST_VERSION
- export PATH=$TOOLCHAIN_DIR/go/bin:$PATH
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- build.assets/build-fido2-macos.sh build
- export PKG_CONFIG_PATH="$(build.assets/build-fido2-macos.sh pkg_config_path)"
- make clean release OS=$OS ARCH=$ARCH FIDO2=yes TOUCHID=yes PIV=yes
- export VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
print-version)
- export BUILD_NUMBER=$DRONE_BUILD_NUMBER
- security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain
- security find-identity -v
- export CSC_NAME=0FFD3E3413AB4C599C53FBB1D8CA690915E33D83
- export CONNECT_TSH_BIN_PATH=$WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build/tsh
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
- yarn install && yarn build-term && yarn package-term -c.extraMetadata.version=$VERSION
environment:
ARCH: amd64
BUILDBOX_PASSWORD:
from_secret: BUILDBOX_PASSWORD
GOCACHE: /tmp/push-build-darwin-amd64/go/cache
GOPATH: /tmp/push-build-darwin-amd64/go
OS: darwin
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
- name: Clean up toolchains (post)
commands:
- set -u
- export PATH=/Users/$(whoami)/.cargo/bin:$PATH
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
- export RUST_HOME=$CARGO_HOME
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
print-rust-version)
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- rustup override unset
- rustup toolchain uninstall $RUST_VERSION
- rm -rf /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED
environment:
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
when:
status:
- success
- failure
- name: Clean up exec runner storage (post)
commands:
- set -u
- chmod -R u+rw $WORKSPACE_DIR
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
environment:
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
- name: Send Slack notification (exec)
commands:
- |2
export DRONE_BUILD_LINK="${DRONE_SYSTEM_PROTO}://${DRONE_SYSTEM_HOSTNAME}/${DRONE_REPO_OWNER}/${DRONE_REPO_NAME}/${DRONE_BUILD_NUMBER}"
export GOOS=$(go env GOOS)
export GOARCH=$(go env GOARCH)
- |2-
curl -sL -X POST -H 'Content-type: application/json' --data "{\"text\":\"Warning: \`${GOOS}-${GOARCH}\` artifact build failed for [\`${DRONE_REPO_NAME}\`] - please investigate immediately!\nBranch: \`${DRONE_BRANCH}\`\nCommit: \`${DRONE_COMMIT_SHA}\`\nLink: $DRONE_BUILD_LINK\"}" $SLACK_WEBHOOK_DEV_TELEPORT
environment:
SLACK_WEBHOOK_DEV_TELEPORT:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
when:
status:
- failure
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/windows.go (main.newWindowsPipeline)
################################################
kind: pipeline
type: exec
name: push-build-native-windows-amd64
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: C:/Drone/Workspace/push-build-native-windows-amd64
platform:
os: windows
arch: amd64
node:
buildbox_version: teleport12
clone:
disable: true
steps:
- name: Check out Teleport
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- $WebappsSrc = "$Workspace/go/src/github.com/gravitational/webapps"
- $TeleportRev = if ($Env:DRONE_TAG -ne $null) { $Env:DRONE_TAG } else { $Env:DRONE_COMMIT
}
- New-Item -Path $TeleportSrc -ItemType Directory | Out-Null
- cd $TeleportSrc
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout $TeleportRev
- New-Item -Path $WebappsSrc -ItemType Directory | Out-Null
- cd $WebappsSrc
- git clone https://github.com/gravitational/webapps.git .
- git checkout $(& $TeleportSrc/build.assets/webapps/webapps-version.ps1)
environment:
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
- name: Checkout Submodules
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- $WebappsSrc = "$Workspace/go/src/github.com/gravitational/webapps"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Enable-Git -Workspace $Workspace -PrivateKey $Env:GITHUB_PRIVATE_KEY
- cd $TeleportSrc
- git submodule update --init e
- git submodule update --init --recursive webassets
- cd $WebappsSrc
- git submodule update --init packages/webapps.e
- Reset-Git -Workspace $Workspace
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
- name: Install Node Toolchain
commands:
- $ProgressPreference = 'SilentlyContinue'
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Push-Location "$TeleportSrc/build.assets"
- $NodeVersion = $(make print-node-version).Trim()
- Pop-Location
- Install-Node -NodeVersion $NodeVersion -ToolchainDir "$Workspace/toolchains"
environment:
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
- name: Install Go Toolchain
commands:
- $ProgressPreference = 'SilentlyContinue'
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Push-Location "$TeleportSrc/build.assets"
- $GoVersion = $(make print-go-version).TrimStart("go")
- Pop-Location
- Install-Go -GoVersion $GoVersion -ToolchainDir "$Workspace/toolchains"
environment:
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
- name: Build tsh
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $Env:GOCACHE = "$Workspace/gocache"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Enable-Go -ToolchainDir "$Workspace/toolchains"
- cd $TeleportSrc
- $Env:GCO_ENABLED=1
- go build -o build/tsh-unsigned.exe ./tool/tsh
environment:
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
- name: Sign tsh
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- cd $TeleportSrc
- ([System.Convert]::FromBase64String($ENV:WINDOWS_SIGNING_CERT)) | Set-Content
windows-signing-cert.pfx -Encoding Byte
- '& ''C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe''
sign /f windows-signing-cert.pfx /d Teleport /t http://timestamp.digicert.com
/du https://goteleport.com /fd sha256 build\tsh-unsigned.exe'
- mv build\tsh-unsigned.exe build\tsh.exe
- rm -r windows-signing-cert.pfx
environment:
WINDOWS_SIGNING_CERT:
from_secret: WINDOWS_SIGNING_CERT
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
- name: Build Teleport Connect
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- $WebappsSrc = "$Workspace/go/src/github.com/gravitational/webapps"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Enable-Node -ToolchainDir "$Workspace/toolchains"
- Push-Location $TeleportSrc
- $TeleportVersion=$(make print-version).Trim()
- Pop-Location
- cd $WebappsSrc
- $Env:CONNECT_TSH_BIN_PATH="$TeleportSrc\build\tsh.exe"
- yarn install --frozen-lockfile
- yarn build-term
- yarn package-term "-c.extraMetadata.version=$TeleportVersion"
environment:
CSC_LINK:
from_secret: WINDOWS_SIGNING_CERT
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
- name: Clean up workspace (post)
commands:
- $ErrorActionPreference = 'Continue'
- Remove-Item -Recurse -Force -Path "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
environment:
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
when:
status:
- success
- failure
- name: Send Slack notification (exec)
commands:
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Send-ErrorMessage
environment:
SLACK_WEBHOOK_DEV_TELEPORT:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
when:
status:
- failure
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/relcli.go (main.relcliPipeline)
################################################
kind: pipeline
type: kubernetes
name: clean-up-previous-build
environment:
RELCLI_IMAGE: 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/relcli:v1.1.76-35e77b7-20221117T1411084
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
clone:
disable: true
steps:
- name: Check if commit is tagged
image: alpine
commands:
- '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?''
&& exit 1)'
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Assume AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Pull relcli
image: docker:cli
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker pull $RELCLI_IMAGE
environment:
AWS_DEFAULT_REGION: us-west-2
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
- name: Clean up previously built artifacts
image: docker:git
commands:
- mkdir -p /tmpfs/creds
- echo "$RELEASES_CERT" | base64 -d > "$RELCLI_CERT"
- echo "$RELEASES_KEY" | base64 -d > "$RELCLI_KEY"
- trap "rm -rf /tmpfs/creds" EXIT
- |-
docker run -i -v /tmpfs/creds:/tmpfs/creds \
-e DRONE_REPO -e DRONE_TAG -e RELCLI_BASE_URL -e RELCLI_CERT -e RELCLI_KEY \
$RELCLI_IMAGE relcli auto_destroy -f -v 6
environment:
RELCLI_BASE_URL: https://releases-prod.platform.teleport.sh
RELCLI_CERT: /tmpfs/creds/releases.crt
RELCLI_KEY: /tmpfs/creds/releases.key
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
volumes:
- name: dockersock
path: /var/run
- name: tmpfs
path: /tmpfs
- name: awsconfig
path: /root/.aws
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: tmpfs
temp:
medium: memory
- name: awsconfig
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/windows.go (main.newWindowsPipeline)
################################################
kind: pipeline
type: exec
name: build-native-windows-amd64
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: C:/Drone/Workspace/build-native-windows-amd64
platform:
os: windows
arch: amd64
node:
buildbox_version: teleport12
clone:
disable: true
depends_on:
- clean-up-previous-build
concurrency:
limit: 1
steps:
- name: Check out Teleport
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- $WebappsSrc = "$Workspace/go/src/github.com/gravitational/webapps"
- $TeleportRev = if ($Env:DRONE_TAG -ne $null) { $Env:DRONE_TAG } else { $Env:DRONE_COMMIT
}
- New-Item -Path $TeleportSrc -ItemType Directory | Out-Null
- cd $TeleportSrc
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout $TeleportRev
- New-Item -Path $WebappsSrc -ItemType Directory | Out-Null
- cd $WebappsSrc
- git clone https://github.com/gravitational/webapps.git .
- git checkout $(& $TeleportSrc/build.assets/webapps/webapps-version.ps1)
environment:
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Checkout Submodules
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- $WebappsSrc = "$Workspace/go/src/github.com/gravitational/webapps"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Enable-Git -Workspace $Workspace -PrivateKey $Env:GITHUB_PRIVATE_KEY
- cd $TeleportSrc
- git submodule update --init e
- git submodule update --init --recursive webassets
- cd $WebappsSrc
- git submodule update --init packages/webapps.e
- Reset-Git -Workspace $Workspace
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Install Node Toolchain
commands:
- $ProgressPreference = 'SilentlyContinue'
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Push-Location "$TeleportSrc/build.assets"
- $NodeVersion = $(make print-node-version).Trim()
- Pop-Location
- Install-Node -NodeVersion $NodeVersion -ToolchainDir "$Workspace/toolchains"
environment:
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Install Go Toolchain
commands:
- $ProgressPreference = 'SilentlyContinue'
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Push-Location "$TeleportSrc/build.assets"
- $GoVersion = $(make print-go-version).TrimStart("go")
- Pop-Location
- Install-Go -GoVersion $GoVersion -ToolchainDir "$Workspace/toolchains"
environment:
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Build tsh
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $Env:GOCACHE = "$Workspace/gocache"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Enable-Go -ToolchainDir "$Workspace/toolchains"
- cd $TeleportSrc
- $Env:GCO_ENABLED=1
- go build -o build/tsh-unsigned.exe ./tool/tsh
environment:
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Sign tsh
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- cd $TeleportSrc
- ([System.Convert]::FromBase64String($ENV:WINDOWS_SIGNING_CERT)) | Set-Content
windows-signing-cert.pfx -Encoding Byte
- '& ''C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe''
sign /f windows-signing-cert.pfx /d Teleport /t http://timestamp.digicert.com
/du https://goteleport.com /fd sha256 build\tsh-unsigned.exe'
- mv build\tsh-unsigned.exe build\tsh.exe
- rm -r windows-signing-cert.pfx
environment:
WINDOWS_SIGNING_CERT:
from_secret: WINDOWS_SIGNING_CERT
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Build Teleport Connect
commands:
- $ErrorActionPreference = 'Stop'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- $WebappsSrc = "$Workspace/go/src/github.com/gravitational/webapps"
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Enable-Node -ToolchainDir "$Workspace/toolchains"
- Push-Location $TeleportSrc
- $TeleportVersion=$(make print-version).Trim()
- Pop-Location
- cd $WebappsSrc
- $Env:CONNECT_TSH_BIN_PATH="$TeleportSrc\build\tsh.exe"
- yarn install --frozen-lockfile
- yarn build-term
- yarn package-term "-c.extraMetadata.version=$TeleportVersion"
environment:
CSC_LINK:
from_secret: WINDOWS_SIGNING_CERT
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Assume AWS Role
commands:
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- $AwsSharedCredentialsFile = "$Workspace/credentials"
- $SessionName = "drone-$Env:DRONE_REPO-$Env:DRONE_BUILD_NUMBER".replace("/", "-")
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Get-STSCallerIdentity
- Save-Role -RoleArn $Env:AWS_ROLE -RoleSessionName $SessionName -FilePath $AwsSharedCredentialsFile
- 'Get-ChildItem -Path Env: | Where-Object {($_.Name -Like "AWS_SECRET_ACCESS_KEY")
-or ($_.Name -Like "AWS_ACCESS_KEY_ID") } | Remove-Item'
- Get-STSCallerIdentity -ProfileLocation $AwsSharedCredentialsFile
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Upload Artifacts
commands:
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- $WebappsSrc = "$Workspace/go/src/github.com/gravitational/webapps"
- $TeleportVersion=$Env:DRONE_TAG.TrimStart('v')
- $AwsSharedCredentialsFile = "$Workspace/credentials"
- $OutputsDir="$Workspace/outputs"
- New-Item -Path "$OutputsDir" -ItemType 'Directory' | Out-Null
- Get-ChildItem "$WebappsSrc/packages/teleterm/build/release
- Copy-Item -Path "$WebappsSrc/packages/teleterm/build/release/Teleport Connect
Setup*.exe" -Destination $OutputsDir
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Format-FileHashes -PathGlob "$OutputsDir/*.exe"
- Copy-Artifacts -ProfileLocation $AwsSharedCredentialsFile -Path $OutputsDir -Bucket
$Env:AWS_S3_BUCKET -DstRoot "/teleport/tag/$TeleportVersion"
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Register artifacts
commands:
- $ErrorActionPreference = 'Stop'
- $ProgressPreference = 'SilentlyContinue'
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
- $OutputsDir = "$Workspace/outputs"
- $relcliUrl = 'https://cdn.teleport.dev/relcli-v1.1.76-windows.exe'
- $relcliSha256 = '56dfdd9d1a09aac892fcd48eba035072dc6c151eaa2e1b21cf54786bb3c09520'
- . "$TeleportSrc/build.assets/windows/build.ps1"
- Get-Relcli -Url $relcliUrl -Sha256 $relcliSha256 -Workspace $Workspace
- Register-Artifacts -Workspace $Workspace -Outputs $OutputsDir
environment:
RELCLI_BASE_URL: https://releases-prod.platform.teleport.sh
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
- name: Clean up workspace (post)
commands:
- $ErrorActionPreference = 'Continue'
- Remove-Item -Recurse -Force -Path "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
environment:
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
when:
status:
- success
- failure
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/push.go (main.pushPipeline)
################################################
kind: pipeline
type: kubernetes
name: push-build-linux-arm
environment:
BUILDBOX_VERSION: teleport12
GID: "1000"
RUNTIME: go1.19.2
UID: "1000"
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- git submodule update --init webassets || true
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- mkdir -pv /go/cache
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-arm
environment:
ARCH: arm
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Send Slack notification
image: plugins/slack
settings:
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
template:
- |
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
`${DRONE_STAGE_NAME}` artifact build failed.
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
<{{ build.link }}|Visit Drone build page ↗>
when:
status:
- failure
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/push.go (main.pushPipeline)
################################################
kind: pipeline
type: kubernetes
name: push-build-linux-arm64
environment:
BUILDBOX_VERSION: teleport12
GID: "1000"
RUNTIME: go1.19.2
UID: "1000"
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_COMMIT_SHA}"
- git submodule update --init webassets || true
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- mkdir -pv /go/cache
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-arm64
environment:
ARCH: arm64
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Send Slack notification
image: plugins/slack
settings:
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
template:
- |
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
`${DRONE_STAGE_NAME}` artifact build failed.
