mirror of
https://github.com/gravitational/teleport
synced 2024-10-20 17:23:22 +00:00
726330f5b2
It was added in effort to debug flaky Connect builds (#15836). However, we discovered that the v11.1.0 macOS version of Connect stopped working. This was likely due to upgrade of electron-builder which recently updated its process of building native deps (electron-userland/electron-builder#7196). In the Node.js ecosystem, the DEBUG env var is typically used to control which packages emit debug messages [1]. However, after the update of electron-builder, the env var also changed the behavior of one of the packages responsible for building the apps. This was confirmed by inspecting file tree between different app bundles and running the build locally with DEBUG set to electron-*. [1] https://www.npmjs.com/package/debug
18273 lines
759 KiB
YAML
18273 lines
759 KiB
YAML
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: update-docs-webhook
|
|
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Trigger docs deployment
|
|
image: plugins/webhook
|
|
settings:
|
|
urls:
|
|
from_secret: DOCS_DEPLOY_HOOK
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go (main.pushPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-linux-amd64
|
|
environment:
|
|
BUILDBOX_VERSION: teleport12
|
|
GID: "1000"
|
|
RUNTIME: go1.19.2
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/webapps
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport"
|
|
- cd "/go/src/github.com/gravitational/teleport"
|
|
- git init
|
|
- git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin --tags
|
|
- git checkout -qf "${DRONE_COMMIT_SHA}"
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- mkdir -pv /go/cache
|
|
- cd /go/src/github.com/gravitational/webapps
|
|
- git clone https://github.com/gravitational/webapps.git .
|
|
- git checkout "$(/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh)"
|
|
- git submodule update --init packages/webapps.e
|
|
- cd -
|
|
- rm -f /root/.ssh/id_rsa
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C build.assets release-amd64-centos7
|
|
- make -C build.assets teleterm
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go (main.pushPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-linux-386
|
|
environment:
|
|
BUILDBOX_VERSION: teleport12
|
|
GID: "1000"
|
|
RUNTIME: go1.19.2
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport"
|
|
- cd "/go/src/github.com/gravitational/teleport"
|
|
- git init
|
|
- git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin --tags
|
|
- git checkout -qf "${DRONE_COMMIT_SHA}"
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- mkdir -pv /go/cache
|
|
- rm -f /root/.ssh/id_rsa
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-386
|
|
environment:
|
|
ARCH: "386"
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go (main.pushPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-linux-amd64-fips
|
|
environment:
|
|
BUILDBOX_VERSION: teleport12
|
|
GID: "1000"
|
|
RUNTIME: go1.19.2
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport"
|
|
- cd "/go/src/github.com/gravitational/teleport"
|
|
- git init
|
|
- git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin --tags
|
|
- git checkout -qf "${DRONE_COMMIT_SHA}"
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- mkdir -pv /go/cache
|
|
- rm -f /root/.ssh/id_rsa
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C build.assets release-amd64-centos7-fips
|
|
environment:
|
|
ARCH: amd64
|
|
FIPS: "yes"
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go (main.pushPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-windows-amd64
|
|
environment:
|
|
BUILDBOX_VERSION: teleport12
|
|
GID: "1000"
|
|
RUNTIME: go1.19.2
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport"
|
|
- cd "/go/src/github.com/gravitational/teleport"
|
|
- git init
|
|
- git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin --tags
|
|
- git checkout -qf "${DRONE_COMMIT_SHA}"
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- mkdir -pv /go/cache
|
|
- rm -f /root/.ssh/id_rsa
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-windows-unsigned
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: windows
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/mac.go (main.newDarwinPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: exec
|
|
name: push-build-darwin-amd64
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /tmp/push-build-darwin-amd64
|
|
platform:
|
|
os: darwin
|
|
arch: amd64
|
|
clone:
|
|
disable: true
|
|
concurrency:
|
|
limit: 1
|
|
steps:
|
|
- name: Set up exec runner storage
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Check out code
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
|
|
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
|
|
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- git clone https://github.com/gravitational/webapps.git .
|
|
- git checkout $($WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh)
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init packages/webapps.e
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init e
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init --recursive webassets || true
|
|
- rm -rf $WORKSPACE_DIR/.ssh
|
|
- mkdir -p $WORKSPACE_DIR/go/cache
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Install Go Toolchain
|
|
commands:
|
|
- set -u
|
|
- mkdir -p /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- curl --silent -O https://dl.google.com/go/$RUNTIME.darwin-amd64.tar.gz
|
|
- tar -C /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains -xzf $RUNTIME.darwin-amd64.tar.gz
|
|
- rm -rf $RUNTIME.darwin-amd64.tar.gz
|
|
environment:
|
|
RUNTIME: go1.19.2
|
|
- name: Install Rust Toolchain
|
|
commands:
|
|
- set -u
|
|
- export PATH=/Users/$(whoami)/.cargo/bin:$PATH
|
|
- mkdir -p /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
|
|
- rustup toolchain install $RUST_VERSION
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Install Node Toolchain
|
|
commands:
|
|
- set -u
|
|
- export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-node-version)
|
|
- export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- export NODE_DIR=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64
|
|
- mkdir -p $TOOLCHAIN_DIR
|
|
- curl --silent -O https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-darwin-x64.tar.gz
|
|
- tar -C $TOOLCHAIN_DIR -xzf node-v$NODE_VERSION-darwin-x64.tar.gz
|
|
- rm -f node-v$NODE_VERSION-darwin-x64.tar.gz
|
|
- export PATH=$NODE_DIR/bin:$PATH
|
|
- corepack enable yarn
|
|
- echo Node reporting version $(node --version)
|
|
- echo Yarn reporting version $(yarn --version)
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Build Mac artifacts (binaries and Teleport Connect)
|
|
commands:
|
|
- set -u
|
|
- export HOME=/Users/$(whoami)
|
|
- export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-node-version)
|
|
- export NODE_HOME=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64
|
|
- export PATH=$NODE_HOME/bin:$PATH
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
|
|
- export PATH=$CARGO_HOME/bin:/Users/build/.cargo/bin:$PATH
|
|
- rustup override set $RUST_VERSION
|
|
- export PATH=$TOOLCHAIN_DIR/go/bin:$PATH
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- build.assets/build-fido2-macos.sh build
|
|
- export PKG_CONFIG_PATH="$(build.assets/build-fido2-macos.sh pkg_config_path)"
|
|
- make clean release OS=$OS ARCH=$ARCH FIDO2=yes TOUCHID=yes PIV=yes
|
|
- export VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
print-version)
|
|
- export BUILD_NUMBER=$DRONE_BUILD_NUMBER
|
|
- security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain
|
|
- security find-identity -v
|
|
- export CSC_NAME=0FFD3E3413AB4C599C53FBB1D8CA690915E33D83
|
|
- export CONNECT_TSH_BIN_PATH=$WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build/tsh
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- yarn install && yarn build-term && yarn package-term -c.extraMetadata.version=$VERSION
|
|
environment:
|
|
ARCH: amd64
|
|
BUILDBOX_PASSWORD:
|
|
from_secret: BUILDBOX_PASSWORD
|
|
GOCACHE: /tmp/push-build-darwin-amd64/go/cache
|
|
GOPATH: /tmp/push-build-darwin-amd64/go
|
|
OS: darwin
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Clean up toolchains (post)
|
|
commands:
|
|
- set -u
|
|
- export PATH=/Users/$(whoami)/.cargo/bin:$PATH
|
|
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- rustup override unset
|
|
- rustup toolchain uninstall $RUST_VERSION
|
|
- rm -rf /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
when:
|
|
status:
|
|
- success
|
|
- failure
|
|
- name: Clean up exec runner storage (post)
|
|
commands:
|
|
- set -u
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Send Slack notification (exec)
|
|
commands:
|
|
- |2
|
|
|
|
export DRONE_BUILD_LINK="${DRONE_SYSTEM_PROTO}://${DRONE_SYSTEM_HOSTNAME}/${DRONE_REPO_OWNER}/${DRONE_REPO_NAME}/${DRONE_BUILD_NUMBER}"
|
|
export GOOS=$(go env GOOS)
|
|
export GOARCH=$(go env GOARCH)
|
|
- |2-
|
|
|
|
curl -sL -X POST -H 'Content-type: application/json' --data "{\"text\":\"Warning: \`${GOOS}-${GOARCH}\` artifact build failed for [\`${DRONE_REPO_NAME}\`] - please investigate immediately!\nBranch: \`${DRONE_BRANCH}\`\nCommit: \`${DRONE_COMMIT_SHA}\`\nLink: $DRONE_BUILD_LINK\"}" $SLACK_WEBHOOK_DEV_TELEPORT
|
|
environment:
|
|
SLACK_WEBHOOK_DEV_TELEPORT:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
when:
|
|
status:
|
|
- failure
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/windows.go (main.newWindowsPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: exec
|
|
name: push-build-native-windows-amd64
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: C:/Drone/Workspace/push-build-native-windows-amd64
|
|
platform:
|
|
os: windows
|
|
arch: amd64
|
|
node:
|
|
buildbox_version: teleport12
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out Teleport
|
|
commands:
|
|
- $ErrorActionPreference = 'Stop'
|
|
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
|
|
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
|
|
- $WebappsSrc = "$Workspace/go/src/github.com/gravitational/webapps"
|
|
- $TeleportRev = if ($Env:DRONE_TAG -ne $null) { $Env:DRONE_TAG } else { $Env:DRONE_COMMIT
|
|
}
|
|
- New-Item -Path $TeleportSrc -ItemType Directory | Out-Null
|
|
- cd $TeleportSrc
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout $TeleportRev
|
|
- New-Item -Path $WebappsSrc -ItemType Directory | Out-Null
|
|
- cd $WebappsSrc
|
|
- git clone https://github.com/gravitational/webapps.git .