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
<{{ build.link }}|Visit Drone build page ↗>
when:
status:
- failure
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: teleport-docker-cron
trigger:
cron:
- teleport-docker-cron
repo:
include:
- gravitational/teleport
workspace:
path: /go
clone:
disable: false
steps:
- name: Set up variables and Dockerfile
image: docker:git
environment:
# increment these variables when a new major/minor version is released to bump the automatic builds
# this only needs to be done on the master branch, as that's the branch that the Drone cron is configured for
# build major version images which are just teleport:x
CURRENT_VERSION_ROOT: v11
PREVIOUS_VERSION_ONE_ROOT: v10
PREVIOUS_VERSION_TWO_ROOT: v9
commands:
- apk --update --no-cache add curl go
- mkdir -p /go/build && cd /go/build
# CURRENT_VERSION
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $CURRENT_VERSION_ROOT > /go/build/CURRENT_VERSION_TAG.txt)
- echo "$(cat /go/build/CURRENT_VERSION_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/CURRENT_VERSION_TAG_GENERIC.txt
# PREVIOUS_VERSION_ONE
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_ONE_ROOT > /go/build/PREVIOUS_VERSION_ONE_TAG.txt)
- echo "$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt
# PREVIOUS_VERSION_TWO
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_TWO_ROOT > /go/build/PREVIOUS_VERSION_TWO_TAG.txt)
- echo "$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt
# list versions
- for FILE in /go/build/*.txt; do echo $FILE; cat $FILE; done
# wait for Docker to be ready
- sleep 3
- name: Build/push Teleport Lab Docker image
image: docker:git
environment:
OS: linux
ARCH: amd64
settings:
username:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
password:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
volumes:
- name: dockersock
path: /var/run
commands:
- export TELEPORT_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt | tr -d '^v')
- export TELEPORT_LAB_IMAGE_NAME="quay.io/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
# Check out code
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git init && git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin
- git checkout -qf ${DRONE_COMMIT_SHA}
# Build and push Teleport lab image
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
- docker build --build-arg TELEPORT_TAG=$TELEPORT_TAG -t $TELEPORT_LAB_IMAGE_NAME /go/src/github.com/gravitational/teleport/docker/sshd
- docker push $TELEPORT_LAB_IMAGE_NAME
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: teleport-docker-cron-ecr
trigger:
cron:
- teleport-docker-cron-ecr
repo:
include:
- gravitational/teleport
workspace:
path: /go
clone:
disable: false
steps:
- name: Set up variables and Dockerfile
image: docker:git
environment:
# increment these variables when a new major/minor version is released to bump the automatic builds
# this only needs to be done on the master branch, as that's the branch that the Drone cron is configured for
# build major version images which are just teleport:x
CURRENT_VERSION_ROOT: v11
PREVIOUS_VERSION_ONE_ROOT: v10
PREVIOUS_VERSION_TWO_ROOT: v9
commands:
- apk --update --no-cache add curl go
- mkdir -p /go/build && cd /go/build
# CURRENT_VERSION
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $CURRENT_VERSION_ROOT > /go/build/CURRENT_VERSION_TAG.txt)
- echo "$(cat /go/build/CURRENT_VERSION_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/CURRENT_VERSION_TAG_GENERIC.txt
# PREVIOUS_VERSION_ONE
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_ONE_ROOT > /go/build/PREVIOUS_VERSION_ONE_TAG.txt)
- echo "$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt
# PREVIOUS_VERSION_TWO
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_TWO_ROOT > /go/build/PREVIOUS_VERSION_TWO_TAG.txt)
- echo "$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt
# list versions
- for FILE in /go/build/*.txt; do echo $FILE; cat $FILE; done
# wait for Docker to be ready
- sleep 3
- name: Configure Staging AWS Profile
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile staging
environment:
AWS_ACCESS_KEY_ID:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
AWS_SECRET_ACCESS_KEY:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
AWS_ROLE:
from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Configure Production AWS Profile
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile production
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
AWS_ROLE:
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Build/push Teleport Lab Docker image
image: docker:git
environment:
OS: linux
ARCH: amd64
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
commands:
- apk add --no-cache aws-cli
- export CURRENT_DATE=$(date '+%Y%m%d%H%M')
- export TELEPORT_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt | tr -d '^v')
- export TELEPORT_LAB_IMAGE_NAME_STAGING="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-$CURRENT_DATE"
- export TELEPORT_LAB_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
# Check out code
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git init && git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin
- git checkout -qf ${DRONE_COMMIT_SHA}
# Authenticate to staging registry
- aws ecr get-login-password --profile staging --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
# Build and push image
- docker build --build-arg TELEPORT_TAG=$TELEPORT_TAG -t $TELEPORT_LAB_IMAGE_NAME_STAGING /go/src/github.com/gravitational/teleport/docker/sshd
- docker push $TELEPORT_LAB_IMAGE_NAME_STAGING
# Authenticate to production registry
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
- aws ecr-public get-login-password --profile production --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws
# Push to production registry
- docker tag $TELEPORT_LAB_IMAGE_NAME_STAGING $TELEPORT_LAB_IMAGE_NAME_PROD
- docker push $TELEPORT_LAB_IMAGE_NAME_PROD
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: awsconfig
temp: {}
---
kind: pipeline
type: kubernetes
name: teleport-helm-cron
trigger:
cron:
- teleport-helm-cron
repo:
include:
- gravitational/teleport
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: alpine/git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_COMMIT}
- mkdir -p /go/chart
- cd /go/chart
- name: Assume AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: PRODUCTION_CHARTS_AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Download chart repo contents
image: amazon/aws-cli
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
commands:
- mkdir -p /go/chart
# download all previously packaged chart versions from the S3 bucket
- aws s3 sync s3://$AWS_S3_BUCKET/ /go/chart
- name: Package helm charts
image: alpine/helm:latest
commands:
- cd /go/chart
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-cluster
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-kube-agent
# copy index.html to root of the S3 bucket
- cp /go/src/github.com/gravitational/teleport/examples/chart/index.html /go/chart
# this will index all previous versions of the charts downloaded from the S3 bucket,
# plus the just-packaged charts listed above
- helm repo index /go/chart
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/chart
- aws s3 sync . s3://$AWS_S3_BUCKET/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Send Slack notification
image: plugins/slack
settings:
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
template: |
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
Details: The `teleport-helm-cron` job in Drone failed to publish Helm charts to S3. This is unusual and should be investigated.
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ build.branch }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
<{{ build.link }}|Visit Drone build page ↗>
when:
status: [failure]
volumes:
- name: awsconfig
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-centos7
environment:
BUILDBOX_VERSION: teleport12
RUNTIME: go1.19.2
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-amd64-centos7
environment:
ARCH: amd64
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- export VERSION=$(cat /go/.version.txt)
- mv /go/artifacts/teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
- mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Assume AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 64-bit (RHEL/CentOS 7.x compatible)"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-centos7-fips
environment:
BUILDBOX_VERSION: teleport12
RUNTIME: go1.19.2
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- make -C build.assets release-amd64-centos7-fips
environment:
ARCH: amd64
FIPS: "yes"
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- export VERSION=$(cat /go/.version.txt)
- mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos7-fips-bin.tar.gz
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Assume AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 64-bit (RHEL/CentOS 7.x compatible, FedRAMP/FIPS)"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64
environment:
BUILDBOX_VERSION: teleport12
RUNTIME: go1.19.2
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/webapps
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- cd /go/src/github.com/gravitational/webapps
- git clone https://github.com/gravitational/webapps.git .
- git checkout "$(/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh)"
- git submodule update --init packages/webapps.e
- cd -
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- make -C build.assets release-amd64-centos7
- make -C build.assets teleterm
environment:
ARCH: amd64
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- find /go/src/github.com/gravitational/webapps/packages/teleterm/build/release
-maxdepth 1 \( -iname "teleport-connect*.tar.gz" -o -iname "teleport-connect*.rpm"
-o -iname "teleport-connect*.deb" \) -print -exec cp {} /go/artifacts/ \;
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- |-
cd /go/artifacts && for FILE in teleport-connect*.deb teleport-connect*.rpm; do
sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Assume AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 64-bit"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-fips
environment:
BUILDBOX_VERSION: teleport12
RUNTIME: go1.19.2
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- make -C build.assets release-amd64-centos7-fips
environment:
ARCH: amd64
FIPS: "yes"
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Assume AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 64-bit (FedRAMP/FIPS)"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-centos7-rpm
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-amd64-centos7
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Assume Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Build AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar go
- apk add --no-cache aws-cli
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- mkdir -m0700 $GNUPG_DIR
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
- chown -R root:root $GNUPG_DIR
- make rpm
- rm -rf $GNUPG_DIR
environment:
ARCH: amd64
ENT_TARBALL_PATH: /go/artifacts
GNUPG_DIR: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
- name: tmpfs
path: /tmpfs
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- name: Assume Upload AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 64-bit RPM (RHEL/CentOS 7.x compatible)"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: awsconfig
temp: {}
- name: tmpfs
temp:
medium: memory
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-centos7-fips-rpm
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-amd64-centos7-fips
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Assume Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-centos7-fips-bin.tar.gz
/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Build AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar go
- apk add --no-cache aws-cli
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- mkdir -m0700 $GNUPG_DIR
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
- chown -R root:root $GNUPG_DIR
- make -C e rpm
- rm -rf $GNUPG_DIR
environment:
ARCH: amd64
ENT_TARBALL_PATH: /go/artifacts
FIPS: "yes"
GNUPG_DIR: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
RUNTIME: fips
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
- name: tmpfs
path: /tmpfs
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- name: Assume Upload AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 64-bit RPM (RHEL/CentOS 7.x compatible, FedRAMP/FIPS)"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: awsconfig
temp: {}
- name: tmpfs
temp:
medium: memory
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-deb
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-amd64
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/webapps
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- cd /go/src/github.com/gravitational/webapps
- git clone https://github.com/gravitational/webapps.git .
- git checkout "$(/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh)"
- git submodule update --init packages/webapps.e
- cd -
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Assume Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz
/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Build AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- apk add --no-cache aws-cli
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- make deb
environment:
ARCH: amd64
ENT_TARBALL_PATH: /go/artifacts
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- name: Assume Upload AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 64-bit DEB"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: awsconfig
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-fips-deb
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-amd64-fips
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Assume Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz
/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Build AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- apk add --no-cache aws-cli
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- make -C e deb
environment:
ARCH: amd64
ENT_TARBALL_PATH: /go/artifacts
FIPS: "yes"
RUNTIME: fips
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- name: Assume Upload AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 64-bit DEB (FedRAMP/FIPS)"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: awsconfig
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-386
environment:
BUILDBOX_VERSION: teleport12
RUNTIME: go1.19.2
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-386
environment:
ARCH: "386"
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Assume AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 32-bit"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-386-rpm
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-386
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Assume Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz
/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Build AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar go
- apk add --no-cache aws-cli
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- mkdir -m0700 $GNUPG_DIR
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
- chown -R root:root $GNUPG_DIR
- make rpm
- rm -rf $GNUPG_DIR
environment:
ARCH: "386"
ENT_TARBALL_PATH: /go/artifacts
GNUPG_DIR: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
- name: tmpfs
path: /tmpfs
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- name: Assume Upload AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 32-bit RPM"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: awsconfig
temp: {}
- name: tmpfs
temp:
medium: memory
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-386-deb
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-386
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Assume Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz
/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Build AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- apk add --no-cache aws-cli
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- make deb
environment:
ARCH: "386"
ENT_TARBALL_PATH: /go/artifacts
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- name: Assume Upload AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux 32-bit DEB"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: awsconfig
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/mac.go (main.newDarwinPipeline)
################################################
kind: pipeline
type: exec
name: build-darwin-amd64
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /tmp/build-darwin-amd64
platform:
os: darwin
arch: amd64
clone:
disable: true
depends_on:
- clean-up-previous-build
concurrency:
limit: 1
steps:
- name: Set up exec runner storage
commands:
- set -u
- mkdir -p $WORKSPACE_DIR
- chmod -R u+rw $WORKSPACE_DIR
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64
- name: Check out code
commands:
- set -u
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
-F /dev/null' git submodule update --init e
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
-F /dev/null' git submodule update --init --recursive webassets || true
- rm -rf $WORKSPACE_DIR/.ssh
- mkdir -p $WORKSPACE_DIR/go/cache
- mkdir -p $WORKSPACE_DIR/go/artifacts
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
- cat $WORKSPACE_DIR/go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
WORKSPACE_DIR: /tmp/build-darwin-amd64
- name: Install Go Toolchain
commands:
- set -u
- mkdir -p /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
- curl --silent -O https://dl.google.com/go/$RUNTIME.darwin-amd64.tar.gz
- tar -C /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains -xzf $RUNTIME.darwin-amd64.tar.gz
- rm -rf $RUNTIME.darwin-amd64.tar.gz
environment:
RUNTIME: go1.19.2
- name: Install Rust Toolchain
commands:
- set -u
- export PATH=/Users/$(whoami)/.cargo/bin:$PATH
- mkdir -p /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
print-rust-version)
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
- export RUST_HOME=$CARGO_HOME
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
- rustup toolchain install $RUST_VERSION
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64
- name: Build Mac artifacts (binaries)
commands:
- set -u
- export HOME=/Users/$(whoami)
- export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
print-rust-version)
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
- export RUST_HOME=$CARGO_HOME
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
- export PATH=$CARGO_HOME/bin:/Users/build/.cargo/bin:$PATH
- rustup override set $RUST_VERSION
- export PATH=$TOOLCHAIN_DIR/go/bin:$PATH
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- build.assets/build-fido2-macos.sh build
- export PKG_CONFIG_PATH="$(build.assets/build-fido2-macos.sh pkg_config_path)"
- make clean release OS=$OS ARCH=$ARCH FIDO2=yes TOUCHID=yes PIV=yes
environment:
ARCH: amd64
BUILDBOX_PASSWORD:
from_secret: BUILDBOX_PASSWORD
GOCACHE: /tmp/build-darwin-amd64/go/cache
GOPATH: /tmp/build-darwin-amd64/go
OS: darwin
WORKSPACE_DIR: /tmp/build-darwin-amd64
- name: Copy Mac artifacts
commands:
- set -u
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- cp teleport*.tar.gz $WORKSPACE_DIR/go/artifacts
- cp e/teleport-ent*.tar.gz $WORKSPACE_DIR/go/artifacts
- cd $WORKSPACE_DIR/go/artifacts && for FILE in teleport*.tar.gz; do shasum -a 256
$FILE > $FILE.sha256; done && ls -l
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64
- name: Assume AWS Role
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /tmp/build-darwin-amd64/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64/credentials
- name: Upload to S3
commands:
- set -u
- cd $WORKSPACE_DIR/go/artifacts
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64/credentials
WORKSPACE_DIR: /tmp/build-darwin-amd64
- name: Register artifacts
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="MacOS Intel"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
WORKSPACE_DIR: /tmp/build-darwin-amd64
- name: Clean up toolchains (post)
commands:
- set -u
- export PATH=/Users/$(whoami)/.cargo/bin:$PATH
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
- export RUST_HOME=$CARGO_HOME
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
print-rust-version)
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- rustup override unset
- rustup toolchain uninstall $RUST_VERSION
- rm -rf /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64
when:
status:
- success
- failure
- name: Clean up exec runner storage (post)
commands:
- set -u
- chmod -R u+rw $WORKSPACE_DIR
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/mac.go (main.newDarwinPipeline)
################################################
kind: pipeline
type: exec
name: build-darwin-amd64-pkg
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /tmp/build-darwin-amd64-pkg
platform:
os: darwin
arch: amd64
clone:
disable: true
depends_on:
- build-darwin-amd64
concurrency:
limit: 1
steps:
- name: Set up exec runner storage
commands:
- set -u
- mkdir -p $WORKSPACE_DIR
- chmod -R u+rw $WORKSPACE_DIR
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
- name: Check out code
commands:
- set -u
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
-F /dev/null' git submodule update --init e
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
-F /dev/null' git submodule update --init --recursive webassets || true
- rm -rf $WORKSPACE_DIR/.ssh
- mkdir -p $WORKSPACE_DIR/go/cache
- mkdir -p $WORKSPACE_DIR/go/artifacts
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
- cat $WORKSPACE_DIR/go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
- name: Assume AWS Role
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /tmp/build-darwin-amd64-pkg/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg/credentials
- name: Download built tarball artifacts from S3
commands:
- set -u
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
- export S3_PATH="tag/$${DRONE_TAG##v}/"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-darwin-amd64-bin.tar.gz
$WORKSPACE_DIR/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-darwin-amd64-bin.tar.gz
$WORKSPACE_DIR/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg/credentials
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
- name: Build Mac pkg release artifacts
commands:
- set -u
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
- export HOME=/Users/build
- security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain
- security find-identity -v
- make pkg OS=$OS ARCH=$ARCH