|
|
- git checkout $(& $TeleportSrc/build.assets/webapps/webapps-version.ps1)
|
|
environment:
|
|
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
|
|
- name: Checkout Submodules
|
|
commands:
|
|
- $ErrorActionPreference = 'Stop'
|
|
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
|
|
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
|
|
- $WebappsSrc = "$Workspace/go/src/github.com/gravitational/webapps"
|
|
- . "$TeleportSrc/build.assets/windows/build.ps1"
|
|
- Enable-Git -Workspace $Workspace -PrivateKey $Env:GITHUB_PRIVATE_KEY
|
|
- cd $TeleportSrc
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets
|
|
- cd $WebappsSrc
|
|
- git submodule update --init packages/webapps.e
|
|
- Reset-Git -Workspace $Workspace
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
|
|
- name: Install Node Toolchain
|
|
commands:
|
|
- $ProgressPreference = 'SilentlyContinue'
|
|
- $ErrorActionPreference = 'Stop'
|
|
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
|
|
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
|
|
- . "$TeleportSrc/build.assets/windows/build.ps1"
|
|
- Push-Location "$TeleportSrc/build.assets"
|
|
- $NodeVersion = $(make print-node-version).Trim()
|
|
- Pop-Location
|
|
- Install-Node -NodeVersion $NodeVersion -ToolchainDir "$Workspace/toolchains"
|
|
environment:
|
|
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
|
|
- name: Install Go Toolchain
|
|
commands:
|
|
- $ProgressPreference = 'SilentlyContinue'
|
|
- $ErrorActionPreference = 'Stop'
|
|
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
|
|
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
|
|
- . "$TeleportSrc/build.assets/windows/build.ps1"
|
|
- Push-Location "$TeleportSrc/build.assets"
|
|
- $GoVersion = $(make print-go-version).TrimStart("go")
|
|
- Pop-Location
|
|
- Install-Go -GoVersion $GoVersion -ToolchainDir "$Workspace/toolchains"
|
|
environment:
|
|
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
|
|
- name: Build tsh
|
|
commands:
|
|
- $ErrorActionPreference = 'Stop'
|
|
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
|
|
- $Env:GOCACHE = "$Workspace/gocache"
|
|
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
|
|
- . "$TeleportSrc/build.assets/windows/build.ps1"
|
|
- Enable-Go -ToolchainDir "$Workspace/toolchains"
|
|
- cd $TeleportSrc
|
|
- $Env:GCO_ENABLED=1
|
|
- go build -o build/tsh-unsigned.exe ./tool/tsh
|
|
environment:
|
|
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
|
|
- name: Sign tsh
|
|
commands:
|
|
- $ErrorActionPreference = 'Stop'
|
|
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
|
|
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
|
|
- . "$TeleportSrc/build.assets/windows/build.ps1"
|
|
- cd $TeleportSrc
|
|
- ([System.Convert]::FromBase64String($ENV:WINDOWS_SIGNING_CERT)) | Set-Content
|
|
windows-signing-cert.pfx -Encoding Byte
|
|
- '& ''C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe''
|
|
sign /f windows-signing-cert.pfx /d Teleport /t http://timestamp.digicert.com
|
|
/du https://goteleport.com /fd sha256 build\tsh-unsigned.exe'
|
|
- mv build\tsh-unsigned.exe build\tsh.exe
|
|
- rm -r windows-signing-cert.pfx
|
|
environment:
|
|
WINDOWS_SIGNING_CERT:
|
|
from_secret: WINDOWS_SIGNING_CERT
|
|
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
|
|
- name: Build Teleport Connect
|
|
commands:
|
|
- $ErrorActionPreference = 'Stop'
|
|
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
|
|
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
|
|
- $WebappsSrc = "$Workspace/go/src/github.com/gravitational/webapps"
|
|
- . "$TeleportSrc/build.assets/windows/build.ps1"
|
|
- Enable-Node -ToolchainDir "$Workspace/toolchains"
|
|
- Push-Location $TeleportSrc
|
|
- $TeleportVersion=$(make print-version).Trim()
|
|
- Pop-Location
|
|
- cd $WebappsSrc
|
|
- $Env:CONNECT_TSH_BIN_PATH="$TeleportSrc\build\tsh.exe"
|
|
- yarn install --frozen-lockfile
|
|
- yarn build-term
|
|
- yarn package-term "-c.extraMetadata.version=$TeleportVersion"
|
|
environment:
|
|
CSC_LINK:
|
|
from_secret: WINDOWS_SIGNING_CERT
|
|
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
|
|
- name: Clean up workspace (post)
|
|
commands:
|
|
- $ErrorActionPreference = 'Continue'
|
|
- Remove-Item -Recurse -Force -Path "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
|
|
environment:
|
|
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
|
|
when:
|
|
status:
|
|
- success
|
|
- failure
|
|
- name: Send Slack notification (exec)
|
|
commands:
|
|
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
|
|
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
|
|
- . "$TeleportSrc/build.assets/windows/build.ps1"
|
|
- Send-ErrorMessage
|
|
environment:
|
|
SLACK_WEBHOOK_DEV_TELEPORT:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64
|
|
when:
|
|
status:
|
|
- failure
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/relcli.go (main.relcliPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: clean-up-previous-build
|
|
environment:
|
|
RELCLI_IMAGE: 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/relcli:v1.1.76-35e77b7-20221117T1411084
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check if commit is tagged
|
|
image: alpine
|
|
commands:
|
|
- '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?''
|
|
&& exit 1)'
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Assume AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_ROLE:
|
|
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Pull relcli
|
|
image: docker:cli
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker pull $RELCLI_IMAGE
|
|
environment:
|
|
AWS_DEFAULT_REGION: us-west-2
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Clean up previously built artifacts
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /tmpfs/creds
|
|
- echo "$RELEASES_CERT" | base64 -d > "$RELCLI_CERT"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$RELCLI_KEY"
|
|
- trap "rm -rf /tmpfs/creds" EXIT
|
|
- |-
|
|
docker run -i -v /tmpfs/creds:/tmpfs/creds \
|
|
-e DRONE_REPO -e DRONE_TAG -e RELCLI_BASE_URL -e RELCLI_CERT -e RELCLI_KEY \
|
|
$RELCLI_IMAGE relcli auto_destroy -f -v 6
|
|
environment:
|
|
RELCLI_BASE_URL: https://releases-prod.platform.teleport.sh
|
|
RELCLI_CERT: /tmpfs/creds/releases.crt
|
|
RELCLI_KEY: /tmpfs/creds/releases.key
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
- name: awsconfig
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/windows.go (main.newWindowsPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: exec
|
|
name: build-native-windows-amd64
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: C:/Drone/Workspace/build-native-windows-amd64
|
|
platform:
|
|
os: windows
|
|
arch: amd64
|
|
node:
|
|
buildbox_version: teleport12
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- clean-up-previous-build
|
|
concurrency:
|
|
limit: 1
|
|
steps:
|
|
- name: Check out Teleport
|
|
commands:
|
|
- $ErrorActionPreference = 'Stop'
|
|
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
|
|
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
|
|
- $WebappsSrc = "$Workspace/go/src/github.com/gravitational/webapps"
|
|
- $TeleportRev = if ($Env:DRONE_TAG -ne $null) { $Env:DRONE_TAG } else { $Env:DRONE_COMMIT
|
|
}
|
|
- New-Item -Path $TeleportSrc -ItemType Directory | Out-Null
|
|
- cd $TeleportSrc
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout $TeleportRev
|
|
- New-Item -Path $WebappsSrc -ItemType Directory | Out-Null
|
|
- cd $WebappsSrc
|
|
- git clone https://github.com/gravitational/webapps.git .