environment:
APPLE_PASSWORD:
from_secret: APPLE_PASSWORD
APPLE_USERNAME:
from_secret: APPLE_USERNAME
ARCH: amd64
BUILDBOX_PASSWORD:
from_secret: BUILDBOX_PASSWORD
ENT_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts
OS: darwin
OSS_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
- name: Copy Mac pkg artifacts
commands:
- set -u
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- rm -rf $WORKSPACE_DIR/go/artifacts/*.tar.gz
- cp build/teleport*.pkg e/build/teleport-ent*.pkg $WORKSPACE_DIR/go/artifacts/
- cd $WORKSPACE_DIR/go/artifacts && for FILE in *.pkg; do shasum -a 256 $FILE >
$FILE.sha256; done && ls -l
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
- name: Upload to S3
commands:
- set -u
- cd $WORKSPACE_DIR/go/artifacts
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg/credentials
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
- name: Register artifacts
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="MacOS Intel .pkg installer"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
- name: Clean up exec runner storage (post)
commands:
- set -u
- chmod -R u+rw $WORKSPACE_DIR
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/mac.go (main.newDarwinPipeline)
################################################
kind: pipeline
type: exec
name: build-darwin-amd64-pkg-tsh
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /tmp/build-darwin-amd64-pkg-tsh
platform:
os: darwin
arch: amd64
clone:
disable: true
depends_on:
- build-darwin-amd64
concurrency:
limit: 1
steps:
- name: Set up exec runner storage
commands:
- set -u
- mkdir -p $WORKSPACE_DIR
- chmod -R u+rw $WORKSPACE_DIR
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
- name: Check out code
commands:
- set -u
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
-F /dev/null' git submodule update --init e
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
-F /dev/null' git submodule update --init --recursive webassets || true
- rm -rf $WORKSPACE_DIR/.ssh
- mkdir -p $WORKSPACE_DIR/go/cache
- mkdir -p $WORKSPACE_DIR/go/artifacts
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
- cat $WORKSPACE_DIR/go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
- name: Assume AWS Role
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /tmp/build-darwin-amd64-pkg-tsh/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg-tsh/credentials
- name: Download built tarball artifacts from S3
commands:
- set -u
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
- export S3_PATH="tag/$${DRONE_TAG##v}/"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-darwin-amd64-bin.tar.gz
$WORKSPACE_DIR/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-darwin-amd64-bin.tar.gz
$WORKSPACE_DIR/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg-tsh/credentials
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
- name: Build Mac pkg release artifacts
commands:
- set -u
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
- export HOME=/Users/build
- security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain
- security find-identity -v
- make pkg-tsh OS=$OS ARCH=$ARCH
environment:
APPLE_PASSWORD:
from_secret: APPLE_PASSWORD
APPLE_USERNAME:
from_secret: APPLE_USERNAME
ARCH: amd64
BUILDBOX_PASSWORD:
from_secret: BUILDBOX_PASSWORD
ENT_TARBALL_PATH: /tmp/build-darwin-amd64-pkg-tsh/go/artifacts
OS: darwin
OSS_TARBALL_PATH: /tmp/build-darwin-amd64-pkg-tsh/go/artifacts
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
- name: Copy Mac pkg artifacts
commands:
- set -u
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- rm -rf $WORKSPACE_DIR/go/artifacts/*.tar.gz
- cp build/tsh*.pkg $WORKSPACE_DIR/go/artifacts/
- cd $WORKSPACE_DIR/go/artifacts && for FILE in *.pkg; do shasum -a 256 $FILE >
$FILE.sha256; done && ls -l
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
- name: Upload to S3
commands:
- set -u
- cd $WORKSPACE_DIR/go/artifacts
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg-tsh/credentials
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
- name: Register artifacts
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="MacOS Intel .pkg installer (tsh client only)"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
- name: Clean up exec runner storage (post)
commands:
- set -u
- chmod -R u+rw $WORKSPACE_DIR
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-arm
environment:
BUILDBOX_VERSION: teleport12
RUNTIME: go1.19.2
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-arm
environment:
ARCH: arm
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Assume AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux ARMv7 (32-bit)"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-arm64
environment:
BUILDBOX_VERSION: teleport12
RUNTIME: go1.19.2
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-arm64
environment:
ARCH: arm64
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Assume AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux ARM64/ARMv8 (64-bit)"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-arm64-deb
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-arm64
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Assume Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm64-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm64-bin.tar.gz
/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Build AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- apk add --no-cache aws-cli
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- make deb
environment:
ARCH: arm64
ENT_TARBALL_PATH: /go/artifacts
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- name: Assume Upload AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux ARM64/ARMv8 (64-bit) DEB"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: awsconfig
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-arm-deb
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-arm
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Assume Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm-bin.tar.gz
/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Build AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- apk add --no-cache aws-cli
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- make deb
environment:
ARCH: arm
ENT_TARBALL_PATH: /go/artifacts
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- name: Assume Upload AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux ARMv7 (32-bit) DEB"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: awsconfig
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-arm64-rpm
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-arm64
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Assume Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm64-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm64-bin.tar.gz
/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Build AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar go
- apk add --no-cache aws-cli
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- mkdir -m0700 $GNUPG_DIR
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
- chown -R root:root $GNUPG_DIR
- make rpm
- rm -rf $GNUPG_DIR
environment:
ARCH: arm64
ENT_TARBALL_PATH: /go/artifacts
GNUPG_DIR: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
- name: tmpfs
path: /tmpfs
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- name: Assume Upload AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux ARM64/ARMv8 (64-bit) RPM"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: awsconfig
temp: {}
- name: tmpfs
temp:
medium: memory
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: build-linux-arm-rpm
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-arm
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Assume Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm-bin.tar.gz
/go/artifacts/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Build AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar go
- apk add --no-cache aws-cli
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- mkdir -m0700 $GNUPG_DIR
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
- chown -R root:root $GNUPG_DIR
- make rpm
- rm -rf $GNUPG_DIR
environment:
ARCH: arm
ENT_TARBALL_PATH: /go/artifacts
GNUPG_DIR: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
- name: tmpfs
path: /tmpfs
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- name: Assume Upload AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Linux ARMv7 (32-bit) RPM"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: awsconfig
temp: {}
- name: tmpfs
temp:
medium: memory
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go (main.tagPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-windows-amd64
environment:
BUILDBOX_VERSION: teleport12
RUNTIME: go1.19.2
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- clean-up-previous-build
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- |-
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
exit 1
fi
echo "$$VERSION" > /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- echo -n "$WINDOWS_SIGNING_CERT" | base64 -d > windows-signing-cert.pfx
- make -C build.assets release-windows
- rm -f windows-signing-cert.pfx
environment:
ARCH: amd64
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: windows
UID: "1000"
WINDOWS_SIGNING_CERT:
from_secret: WINDOWS_SIGNING_CERT
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find . -maxdepth 1 -iname "teleport*.zip" -print -exec cp {} /go/artifacts \;
- export VERSION=$(cat /go/.version.txt)
- cp /go/artifacts/teleport-v$${VERSION}-windows-amd64-bin.zip /go/artifacts/teleport-ent-v$${VERSION}-windows-amd64-bin.zip
- cd /go/artifacts && for FILE in teleport*.zip; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Assume AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload to S3
image: amazon/aws-cli
commands:
- cd /go/artifacts/
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="Windows 64-bit (tsh client only)"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="windows" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: build-oss-amis
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
depends_on:
- build-linux-amd64
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Assume Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Download built tarball artifacts from S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_REGION: us-west-2
volumes:
- name: awsconfig
path: /root/.aws
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
- name: Assume Packer AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_PACKER_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_PACKER_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_PACKER_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Build OSS AMIs
image: hashicorp/packer:1.7.6
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
commands:
- apk add --no-cache aws-cli jq make
- cd /go/src/github.com/gravitational/teleport/assets/aws
- export TELEPORT_VERSION=$(cat /go/.version.txt)
- export PUBLIC_AMI_NAME=gravitational-teleport-ami-oss-$TELEPORT_VERSION
- |
if [ "${DRONE_BUILD_EVENT}" = "tag" ]; then
echo "---> Building production OSS AMIs"
echo "---> Note: these AMIs will not be made public until the 'promote' step is run"
make oss-ci-build
else
echo "---> Building debug OSS AMIs"
make oss
fi
- name: Assume S3 Timestamp Sync AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Sync OSS build timestamp to S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_REGION: us-west-2
volumes:
- name: awsconfig
path: /root/.aws
commands:
- export VERSION=$(cat /go/.version.txt)
- aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/oss_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: awsconfig
temp: {}
---
kind: pipeline
type: kubernetes
name: build-ent-amis
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
depends_on:
- build-linux-amd64
- build-linux-amd64-fips
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Assume Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Download built tarball artifacts from S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_REGION: us-west-2
volumes:
- name: awsconfig
path: /root/.aws
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
- name: Assume Packer AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_PACKER_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_PACKER_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_PACKER_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Build Enterprise AMIs
image: hashicorp/packer:1.7.6
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
commands:
- apk add --no-cache aws-cli jq make
- cd /go/src/github.com/gravitational/teleport/assets/aws
- export TELEPORT_VERSION=$(cat /go/.version.txt)
- export PUBLIC_AMI_NAME=gravitational-teleport-ami-ent-$TELEPORT_VERSION
- export FIPS_AMI_NAME=gravitational-teleport-ami-ent-$TELEPORT_VERSION-fips
- |
if [ "${DRONE_BUILD_EVENT}" = "tag" ]; then
echo "---> Building production Enterprise AMIs"
echo "---> Note: these AMIs will not be made public until the 'promote' step is run"
make ent-ci-build
else
echo "---> Building debug Enterprise AMIs"
make ent
fi
- name: Assume S3 Timestamp Sync AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Sync Enterprise build timestamp to S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_REGION: us-west-2
volumes:
- name: awsconfig
path: /root/.aws
commands:
- export VERSION=$(cat /go/.version.txt)
- aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/ent_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: awsconfig
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/buildbox.go (main.buildboxPipeline)
################################################
kind: pipeline
type: kubernetes
name: build-buildboxes
environment:
BUILDBOX_VERSION: teleport12
GID: "1000"
UID: "1000"
trigger:
event:
include:
- push
repo:
include:
- gravitational/teleport
branch:
include:
- master
- branch/*
workspace:
path: /go/src/github.com/gravitational/teleport
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- git clone --depth 1 --single-branch --branch ${DRONE_SOURCE_BRANCH:-master} https://github.com/gravitational/${DRONE_REPO_NAME}.git
.
- git checkout ${DRONE_COMMIT}
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Configure Staging AWS Profile
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile staging
environment:
AWS_ACCESS_KEY_ID:
from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: STAGING_BUILDBOX_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Configure Production AWS Profile
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile production
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: PRODUCTION_BUILDBOX_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Build and push buildbox
image: docker
commands:
- apk add --no-cache make aws-cli
- chown -R $UID:$GID /go
- aws ecr get-login-password --profile staging --region=us-west-2 | docker login
-u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
- make -C build.assets buildbox
- docker tag public.ecr.aws/gravitational/teleport-buildbox:$BUILDBOX_VERSION 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
- docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
- aws ecr-public get-login-password --profile production --region=us-east-1 | docker
login -u="AWS" --password-stdin public.ecr.aws
- docker push public.ecr.aws/gravitational/teleport-buildbox:$BUILDBOX_VERSION
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
- name: Build and push buildbox-fips
image: docker
commands:
- apk add --no-cache make aws-cli
- chown -R $UID:$GID /go
- aws ecr get-login-password --profile staging --region=us-west-2 | docker login
-u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
- make -C build.assets buildbox-fips
- docker tag public.ecr.aws/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
- docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
- aws ecr-public get-login-password --profile production --region=us-east-1 | docker
login -u="AWS" --password-stdin public.ecr.aws
- docker push public.ecr.aws/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
- name: Build and push buildbox-arm
image: docker
commands:
- apk add --no-cache make aws-cli
- chown -R $UID:$GID /go
- aws ecr get-login-password --profile staging --region=us-west-2 | docker login
-u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
- make -C build.assets buildbox-arm
- docker tag public.ecr.aws/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
- docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
- aws ecr-public get-login-password --profile production --region=us-east-1 | docker
login -u="AWS" --password-stdin public.ecr.aws
- docker push public.ecr.aws/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
- name: Build and push buildbox-centos7
image: docker
commands:
- apk add --no-cache make aws-cli
- chown -R $UID:$GID /go
- aws ecr get-login-password --profile staging --region=us-west-2 | docker login
-u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
- make -C build.assets buildbox-centos7
- docker tag public.ecr.aws/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
- docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
- aws ecr-public get-login-password --profile production --region=us-east-1 | docker
login -u="AWS" --password-stdin public.ecr.aws
- docker push public.ecr.aws/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
- name: Build and push buildbox-centos7-fips
image: docker
commands:
- apk add --no-cache make aws-cli
- chown -R $UID:$GID /go
- aws ecr get-login-password --profile staging --region=us-west-2 | docker login
-u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
- make -C build.assets buildbox-centos7-fips
- docker tag public.ecr.aws/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
- docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
- aws ecr-public get-login-password --profile production --region=us-east-1 | docker
login -u="AWS" --password-stdin public.ecr.aws
- docker push public.ecr.aws/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: awsconfig
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/os_repos.go (main.buildNeverTriggerPipeline)
################################################
kind: pipeline
type: kubernetes
name: migrate-apt-new-repos
trigger:
event:
include:
- custom
repo:
include:
- non-existent-repository
branch:
include:
- non-existent-branch
clone:
disable: true
steps:
- name: Placeholder
image: alpine:latest
commands:
- echo "This command, step, and pipeline never runs"
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/os_repos.go (main.(*OsPackageToolPipelineBuilder).buildBaseOsPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: publish-apt-new-repos
trigger:
event:
include:
- promote
target:
include:
- production
repo:
include:
- gravitational/teleport
workspace:
path: /go
clone:
disable: true
steps:
- name: Verify build is tagged
image: alpine:latest
commands:
- '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?''
&& exit 1)'
- name: Check out code
image: alpine/git:latest
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_TAG}"
- name: Assume Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Verify build is tagged
- Check out code
- name: Download artifacts for "${DRONE_TAG}"
image: amazon/aws-cli
commands:
- mkdir -pv "$ARTIFACT_PATH"
- rm -rf "$ARTIFACT_PATH"/*
- aws s3 sync --no-progress --delete --exclude "*" --include "*.deb*" s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/
"$ARTIFACT_PATH"
environment:
ARTIFACT_PATH: /go/artifacts
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume Download AWS Role
- Verify build is tagged
- Check out code
- name: Assume Upload AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: APT_REPO_NEW_AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: APT_REPO_NEW_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: APT_REPO_NEW_AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Download artifacts for "${DRONE_TAG}"
- Verify build is tagged
- Check out code
- name: Check if tag is prerelease
image: golang:1.18-alpine
commands:
- apk add git
- mkdir -pv "/tmp/repo"
- cd "/tmp/repo"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_TAG}"
- cd "/tmp/repo/build.assets/tooling"
- go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> This is
a prerelease, not continuing promotion for ${DRONE_TAG}' && exit 78)
depends_on:
- Assume Upload AWS Role
- Verify build is tagged
- Check out code
- name: Publish debs to APT repos for "${DRONE_TAG}"
image: golang:1.18-bullseye
commands:
- apt update
- apt install -y aptly
- mkdir -pv -m0700 "$GNUPGHOME"
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME
- chown -R root:root "$GNUPGHOME"
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- export VERSION="${DRONE_TAG}"
- export RELEASE_CHANNEL="stable"
- go run ./cmd/build-os-package-repos apt -bucket "$REPO_S3_BUCKET" -local-bucket-path
"$BUCKET_CACHE_PATH" -artifact-version "$VERSION" -release-channel "$RELEASE_CHANNEL"
-artifact-path "$ARTIFACT_PATH" -log-level 4 -aptly-root-dir "$APTLY_ROOT_DIR"
environment:
APTLY_ROOT_DIR: /mnt/aptly
ARTIFACT_PATH: /go/artifacts
AWS_REGION: us-west-2
BUCKET_CACHE_PATH: /tmp/bucket
DEBIAN_FRONTEND: noninteractive
GNUPGHOME: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
REPO_S3_BUCKET:
from_secret: APT_REPO_NEW_AWS_S3_BUCKET
volumes:
- name: apt-persistence
path: /mnt
- name: tmpfs
path: /tmpfs
- name: awsconfig
path: /root/.aws
depends_on:
- Check if tag is prerelease
- Verify build is tagged
- Check out code
volumes:
- name: apt-persistence
claim:
name: drone-s3-aptrepo-pvc
- name: tmpfs
temp:
medium: memory
- name: awsconfig
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/os_repos.go (main.buildNeverTriggerPipeline)
################################################
kind: pipeline
type: kubernetes
name: migrate-yum-new-repos
trigger:
event:
include:
- custom
repo:
include:
- non-existent-repository
branch:
include:
- non-existent-branch
clone:
disable: true
steps:
- name: Placeholder
image: alpine:latest
commands:
- echo "This command, step, and pipeline never runs"
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/os_repos.go (main.(*OsPackageToolPipelineBuilder).buildBaseOsPackagePipeline)
################################################
kind: pipeline
type: kubernetes
name: publish-yum-new-repos
trigger:
event:
include:
- promote
target:
include:
- production
repo:
include:
- gravitational/teleport
workspace:
path: /go
clone:
disable: true
steps:
- name: Verify build is tagged
image: alpine:latest
commands:
- '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?''
&& exit 1)'
- name: Check out code
image: alpine/git:latest
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_TAG}"
- name: Assume Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Verify build is tagged
- Check out code
- name: Download artifacts for "${DRONE_TAG}"
image: amazon/aws-cli
commands:
- mkdir -pv "$ARTIFACT_PATH"
- rm -rf "$ARTIFACT_PATH"/*
- aws s3 sync --no-progress --delete --exclude "*" --include "*.rpm*" s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/
"$ARTIFACT_PATH"
environment:
ARTIFACT_PATH: /go/artifacts
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume Download AWS Role
- Verify build is tagged
- Check out code
- name: Assume Upload AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: YUM_REPO_NEW_AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: YUM_REPO_NEW_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: YUM_REPO_NEW_AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Download artifacts for "${DRONE_TAG}"
- Verify build is tagged
- Check out code
- name: Check if tag is prerelease
image: golang:1.18-alpine
commands:
- apk add git
- mkdir -pv "/tmp/repo"
- cd "/tmp/repo"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "${DRONE_TAG}"
- cd "/tmp/repo/build.assets/tooling"
- go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> This is
a prerelease, not continuing promotion for ${DRONE_TAG}' && exit 78)
depends_on:
- Assume Upload AWS Role
- Verify build is tagged
- Check out code
- name: Publish rpms to YUM repos for "${DRONE_TAG}"
image: golang:1.18-bullseye
commands:
- apt update
- apt install -y createrepo-c
- mkdir -pv "$CACHE_DIR"
- mkdir -pv -m0700 "$GNUPGHOME"
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME
- chown -R root:root "$GNUPGHOME"
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
- export VERSION="${DRONE_TAG}"
- export RELEASE_CHANNEL="stable"
- go run ./cmd/build-os-package-repos yum -bucket "$REPO_S3_BUCKET" -local-bucket-path
"$BUCKET_CACHE_PATH" -artifact-version "$VERSION" -release-channel "$RELEASE_CHANNEL"
-artifact-path "$ARTIFACT_PATH" -log-level 4 -cache-dir "$CACHE_DIR"
environment:
ARTIFACT_PATH: /go/artifacts
AWS_REGION: us-west-2
BUCKET_CACHE_PATH: /mnt/bucket
CACHE_DIR: /mnt/createrepo_cache
DEBIAN_FRONTEND: noninteractive
GNUPGHOME: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
REPO_S3_BUCKET:
from_secret: YUM_REPO_NEW_AWS_S3_BUCKET
volumes:
- name: yum-persistence
path: /mnt
- name: tmpfs
path: /tmpfs
- name: awsconfig
path: /root/.aws
depends_on:
- Check if tag is prerelease
- Verify build is tagged
- Check out code
volumes:
- name: yum-persistence
claim:
name: drone-s3-yumrepo-pvc
- name: tmpfs
temp:
medium: memory
- name: awsconfig
temp: {}
---
kind: pipeline
type: kubernetes
name: promote-build
trigger:
event:
- promote
target:
- production
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check if commit is tagged
image: alpine
commands:
- "[ -n ${DRONE_TAG} ] || (echo 'DRONE_TAG is not set. Is the commit tagged?' && exit 1)"
- name: Assume Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- mkdir -p /go/artifacts
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/ /go/artifacts/
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_REGION: us-west-2
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume Upload AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: PRODUCTION_AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Upload artifacts to production S3
image: amazon/aws-cli
environment:
AWS_REGION: us-east-1
AWS_S3_BUCKET:
from_secret: PRODUCTION_AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
commands:
- cd /go/artifacts/
- aws s3 sync --acl public-read . s3://$AWS_S3_BUCKET/teleport/${DRONE_TAG##v}
- name: Check out code
image: docker:git
commands:
- |
mkdir -p /go/src/github.com/gravitational/teleport
cd /go/src/github.com/gravitational/teleport
git init && git remote add origin ${DRONE_REMOTE_URL}
git fetch origin +refs/tags/${DRONE_TAG}:
git checkout -qf FETCH_HEAD
- name: Assume AMI Download AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Download AMI timestamps
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
commands:
- mkdir -p /go/src/github.com/gravitational/teleport/assets/aws/files/build
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/ami/${DRONE_TAG##v}/ /go/src/github.com/gravitational/teleport/assets/aws/files/build
- name: Assume AMI Publish AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: PRODUCTION_AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Make AMIs public
image: docker
volumes:
- name: awsconfig
path: /root/.aws
commands:
- apk add --no-cache aws-cli bash jq make
- cd /go/src/github.com/gravitational/teleport/assets/aws
- |
make change-amis-to-public-oss
make change-amis-to-public-ent
make change-amis-to-public-ent-fips
- name: "Helm: Assume Download AWS Role"
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: PRODUCTION_CHARTS_AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
# Download all previously packaged charts. This is needed to rebuild the
# index and re-publish the repository.
- name: "Helm: Download chart repository"
image: amazon/aws-cli
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
commands:
- mkdir -p /go/chart
- aws s3 sync s3://$AWS_S3_BUCKET/ /go/chart
- name: "Helm: Package chart repository"
image: alpine/helm:latest
commands:
- cd /go/chart
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-cluster
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-kube-agent
# copy index.html to root of the S3 bucket.
- cp /go/src/github.com/gravitational/teleport/examples/chart/index.html /go/chart
# this will index all previous versions of the charts downloaded from the S3 bucket,
# plus the just-packaged charts listed above
- helm repo index /go/chart
- ls /go/chart
- name: "Helm: Assume Upload AWS Role"
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: PRODUCTION_CHARTS_AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: "Helm: Publish chart repository to S3"
image: amazon/aws-cli
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
commands:
- cd /go/chart/
- aws s3 sync . s3://$AWS_S3_BUCKET/
# NOTE: all mandatory steps for a release promotion need to go BEFORE this
# step, as there is a chance that everything afterwards will be skipped.
#
# this step exits early and skips all remaining steps in the pipeline if the
# tag looks like a pre-release, to avoid pushing pre-release RPMs and DEBs to
# our yum / apt repos.
- name: Check if repo is public
image: alpine
commands:
- if [ "${DRONE_REPO}" != "gravitational/teleport" ]; then echo "---> Not publishing ${DRONE_REPO} packages to RPM and DEB repos" && exit 78; fi
- name: Check if tag is prerelease
image: golang:1.17-alpine
commands:
- cd /go/src/github.com/gravitational/teleport/build.assets/tooling
- go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> Not publishing ${DRONE_TAG} packages to RPM and DEB repos' && exit 78)
- name: Assume RPM Repo AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: RPMREPO_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: RPMREPO_AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: RPMREPO_AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Download RPM repo contents
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: RPMREPO_AWS_S3_BUCKET
volumes:
- name: rpmrepo
path: /rpmrepo
- name: awsconfig
path: /root/.aws
commands:
- mkdir -p /rpmrepo/teleport/cache
# we explicitly want to delete anything present locally which has been deleted
# from the upstream S3 bucket
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/ /rpmrepo/teleport/ --delete
- mkdir -p /rpmrepo/teleport/${DRONE_TAG##v}
- cp -a /go/artifacts/*.rpm /rpmrepo/teleport/${DRONE_TAG##v}/
# we do this using a CentOS 7 container to make sure that the repo files are
# compatible with older versions, also there's no createrepo package in alpine main
- name: Regenerate RPM repo metadata
image: centos:7
volumes:
- name: rpmrepo
path: /rpmrepo
commands:
- yum -y install createrepo
- createrepo --cachedir /rpmrepo/teleport/cache --update /rpmrepo/teleport
# This step requires centos:8 to get gpg 2.2+
# centos:7's gpg 2.0 doesn't understand the format of GPG_RPM_SIGNING_ARCHIVE
- name: Sign RPM repo metadata
image: centos:8
volumes:
- name: rpmrepo
path: /rpmrepo
# for in-memory tmpfs for key material
- name: tmpfs
path: /tmpfs
environment:
GNUPGHOME: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
commands:
- |
# extract signing key
mkdir -m0700 $GNUPGHOME
echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME
chown -R root:root $GNUPGHOME
# Sign rpm repo metadata (yum clients will automatically look for and verify repodata/repomd.xml.asc)
- gpg --batch --yes --detach-sign --armor /rpmrepo/teleport/repodata/repomd.xml
- cat /rpmrepo/teleport/repodata/repomd.xml.asc
- rm -rf $GNUPGHOME
- name: Sync RPM repo changes to S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: RPMREPO_AWS_S3_BUCKET
volumes:
- name: rpmrepo
path: /rpmrepo
- name: awsconfig
path: /root/.aws
commands:
- aws s3 sync /rpmrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/
# This step skips all remaining steps in the pipeline if the tag
# is not the highest semver *ever* released, to avoid publishing DEBs
# that would cause apt users to downgrade. For more info see:
# https://github.com/gravitational/teleport/issues/8166
- name: Check if tag is latest
image: golang:1.17-alpine
commands:
- cd /go/src/github.com/gravitational/teleport/build.assets/tooling
- go run ./cmd/check -tag ${DRONE_TAG} -check latest || (echo '---> Not publishing ${DRONE_REPO} packages to DEB repo' && exit 78)
- name: Assume Deb Repo AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: DEBREPO_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: DEBREPO_AWS_SECRET_ACCESS_KEY
AWS_ROLE:
from_secret: DEBREPO_AWS_ROLE
volumes:
- name: awsconfig
path: /root/.aws
- name: Download DEB repo contents
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: DEBREPO_AWS_S3_BUCKET
volumes:
- name: debrepo
path: /debrepo
- name: awsconfig
path: /root/.aws
commands:
# we explicitly want to delete anything present locally which has been deleted
# from the upstream S3 bucket
- mkdir -p /debrepo/teleport
- aws s3 sync s3://$AWS_S3_BUCKET/teleport /debrepo/teleport --delete
- name: Build DEB repo
image: ubuntu:20.04
environment:
DEBIAN_FRONTEND: noninteractive
GNUPGHOME: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
volumes:
- name: dockersock
path: /var/run
- name: debrepo
path: /debrepo
# for in-memory tmpfs for key material
- name: tmpfs
path: /tmpfs
commands:
- |
# install needed tools
apt-get -y update && apt-get -y install curl gzip gnupg2 reprepro tar
- |
# write config files
mkdir -p /go/reprepro/teleport/conf /go/reprepro/teleport/public
# we have to keep listing "arm" even though it's not a real debian arch
# because we have released packages for it that are currently in the
# repo bucket, and reprepro will error out if it's told to includedeb a
# package for an architecture that's not in its configuration
cat << EOF > /go/reprepro/teleport/conf/distributions
Origin: teleport
Label: teleport
Codename: stable
Architectures: i386 amd64 arm armhf arm64
Components: main
Description: apt repository for teleport
SignWith: 6282C411
EOF
cat << EOF > /go/reprepro/teleport/conf/options
verbose
basedir /go/reprepro/teleport
EOF
- |
# extract signing key
mkdir -m0700 $GNUPGHOME
echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME
chown -R root:root $GNUPGHOME
- |
# create repo
cd /go/reprepro/teleport
reprepro --outdir /go/reprepro/teleport/public includedeb stable /go/artifacts/teleport*.deb
- |
# clean up gnupg
rm -rf $GNUPGHOME
- |
# copy artifacts to PVC
cp -r /go/reprepro/teleport /debrepo/
- name: Sync DEB repo changes to S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: DEBREPO_AWS_S3_BUCKET
volumes:
- name: debrepo
path: /debrepo
- name: awsconfig
path: /root/.aws
commands:
- aws s3 sync /debrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: tmpfs
path: /tmpfs
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
- name: tmpfs
temp:
medium: memory
# these persistent volumes cache RPMs/DEBs near Drone so that we don't need to download the
# entire repo contents from S3 every time to build the repo, we just sync any differences
- name: rpmrepo
claim:
name: drone-s3-rpmrepo-pvc
- name: debrepo
claim:
name: drone-s3-debrepo-pvc
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/mac.go (main.newDarwinPipeline)
################################################
kind: pipeline
type: exec
name: build-darwin-amd64-connect
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /tmp/build-darwin-amd64-connect
platform:
os: darwin
arch: amd64
clone:
disable: true
depends_on:
- build-darwin-amd64-pkg-tsh
concurrency:
limit: 1
steps:
- name: Set up exec runner storage
commands:
- set -u
- mkdir -p $WORKSPACE_DIR
- chmod -R u+rw $WORKSPACE_DIR
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
- name: Check out code
commands:
- set -u
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
- git clone https://github.com/gravitational/webapps.git .