|
|
- git checkout $(& $TeleportSrc/build.assets/webapps/webapps-version.ps1)
|
|
environment:
|
|
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
|
|
- name: Checkout Submodules
|
|
commands:
|
|
- $ErrorActionPreference = 'Stop'
|
|
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
|
|
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
|
|
- $WebappsSrc = "$Workspace/go/src/github.com/gravitational/webapps"
|
|
- . "$TeleportSrc/build.assets/windows/build.ps1"
|
|
- Enable-Git -Workspace $Workspace -PrivateKey $Env:GITHUB_PRIVATE_KEY
|
|
- cd $TeleportSrc
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets
|
|
- cd $WebappsSrc
|
|
- git submodule update --init packages/webapps.e
|
|
- Reset-Git -Workspace $Workspace
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
|
|
- name: Install Node Toolchain
|
|
commands:
|
|
- $ProgressPreference = 'SilentlyContinue'
|
|
- $ErrorActionPreference = 'Stop'
|
|
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
|
|
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
|
|
- . "$TeleportSrc/build.assets/windows/build.ps1"
|
|
- Push-Location "$TeleportSrc/build.assets"
|
|
- $NodeVersion = $(make print-node-version).Trim()
|
|
- Pop-Location
|
|
- Install-Node -NodeVersion $NodeVersion -ToolchainDir "$Workspace/toolchains"
|
|
environment:
|
|
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
|
|
- name: Install Go Toolchain
|
|
commands:
|
|
- $ProgressPreference = 'SilentlyContinue'
|
|
- $ErrorActionPreference = 'Stop'
|
|
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
|
|
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
|
|
- . "$TeleportSrc/build.assets/windows/build.ps1"
|
|
- Push-Location "$TeleportSrc/build.assets"
|
|
- $GoVersion = $(make print-go-version).TrimStart("go")
|
|
- Pop-Location
|
|
- Install-Go -GoVersion $GoVersion -ToolchainDir "$Workspace/toolchains"
|
|
environment:
|
|
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
|
|
- name: Build tsh
|
|
commands:
|
|
- $ErrorActionPreference = 'Stop'
|
|
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
|
|
- $Env:GOCACHE = "$Workspace/gocache"
|
|
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
|
|
- . "$TeleportSrc/build.assets/windows/build.ps1"
|
|
- Enable-Go -ToolchainDir "$Workspace/toolchains"
|
|
- cd $TeleportSrc
|
|
- $Env:GCO_ENABLED=1
|
|
- go build -o build/tsh-unsigned.exe ./tool/tsh
|
|
environment:
|
|
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
|
|
- name: Sign tsh
|
|
commands:
|
|
- $ErrorActionPreference = 'Stop'
|
|
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
|
|
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
|
|
- . "$TeleportSrc/build.assets/windows/build.ps1"
|
|
- cd $TeleportSrc
|
|
- ([System.Convert]::FromBase64String($ENV:WINDOWS_SIGNING_CERT)) | Set-Content
|
|
windows-signing-cert.pfx -Encoding Byte
|
|
- '& ''C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe''
|
|
sign /f windows-signing-cert.pfx /d Teleport /t http://timestamp.digicert.com
|
|
/du https://goteleport.com /fd sha256 build\tsh-unsigned.exe'
|
|
- mv build\tsh-unsigned.exe build\tsh.exe
|
|
- rm -r windows-signing-cert.pfx
|
|
environment:
|
|
WINDOWS_SIGNING_CERT:
|
|
from_secret: WINDOWS_SIGNING_CERT
|
|
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
|
|
- name: Build Teleport Connect
|
|
commands:
|
|
- $ErrorActionPreference = 'Stop'
|
|
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
|
|
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
|
|
- $WebappsSrc = "$Workspace/go/src/github.com/gravitational/webapps"
|
|
- . "$TeleportSrc/build.assets/windows/build.ps1"
|
|
- Enable-Node -ToolchainDir "$Workspace/toolchains"
|
|
- Push-Location $TeleportSrc
|
|
- $TeleportVersion=$(make print-version).Trim()
|
|
- Pop-Location
|
|
- cd $WebappsSrc
|
|
- $Env:CONNECT_TSH_BIN_PATH="$TeleportSrc\build\tsh.exe"
|
|
- yarn install --frozen-lockfile
|
|
- yarn build-term
|
|
- yarn package-term "-c.extraMetadata.version=$TeleportVersion"
|
|
environment:
|
|
CSC_LINK:
|
|
from_secret: WINDOWS_SIGNING_CERT
|
|
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
|
|
- name: Assume AWS Role
|
|
commands:
|
|
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
|
|
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
|
|
- $AwsSharedCredentialsFile = "$Workspace/credentials"
|
|
- $SessionName = "drone-$Env:DRONE_REPO-$Env:DRONE_BUILD_NUMBER".replace("/", "-")
|
|
- . "$TeleportSrc/build.assets/windows/build.ps1"
|
|
- Get-STSCallerIdentity
|
|
- Save-Role -RoleArn $Env:AWS_ROLE -RoleSessionName $SessionName -FilePath $AwsSharedCredentialsFile
|
|
- 'Get-ChildItem -Path Env: | Where-Object {($_.Name -Like "AWS_SECRET_ACCESS_KEY")
|
|
-or ($_.Name -Like "AWS_ACCESS_KEY_ID") } | Remove-Item'
|
|
- Get-STSCallerIdentity -ProfileLocation $AwsSharedCredentialsFile
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
|
|
- name: Upload Artifacts
|
|
commands:
|
|
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
|
|
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
|
|
- $WebappsSrc = "$Workspace/go/src/github.com/gravitational/webapps"
|
|
- $TeleportVersion=$Env:DRONE_TAG.TrimStart('v')
|
|
- $AwsSharedCredentialsFile = "$Workspace/credentials"
|
|
- $OutputsDir="$Workspace/outputs"
|
|
- New-Item -Path "$OutputsDir" -ItemType 'Directory' | Out-Null
|
|
- Get-ChildItem "$WebappsSrc/packages/teleterm/build/release
|
|
- Copy-Item -Path "$WebappsSrc/packages/teleterm/build/release/Teleport Connect
|
|
Setup*.exe" -Destination $OutputsDir
|
|
- . "$TeleportSrc/build.assets/windows/build.ps1"
|
|
- Format-FileHashes -PathGlob "$OutputsDir/*.exe"
|
|
- Copy-Artifacts -ProfileLocation $AwsSharedCredentialsFile -Path $OutputsDir -Bucket
|
|
$Env:AWS_S3_BUCKET -DstRoot "/teleport/tag/$TeleportVersion"
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
|
|
- name: Register artifacts
|
|
commands:
|
|
- $ErrorActionPreference = 'Stop'
|
|
- $ProgressPreference = 'SilentlyContinue'
|
|
- $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
|
|
- $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport"
|
|
- $OutputsDir = "$Workspace/outputs"
|
|
- $relcliUrl = 'https://cdn.teleport.dev/relcli-v1.1.76-windows.exe'
|
|
- $relcliSha256 = '56dfdd9d1a09aac892fcd48eba035072dc6c151eaa2e1b21cf54786bb3c09520'
|
|
- . "$TeleportSrc/build.assets/windows/build.ps1"
|
|
- Get-Relcli -Url $relcliUrl -Sha256 $relcliSha256 -Workspace $Workspace
|
|
- Register-Artifacts -Workspace $Workspace -Outputs $OutputsDir
|
|
environment:
|
|
RELCLI_BASE_URL: https://releases-prod.platform.teleport.sh
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
|
|
- name: Clean up workspace (post)
|
|
commands:
|
|
- $ErrorActionPreference = 'Continue'
|
|
- Remove-Item -Recurse -Force -Path "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"
|
|
environment:
|
|
WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64
|
|
when:
|
|
status:
|
|
- success
|
|
- failure
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go (main.pushPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-linux-arm
|
|
environment:
|
|
BUILDBOX_VERSION: teleport12
|
|
GID: "1000"
|
|
RUNTIME: go1.19.2
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport"
|
|
- cd "/go/src/github.com/gravitational/teleport"
|
|
- git init
|
|
- git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin --tags
|
|
- git checkout -qf "${DRONE_COMMIT_SHA}"
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- mkdir -pv /go/cache
|
|
- rm -f /root/.ssh/id_rsa
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-arm
|
|
environment:
|
|
ARCH: arm
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go (main.pushPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-linux-arm64
|
|
environment:
|
|
BUILDBOX_VERSION: teleport12
|
|
GID: "1000"
|
|
RUNTIME: go1.19.2
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport"
|
|
- cd "/go/src/github.com/gravitational/teleport"
|
|
- git init
|
|
- git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin --tags
|
|
- git checkout -qf "${DRONE_COMMIT_SHA}"
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- mkdir -pv /go/cache
|
|
- rm -f /root/.ssh/id_rsa
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-arm64
|
|
environment:
|
|
ARCH: arm64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: teleport-docker-cron
|
|
|
|
trigger:
|
|
cron:
|
|
- teleport-docker-cron
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: false
|
|
|
|
steps:
|
|
- name: Set up variables and Dockerfile
|
|
image: docker:git
|
|
environment:
|
|
# increment these variables when a new major/minor version is released to bump the automatic builds
|
|
# this only needs to be done on the master branch, as that's the branch that the Drone cron is configured for
|
|
# build major version images which are just teleport:x
|
|
CURRENT_VERSION_ROOT: v11
|
|
PREVIOUS_VERSION_ONE_ROOT: v10
|
|
PREVIOUS_VERSION_TWO_ROOT: v9
|
|
commands:
|
|
- apk --update --no-cache add curl go
|
|
- mkdir -p /go/build && cd /go/build
|
|
# CURRENT_VERSION
|
|
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $CURRENT_VERSION_ROOT > /go/build/CURRENT_VERSION_TAG.txt)
|
|
- echo "$(cat /go/build/CURRENT_VERSION_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/CURRENT_VERSION_TAG_GENERIC.txt
|
|
# PREVIOUS_VERSION_ONE
|
|
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_ONE_ROOT > /go/build/PREVIOUS_VERSION_ONE_TAG.txt)
|
|
- echo "$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt
|
|
# PREVIOUS_VERSION_TWO
|
|
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_TWO_ROOT > /go/build/PREVIOUS_VERSION_TWO_TAG.txt)
|
|
- echo "$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt
|
|
# list versions
|
|
- for FILE in /go/build/*.txt; do echo $FILE; cat $FILE; done
|
|
# wait for Docker to be ready
|
|
- sleep 3
|
|
|
|
- name: Build/push Teleport Lab Docker image
|
|
image: docker:git
|
|
environment:
|
|
OS: linux
|
|
ARCH: amd64
|
|
settings:
|
|
username:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
password:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- export TELEPORT_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt | tr -d '^v')
|
|
- export TELEPORT_LAB_IMAGE_NAME="quay.io/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
|
|
# Check out code
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
# Build and push Teleport lab image
|
|
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
|
|
- docker build --build-arg TELEPORT_TAG=$TELEPORT_TAG -t $TELEPORT_LAB_IMAGE_NAME /go/src/github.com/gravitational/teleport/docker/sshd
|
|
- docker push $TELEPORT_LAB_IMAGE_NAME
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: teleport-docker-cron-ecr
|
|
|
|
trigger:
|
|
cron:
|
|
- teleport-docker-cron-ecr
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: false
|
|
|
|
steps:
|
|
- name: Set up variables and Dockerfile
|
|
image: docker:git
|
|
environment:
|
|
# increment these variables when a new major/minor version is released to bump the automatic builds
|
|
# this only needs to be done on the master branch, as that's the branch that the Drone cron is configured for
|
|
# build major version images which are just teleport:x
|
|