- git checkout $($WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh)
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
-F /dev/null' git submodule update --init packages/webapps.e
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
-F /dev/null' git submodule update --init e
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
-F /dev/null' git submodule update --init --recursive webassets || true
- rm -rf $WORKSPACE_DIR/.ssh
- mkdir -p $WORKSPACE_DIR/go/cache
- mkdir -p $WORKSPACE_DIR/go/artifacts
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
- cat $WORKSPACE_DIR/go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
- name: Install Node Toolchain
commands:
- set -u
- export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
print-node-version)
- export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
- export NODE_DIR=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64
- mkdir -p $TOOLCHAIN_DIR
- curl --silent -O https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-darwin-x64.tar.gz
- tar -C $TOOLCHAIN_DIR -xzf node-v$NODE_VERSION-darwin-x64.tar.gz
- rm -f node-v$NODE_VERSION-darwin-x64.tar.gz
- export PATH=$NODE_DIR/bin:$PATH
- corepack enable yarn
- echo Node reporting version $(node --version)
- echo Yarn reporting version $(yarn --version)
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
- name: Assume AWS Role
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /tmp/build-darwin-amd64-connect/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-connect/credentials
- name: Download tsh.pkg artifact from S3
commands:
- set -u
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
- export S3_PATH="tag/$${DRONE_TAG##v}/"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}tsh-$${VERSION}.pkg $WORKSPACE_DIR/go/src/github.com/gravitational/
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-connect/credentials
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
- name: Build Mac artifacts (Teleport Connect)
commands:
- set -u
- export HOME=/Users/$(whoami)
- export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
- export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
print-node-version)
- export NODE_HOME=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64
- export PATH=$NODE_HOME/bin:$PATH
- export VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
print-version)
- export BUILD_NUMBER=$DRONE_BUILD_NUMBER
- security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain
- security find-identity -v
- export CSC_NAME=0FFD3E3413AB4C599C53FBB1D8CA690915E33D83
- cd $WORKSPACE_DIR/go/src/github.com/gravitational
- pkgutil --expand-full tsh-$${VERSION}.pkg tsh
- export CONNECT_TSH_APP_PATH=$WORKSPACE_DIR/go/src/github.com/gravitational/tsh/Payload/tsh.app
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
- yarn install && yarn build-term && yarn package-term -c.extraMetadata.version=$VERSION
environment:
APPLE_PASSWORD:
from_secret: APPLE_PASSWORD
APPLE_USERNAME:
from_secret: APPLE_USERNAME
ARCH: amd64
BUILDBOX_PASSWORD:
from_secret: BUILDBOX_PASSWORD
GOCACHE: /tmp/build-darwin-amd64-connect/go/cache
GOPATH: /tmp/build-darwin-amd64-connect/go
OS: darwin
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
- name: Copy dmg artifact
commands:
- set -u
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps/packages/teleterm/build/release
- cp *.dmg $WORKSPACE_DIR/go/artifacts
- cd $WORKSPACE_DIR/go/artifacts && for FILE in *.dmg; do shasum -a 256 "$FILE"
> "$FILE.sha256"; done && ls -l
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
- name: Upload to S3
commands:
- set -u
- cd $WORKSPACE_DIR/go/artifacts
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-connect/credentials
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
- name: Register artifact
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
description="MacOS Intel"
products="$name"
if [ "$name" = "tsh" ]; then
products="teleport teleport-ent"
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
description="Teleport Connect"
products="teleport teleport-ent"
fi
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
release_params="" # List of "-F releaseId=XXX" parameters to curl
for product in $products; do
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
release_params="$release_params -F releaseId=$product@$VERSION"
done
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
- name: Clean up toolchains (post)
commands:
- set -u
- rm -rf /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
when:
status:
- success
- failure
- name: Clean up exec runner storage (post)
commands:
- set -u
- chmod -R u+rw $WORKSPACE_DIR
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline)
################################################
kind: pipeline
type: kubernetes
name: teleport-container-images-branch-tag
environment:
DEBIAN_FRONTEND: noninteractive
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- clean-up-previous-build
steps:
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Wait for docker registry
image: alpine
commands:
- apk add curl
- timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)"
!= "200" ]; do sleep 1; done'
- name: Check out code
image: alpine/git:latest
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "$DRONE_TAG"
- name: Build full semver
image: alpine
commands:
- mkdir -pv $(dirname "/go/var/full-version")
- echo $DRONE_TAG | sed 's/v//' > "/go/var/full-version"
- echo $(cat "/go/var/full-version")
- name: Assume ECR - staging AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-staging
environment:
AWS_ACCESS_KEY_ID:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Assume ECR - authenticated-pull AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-authenticated-pull
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume ECR - staging AWS Role
- name: Assume S3 Download AWS Role for teleport
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Wait for docker
- Wait for docker registry
- Check out code
- Build full semver
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
image: alpine
commands:
- apk add curl
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport")
- curl -Ls -o "/go/build/Dockerfile-teleport" "https://raw.githubusercontent.com/gravitational/teleport/$DRONE_TAG/build.assets/charts/Dockerfile"
depends_on:
- Wait for docker
- Wait for docker registry
- Check out code
- Build full semver
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- name: Download "teleport_v11-tag_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v11-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v11-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v11-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v11-amd64-builder" --config "/tmp/teleport-v11-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-v11-amd64-builder" --target "teleport"
--platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v11-amd64-builder"
- rm -rf "/tmp/teleport-v11-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v11-tag_amd64.deb" artifacts from S3
- name: Download "teleport_v11-tag_arm.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v11-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v11-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v11-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v11-arm-builder" --config "/tmp/teleport-v11-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-v11-arm-builder" --target "teleport"
--platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v11-arm-builder"
- rm -rf "/tmp/teleport-v11-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v11-tag_arm.deb" artifacts from S3
- name: Download "teleport_v11-tag_arm64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v11-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v11-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v11-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v11-arm64-builder" --config "/tmp/teleport-v11-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-v11-arm64-builder" --target "teleport"
--platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v11-arm64-builder"
- rm -rf "/tmp/teleport-v11-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v11-tag_arm64.deb" artifacts from S3
- name: Tag and push image "teleport:v11-amd64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-amd64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v11-amd64"
- name: Tag and push image "teleport:v11-arm" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping'
|| (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v11-arm"
- name: Tag and push image "teleport:v11-arm64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v11-arm64"
- name: Create manifest and push "teleport:full" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping'
|| (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version") --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version"))
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to ECR - staging
- Tag and push image "teleport:v11-arm" to ECR - staging
- Tag and push image "teleport:v11-arm64" to ECR - staging
- name: Assume S3 Download AWS Role for teleport-ent
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport-ent
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Wait for docker
- Wait for docker registry
- Check out code
- Build full semver
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
image: alpine
commands:
- apk add curl
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent")
- curl -Ls -o "/go/build/Dockerfile-teleport-ent" "https://raw.githubusercontent.com/gravitational/teleport/$DRONE_TAG/build.assets/charts/Dockerfile"
depends_on:
- Wait for docker
- Wait for docker registry
- Check out code
- Build full semver
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- name: Download "teleport-ent_v11-tag_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v11-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v11-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v11-amd64-builder" --config "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-ent-v11-amd64-builder" --target
"teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v11-amd64-builder"
- rm -rf "/tmp/teleport-ent-v11-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v11-tag_amd64.deb" artifacts from S3
- name: Download "teleport-ent_v11-tag_arm.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v11-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v11-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v11-arm-builder" --config "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-ent-v11-arm-builder" --target "teleport"
--platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
--file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat
"/go/var/full-version")_arm.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v11-arm-builder"
- rm -rf "/tmp/teleport-ent-v11-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v11-tag_arm.deb" artifacts from S3
- name: Download "teleport-ent_v11-tag_arm64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v11-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v11-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v11-arm64-builder" --config "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-ent-v11-arm64-builder" --target
"teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v11-arm64-builder"
- rm -rf "/tmp/teleport-ent-v11-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v11-tag_arm64.deb" artifacts from S3
- name: Tag and push image "teleport-ent:v11-amd64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v11-amd64"
- name: Tag and push image "teleport-ent:v11-arm" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping'
|| (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v11-arm"
- name: Tag and push image "teleport-ent:v11-arm64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v11-arm64"
- name: Create manifest and push "teleport-ent:full" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping'
|| (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version") --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version"))
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to ECR - staging
- Tag and push image "teleport-ent:v11-arm" to ECR - staging
- Tag and push image "teleport-ent:v11-arm64" to ECR - staging
- name: Assume S3 Download AWS Role for teleport-ent-fips
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport-ent-fips
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Wait for docker
- Wait for docker registry
- Check out code
- Build full semver
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for
teleport-ent-fips
image: alpine
commands:
- apk add curl
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips")
- curl -Ls -o "/go/build/Dockerfile-teleport-ent-fips" "https://raw.githubusercontent.com/gravitational/teleport/$DRONE_TAG/build.assets/charts/Dockerfile"
depends_on:
- Wait for docker
- Wait for docker registry
- Check out code
- Build full semver
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- name: Download "teleport-ent_v11-tag-fips_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent-fips
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent-fips
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips
- name: Build teleport-ent-fips image "teleport-ent:v11-fips-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v11-fips-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v11-fips-amd64-builder" --config "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-ent-v11-fips-amd64-builder" --target
"teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips"
--build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v11-fips-amd64-builder"
- rm -rf "/tmp/teleport-ent-v11-fips-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v11-tag-fips_amd64.deb" artifacts from S3
- name: Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent-fips image "teleport-ent:v11-fips-amd64"
- name: Create manifest and push "teleport-ent:full-fips" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping'
|| (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging
- name: Build teleport-operator image "teleport-operator:v11-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v11-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v11-amd64-builder" --config "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-operator-v11-amd64-builder" --platform
"linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
--file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg
BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport12 --build-arg
COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v11-amd64-builder"
- rm -rf "/tmp/teleport-operator-v11-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Wait for docker
- Wait for docker registry
- Check out code
- Build full semver
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- name: Build teleport-operator image "teleport-operator:v11-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v11-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v11-arm-builder" --config "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-operator-v11-arm-builder" --platform
"linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
--file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg
BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport12 --build-arg
COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v11-arm-builder"
- rm -rf "/tmp/teleport-operator-v11-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Wait for docker
- Wait for docker registry
- Check out code
- Build full semver
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- name: Build teleport-operator image "teleport-operator:v11-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v11-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v11-arm64-builder" --config "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-operator-v11-arm64-builder" --platform
"linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
--file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg
BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport12 --build-arg
COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v11-arm64-builder"
- rm -rf "/tmp/teleport-operator-v11-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Wait for docker
- Wait for docker registry
- Check out code
- Build full semver
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- name: Tag and push image "teleport-operator:v11-amd64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v11-amd64"
- name: Tag and push image "teleport-operator:v11-arm" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping'
|| (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v11-arm"
- name: Tag and push image "teleport-operator:v11-arm64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v11-arm64"
- name: Create manifest and push "teleport-operator:full" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping'
|| (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version") --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version"))
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to ECR - staging
- Tag and push image "teleport-operator:v11-arm" to ECR - staging
- Tag and push image "teleport-operator:v11-arm64" to ECR - staging
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: drone-docker-registry
image: registry:2
privileged: false
volumes: []
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline)
################################################
kind: pipeline
type: kubernetes
name: teleport-container-images-branch-promote
environment:
DEBIAN_FRONTEND: noninteractive
trigger:
event:
include:
- promote
target:
include:
- production
- promote-docker
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Verify build is tagged
image: alpine:latest
commands:
- '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?''
&& exit 1)'
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- name: Wait for docker registry
image: alpine
commands:
- apk add curl
- timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)"
!= "200" ]; do sleep 1; done'
depends_on:
- Verify build is tagged
- name: Check out code
image: alpine/git:latest
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "$DRONE_TAG"
depends_on:
- Verify build is tagged
- name: Build major, minor, and full semvers
image: alpine
commands:
- mkdir -pv $(dirname "/go/var/major-version")
- echo $DRONE_TAG | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version"
- echo $(cat "/go/var/major-version")
- mkdir -pv $(dirname "/go/var/minor-version")
- echo $DRONE_TAG | sed 's/v//' | cut -d'.' -f "1,2" > "/go/var/minor-version"
- echo $(cat "/go/var/minor-version")
- mkdir -pv $(dirname "/go/var/full-version")
- echo $DRONE_TAG | sed 's/v//' > "/go/var/full-version"
- echo $(cat "/go/var/full-version")
depends_on:
- Verify build is tagged
- name: Assume ECR - staging AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-staging
environment:
AWS_ACCESS_KEY_ID:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Verify build is tagged
- name: Assume ECR - production AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-production
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume ECR - staging AWS Role
- Verify build is tagged
- name: Pull teleport:v11-amd64 and push it to Local Registry
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-amd64
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-amd64 drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
- docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - production AWS Role
- name: Pull teleport:v11-arm and push it to Local Registry
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-arm
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-arm drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - production AWS Role
- name: Pull teleport:v11-arm64 and push it to Local Registry
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-arm64
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-arm64 drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
- docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - production AWS Role
- name: Tag and push image "teleport:v11-amd64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport:v11-amd64 and push it to Local Registry
- name: Tag and push image "teleport:v11-arm" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport:v11-arm and push it to Local Registry
- name: Tag and push image "teleport:v11-arm64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport:v11-arm64 and push it to Local Registry
- name: Create manifest and push "teleport:major" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version")
--amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat
"/go/var/major-version")-arm64
- docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to Quay
- Tag and push image "teleport:v11-arm" to Quay
- Tag and push image "teleport:v11-arm64" to Quay
- name: Create manifest and push "teleport:minor" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version")
--amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat
"/go/var/minor-version")-arm64
- docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to Quay
- Tag and push image "teleport:v11-arm" to Quay
- Tag and push image "teleport:v11-arm64" to Quay
- name: Create manifest and push "teleport:full" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat
"/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
--amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 &&
docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version"))
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to Quay
- Tag and push image "teleport:v11-arm" to Quay
- Tag and push image "teleport:v11-arm64" to Quay
- name: Tag and push image "teleport:v11-amd64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport:v11-amd64 and push it to Local Registry
- name: Tag and push image "teleport:v11-arm" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport:v11-arm and push it to Local Registry
- name: Tag and push image "teleport:v11-arm64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport:v11-arm64 and push it to Local Registry
- name: Create manifest and push "teleport:major" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to ECR - production
- Tag and push image "teleport:v11-arm" to ECR - production
- Tag and push image "teleport:v11-arm64" to ECR - production
- name: Create manifest and push "teleport:minor" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to ECR - production
- Tag and push image "teleport:v11-arm" to ECR - production
- Tag and push image "teleport:v11-arm64" to ECR - production
- name: Create manifest and push "teleport:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker
manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to ECR - production
- Tag and push image "teleport:v11-arm" to ECR - production
- Tag and push image "teleport:v11-arm64" to ECR - production
- name: Pull teleport-ent:v11-amd64 and push it to Local Registry
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64 drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
- docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - production AWS Role
- name: Pull teleport-ent:v11-arm and push it to Local Registry
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
- docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - production AWS Role
- name: Pull teleport-ent:v11-arm64 and push it to Local Registry
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64 drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
- docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - production AWS Role
- name: Tag and push image "teleport-ent:v11-amd64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-ent:v11-amd64 and push it to Local Registry
- name: Tag and push image "teleport-ent:v11-arm" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-ent:v11-arm and push it to Local Registry
- name: Tag and push image "teleport-ent:v11-arm64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-ent:v11-arm64 and push it to Local Registry
- name: Create manifest and push "teleport-ent:major" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to Quay
- Tag and push image "teleport-ent:v11-arm" to Quay
- Tag and push image "teleport-ent:v11-arm64" to Quay
- name: Create manifest and push "teleport-ent:minor" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to Quay
- Tag and push image "teleport-ent:v11-arm" to Quay
- Tag and push image "teleport-ent:v11-arm64" to Quay
- name: Create manifest and push "teleport-ent:full" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat
"/go/var/full-version"))
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to Quay
- Tag and push image "teleport-ent:v11-arm" to Quay
- Tag and push image "teleport-ent:v11-arm64" to Quay
- name: Tag and push image "teleport-ent:v11-amd64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-ent:v11-amd64 and push it to Local Registry
- name: Tag and push image "teleport-ent:v11-arm" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
&& docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-ent:v11-arm and push it to Local Registry
- name: Tag and push image "teleport-ent:v11-arm64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-ent:v11-arm64 and push it to Local Registry
- name: Create manifest and push "teleport-ent:major" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to ECR - production
- Tag and push image "teleport-ent:v11-arm" to ECR - production
- Tag and push image "teleport-ent:v11-arm64" to ECR - production
- name: Create manifest and push "teleport-ent:minor" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to ECR - production
- Tag and push image "teleport-ent:v11-arm" to ECR - production
- Tag and push image "teleport-ent:v11-arm64" to ECR - production