CURRENT_VERSION_ROOT: v11
|
|
PREVIOUS_VERSION_ONE_ROOT: v10
|
|
PREVIOUS_VERSION_TWO_ROOT: v9
|
|
commands:
|
|
- apk --update --no-cache add curl go
|
|
- mkdir -p /go/build && cd /go/build
|
|
# CURRENT_VERSION
|
|
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $CURRENT_VERSION_ROOT > /go/build/CURRENT_VERSION_TAG.txt)
|
|
- echo "$(cat /go/build/CURRENT_VERSION_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/CURRENT_VERSION_TAG_GENERIC.txt
|
|
# PREVIOUS_VERSION_ONE
|
|
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_ONE_ROOT > /go/build/PREVIOUS_VERSION_ONE_TAG.txt)
|
|
- echo "$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt
|
|
# PREVIOUS_VERSION_TWO
|
|
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_TWO_ROOT > /go/build/PREVIOUS_VERSION_TWO_TAG.txt)
|
|
- echo "$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt
|
|
# list versions
|
|
- for FILE in /go/build/*.txt; do echo $FILE; cat $FILE; done
|
|
# wait for Docker to be ready
|
|
- sleep 3
|
|
|
|
- name: Configure Staging AWS Profile
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile staging
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
|
|
AWS_ROLE:
|
|
from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
|
|
- name: Configure Production AWS Profile
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile production
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
|
|
AWS_ROLE:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
|
|
- name: Build/push Teleport Lab Docker image
|
|
image: docker:git
|
|
environment:
|
|
OS: linux
|
|
ARCH: amd64
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- export CURRENT_DATE=$(date '+%Y%m%d%H%M')
|
|
- export TELEPORT_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt | tr -d '^v')
|
|
- export TELEPORT_LAB_IMAGE_NAME_STAGING="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-$CURRENT_DATE"
|
|
- export TELEPORT_LAB_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
|
|
# Check out code
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
# Authenticate to staging registry
|
|
- aws ecr get-login-password --profile staging --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
# Build and push image
|
|
- docker build --build-arg TELEPORT_TAG=$TELEPORT_TAG -t $TELEPORT_LAB_IMAGE_NAME_STAGING /go/src/github.com/gravitational/teleport/docker/sshd
|
|
- docker push $TELEPORT_LAB_IMAGE_NAME_STAGING
|
|
# Authenticate to production registry
|
|
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- aws ecr-public get-login-password --profile production --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws
|
|
# Push to production registry
|
|
- docker tag $TELEPORT_LAB_IMAGE_NAME_STAGING $TELEPORT_LAB_IMAGE_NAME_PROD
|
|
- docker push $TELEPORT_LAB_IMAGE_NAME_PROD
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: awsconfig
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: teleport-helm-cron
|
|
|
|
trigger:
|
|
cron:
|
|
- teleport-helm-cron
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Check out code
|
|
image: alpine/git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_COMMIT}
|
|
- mkdir -p /go/chart
|
|
- cd /go/chart
|
|
|
|
- name: Assume AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
|
|
AWS_ROLE:
|
|
from_secret: PRODUCTION_CHARTS_AWS_ROLE
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
|
|
- name: Download chart repo contents
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
commands:
|
|
- mkdir -p /go/chart
|
|
# download all previously packaged chart versions from the S3 bucket
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/ /go/chart
|
|
|
|
- name: Package helm charts
|
|
image: alpine/helm:latest
|
|
commands:
|
|
- cd /go/chart
|
|
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-cluster
|
|
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-kube-agent
|
|
# copy index.html to root of the S3 bucket
|
|
- cp /go/src/github.com/gravitational/teleport/examples/chart/index.html /go/chart
|
|
# this will index all previous versions of the charts downloaded from the S3 bucket,
|
|
# plus the just-packaged charts listed above
|
|
- helm repo index /go/chart
|
|
|
|
- name: Upload to S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- cd /go/chart
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template: |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
Details: The `teleport-helm-cron` job in Drone failed to publish Helm charts to S3. This is unusual and should be investigated.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status: [failure]
|
|
|
|
volumes:
|
|
- name: awsconfig
|
|
temp: {}
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-centos7
|
|
environment:
|
|
BUILDBOX_VERSION: teleport12
|
|
RUNTIME: go1.19.2
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- clean-up-previous-build
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-amd64-centos7
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- mv /go/artifacts/teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
|
|
- mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Assume AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Upload to S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- cd /go/artifacts/
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 64-bit (RHEL/CentOS 7.x compatible)"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: awsconfig
|
|
temp: {}
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-centos7-fips
|
|
environment:
|
|
BUILDBOX_VERSION: teleport12
|
|
RUNTIME: go1.19.2
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- clean-up-previous-build
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C build.assets release-amd64-centos7-fips
|
|
environment:
|
|
ARCH: amd64
|
|
FIPS: "yes"
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos7-fips-bin.tar.gz
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Assume AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Upload to S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- cd /go/artifacts/
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 64-bit (RHEL/CentOS 7.x compatible, FedRAMP/FIPS)"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: awsconfig
|
|
temp: {}
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64
|
|
environment:
|
|
BUILDBOX_VERSION: teleport12
|
|
RUNTIME: go1.19.2
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- clean-up-previous-build
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/webapps
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- cd /go/src/github.com/gravitational/webapps
|
|
- git clone https://github.com/gravitational/webapps.git .
|
|
- git checkout "$(/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh)"
|
|
- git submodule update --init packages/webapps.e
|
|
- cd -
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C build.assets release-amd64-centos7
|
|
- make -C build.assets teleterm
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find /go/src/github.com/gravitational/webapps/packages/teleterm/build/release
|
|
-maxdepth 1 \( -iname "teleport-connect*.tar.gz" -o -iname "teleport-connect*.rpm"
|
|
-o -iname "teleport-connect*.deb" \) -print -exec cp {} /go/artifacts/ \;
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- |-
|
|
cd /go/artifacts && for FILE in teleport-connect*.deb teleport-connect*.rpm; do
|
|
sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Assume AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Upload to S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- cd /go/artifacts/
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 64-bit"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: awsconfig
|
|
temp: {}
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-fips
|
|
environment:
|
|
BUILDBOX_VERSION: teleport12
|
|
RUNTIME: go1.19.2
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- clean-up-previous-build
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C build.assets release-amd64-centos7-fips
|
|
environment:
|
|
ARCH: amd64
|
|
FIPS: "yes"
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Assume AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Upload to S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- cd /go/artifacts/
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 64-bit (FedRAMP/FIPS)"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: awsconfig
|
|
temp: {}
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-centos7-rpm
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-amd64-centos7
|
|
- clean-up-previous-build
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Assume Download AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Assume Build AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_ROLE:
|
|
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar go
|
|
- apk add --no-cache aws-cli
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- mkdir -m0700 $GNUPG_DIR
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
|
|
- chown -R root:root $GNUPG_DIR
|
|
- make rpm
|
|
- rm -rf $GNUPG_DIR
|
|
environment:
|
|
ARCH: amd64
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
GNUPG_DIR: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Assume Upload AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Upload to S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- cd /go/artifacts/
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 64-bit RPM (RHEL/CentOS 7.x compatible)"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: awsconfig
|
|
temp: {}
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-centos7-fips-rpm
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-amd64-centos7-fips
|
|
- clean-up-previous-build
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Assume Download AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-centos7-fips-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Assume Build AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_ROLE:
|
|
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar go
|
|
- apk add --no-cache aws-cli
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- mkdir -m0700 $GNUPG_DIR
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
|
|
- chown -R root:root $GNUPG_DIR
|
|
- make -C e rpm
|
|
- rm -rf $GNUPG_DIR
|
|
environment:
|
|
ARCH: amd64
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
FIPS: "yes"
|
|
GNUPG_DIR: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
RUNTIME: fips
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Assume Upload AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Upload to S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- cd /go/artifacts/
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 64-bit RPM (RHEL/CentOS 7.x compatible, FedRAMP/FIPS)"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: awsconfig
|
|
temp: {}
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-deb
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-amd64
|
|
- clean-up-previous-build
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/webapps
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- cd /go/src/github.com/gravitational/webapps
|
|
- git clone https://github.com/gravitational/webapps.git .