- name: Create manifest and push "teleport-ent:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to ECR - production
- Tag and push image "teleport-ent:v11-arm" to ECR - production
- Tag and push image "teleport-ent:v11-arm64" to ECR - production
- name: Pull teleport-ent:v11-fips-amd64 and push it to Local Registry
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64
- docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - production AWS Role
- name: Tag and push image "teleport-ent:v11-fips-amd64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-ent:v11-fips-amd64 and push it to Local Registry
- name: Create manifest and push "teleport-ent:major-fips" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to Quay
- name: Create manifest and push "teleport-ent:minor-fips" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to Quay
- name: Create manifest and push "teleport-ent:full-fips" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 &&
docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips)
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to Quay
- name: Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-ent:v11-fips-amd64 and push it to Local Registry
- name: Create manifest and push "teleport-ent:major-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production
- name: Create manifest and push "teleport-ent:minor-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production
- name: Create manifest and push "teleport-ent:full-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips)
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production
- name: Pull teleport-operator:v11-amd64 and push it to Local Registry
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64 drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64
- docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - production AWS Role
- name: Pull teleport-operator:v11-arm and push it to Local Registry
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm
- docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - production AWS Role
- name: Pull teleport-operator:v11-arm64 and push it to Local Registry
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64 drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64
- docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Verify build is tagged
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - production AWS Role
- name: Tag and push image "teleport-operator:v11-amd64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
&& docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-operator:v11-amd64 and push it to Local Registry
- name: Tag and push image "teleport-operator:v11-arm" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
&& docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-operator:v11-arm and push it to Local Registry
- name: Tag and push image "teleport-operator:v11-arm64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
&& docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-operator:v11-arm64 and push it to Local Registry
- name: Create manifest and push "teleport-operator:major" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to Quay
- Tag and push image "teleport-operator:v11-arm" to Quay
- Tag and push image "teleport-operator:v11-arm64" to Quay
- name: Create manifest and push "teleport-operator:minor" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to Quay
- Tag and push image "teleport-operator:v11-arm" to Quay
- Tag and push image "teleport-operator:v11-arm64" to Quay
- name: Create manifest and push "teleport-operator:full" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend
quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend
quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend
quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 &&
docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version"))
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to Quay
- Tag and push image "teleport-operator:v11-arm" to Quay
- Tag and push image "teleport-operator:v11-arm64" to Quay
- name: Tag and push image "teleport-operator:v11-amd64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-operator:v11-amd64 and push it to Local Registry
- name: Tag and push image "teleport-operator:v11-arm" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-operator:v11-arm and push it to Local Registry
- name: Tag and push image "teleport-operator:v11-arm64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Pull teleport-operator:v11-arm64 and push it to Local Registry
- name: Create manifest and push "teleport-operator:major" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to ECR - production
- Tag and push image "teleport-operator:v11-arm" to ECR - production
- Tag and push image "teleport-operator:v11-arm64" to ECR - production
- name: Create manifest and push "teleport-operator:minor" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to ECR - production
- Tag and push image "teleport-operator:v11-arm" to ECR - production
- Tag and push image "teleport-operator:v11-arm64" to ECR - production
- name: Create manifest and push "teleport-operator:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
&& docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to ECR - production
- Tag and push image "teleport-operator:v11-arm" to ECR - production
- Tag and push image "teleport-operator:v11-arm64" to ECR - production
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: drone-docker-registry
image: registry:2
privileged: false
volumes: []
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline)
################################################
kind: pipeline
type: kubernetes
name: teleport-container-images-current-version-cron
environment:
DEBIAN_FRONTEND: noninteractive
trigger:
cron:
include:
- teleport-container-images-cron
repo:
include:
- gravitational/teleport
workspace:
path: /go
clone:
disable: true
steps:
- name: Find the latest available semver for v11
image: golang:1.18
commands:
- mkdir -pv "/tmp/teleport"
- cd "/tmp/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "branch/v11"
- mkdir -pv $(dirname "/go/vars/full-version-v11")
- cd "/tmp/teleport/build.assets/tooling/cmd/query-latest"
- go run . "v11" | sed 's/v//' > "/go/vars/full-version-v11"
- echo Found full semver "$(cat "/go/vars/full-version-v11")" for major version
"v11"
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
depends_on:
- Find the latest available semver for v11
- name: Wait for docker registry
image: alpine
commands:
- apk add curl
- timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)"
!= "200" ]; do sleep 1; done'
depends_on:
- Find the latest available semver for v11
- name: Check out code
image: alpine/git:latest
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "v$(cat '/go/vars/full-version-v11')"
depends_on:
- Find the latest available semver for v11
- name: Build major, minor, and full semvers
image: alpine
commands:
- mkdir -pv $(dirname "/go/var/major-version")
- echo v$(cat '/go/vars/full-version-v11') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version"
- echo $(cat "/go/var/major-version")
- mkdir -pv $(dirname "/go/var/minor-version")
- echo v$(cat '/go/vars/full-version-v11') | sed 's/v//' | cut -d'.' -f "1,2" >
"/go/var/minor-version"
- echo $(cat "/go/var/minor-version")
- mkdir -pv $(dirname "/go/var/full-version")
- echo v$(cat '/go/vars/full-version-v11') | sed 's/v//' > "/go/var/full-version"
- echo $(cat "/go/var/full-version")
depends_on:
- Find the latest available semver for v11
- name: Assume ECR - staging AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-staging
environment:
AWS_ACCESS_KEY_ID:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v11
- name: Assume ECR - authenticated-pull AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-authenticated-pull
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume ECR - staging AWS Role
- Find the latest available semver for v11
- name: Assume ECR - production AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-production
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v11
- name: Assume S3 Download AWS Role for teleport
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v11
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
image: alpine
commands:
- apk add curl
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport")
- curl -Ls -o "/go/build/Dockerfile-teleport" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat
'/go/vars/full-version-v11')/build.assets/charts/Dockerfile"
depends_on:
- Find the latest available semver for v11
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download "teleport_v11-tag_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v11-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v11-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v11-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v11-amd64-builder" --config "/tmp/teleport-v11-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-v11-amd64-builder" --target "teleport"
--platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v11-amd64-builder"
- rm -rf "/tmp/teleport-v11-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v11-tag_amd64.deb" artifacts from S3
- name: Download "teleport_v11-tag_arm.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v11-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v11-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v11-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v11-arm-builder" --config "/tmp/teleport-v11-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-v11-arm-builder" --target "teleport"
--platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v11-arm-builder"
- rm -rf "/tmp/teleport-v11-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v11-tag_arm.deb" artifacts from S3
- name: Download "teleport_v11-tag_arm64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v11-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v11-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v11-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v11-arm64-builder" --config "/tmp/teleport-v11-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-v11-arm64-builder" --target "teleport"
--platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v11-arm64-builder"
- rm -rf "/tmp/teleport-v11-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v11-tag_arm64.deb" artifacts from S3
- name: Tag and push image "teleport:v11-amd64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v11-amd64"
- name: Tag and push image "teleport:v11-arm" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v11-arm"
- name: Tag and push image "teleport:v11-arm64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v11-arm64"
- name: Create manifest and push "teleport:major-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to ECR - staging
- Tag and push image "teleport:v11-arm" to ECR - staging
- Tag and push image "teleport:v11-arm64" to ECR - staging
- name: Create manifest and push "teleport:minor-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to ECR - staging
- Tag and push image "teleport:v11-arm" to ECR - staging
- Tag and push image "teleport:v11-arm64" to ECR - staging
- name: Create manifest and push "teleport:full-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to ECR - staging
- Tag and push image "teleport:v11-arm" to ECR - staging
- Tag and push image "teleport:v11-arm64" to ECR - staging
- name: Tag and push image "teleport:v11-amd64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v11-amd64"
- name: Tag and push image "teleport:v11-arm" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v11-arm"
- name: Tag and push image "teleport:v11-arm64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v11-arm64"
- name: Create manifest and push "teleport:major" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version")
--amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat
"/go/var/major-version")-arm64
- docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to Quay
- Tag and push image "teleport:v11-arm" to Quay
- Tag and push image "teleport:v11-arm64" to Quay
- name: Create manifest and push "teleport:minor" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version")
--amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat
"/go/var/minor-version")-arm64
- docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to Quay
- Tag and push image "teleport:v11-arm" to Quay
- Tag and push image "teleport:v11-arm64" to Quay
- name: Create manifest and push "teleport:full" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat
"/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
--amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 &&
docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version"))
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to Quay
- Tag and push image "teleport:v11-arm" to Quay
- Tag and push image "teleport:v11-arm64" to Quay
- name: Tag and push image "teleport:v11-amd64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v11-amd64"
- name: Tag and push image "teleport:v11-arm" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v11-arm"
- name: Tag and push image "teleport:v11-arm64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v11-arm64"
- name: Create manifest and push "teleport:major" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to ECR - production
- Tag and push image "teleport:v11-arm" to ECR - production
- Tag and push image "teleport:v11-arm64" to ECR - production
- name: Create manifest and push "teleport:minor" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to ECR - production
- Tag and push image "teleport:v11-arm" to ECR - production
- Tag and push image "teleport:v11-arm64" to ECR - production
- name: Create manifest and push "teleport:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker
manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v11-amd64" to ECR - production
- Tag and push image "teleport:v11-arm" to ECR - production
- Tag and push image "teleport:v11-arm64" to ECR - production
- name: Assume S3 Download AWS Role for teleport-ent
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport-ent
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v11
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
image: alpine
commands:
- apk add curl
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent")
- curl -Ls -o "/go/build/Dockerfile-teleport-ent" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat
'/go/vars/full-version-v11')/build.assets/charts/Dockerfile"
depends_on:
- Find the latest available semver for v11
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download "teleport-ent_v11-tag_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v11-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v11-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v11-amd64-builder" --config "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-ent-v11-amd64-builder" --target
"teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v11-amd64-builder"
- rm -rf "/tmp/teleport-ent-v11-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v11-tag_amd64.deb" artifacts from S3
- name: Download "teleport-ent_v11-tag_arm.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v11-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v11-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v11-arm-builder" --config "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-ent-v11-arm-builder" --target "teleport"
--platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
--file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat
"/go/var/full-version")_arm.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v11-arm-builder"
- rm -rf "/tmp/teleport-ent-v11-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v11-tag_arm.deb" artifacts from S3
- name: Download "teleport-ent_v11-tag_arm64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v11-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v11-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v11-arm64-builder" --config "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-ent-v11-arm64-builder" --target
"teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v11-arm64-builder"
- rm -rf "/tmp/teleport-ent-v11-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v11-tag_arm64.deb" artifacts from S3
- name: Tag and push image "teleport-ent:v11-amd64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v11-amd64"
- name: Tag and push image "teleport-ent:v11-arm" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v11-arm"
- name: Tag and push image "teleport-ent:v11-arm64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v11-arm64"
- name: Create manifest and push "teleport-ent:major-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to ECR - staging
- Tag and push image "teleport-ent:v11-arm" to ECR - staging
- Tag and push image "teleport-ent:v11-arm64" to ECR - staging
- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to ECR - staging
- Tag and push image "teleport-ent:v11-arm" to ECR - staging
- Tag and push image "teleport-ent:v11-arm64" to ECR - staging
- name: Create manifest and push "teleport-ent:full-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to ECR - staging
- Tag and push image "teleport-ent:v11-arm" to ECR - staging
- Tag and push image "teleport-ent:v11-arm64" to ECR - staging
- name: Tag and push image "teleport-ent:v11-amd64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v11-amd64"
- name: Tag and push image "teleport-ent:v11-arm" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v11-arm"
- name: Tag and push image "teleport-ent:v11-arm64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v11-arm64"
- name: Create manifest and push "teleport-ent:major" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to Quay
- Tag and push image "teleport-ent:v11-arm" to Quay
- Tag and push image "teleport-ent:v11-arm64" to Quay
- name: Create manifest and push "teleport-ent:minor" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to Quay
- Tag and push image "teleport-ent:v11-arm" to Quay
- Tag and push image "teleport-ent:v11-arm64" to Quay
- name: Create manifest and push "teleport-ent:full" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat
"/go/var/full-version"))
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to Quay
- Tag and push image "teleport-ent:v11-arm" to Quay
- Tag and push image "teleport-ent:v11-arm64" to Quay
- name: Tag and push image "teleport-ent:v11-amd64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v11-amd64"
- name: Tag and push image "teleport-ent:v11-arm" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
&& docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v11-arm"
- name: Tag and push image "teleport-ent:v11-arm64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v11-arm64"
- name: Create manifest and push "teleport-ent:major" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to ECR - production
- Tag and push image "teleport-ent:v11-arm" to ECR - production
- Tag and push image "teleport-ent:v11-arm64" to ECR - production
- name: Create manifest and push "teleport-ent:minor" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to ECR - production
- Tag and push image "teleport-ent:v11-arm" to ECR - production
- Tag and push image "teleport-ent:v11-arm64" to ECR - production
- name: Create manifest and push "teleport-ent:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-amd64" to ECR - production
- Tag and push image "teleport-ent:v11-arm" to ECR - production
- Tag and push image "teleport-ent:v11-arm64" to ECR - production
- name: Assume S3 Download AWS Role for teleport-ent-fips
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport-ent-fips
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v11
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for
teleport-ent-fips
image: alpine
commands:
- apk add curl
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips")
- curl -Ls -o "/go/build/Dockerfile-teleport-ent-fips" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat
'/go/vars/full-version-v11')/build.assets/charts/Dockerfile"
depends_on:
- Find the latest available semver for v11
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download "teleport-ent_v11-tag-fips_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent-fips
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent-fips
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips
- name: Build teleport-ent-fips image "teleport-ent:v11-fips-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v11-fips-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v11-fips-amd64-builder" --config "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-ent-v11-fips-amd64-builder" --target
"teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips"
--build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v11-fips-amd64-builder"
- rm -rf "/tmp/teleport-ent-v11-fips-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v11-tag-fips_amd64.deb" artifacts from S3
- name: Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent-fips image "teleport-ent:v11-fips-amd64"
- name: Create manifest and push "teleport-ent:major-$TIMESTAMP-fips" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging
- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP-fips" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging
- name: Create manifest and push "teleport-ent:full-$TIMESTAMP-fips" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging
- name: Tag and push image "teleport-ent:v11-fips-amd64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent-fips image "teleport-ent:v11-fips-amd64"
- name: Create manifest and push "teleport-ent:major-fips" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to Quay
- name: Create manifest and push "teleport-ent:minor-fips" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to Quay
- name: Create manifest and push "teleport-ent:full-fips" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 &&
docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips)
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to Quay
- name: Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent-fips image "teleport-ent:v11-fips-amd64"
- name: Create manifest and push "teleport-ent:major-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production
- name: Create manifest and push "teleport-ent:minor-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production
- name: Create manifest and push "teleport-ent:full-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips)
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production
- name: Build teleport-operator image "teleport-operator:v11-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v11-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v11-amd64-builder" --config "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-operator-v11-amd64-builder" --platform
"linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
--file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg
BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport12 --build-arg
COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v11-amd64-builder"
- rm -rf "/tmp/teleport-operator-v11-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v11
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Build teleport-operator image "teleport-operator:v11-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v11-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v11-arm-builder" --config "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-operator-v11-arm-builder" --platform
"linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
--file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg
BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport12 --build-arg
COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v11-arm-builder"
- rm -rf "/tmp/teleport-operator-v11-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v11
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Build teleport-operator image "teleport-operator:v11-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v11-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v11-arm64-builder" --config "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-operator-v11-arm64-builder" --platform
"linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
--file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg
BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport12 --build-arg
COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v11-arm64-builder"
- rm -rf "/tmp/teleport-operator-v11-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v11
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Tag and push image "teleport-operator:v11-amd64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v11-amd64"
- name: Tag and push image "teleport-operator:v11-arm" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v11-arm"
- name: Tag and push image "teleport-operator:v11-arm64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v11-arm64"
- name: Create manifest and push "teleport-operator:major-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to ECR - staging
- Tag and push image "teleport-operator:v11-arm" to ECR - staging
- Tag and push image "teleport-operator:v11-arm64" to ECR - staging
- name: Create manifest and push "teleport-operator:minor-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to ECR - staging
- Tag and push image "teleport-operator:v11-arm" to ECR - staging
- Tag and push image "teleport-operator:v11-arm64" to ECR - staging
- name: Create manifest and push "teleport-operator:full-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to ECR - staging
- Tag and push image "teleport-operator:v11-arm" to ECR - staging
- Tag and push image "teleport-operator:v11-arm64" to ECR - staging
- name: Tag and push image "teleport-operator:v11-amd64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
&& docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v11-amd64"
- name: Tag and push image "teleport-operator:v11-arm" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
&& docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v11-arm"
- name: Tag and push image "teleport-operator:v11-arm64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
&& docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v11-arm64"
- name: Create manifest and push "teleport-operator:major" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to Quay
- Tag and push image "teleport-operator:v11-arm" to Quay
- Tag and push image "teleport-operator:v11-arm64" to Quay
- name: Create manifest and push "teleport-operator:minor" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to Quay
- Tag and push image "teleport-operator:v11-arm" to Quay
- Tag and push image "teleport-operator:v11-arm64" to Quay
- name: Create manifest and push "teleport-operator:full" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend
quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend
quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend
quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 &&
docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version"))
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to Quay
- Tag and push image "teleport-operator:v11-arm" to Quay
- Tag and push image "teleport-operator:v11-arm64" to Quay
- name: Tag and push image "teleport-operator:v11-amd64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v11-amd64"
- name: Tag and push image "teleport-operator:v11-arm" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v11-arm"
- name: Tag and push image "teleport-operator:v11-arm64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v11-arm64"
- name: Create manifest and push "teleport-operator:major" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to ECR - production
- Tag and push image "teleport-operator:v11-arm" to ECR - production
- Tag and push image "teleport-operator:v11-arm64" to ECR - production
- name: Create manifest and push "teleport-operator:minor" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to ECR - production
- Tag and push image "teleport-operator:v11-arm" to ECR - production
- Tag and push image "teleport-operator:v11-arm64" to ECR - production
- name: Create manifest and push "teleport-operator:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
&& docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v11-amd64" to ECR - production
- Tag and push image "teleport-operator:v11-arm" to ECR - production
- Tag and push image "teleport-operator:v11-arm64" to ECR - production
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: drone-docker-registry
image: registry:2
privileged: false
volumes: []
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline)
################################################
kind: pipeline
type: kubernetes
name: teleport-container-images-previous-version-1-cron
environment:
DEBIAN_FRONTEND: noninteractive
trigger:
cron:
include:
- teleport-container-images-cron
repo:
include:
- gravitational/teleport
workspace:
path: /go
clone:
disable: true
steps:
- name: Find the latest available semver for v10
image: golang:1.18
commands:
- mkdir -pv "/tmp/teleport"
- cd "/tmp/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "branch/v10"
- mkdir -pv $(dirname "/go/vars/full-version-v10")
- cd "/tmp/teleport/build.assets/tooling/cmd/query-latest"
- go run . "v10" | sed 's/v//' > "/go/vars/full-version-v10"
- echo Found full semver "$(cat "/go/vars/full-version-v10")" for major version
"v10"
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
depends_on:
- Find the latest available semver for v10
- name: Wait for docker registry
image: alpine
commands:
- apk add curl
- timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)"
!= "200" ]; do sleep 1; done'
depends_on:
- Find the latest available semver for v10
- name: Check out code
image: alpine/git:latest
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "v$(cat '/go/vars/full-version-v10')"
depends_on:
- Find the latest available semver for v10
- name: Build major, minor, and full semvers
image: alpine
commands:
- mkdir -pv $(dirname "/go/var/major-version")
- echo v$(cat '/go/vars/full-version-v10') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version"
- echo $(cat "/go/var/major-version")
- mkdir -pv $(dirname "/go/var/minor-version")
- echo v$(cat '/go/vars/full-version-v10') | sed 's/v//' | cut -d'.' -f "1,2" >
"/go/var/minor-version"
- echo $(cat "/go/var/minor-version")
- mkdir -pv $(dirname "/go/var/full-version")
- echo v$(cat '/go/vars/full-version-v10') | sed 's/v//' > "/go/var/full-version"
- echo $(cat "/go/var/full-version")
depends_on:
- Find the latest available semver for v10
- name: Assume ECR - staging AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-staging
environment:
AWS_ACCESS_KEY_ID:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v10
- name: Assume ECR - authenticated-pull AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-authenticated-pull
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume ECR - staging AWS Role
- Find the latest available semver for v10
- name: Assume ECR - production AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-production
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v10
- name: Assume S3 Download AWS Role for teleport
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v10
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
image: alpine
commands:
- apk add curl
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport")
- curl -Ls -o "/go/build/Dockerfile-teleport" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat
'/go/vars/full-version-v10')/build.assets/charts/Dockerfile"
depends_on:
- Find the latest available semver for v10
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download "teleport_v10-tag_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v10-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v10-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v10-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v10-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v10-amd64-builder" --config "/tmp/teleport-v10-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-v10-amd64-builder" --target "teleport"
--platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v10-amd64-builder"
- rm -rf "/tmp/teleport-v10-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v10-tag_amd64.deb" artifacts from S3
- name: Download "teleport_v10-tag_arm.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v10-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v10-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v10-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v10-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v10-arm-builder" --config "/tmp/teleport-v10-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-v10-arm-builder" --target "teleport"
--platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v10-arm-builder"
- rm -rf "/tmp/teleport-v10-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v10-tag_arm.deb" artifacts from S3
- name: Download "teleport_v10-tag_arm64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v10-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v10-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v10-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v10-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v10-arm64-builder" --config "/tmp/teleport-v10-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-v10-arm64-builder" --target "teleport"
--platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v10-arm64-builder"
- rm -rf "/tmp/teleport-v10-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v10-tag_arm64.deb" artifacts from S3
- name: Tag and push image "teleport:v10-amd64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v10-amd64"
- name: Tag and push image "teleport:v10-arm" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v10-arm"
- name: Tag and push image "teleport:v10-arm64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v10-arm64"
- name: Create manifest and push "teleport:major-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v10-amd64" to ECR - staging
- Tag and push image "teleport:v10-arm" to ECR - staging
- Tag and push image "teleport:v10-arm64" to ECR - staging
- name: Create manifest and push "teleport:minor-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v10-amd64" to ECR - staging
- Tag and push image "teleport:v10-arm" to ECR - staging
- Tag and push image "teleport:v10-arm64" to ECR - staging
- name: Create manifest and push "teleport:full-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v10-amd64" to ECR - staging
- Tag and push image "teleport:v10-arm" to ECR - staging
- Tag and push image "teleport:v10-arm64" to ECR - staging
- name: Tag and push image "teleport:v10-amd64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v10-amd64"
- name: Tag and push image "teleport:v10-arm" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v10-arm"
- name: Tag and push image "teleport:v10-arm64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v10-arm64"
- name: Create manifest and push "teleport:major" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version")
--amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat
"/go/var/major-version")-arm64
- docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v10-amd64" to Quay
- Tag and push image "teleport:v10-arm" to Quay
- Tag and push image "teleport:v10-arm64" to Quay
- name: Create manifest and push "teleport:minor" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version")
--amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat
"/go/var/minor-version")-arm64
- docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v10-amd64" to Quay
- Tag and push image "teleport:v10-arm" to Quay
- Tag and push image "teleport:v10-arm64" to Quay
- name: Create manifest and push "teleport:full" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat
"/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
--amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 &&
docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version"))
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v10-amd64" to Quay
- Tag and push image "teleport:v10-arm" to Quay
- Tag and push image "teleport:v10-arm64" to Quay
- name: Tag and push image "teleport:v10-amd64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v10-amd64"
- name: Tag and push image "teleport:v10-arm" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v10-arm"
- name: Tag and push image "teleport:v10-arm64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v10-arm64"
- name: Create manifest and push "teleport:major" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v10-amd64" to ECR - production
- Tag and push image "teleport:v10-arm" to ECR - production
- Tag and push image "teleport:v10-arm64" to ECR - production
- name: Create manifest and push "teleport:minor" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v10-amd64" to ECR - production
- Tag and push image "teleport:v10-arm" to ECR - production
- Tag and push image "teleport:v10-arm64" to ECR - production
- name: Create manifest and push "teleport:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker
manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v10-amd64" to ECR - production
- Tag and push image "teleport:v10-arm" to ECR - production
- Tag and push image "teleport:v10-arm64" to ECR - production
- name: Assume S3 Download AWS Role for teleport-ent
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport-ent
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v10
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
image: alpine
commands:
- apk add curl
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent")
- curl -Ls -o "/go/build/Dockerfile-teleport-ent" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat
'/go/vars/full-version-v10')/build.assets/charts/Dockerfile"
depends_on:
- Find the latest available semver for v10
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download "teleport-ent_v10-tag_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v10-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v10-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v10-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v10-amd64-builder" --config "/tmp/teleport-ent-v10-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-ent-v10-amd64-builder" --target
"teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v10-amd64-builder"
- rm -rf "/tmp/teleport-ent-v10-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v10-tag_amd64.deb" artifacts from S3
- name: Download "teleport-ent_v10-tag_arm.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v10-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v10-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v10-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v10-arm-builder" --config "/tmp/teleport-ent-v10-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-ent-v10-arm-builder" --target "teleport"
--platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
--file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat
"/go/var/full-version")_arm.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v10-arm-builder"
- rm -rf "/tmp/teleport-ent-v10-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v10-tag_arm.deb" artifacts from S3
- name: Download "teleport-ent_v10-tag_arm64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v10-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v10-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v10-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v10-arm64-builder" --config "/tmp/teleport-ent-v10-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-ent-v10-arm64-builder" --target
"teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v10-arm64-builder"
- rm -rf "/tmp/teleport-ent-v10-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v10-tag_arm64.deb" artifacts from S3
- name: Tag and push image "teleport-ent:v10-amd64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v10-amd64"
- name: Tag and push image "teleport-ent:v10-arm" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v10-arm"
- name: Tag and push image "teleport-ent:v10-arm64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v10-arm64"
- name: Create manifest and push "teleport-ent:major-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v10-amd64" to ECR - staging
- Tag and push image "teleport-ent:v10-arm" to ECR - staging
- Tag and push image "teleport-ent:v10-arm64" to ECR - staging
- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v10-amd64" to ECR - staging
- Tag and push image "teleport-ent:v10-arm" to ECR - staging
- Tag and push image "teleport-ent:v10-arm64" to ECR - staging
- name: Create manifest and push "teleport-ent:full-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v10-amd64" to ECR - staging
- Tag and push image "teleport-ent:v10-arm" to ECR - staging
- Tag and push image "teleport-ent:v10-arm64" to ECR - staging
- name: Tag and push image "teleport-ent:v10-amd64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v10-amd64"
- name: Tag and push image "teleport-ent:v10-arm" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v10-arm"
- name: Tag and push image "teleport-ent:v10-arm64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v10-arm64"
- name: Create manifest and push "teleport-ent:major" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v10-amd64" to Quay
- Tag and push image "teleport-ent:v10-arm" to Quay
- Tag and push image "teleport-ent:v10-arm64" to Quay
- name: Create manifest and push "teleport-ent:minor" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v10-amd64" to Quay
- Tag and push image "teleport-ent:v10-arm" to Quay
- Tag and push image "teleport-ent:v10-arm64" to Quay
- name: Create manifest and push "teleport-ent:full" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat
"/go/var/full-version"))
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v10-amd64" to Quay
- Tag and push image "teleport-ent:v10-arm" to Quay
- Tag and push image "teleport-ent:v10-arm64" to Quay
- name: Tag and push image "teleport-ent:v10-amd64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v10-amd64"
- name: Tag and push image "teleport-ent:v10-arm" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
&& docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v10-arm"
- name: Tag and push image "teleport-ent:v10-arm64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v10-arm64"
- name: Create manifest and push "teleport-ent:major" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v10-amd64" to ECR - production
- Tag and push image "teleport-ent:v10-arm" to ECR - production
- Tag and push image "teleport-ent:v10-arm64" to ECR - production
- name: Create manifest and push "teleport-ent:minor" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v10-amd64" to ECR - production
- Tag and push image "teleport-ent:v10-arm" to ECR - production
- Tag and push image "teleport-ent:v10-arm64" to ECR - production
- name: Create manifest and push "teleport-ent:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v10-amd64" to ECR - production
- Tag and push image "teleport-ent:v10-arm" to ECR - production
- Tag and push image "teleport-ent:v10-arm64" to ECR - production
- name: Assume S3 Download AWS Role for teleport-ent-fips
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport-ent-fips
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v10
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for
teleport-ent-fips
image: alpine
commands:
- apk add curl
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips")
- curl -Ls -o "/go/build/Dockerfile-teleport-ent-fips" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat
'/go/vars/full-version-v10')/build.assets/charts/Dockerfile"
depends_on:
- Find the latest available semver for v10
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download "teleport-ent_v10-tag-fips_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent-fips
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent-fips
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips
- name: Build teleport-ent-fips image "teleport-ent:v10-fips-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v10-fips-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-fips-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v10-fips-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v10-fips-amd64-builder" --config "/tmp/teleport-ent-v10-fips-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-ent-v10-fips-amd64-builder" --target
"teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips"
--build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v10-fips-amd64-builder"
- rm -rf "/tmp/teleport-ent-v10-fips-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v10-tag-fips_amd64.deb" artifacts from S3
- name: Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent-fips image "teleport-ent:v10-fips-amd64"
- name: Create manifest and push "teleport-ent:major-$TIMESTAMP-fips" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging
- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP-fips" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging
- name: Create manifest and push "teleport-ent:full-$TIMESTAMP-fips" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging
- name: Tag and push image "teleport-ent:v10-fips-amd64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent-fips image "teleport-ent:v10-fips-amd64"
- name: Create manifest and push "teleport-ent:major-fips" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v10-fips-amd64" to Quay
- name: Create manifest and push "teleport-ent:minor-fips" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v10-fips-amd64" to Quay
- name: Create manifest and push "teleport-ent:full-fips" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 &&
docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips)
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v10-fips-amd64" to Quay
- name: Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent-fips image "teleport-ent:v10-fips-amd64"
- name: Create manifest and push "teleport-ent:major-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production
- name: Create manifest and push "teleport-ent:minor-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production
- name: Create manifest and push "teleport-ent:full-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips)
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production
- name: Build teleport-operator image "teleport-operator:v10-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v10-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v10-amd64-builder" --config "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-operator-v10-amd64-builder" --platform
"linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
--file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg
BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport12 --build-arg
COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v10-amd64-builder"
- rm -rf "/tmp/teleport-operator-v10-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v10
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Build teleport-operator image "teleport-operator:v10-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v10-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v10-arm-builder" --config "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-operator-v10-arm-builder" --platform
"linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
--file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg
BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport12 --build-arg
COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v10-arm-builder"
- rm -rf "/tmp/teleport-operator-v10-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v10
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Build teleport-operator image "teleport-operator:v10-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
- mkdir -pv "/tmp/teleport-operator-v10-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-operator-v10-arm64-builder" --config "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-operator-v10-arm64-builder" --platform
"linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
--file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg
BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport12 --build-arg
COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-operator-v10-arm64-builder"
- rm -rf "/tmp/teleport-operator-v10-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v10
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Tag and push image "teleport-operator:v10-amd64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v10-amd64"
- name: Tag and push image "teleport-operator:v10-arm" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v10-arm"
- name: Tag and push image "teleport-operator:v10-arm64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v10-arm64"
- name: Create manifest and push "teleport-operator:major-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/major-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v10-amd64" to ECR - staging
- Tag and push image "teleport-operator:v10-arm" to ECR - staging
- Tag and push image "teleport-operator:v10-arm64" to ECR - staging
- name: Create manifest and push "teleport-operator:minor-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/minor-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v10-amd64" to ECR - staging
- Tag and push image "teleport-operator:v10-arm" to ECR - staging
- Tag and push image "teleport-operator:v10-arm64" to ECR - staging
- name: Create manifest and push "teleport-operator:full-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
"/go/var/full-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v10-amd64" to ECR - staging
- Tag and push image "teleport-operator:v10-arm" to ECR - staging
- Tag and push image "teleport-operator:v10-arm64" to ECR - staging
- name: Tag and push image "teleport-operator:v10-amd64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
&& docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v10-amd64"
- name: Tag and push image "teleport-operator:v10-arm" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
&& docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v10-arm"
- name: Tag and push image "teleport-operator:v10-arm64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
&& docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v10-arm64"
- name: Create manifest and push "teleport-operator:major" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v10-amd64" to Quay
- Tag and push image "teleport-operator:v10-arm" to Quay
- Tag and push image "teleport-operator:v10-arm64" to Quay
- name: Create manifest and push "teleport-operator:minor" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v10-amd64" to Quay
- Tag and push image "teleport-operator:v10-arm" to Quay
- Tag and push image "teleport-operator:v10-arm64" to Quay
- name: Create manifest and push "teleport-operator:full" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend
quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend
quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend
quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 &&
docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version"))
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v10-amd64" to Quay
- Tag and push image "teleport-operator:v10-arm" to Quay
- Tag and push image "teleport-operator:v10-arm64" to Quay
- name: Tag and push image "teleport-operator:v10-amd64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v10-amd64"
- name: Tag and push image "teleport-operator:v10-arm" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v10-arm"
- name: Tag and push image "teleport-operator:v10-arm64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
"/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-operator image "teleport-operator:v10-arm64"
- name: Create manifest and push "teleport-operator:major" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v10-amd64" to ECR - production
- Tag and push image "teleport-operator:v10-arm" to ECR - production
- Tag and push image "teleport-operator:v10-arm64" to ECR - production
- name: Create manifest and push "teleport-operator:minor" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v10-amd64" to ECR - production
- Tag and push image "teleport-operator:v10-arm" to ECR - production
- Tag and push image "teleport-operator:v10-arm64" to ECR - production
- name: Create manifest and push "teleport-operator:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
&& docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-operator:v10-amd64" to ECR - production
- Tag and push image "teleport-operator:v10-arm" to ECR - production
- Tag and push image "teleport-operator:v10-arm64" to ECR - production
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: drone-docker-registry
image: registry:2
privileged: false
volumes: []
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline)
################################################
kind: pipeline
type: kubernetes
name: teleport-container-images-previous-version-2-cron
environment:
DEBIAN_FRONTEND: noninteractive
trigger:
cron:
include:
- teleport-container-images-cron
repo:
include:
- gravitational/teleport
workspace:
path: /go
clone:
disable: true
steps:
- name: Find the latest available semver for v9
image: golang:1.18
commands:
- mkdir -pv "/tmp/teleport"
- cd "/tmp/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "branch/v9"
- mkdir -pv $(dirname "/go/vars/full-version-v9")
- cd "/tmp/teleport/build.assets/tooling/cmd/query-latest"
- go run . "v9" | sed 's/v//' > "/go/vars/full-version-v9"
- echo Found full semver "$(cat "/go/vars/full-version-v9")" for major version "v9"
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
depends_on:
- Find the latest available semver for v9
- name: Wait for docker registry
image: alpine
commands:
- apk add curl
- timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)"
!= "200" ]; do sleep 1; done'
depends_on:
- Find the latest available semver for v9
- name: Check out code
image: alpine/git:latest
commands:
- mkdir -pv "/go/src/github.com/gravitational/teleport"
- cd "/go/src/github.com/gravitational/teleport"
- git init
- git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin --tags
- git checkout -qf "v$(cat '/go/vars/full-version-v9')"
depends_on:
- Find the latest available semver for v9
- name: Build major, minor, and full semvers
image: alpine
commands:
- mkdir -pv $(dirname "/go/var/major-version")
- echo v$(cat '/go/vars/full-version-v9') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version"
- echo $(cat "/go/var/major-version")
- mkdir -pv $(dirname "/go/var/minor-version")
- echo v$(cat '/go/vars/full-version-v9') | sed 's/v//' | cut -d'.' -f "1,2" > "/go/var/minor-version"
- echo $(cat "/go/var/minor-version")
- mkdir -pv $(dirname "/go/var/full-version")
- echo v$(cat '/go/vars/full-version-v9') | sed 's/v//' > "/go/var/full-version"
- echo $(cat "/go/var/full-version")
depends_on:
- Find the latest available semver for v9
- name: Assume ECR - staging AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-staging
environment:
AWS_ACCESS_KEY_ID:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v9
- name: Assume ECR - authenticated-pull AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-authenticated-pull
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume ECR - staging AWS Role
- Find the latest available semver for v9
- name: Assume ECR - production AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile ecr-production
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
AWS_ROLE:
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Find the latest available semver for v9
- name: Assume S3 Download AWS Role for teleport
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v9
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
image: alpine
commands:
- apk add curl
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport")
- curl -Ls -o "/go/build/Dockerfile-teleport" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat
'/go/vars/full-version-v9')/build.assets/charts/Dockerfile"
depends_on:
- Find the latest available semver for v9
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download "teleport_v9-tag_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v9-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v9-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v9-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v9-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v9-amd64-builder" --config "/tmp/teleport-v9-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-v9-amd64-builder" --target "teleport"
--platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v9-amd64-builder"
- rm -rf "/tmp/teleport-v9-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v9-tag_amd64.deb" artifacts from S3
- name: Download "teleport_v9-tag_arm.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v9-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v9-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v9-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v9-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v9-arm-builder" --config "/tmp/teleport-v9-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-v9-arm-builder" --target "teleport"
--platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v9-arm-builder"
- rm -rf "/tmp/teleport-v9-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v9-tag_arm.deb" artifacts from S3
- name: Download "teleport_v9-tag_arm64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
"/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb
environment:
AWS_PROFILE: s3-download-teleport
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
- name: Build teleport image "teleport:v9-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-v9-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v9-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-v9-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-v9-arm64-builder" --config "/tmp/teleport-v9-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-v9-arm64-builder" --target "teleport"
--platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-v9-arm64-builder"
- rm -rf "/tmp/teleport-v9-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport_v9-tag_arm64.deb" artifacts from S3
- name: Tag and push image "teleport:v9-amd64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v9-amd64"
- name: Tag and push image "teleport:v9-arm" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v9-arm"
- name: Tag and push image "teleport:v9-arm64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v9-arm64"
- name: Create manifest and push "teleport:major-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/major-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v9-amd64" to ECR - staging
- Tag and push image "teleport:v9-arm" to ECR - staging
- Tag and push image "teleport:v9-arm64" to ECR - staging
- name: Create manifest and push "teleport:minor-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/minor-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v9-amd64" to ECR - staging
- Tag and push image "teleport:v9-arm" to ECR - staging
- Tag and push image "teleport:v9-arm64" to ECR - staging
- name: Create manifest and push "teleport:full-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
"/go/var/full-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v9-amd64" to ECR - staging
- Tag and push image "teleport:v9-arm" to ECR - staging
- Tag and push image "teleport:v9-arm64" to ECR - staging
- name: Tag and push image "teleport:v9-amd64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v9-amd64"
- name: Tag and push image "teleport:v9-arm" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v9-arm"
- name: Tag and push image "teleport:v9-arm64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v9-arm64"
- name: Create manifest and push "teleport:major" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version")
--amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat
"/go/var/major-version")-arm64
- docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v9-amd64" to Quay
- Tag and push image "teleport:v9-arm" to Quay
- Tag and push image "teleport:v9-arm64" to Quay
- name: Create manifest and push "teleport:minor" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version")
--amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat
"/go/var/minor-version")-arm64
- docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v9-amd64" to Quay
- Tag and push image "teleport:v9-arm" to Quay
- Tag and push image "teleport:v9-arm64" to Quay
- name: Create manifest and push "teleport:full" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat
"/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
--amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 &&
docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version"))
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v9-amd64" to Quay
- Tag and push image "teleport:v9-arm" to Quay
- Tag and push image "teleport:v9-arm64" to Quay
- name: Tag and push image "teleport:v9-amd64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v9-amd64"
- name: Tag and push image "teleport:v9-arm" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v9-arm"
- name: Tag and push image "teleport:v9-arm64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport image "teleport:v9-arm64"
- name: Create manifest and push "teleport:major" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v9-amd64" to ECR - production
- Tag and push image "teleport:v9-arm" to ECR - production
- Tag and push image "teleport:v9-arm64" to ECR - production
- name: Create manifest and push "teleport:minor" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v9-amd64" to ECR - production
- Tag and push image "teleport:v9-arm" to ECR - production
- Tag and push image "teleport:v9-arm64" to ECR - production
- name: Create manifest and push "teleport:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker
manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport:v9-amd64" to ECR - production
- Tag and push image "teleport:v9-arm" to ECR - production
- Tag and push image "teleport:v9-arm64" to ECR - production
- name: Assume S3 Download AWS Role for teleport-ent
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport-ent
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v9
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
image: alpine
commands:
- apk add curl
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent")
- curl -Ls -o "/go/build/Dockerfile-teleport-ent" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat
'/go/vars/full-version-v9')/build.assets/charts/Dockerfile"
depends_on:
- Find the latest available semver for v9
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download "teleport-ent_v9-tag_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v9-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v9-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v9-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v9-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v9-amd64-builder" --config "/tmp/teleport-ent-v9-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-ent-v9-amd64-builder" --target
"teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v9-amd64-builder"
- rm -rf "/tmp/teleport-ent-v9-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v9-tag_amd64.deb" artifacts from S3
- name: Download "teleport-ent_v9-tag_arm.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v9-arm"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v9-arm-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v9-arm-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v9-arm-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v9-arm-builder" --config "/tmp/teleport-ent-v9-arm-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-ent-v9-arm-builder" --target "teleport"
--platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
--file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat
"/go/var/full-version")_arm.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v9-arm-builder"
- rm -rf "/tmp/teleport-ent-v9-arm-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v9-tag_arm.deb" artifacts from S3
- name: Download "teleport-ent_v9-tag_arm64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
- name: Build teleport-ent image "teleport-ent:v9-arm64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v9-arm64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v9-arm64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v9-arm64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v9-arm64-builder" --config "/tmp/teleport-ent-v9-arm64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-ent-v9-arm64-builder" --target
"teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v9-arm64-builder"
- rm -rf "/tmp/teleport-ent-v9-arm64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v9-tag_arm64.deb" artifacts from S3
- name: Tag and push image "teleport-ent:v9-amd64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v9-amd64"
- name: Tag and push image "teleport-ent:v9-arm" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v9-arm"
- name: Tag and push image "teleport-ent:v9-arm64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v9-arm64"
- name: Create manifest and push "teleport-ent:major-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v9-amd64" to ECR - staging
- Tag and push image "teleport-ent:v9-arm" to ECR - staging
- Tag and push image "teleport-ent:v9-arm64" to ECR - staging
- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v9-amd64" to ECR - staging
- Tag and push image "teleport-ent:v9-arm" to ECR - staging
- Tag and push image "teleport-ent:v9-arm64" to ECR - staging
- name: Create manifest and push "teleport-ent:full-$TIMESTAMP" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v9-amd64" to ECR - staging
- Tag and push image "teleport-ent:v9-arm" to ECR - staging
- Tag and push image "teleport-ent:v9-arm64" to ECR - staging
- name: Tag and push image "teleport-ent:v9-amd64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v9-amd64"
- name: Tag and push image "teleport-ent:v9-arm" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v9-arm"
- name: Tag and push image "teleport-ent:v9-arm64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v9-arm64"
- name: Create manifest and push "teleport-ent:major" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v9-amd64" to Quay
- Tag and push image "teleport-ent:v9-arm" to Quay
- Tag and push image "teleport-ent:v9-arm64" to Quay
- name: Create manifest and push "teleport-ent:minor" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v9-amd64" to Quay
- Tag and push image "teleport-ent:v9-arm" to Quay
- Tag and push image "teleport-ent:v9-arm64" to Quay
- name: Create manifest and push "teleport-ent:full" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat
"/go/var/full-version"))
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v9-amd64" to Quay
- Tag and push image "teleport-ent:v9-arm" to Quay
- Tag and push image "teleport-ent:v9-arm64" to Quay
- name: Tag and push image "teleport-ent:v9-amd64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v9-amd64"
- name: Tag and push image "teleport-ent:v9-arm" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
&& docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v9-arm"
- name: Tag and push image "teleport-ent:v9-arm64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-arm64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent image "teleport-ent:v9-arm64"
- name: Create manifest and push "teleport-ent:major" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v9-amd64" to ECR - production
- Tag and push image "teleport-ent:v9-arm" to ECR - production
- Tag and push image "teleport-ent:v9-arm64" to ECR - production
- name: Create manifest and push "teleport-ent:minor" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v9-amd64" to ECR - production
- Tag and push image "teleport-ent:v9-arm" to ECR - production
- Tag and push image "teleport-ent:v9-arm64" to ECR - production
- name: Create manifest and push "teleport-ent:full" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version"))
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v9-amd64" to ECR - production
- Tag and push image "teleport-ent:v9-arm" to ECR - production
- Tag and push image "teleport-ent:v9-arm64" to ECR - production
- name: Assume S3 Download AWS Role for teleport-ent-fips
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
>> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile s3-download-teleport-ent-fips
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_ROLE:
from_secret: AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Find the latest available semver for v9
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for
teleport-ent-fips
image: alpine
commands:
- apk add curl
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips")
- curl -Ls -o "/go/build/Dockerfile-teleport-ent-fips" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat
'/go/vars/full-version-v9')/build.assets/charts/Dockerfile"
depends_on:
- Find the latest available semver for v9
- Wait for docker
- Wait for docker registry
- Check out code
- Build major, minor, and full semvers
- Assume ECR - staging AWS Role
- Assume ECR - authenticated-pull AWS Role
- Assume ECR - production AWS Role
- name: Download "teleport-ent_v9-tag-fips_amd64.deb" artifacts from S3
image: amazon/aws-cli
commands:
- END_TIME=$(( $(date +%s) + 3600 ))
- TIMED_OUT=true
- while [ $(date +%s) -lt $${END_TIME?} ]; do
- SUCCESS=true
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
|| SUCCESS=false
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
- echo 'Condition not met yet, waiting another 60 seconds...'
- sleep 60
- done
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
"$SUCCESS" = "true" ]'' && exit 1'
- mkdir -pv "/go/build"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
"/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
environment:
AWS_PROFILE: s3-download-teleport-ent-fips
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
volumes:
- name: awsconfig
path: /root/.aws
depends_on:
- Assume S3 Download AWS Role for teleport-ent-fips
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips
- name: Build teleport-ent-fips image "teleport-ent:v9-fips-amd64"
image: docker
commands:
- docker run --privileged --rm tonistiigi/binfmt --install all
- mkdir -pv "/go/build" && cd "/go/build"
- mkdir -pv "/tmp/teleport-ent-v9-fips-amd64-builder"
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v9-fips-amd64-builder/buildkitd.toml"
- echo ' http = true' >> "/tmp/teleport-ent-v9-fips-amd64-builder/buildkitd.toml"
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
"teleport-ent-v9-fips-amd64-builder" --config "/tmp/teleport-ent-v9-fips-amd64-builder/buildkitd.toml"
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker buildx build --push --builder "teleport-ent-v9-fips-amd64-builder" --target
"teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips"
--build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
/go/build
- docker logout "public.ecr.aws"
- docker buildx rm "teleport-ent-v9-fips-amd64-builder"
- rm -rf "/tmp/teleport-ent-v9-fips-amd64-builder"
environment:
AWS_PROFILE: ecr-authenticated-pull
DOCKER_BUILDKIT: "1"
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Assume ECR - authenticated-pull AWS Role
- Download "teleport-ent_v9-tag-fips_amd64.deb" artifacts from S3
- name: Tag and push image "teleport-ent:v9-fips-amd64" to ECR - staging
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64)
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent-fips image "teleport-ent:v9-fips-amd64"
- name: Create manifest and push "teleport-ent:major-$TIMESTAMP-fips" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/major-version")-$TIMESTAMP-fips)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v9-fips-amd64" to ECR - staging
- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP-fips" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/minor-version")-$TIMESTAMP-fips)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v9-fips-amd64" to ECR - staging
- name: Create manifest and push "teleport-ent:full-$TIMESTAMP-fips" to ECR - staging
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
146628656107.dkr.ecr.us-west-2.amazonaws.com
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
"/go/var/full-version")-$TIMESTAMP-fips)
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
environment:
AWS_PROFILE: ecr-staging
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v9-fips-amd64" to ECR - staging
- name: Tag and push image "teleport-ent:v9-fips-amd64" to Quay
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent-fips image "teleport-ent:v9-fips-amd64"
- name: Create manifest and push "teleport-ent:major-fips" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v9-fips-amd64" to Quay
- name: Create manifest and push "teleport-ent:minor-fips" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v9-fips-amd64" to Quay
- name: Create manifest and push "teleport-ent:full-fips" to Quay
image: docker
commands:
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 &&
docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips)
- docker logout "quay.io"
environment:
QUAY_PASSWORD:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
QUAY_USERNAME:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v9-fips-amd64" to Quay
- name: Tag and push image "teleport-ent:v9-fips-amd64" to ECR - production
image: docker
commands:
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
"/go/var/full-version")-fips-amd64)
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Build teleport-ent-fips image "teleport-ent:v9-fips-amd64"
- name: Create manifest and push "teleport-ent:major-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v9-fips-amd64" to ECR - production
- name: Create manifest and push "teleport-ent:minor-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v9-fips-amd64" to ECR - production
- name: Create manifest and push "teleport-ent:full-fips" to ECR - production
image: docker
commands:
- apk add --no-cache aws-cli
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
public.ecr.aws
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips)
- docker logout "public.ecr.aws"
environment:
AWS_PROFILE: ecr-production
volumes:
- name: awsconfig
path: /root/.aws
- name: dockersock
path: /var/run
depends_on:
- Tag and push image "teleport-ent:v9-fips-amd64" to ECR - production
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: drone-docker-registry
image: registry:2
privileged: false
volumes: []
volumes:
- name: awsconfig
temp: {}
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/relcli.go (main.relcliPipeline)
################################################
kind: pipeline
type: kubernetes
name: publish-rlz
environment:
RELCLI_IMAGE: 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/relcli:v1.1.76-35e77b7-20221117T1411084
trigger:
event:
include:
- promote
target:
include:
- production
repo:
include:
- gravitational/*
clone:
disable: true
depends_on:
- promote-build
- teleport-container-images-branch-promote
- publish-apt-new-repos
- publish-yum-new-repos
steps:
- name: Check if commit is tagged
image: alpine
commands:
- '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?''
&& exit 1)'
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Assume AWS Role
image: amazon/aws-cli
commands:
- aws sts get-caller-identity
- |-
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
$(aws sts assume-role \
--role-arn "$AWS_ROLE" \
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text) \
> /root/.aws/credentials
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- aws sts get-caller-identity --profile default
environment:
AWS_ACCESS_KEY_ID:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
AWS_ROLE:
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
AWS_SECRET_ACCESS_KEY:
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
volumes:
- name: awsconfig
path: /root/.aws
- name: Pull relcli
image: docker:cli
commands:
- apk add --no-cache aws-cli
- aws ecr get-login-password | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
- docker pull $RELCLI_IMAGE
environment:
AWS_DEFAULT_REGION: us-west-2
volumes:
- name: dockersock
path: /var/run
- name: awsconfig
path: /root/.aws
- name: Publish in Release API
image: docker:git
commands:
- mkdir -p /tmpfs/creds
- echo "$RELEASES_CERT" | base64 -d > "$RELCLI_CERT"
- echo "$RELEASES_KEY" | base64 -d > "$RELCLI_KEY"
- trap "rm -rf /tmpfs/creds" EXIT
- |-
docker run -i -v /tmpfs/creds:/tmpfs/creds \
-e DRONE_REPO -e DRONE_TAG -e RELCLI_BASE_URL -e RELCLI_CERT -e RELCLI_KEY \
$RELCLI_IMAGE relcli auto_publish -f -v 6
environment:
RELCLI_BASE_URL: https://releases-prod.platform.teleport.sh
RELCLI_CERT: /tmpfs/creds/releases.crt
RELCLI_KEY: /tmpfs/creds/releases.key
RELEASES_CERT:
from_secret: RELEASES_CERT
RELEASES_KEY:
from_secret: RELEASES_KEY
volumes:
- name: dockersock
path: /var/run
- name: tmpfs
path: /tmpfs
- name: awsconfig
path: /root/.aws
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
- name: tmpfs
temp:
medium: memory
- name: awsconfig
temp: {}
---
kind: signature
hmac: 88e09acfb6869d0ff016262f4beb5fbf66b791abcf6513565f6d3ca1eebb09c3
...
Reference in a new issue View git blame Copy permalink