|
|
- git checkout "$(/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh)"
|
|
- git submodule update --init packages/webapps.e
|
|
- cd -
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Assume Download AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Assume Build AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_ROLE:
|
|
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- apk add --no-cache aws-cli
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- make deb
|
|
environment:
|
|
ARCH: amd64
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Assume Upload AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Upload to S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- cd /go/artifacts/
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 64-bit DEB"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: awsconfig
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-fips-deb
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-amd64-fips
|
|
- clean-up-previous-build
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Assume Download AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Assume Build AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_ROLE:
|
|
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- apk add --no-cache aws-cli
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- make -C e deb
|
|
environment:
|
|
ARCH: amd64
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
FIPS: "yes"
|
|
RUNTIME: fips
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Assume Upload AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Upload to S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- cd /go/artifacts/
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 64-bit DEB (FedRAMP/FIPS)"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: awsconfig
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-386
|
|
environment:
|
|
BUILDBOX_VERSION: teleport12
|
|
RUNTIME: go1.19.2
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- clean-up-previous-build
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-386
|
|
environment:
|
|
ARCH: "386"
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Assume AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Upload to S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- cd /go/artifacts/
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 32-bit"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: awsconfig
|
|
temp: {}
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-386-rpm
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-386
|
|
- clean-up-previous-build
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Assume Download AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Assume Build AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_ROLE:
|
|
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar go
|
|
- apk add --no-cache aws-cli
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- mkdir -m0700 $GNUPG_DIR
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
|
|
- chown -R root:root $GNUPG_DIR
|
|
- make rpm
|
|
- rm -rf $GNUPG_DIR
|
|
environment:
|
|
ARCH: "386"
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
GNUPG_DIR: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Assume Upload AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Upload to S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- cd /go/artifacts/
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 32-bit RPM"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: awsconfig
|
|
temp: {}
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-386-deb
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-386
|
|
- clean-up-previous-build
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Assume Download AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Assume Build AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_ROLE:
|
|
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- apk add --no-cache aws-cli
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- make deb
|
|
environment:
|
|
ARCH: "386"
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Assume Upload AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Upload to S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- cd /go/artifacts/
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 32-bit DEB"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: awsconfig
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/mac.go (main.newDarwinPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: exec
|
|
name: build-darwin-amd64
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /tmp/build-darwin-amd64
|
|
platform:
|
|
os: darwin
|
|
arch: amd64
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- clean-up-previous-build
|
|
concurrency:
|
|
limit: 1
|
|
steps:
|
|
- name: Set up exec runner storage
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Check out code
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
|
|
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
|
|
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init e
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init --recursive webassets || true
|
|
- rm -rf $WORKSPACE_DIR/.ssh
|
|
- mkdir -p $WORKSPACE_DIR/go/cache
|
|
- mkdir -p $WORKSPACE_DIR/go/artifacts
|
|
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
|
|
- cat $WORKSPACE_DIR/go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Install Go Toolchain
|
|
commands:
|
|
- set -u
|
|
- mkdir -p /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- curl --silent -O https://dl.google.com/go/$RUNTIME.darwin-amd64.tar.gz
|
|
- tar -C /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains -xzf $RUNTIME.darwin-amd64.tar.gz
|
|
- rm -rf $RUNTIME.darwin-amd64.tar.gz
|
|
environment:
|
|
RUNTIME: go1.19.2
|
|
- name: Install Rust Toolchain
|
|
commands:
|
|
- set -u
|
|
- export PATH=/Users/$(whoami)/.cargo/bin:$PATH
|
|
- mkdir -p /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
|
|
- rustup toolchain install $RUST_VERSION
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Build Mac artifacts (binaries)
|
|
commands:
|
|
- set -u
|
|
- export HOME=/Users/$(whoami)
|
|
- export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
|
|
- export PATH=$CARGO_HOME/bin:/Users/build/.cargo/bin:$PATH
|
|
- rustup override set $RUST_VERSION
|
|
- export PATH=$TOOLCHAIN_DIR/go/bin:$PATH
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- build.assets/build-fido2-macos.sh build
|
|
- export PKG_CONFIG_PATH="$(build.assets/build-fido2-macos.sh pkg_config_path)"
|
|
- make clean release OS=$OS ARCH=$ARCH FIDO2=yes TOUCHID=yes PIV=yes
|
|
environment:
|
|
ARCH: amd64
|
|
BUILDBOX_PASSWORD:
|
|
from_secret: BUILDBOX_PASSWORD
|
|
GOCACHE: /tmp/build-darwin-amd64/go/cache
|
|
GOPATH: /tmp/build-darwin-amd64/go
|
|
OS: darwin
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Copy Mac artifacts
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cp teleport*.tar.gz $WORKSPACE_DIR/go/artifacts
|
|
- cp e/teleport-ent*.tar.gz $WORKSPACE_DIR/go/artifacts
|
|
- cd $WORKSPACE_DIR/go/artifacts && for FILE in teleport*.tar.gz; do shasum -a 256
|
|
$FILE > $FILE.sha256; done && ls -l
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Assume AWS Role
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /tmp/build-darwin-amd64/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64/credentials
|
|
- name: Upload to S3
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/artifacts
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64/credentials
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Register artifacts
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="MacOS Intel"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Clean up toolchains (post)
|
|
commands:
|
|
- set -u
|
|
- export PATH=/Users/$(whoami)/.cargo/bin:$PATH
|
|
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- rustup override unset
|
|
- rustup toolchain uninstall $RUST_VERSION
|
|
- rm -rf /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
when:
|
|
status:
|
|
- success
|
|
- failure
|
|
- name: Clean up exec runner storage (post)
|
|
commands:
|
|
- set -u
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/mac.go (main.newDarwinPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: exec
|
|
name: build-darwin-amd64-pkg
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /tmp/build-darwin-amd64-pkg
|
|
platform:
|
|
os: darwin
|
|
arch: amd64
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-darwin-amd64
|
|
concurrency:
|
|
limit: 1
|
|
steps:
|
|
- name: Set up exec runner storage
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Check out code
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
|
|
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
|
|
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init e
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init --recursive webassets || true
|
|
- rm -rf $WORKSPACE_DIR/.ssh
|
|
- mkdir -p $WORKSPACE_DIR/go/cache
|
|
- mkdir -p $WORKSPACE_DIR/go/artifacts
|
|
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
|
|
- cat $WORKSPACE_DIR/go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Assume AWS Role
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /tmp/build-darwin-amd64-pkg/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg/credentials
|
|
- name: Download built tarball artifacts from S3
|
|
commands:
|
|
- set -u
|
|
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
|
|
- export S3_PATH="tag/$${DRONE_TAG##v}/"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-darwin-amd64-bin.tar.gz
|
|
$WORKSPACE_DIR/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-darwin-amd64-bin.tar.gz
|
|
$WORKSPACE_DIR/go/artifacts/
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg/credentials
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Build Mac pkg release artifacts
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
|
|
- export HOME=/Users/build
|
|
- security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain
|
|
- security find-identity -v
|
|
- make pkg OS=$OS ARCH=$ARCH
|
|
environment:
|
|
APPLE_PASSWORD:
|
|
from_secret: APPLE_PASSWORD
|
|
APPLE_USERNAME:
|
|
from_secret: APPLE_USERNAME
|
|
ARCH: amd64
|
|
BUILDBOX_PASSWORD:
|
|
from_secret: BUILDBOX_PASSWORD
|
|
ENT_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts
|
|
OS: darwin
|
|
OSS_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Copy Mac pkg artifacts
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- rm -rf $WORKSPACE_DIR/go/artifacts/*.tar.gz
|
|
- cp build/teleport*.pkg e/build/teleport-ent*.pkg $WORKSPACE_DIR/go/artifacts/
|
|
- cd $WORKSPACE_DIR/go/artifacts && for FILE in *.pkg; do shasum -a 256 $FILE >
|
|
$FILE.sha256; done && ls -l
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Upload to S3
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/artifacts
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg/credentials
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Register artifacts
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="MacOS Intel .pkg installer"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Clean up exec runner storage (post)
|
|
commands:
|
|
- set -u
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/mac.go (main.newDarwinPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: exec
|
|
name: build-darwin-amd64-pkg-tsh
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /tmp/build-darwin-amd64-pkg-tsh
|
|
platform:
|
|
os: darwin
|
|
arch: amd64
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-darwin-amd64
|
|
concurrency:
|
|
limit: 1
|
|
steps:
|
|
- name: Set up exec runner storage
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Check out code
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
|
|
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
|
|
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init e
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init --recursive webassets || true
|
|
- rm -rf $WORKSPACE_DIR/.ssh
|
|
- mkdir -p $WORKSPACE_DIR/go/cache
|
|
- mkdir -p $WORKSPACE_DIR/go/artifacts
|
|
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
|
|
- cat $WORKSPACE_DIR/go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Assume AWS Role
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /tmp/build-darwin-amd64-pkg-tsh/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg-tsh/credentials
|
|
- name: Download built tarball artifacts from S3
|
|
commands:
|
|
- set -u
|
|
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
|
|
- export S3_PATH="tag/$${DRONE_TAG##v}/"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-darwin-amd64-bin.tar.gz
|
|
$WORKSPACE_DIR/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-darwin-amd64-bin.tar.gz
|
|
$WORKSPACE_DIR/go/artifacts/
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg-tsh/credentials
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Build Mac pkg release artifacts
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
|
|
- export HOME=/Users/build
|
|
- security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain
|
|
- security find-identity -v
|
|
- make pkg-tsh OS=$OS ARCH=$ARCH
|
|
environment:
|
|
APPLE_PASSWORD:
|
|
from_secret: APPLE_PASSWORD
|
|
APPLE_USERNAME:
|
|
from_secret: APPLE_USERNAME
|
|
ARCH: amd64
|
|
BUILDBOX_PASSWORD:
|
|
from_secret: BUILDBOX_PASSWORD
|
|
ENT_TARBALL_PATH: /tmp/build-darwin-amd64-pkg-tsh/go/artifacts
|
|
OS: darwin
|
|
OSS_TARBALL_PATH: /tmp/build-darwin-amd64-pkg-tsh/go/artifacts
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Copy Mac pkg artifacts
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- rm -rf $WORKSPACE_DIR/go/artifacts/*.tar.gz
|
|
- cp build/tsh*.pkg $WORKSPACE_DIR/go/artifacts/
|
|
- cd $WORKSPACE_DIR/go/artifacts && for FILE in *.pkg; do shasum -a 256 $FILE >
|
|
$FILE.sha256; done && ls -l
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Upload to S3
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/artifacts
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-pkg-tsh/credentials
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Register artifacts
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="MacOS Intel .pkg installer (tsh client only)"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Clean up exec runner storage (post)
|
|
commands:
|
|
- set -u
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm
|
|
environment:
|
|
BUILDBOX_VERSION: teleport12
|
|
RUNTIME: go1.19.2
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- clean-up-previous-build
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-arm
|
|
environment:
|
|
ARCH: arm
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Assume AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Upload to S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- cd /go/artifacts/
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux ARMv7 (32-bit)"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: awsconfig
|
|
temp: {}
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm64
|
|
environment:
|
|
BUILDBOX_VERSION: teleport12
|
|
RUNTIME: go1.19.2
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- clean-up-previous-build
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-arm64
|
|
environment:
|
|
ARCH: arm64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Assume AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Upload to S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- cd /go/artifacts/
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux ARM64/ARMv8 (64-bit)"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: awsconfig
|
|
temp: {}
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm64-deb
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-arm64
|
|
- clean-up-previous-build
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Assume Download AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm64-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm64-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Assume Build AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_ROLE:
|
|
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- apk add --no-cache aws-cli
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- make deb
|
|
environment:
|
|
ARCH: arm64
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Assume Upload AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Upload to S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- cd /go/artifacts/
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux ARM64/ARMv8 (64-bit) DEB"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: awsconfig
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm-deb
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-arm
|
|
- clean-up-previous-build
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Assume Download AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Assume Build AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_ROLE:
|
|
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- apk add --no-cache aws-cli
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- make deb
|
|
environment:
|
|
ARCH: arm
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Assume Upload AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Upload to S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- cd /go/artifacts/
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux ARMv7 (32-bit) DEB"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: awsconfig
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm64-rpm
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-arm64
|
|
- clean-up-previous-build
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Assume Download AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm64-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm64-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Assume Build AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_ROLE:
|
|
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar go
|
|
- apk add --no-cache aws-cli
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- mkdir -m0700 $GNUPG_DIR
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
|
|
- chown -R root:root $GNUPG_DIR
|
|
- make rpm
|
|
- rm -rf $GNUPG_DIR
|
|
environment:
|
|
ARCH: arm64
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
GNUPG_DIR: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Assume Upload AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Upload to S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- cd /go/artifacts/
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux ARM64/ARMv8 (64-bit) RPM"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: awsconfig
|
|
temp: {}
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm-rpm
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-arm
|
|
- clean-up-previous-build
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Assume Download AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Assume Build AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_ROLE:
|
|
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar go
|
|
- apk add --no-cache aws-cli
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- mkdir -m0700 $GNUPG_DIR
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
|
|
- chown -R root:root $GNUPG_DIR
|
|
- make rpm
|
|
- rm -rf $GNUPG_DIR
|
|
environment:
|
|
ARCH: arm
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
GNUPG_DIR: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Assume Upload AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Upload to S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- cd /go/artifacts/
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux ARMv7 (32-bit) RPM"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: awsconfig
|
|
temp: {}
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-windows-amd64
|
|
environment:
|
|
BUILDBOX_VERSION: teleport12
|
|
RUNTIME: go1.19.2
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- clean-up-previous-build
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- echo -n "$WINDOWS_SIGNING_CERT" | base64 -d > windows-signing-cert.pfx
|
|
- make -C build.assets release-windows
|
|
- rm -f windows-signing-cert.pfx
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: windows
|
|
UID: "1000"
|
|
WINDOWS_SIGNING_CERT:
|
|
from_secret: WINDOWS_SIGNING_CERT
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.zip" -print -exec cp {} /go/artifacts \;
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- cp /go/artifacts/teleport-v$${VERSION}-windows-amd64-bin.zip /go/artifacts/teleport-ent-v$${VERSION}-windows-amd64-bin.zip
|
|
- cd /go/artifacts && for FILE in teleport*.zip; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Assume AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Upload to S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- cd /go/artifacts/
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Windows 64-bit (tsh client only)"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="windows" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: awsconfig
|
|
temp: {}
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-oss-amis
|
|
|
|
trigger:
|
|
event:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
|
|
depends_on:
|
|
- build-linux-amd64
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
# set version
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
|
|
- name: Assume Download AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
|
|
- name: Download built tarball artifacts from S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_REGION: us-west-2
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
|
|
|
|
- name: Assume Packer AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_PACKER_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_PACKER_SECRET_ACCESS_KEY
|
|
AWS_ROLE:
|
|
from_secret: AWS_PACKER_ROLE
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
|
|
- name: Build OSS AMIs
|
|
image: hashicorp/packer:1.7.6
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
commands:
|
|
- apk add --no-cache aws-cli jq make
|
|
- cd /go/src/github.com/gravitational/teleport/assets/aws
|
|
- export TELEPORT_VERSION=$(cat /go/.version.txt)
|
|
- export PUBLIC_AMI_NAME=gravitational-teleport-ami-oss-$TELEPORT_VERSION
|
|
- |
|
|
if [ "${DRONE_BUILD_EVENT}" = "tag" ]; then
|
|
echo "---> Building production OSS AMIs"
|
|
echo "---> Note: these AMIs will not be made public until the 'promote' step is run"
|
|
make oss-ci-build
|
|
else
|
|
echo "---> Building debug OSS AMIs"
|
|
make oss
|
|
fi
|
|
|
|
- name: Assume S3 Timestamp Sync AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
|
|
- name: Sync OSS build timestamp to S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_REGION: us-west-2
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/oss_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: awsconfig
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-ent-amis
|
|
|
|
trigger:
|
|
event:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
|
|
depends_on:
|
|
- build-linux-amd64
|
|
- build-linux-amd64-fips
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
# set version
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
|
|
- name: Assume Download AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
|
|
- name: Download built tarball artifacts from S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_REGION: us-west-2
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
|
|
|
|
- name: Assume Packer AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_PACKER_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_PACKER_SECRET_ACCESS_KEY
|
|
AWS_ROLE:
|
|
from_secret: AWS_PACKER_ROLE
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
|
|
- name: Build Enterprise AMIs
|
|
image: hashicorp/packer:1.7.6
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
commands:
|
|
- apk add --no-cache aws-cli jq make
|
|
- cd /go/src/github.com/gravitational/teleport/assets/aws
|
|
- export TELEPORT_VERSION=$(cat /go/.version.txt)
|
|
- export PUBLIC_AMI_NAME=gravitational-teleport-ami-ent-$TELEPORT_VERSION
|
|
- export FIPS_AMI_NAME=gravitational-teleport-ami-ent-$TELEPORT_VERSION-fips
|
|
- |
|
|
if [ "${DRONE_BUILD_EVENT}" = "tag" ]; then
|
|
echo "---> Building production Enterprise AMIs"
|
|
echo "---> Note: these AMIs will not be made public until the 'promote' step is run"
|
|
make ent-ci-build
|
|
else
|
|
echo "---> Building debug Enterprise AMIs"
|
|
make ent
|
|
fi
|
|
|
|
- name: Assume S3 Timestamp Sync AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
|
|
- name: Sync Enterprise build timestamp to S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_REGION: us-west-2
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/ent_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: awsconfig
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/buildbox.go (main.buildboxPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-buildboxes
|
|
environment:
|
|
BUILDBOX_VERSION: teleport12
|
|
GID: "1000"
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go/src/github.com/gravitational/teleport
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- git clone --depth 1 --single-branch --branch ${DRONE_SOURCE_BRANCH:-master} https://github.com/gravitational/${DRONE_REPO_NAME}.git
|
|
.
|
|
- git checkout ${DRONE_COMMIT}
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Configure Staging AWS Profile
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile staging
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_KEY
|
|
AWS_ROLE:
|
|
from_secret: STAGING_BUILDBOX_DRONE_ECR_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Configure Production AWS Profile
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile production
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY
|
|
AWS_ROLE:
|
|
from_secret: PRODUCTION_BUILDBOX_DRONE_ECR_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Build and push buildbox
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make aws-cli
|
|
- chown -R $UID:$GID /go
|
|
- aws ecr get-login-password --profile staging --region=us-west-2 | docker login
|
|
-u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- make -C build.assets buildbox
|
|
- docker tag public.ecr.aws/gravitational/teleport-buildbox:$BUILDBOX_VERSION 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
|
|
- docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
|
|
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- aws ecr-public get-login-password --profile production --region=us-east-1 | docker
|
|
login -u="AWS" --password-stdin public.ecr.aws
|
|
- docker push public.ecr.aws/gravitational/teleport-buildbox:$BUILDBOX_VERSION
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Build and push buildbox-fips
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make aws-cli
|
|
- chown -R $UID:$GID /go
|
|
- aws ecr get-login-password --profile staging --region=us-west-2 | docker login
|
|
-u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- make -C build.assets buildbox-fips
|
|
- docker tag public.ecr.aws/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
|
|
- docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
|
|
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- aws ecr-public get-login-password --profile production --region=us-east-1 | docker
|
|
login -u="AWS" --password-stdin public.ecr.aws
|
|
- docker push public.ecr.aws/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Build and push buildbox-arm
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make aws-cli
|
|
- chown -R $UID:$GID /go
|
|
- aws ecr get-login-password --profile staging --region=us-west-2 | docker login
|
|
-u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- make -C build.assets buildbox-arm
|
|
- docker tag public.ecr.aws/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
|
|
- docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
|
|
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- aws ecr-public get-login-password --profile production --region=us-east-1 | docker
|
|
login -u="AWS" --password-stdin public.ecr.aws
|
|
- docker push public.ecr.aws/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Build and push buildbox-centos7
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make aws-cli
|
|
- chown -R $UID:$GID /go
|
|
- aws ecr get-login-password --profile staging --region=us-west-2 | docker login
|
|
-u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- make -C build.assets buildbox-centos7
|
|
- docker tag public.ecr.aws/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
|
|
- docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
|
|
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- aws ecr-public get-login-password --profile production --region=us-east-1 | docker
|
|
login -u="AWS" --password-stdin public.ecr.aws
|
|
- docker push public.ecr.aws/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Build and push buildbox-centos7-fips
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make aws-cli
|
|
- chown -R $UID:$GID /go
|
|
- aws ecr get-login-password --profile staging --region=us-west-2 | docker login
|
|
-u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- make -C build.assets buildbox-centos7-fips
|
|
- docker tag public.ecr.aws/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
|
|
- docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
|
|
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- aws ecr-public get-login-password --profile production --region=us-east-1 | docker
|
|
login -u="AWS" --password-stdin public.ecr.aws
|
|
- docker push public.ecr.aws/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: awsconfig
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/os_repos.go (main.buildNeverTriggerPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: migrate-apt-new-repos
|
|
trigger:
|
|
event:
|
|
include:
|
|
- custom
|
|
repo:
|
|
include:
|
|
- non-existent-repository
|
|
branch:
|
|
include:
|
|
- non-existent-branch
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Placeholder
|
|
image: alpine:latest
|
|
commands:
|
|
- echo "This command, step, and pipeline never runs"
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/os_repos.go (main.(*OsPackageToolPipelineBuilder).buildBaseOsPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: publish-apt-new-repos
|
|
trigger:
|
|
event:
|
|
include:
|
|
- promote
|
|
target:
|
|
include:
|
|
- production
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Verify build is tagged
|
|
image: alpine:latest
|
|
commands:
|
|
- '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?''
|
|
&& exit 1)'
|
|
- name: Check out code
|
|
image: alpine/git:latest
|
|
commands:
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport"
|
|
- cd "/go/src/github.com/gravitational/teleport"
|
|
- git init
|
|
- git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin --tags
|
|
- git checkout -qf "${DRONE_TAG}"
|
|
- name: Assume Download AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Verify build is tagged
|
|
- Check out code
|
|
- name: Download artifacts for "${DRONE_TAG}"
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- mkdir -pv "$ARTIFACT_PATH"
|
|
- rm -rf "$ARTIFACT_PATH"/*
|
|
- aws s3 sync --no-progress --delete --exclude "*" --include "*.deb*" s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/
|
|
"$ARTIFACT_PATH"
|
|
environment:
|
|
ARTIFACT_PATH: /go/artifacts
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume Download AWS Role
|
|
- Verify build is tagged
|
|
- Check out code
|
|
- name: Assume Upload AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: APT_REPO_NEW_AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: APT_REPO_NEW_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: APT_REPO_NEW_AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Download artifacts for "${DRONE_TAG}"
|
|
- Verify build is tagged
|
|
- Check out code
|
|
- name: Check if tag is prerelease
|
|
image: golang:1.18-alpine
|
|
commands:
|
|
- apk add git
|
|
- mkdir -pv "/tmp/repo"
|
|
- cd "/tmp/repo"
|
|
- git init
|
|
- git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin --tags
|
|
- git checkout -qf "${DRONE_TAG}"
|
|
- cd "/tmp/repo/build.assets/tooling"
|
|
- go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> This is
|
|
a prerelease, not continuing promotion for ${DRONE_TAG}' && exit 78)
|
|
depends_on:
|
|
- Assume Upload AWS Role
|
|
- Verify build is tagged
|
|
- Check out code
|
|
- name: Publish debs to APT repos for "${DRONE_TAG}"
|
|
image: golang:1.18-bullseye
|
|
commands:
|
|
- apt update
|
|
- apt install -y aptly
|
|
- mkdir -pv -m0700 "$GNUPGHOME"
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME
|
|
- chown -R root:root "$GNUPGHOME"
|
|
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
|
|
- export VERSION="${DRONE_TAG}"
|
|
- export RELEASE_CHANNEL="stable"
|
|
- go run ./cmd/build-os-package-repos apt -bucket "$REPO_S3_BUCKET" -local-bucket-path
|
|
"$BUCKET_CACHE_PATH" -artifact-version "$VERSION" -release-channel "$RELEASE_CHANNEL"
|
|
-artifact-path "$ARTIFACT_PATH" -log-level 4 -aptly-root-dir "$APTLY_ROOT_DIR"
|
|
environment:
|
|
APTLY_ROOT_DIR: /mnt/aptly
|
|
ARTIFACT_PATH: /go/artifacts
|
|
AWS_REGION: us-west-2
|
|
BUCKET_CACHE_PATH: /tmp/bucket
|
|
DEBIAN_FRONTEND: noninteractive
|
|
GNUPGHOME: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
REPO_S3_BUCKET:
|
|
from_secret: APT_REPO_NEW_AWS_S3_BUCKET
|
|
volumes:
|
|
- name: apt-persistence
|
|
path: /mnt
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Check if tag is prerelease
|
|
- Verify build is tagged
|
|
- Check out code
|
|
volumes:
|
|
- name: apt-persistence
|
|
claim:
|
|
name: drone-s3-aptrepo-pvc
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
- name: awsconfig
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/os_repos.go (main.buildNeverTriggerPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: migrate-yum-new-repos
|
|
trigger:
|
|
event:
|
|
include:
|
|
- custom
|
|
repo:
|
|
include:
|
|
- non-existent-repository
|
|
branch:
|
|
include:
|
|
- non-existent-branch
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Placeholder
|
|
image: alpine:latest
|
|
commands:
|
|
- echo "This command, step, and pipeline never runs"
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/os_repos.go (main.(*OsPackageToolPipelineBuilder).buildBaseOsPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: publish-yum-new-repos
|
|
trigger:
|
|
event:
|
|
include:
|
|
- promote
|
|
target:
|
|
include:
|
|
- production
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Verify build is tagged
|
|
image: alpine:latest
|
|
commands:
|
|
- '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?''
|
|
&& exit 1)'
|
|
- name: Check out code
|
|
image: alpine/git:latest
|
|
commands:
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport"
|
|
- cd "/go/src/github.com/gravitational/teleport"
|
|
- git init
|
|
- git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin --tags
|
|
- git checkout -qf "${DRONE_TAG}"
|
|
- name: Assume Download AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Verify build is tagged
|
|
- Check out code
|
|
- name: Download artifacts for "${DRONE_TAG}"
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- mkdir -pv "$ARTIFACT_PATH"
|
|
- rm -rf "$ARTIFACT_PATH"/*
|
|
- aws s3 sync --no-progress --delete --exclude "*" --include "*.rpm*" s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/
|
|
"$ARTIFACT_PATH"
|
|
environment:
|
|
ARTIFACT_PATH: /go/artifacts
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume Download AWS Role
|
|
- Verify build is tagged
|
|
- Check out code
|
|
- name: Assume Upload AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: YUM_REPO_NEW_AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: YUM_REPO_NEW_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: YUM_REPO_NEW_AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Download artifacts for "${DRONE_TAG}"
|
|
- Verify build is tagged
|
|
- Check out code
|
|
- name: Check if tag is prerelease
|
|
image: golang:1.18-alpine
|
|
commands:
|
|
- apk add git
|
|
- mkdir -pv "/tmp/repo"
|
|
- cd "/tmp/repo"
|
|
- git init
|
|
- git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin --tags
|
|
- git checkout -qf "${DRONE_TAG}"
|
|
- cd "/tmp/repo/build.assets/tooling"
|
|
- go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> This is
|
|
a prerelease, not continuing promotion for ${DRONE_TAG}' && exit 78)
|
|
depends_on:
|
|
- Assume Upload AWS Role
|
|
- Verify build is tagged
|
|
- Check out code
|
|
- name: Publish rpms to YUM repos for "${DRONE_TAG}"
|
|
image: golang:1.18-bullseye
|
|
commands:
|
|
- apt update
|
|
- apt install -y createrepo-c
|
|
- mkdir -pv "$CACHE_DIR"
|
|
- mkdir -pv -m0700 "$GNUPGHOME"
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME
|
|
- chown -R root:root "$GNUPGHOME"
|
|
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
|
|
- export VERSION="${DRONE_TAG}"
|
|
- export RELEASE_CHANNEL="stable"
|
|
- go run ./cmd/build-os-package-repos yum -bucket "$REPO_S3_BUCKET" -local-bucket-path
|
|
"$BUCKET_CACHE_PATH" -artifact-version "$VERSION" -release-channel "$RELEASE_CHANNEL"
|
|
-artifact-path "$ARTIFACT_PATH" -log-level 4 -cache-dir "$CACHE_DIR"
|
|
environment:
|
|
ARTIFACT_PATH: /go/artifacts
|
|
AWS_REGION: us-west-2
|
|
BUCKET_CACHE_PATH: /mnt/bucket
|
|
CACHE_DIR: /mnt/createrepo_cache
|
|
DEBIAN_FRONTEND: noninteractive
|
|
GNUPGHOME: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
REPO_S3_BUCKET:
|
|
from_secret: YUM_REPO_NEW_AWS_S3_BUCKET
|
|
volumes:
|
|
- name: yum-persistence
|
|
path: /mnt
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Check if tag is prerelease
|
|
- Verify build is tagged
|
|
- Check out code
|
|
volumes:
|
|
- name: yum-persistence
|
|
claim:
|
|
name: drone-s3-yumrepo-pvc
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
- name: awsconfig
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: promote-build
|
|
|
|
trigger:
|
|
event:
|
|
- promote
|
|
target:
|
|
- production
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Check if commit is tagged
|
|
image: alpine
|
|
commands:
|
|
- "[ -n ${DRONE_TAG} ] || (echo 'DRONE_TAG is not set. Is the commit tagged?' && exit 1)"
|
|
|
|
- name: Assume Download AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- mkdir -p /go/artifacts
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/ /go/artifacts/
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_REGION: us-west-2
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
|
|
- name: Assume Upload AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY
|
|
AWS_ROLE:
|
|
from_secret: PRODUCTION_AWS_ROLE
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
|
|
- name: Upload artifacts to production S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_REGION: us-east-1
|
|
AWS_S3_BUCKET:
|
|
from_secret: PRODUCTION_AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
commands:
|
|
- cd /go/artifacts/
|
|
- aws s3 sync --acl public-read . s3://$AWS_S3_BUCKET/teleport/${DRONE_TAG##v}
|
|
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- |
|
|
mkdir -p /go/src/github.com/gravitational/teleport
|
|
cd /go/src/github.com/gravitational/teleport
|
|
git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
git fetch origin +refs/tags/${DRONE_TAG}:
|
|
git checkout -qf FETCH_HEAD
|
|
|
|
- name: Assume AMI Download AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
|
|
- name: Download AMI timestamps
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport/assets/aws/files/build
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/ami/${DRONE_TAG##v}/ /go/src/github.com/gravitational/teleport/assets/aws/files/build
|
|
|
|
- name: Assume AMI Publish AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY
|
|
AWS_ROLE:
|
|
from_secret: PRODUCTION_AWS_ROLE
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
|
|
- name: Make AMIs public
|
|
image: docker
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
commands:
|
|
- apk add --no-cache aws-cli bash jq make
|
|
- cd /go/src/github.com/gravitational/teleport/assets/aws
|
|
- |
|
|
make change-amis-to-public-oss
|
|
make change-amis-to-public-ent
|
|
make change-amis-to-public-ent-fips
|
|
|
|
- name: "Helm: Assume Download AWS Role"
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
|
|
AWS_ROLE:
|
|
from_secret: PRODUCTION_CHARTS_AWS_ROLE
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
|
|
# Download all previously packaged charts. This is needed to rebuild the
|
|
# index and re-publish the repository.
|
|
- name: "Helm: Download chart repository"
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
commands:
|
|
- mkdir -p /go/chart
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/ /go/chart
|
|
|
|
- name: "Helm: Package chart repository"
|
|
image: alpine/helm:latest
|
|
commands:
|
|
- cd /go/chart
|
|
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-cluster
|
|
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-kube-agent
|
|
# copy index.html to root of the S3 bucket.
|
|
- cp /go/src/github.com/gravitational/teleport/examples/chart/index.html /go/chart
|
|
# this will index all previous versions of the charts downloaded from the S3 bucket,
|
|
# plus the just-packaged charts listed above
|
|
- helm repo index /go/chart
|
|
- ls /go/chart
|
|
|
|
- name: "Helm: Assume Upload AWS Role"
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
|
|
AWS_ROLE:
|
|
from_secret: PRODUCTION_CHARTS_AWS_ROLE
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
|
|
- name: "Helm: Publish chart repository to S3"
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
commands:
|
|
- cd /go/chart/
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/
|
|
|
|
# NOTE: all mandatory steps for a release promotion need to go BEFORE this
|
|
# step, as there is a chance that everything afterwards will be skipped.
|
|
#
|
|
# this step exits early and skips all remaining steps in the pipeline if the
|
|
# tag looks like a pre-release, to avoid pushing pre-release RPMs and DEBs to
|
|
# our yum / apt repos.
|
|
- name: Check if repo is public
|
|
image: alpine
|
|
commands:
|
|
- if [ "${DRONE_REPO}" != "gravitational/teleport" ]; then echo "---> Not publishing ${DRONE_REPO} packages to RPM and DEB repos" && exit 78; fi
|
|
|
|
- name: Check if tag is prerelease
|
|
image: golang:1.17-alpine
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport/build.assets/tooling
|
|
- go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> Not publishing ${DRONE_TAG} packages to RPM and DEB repos' && exit 78)
|
|
|
|
- name: Assume RPM Repo AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: RPMREPO_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: RPMREPO_AWS_SECRET_ACCESS_KEY
|
|
AWS_ROLE:
|
|
from_secret: RPMREPO_AWS_ROLE
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
|
|
- name: Download RPM repo contents
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: RPMREPO_AWS_S3_BUCKET
|
|
volumes:
|
|
- name: rpmrepo
|
|
path: /rpmrepo
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
commands:
|
|
- mkdir -p /rpmrepo/teleport/cache
|
|
# we explicitly want to delete anything present locally which has been deleted
|
|
# from the upstream S3 bucket
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/ /rpmrepo/teleport/ --delete
|
|
- mkdir -p /rpmrepo/teleport/${DRONE_TAG##v}
|
|
- cp -a /go/artifacts/*.rpm /rpmrepo/teleport/${DRONE_TAG##v}/
|
|
|
|
# we do this using a CentOS 7 container to make sure that the repo files are
|
|
# compatible with older versions, also there's no createrepo package in alpine main
|
|
- name: Regenerate RPM repo metadata
|
|
image: centos:7
|
|
volumes:
|
|
- name: rpmrepo
|
|
path: /rpmrepo
|
|
commands:
|
|
- yum -y install createrepo
|
|
- createrepo --cachedir /rpmrepo/teleport/cache --update /rpmrepo/teleport
|
|
|
|
# This step requires centos:8 to get gpg 2.2+
|
|
# centos:7's gpg 2.0 doesn't understand the format of GPG_RPM_SIGNING_ARCHIVE
|
|
- name: Sign RPM repo metadata
|
|
image: centos:8
|
|
volumes:
|
|
- name: rpmrepo
|
|
path: /rpmrepo
|
|
# for in-memory tmpfs for key material
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
environment:
|
|
GNUPGHOME: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
commands:
|
|
- |
|
|
# extract signing key
|
|
mkdir -m0700 $GNUPGHOME
|
|
echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME
|
|
chown -R root:root $GNUPGHOME
|
|
# Sign rpm repo metadata (yum clients will automatically look for and verify repodata/repomd.xml.asc)
|
|
- gpg --batch --yes --detach-sign --armor /rpmrepo/teleport/repodata/repomd.xml
|
|
- cat /rpmrepo/teleport/repodata/repomd.xml.asc
|
|
- rm -rf $GNUPGHOME
|
|
|
|
- name: Sync RPM repo changes to S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: RPMREPO_AWS_S3_BUCKET
|
|
volumes:
|
|
- name: rpmrepo
|
|
path: /rpmrepo
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
commands:
|
|
- aws s3 sync /rpmrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/
|
|
|
|
# This step skips all remaining steps in the pipeline if the tag
|
|
# is not the highest semver *ever* released, to avoid publishing DEBs
|
|
# that would cause apt users to downgrade. For more info see:
|
|
# https://github.com/gravitational/teleport/issues/8166
|
|
- name: Check if tag is latest
|
|
image: golang:1.17-alpine
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport/build.assets/tooling
|
|
- go run ./cmd/check -tag ${DRONE_TAG} -check latest || (echo '---> Not publishing ${DRONE_REPO} packages to DEB repo' && exit 78)
|
|
|
|
- name: Assume Deb Repo AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: DEBREPO_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: DEBREPO_AWS_SECRET_ACCESS_KEY
|
|
AWS_ROLE:
|
|
from_secret: DEBREPO_AWS_ROLE
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
|
|
- name: Download DEB repo contents
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: DEBREPO_AWS_S3_BUCKET
|
|
volumes:
|
|
- name: debrepo
|
|
path: /debrepo
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
commands:
|
|
# we explicitly want to delete anything present locally which has been deleted
|
|
# from the upstream S3 bucket
|
|
- mkdir -p /debrepo/teleport
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/teleport /debrepo/teleport --delete
|
|
|
|
- name: Build DEB repo
|
|
image: ubuntu:20.04
|
|
environment:
|
|
DEBIAN_FRONTEND: noninteractive
|
|
GNUPGHOME: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: debrepo
|
|
path: /debrepo
|
|
# for in-memory tmpfs for key material
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
commands:
|
|
- |
|
|
# install needed tools
|
|
apt-get -y update && apt-get -y install curl gzip gnupg2 reprepro tar
|
|
- |
|
|
# write config files
|
|
mkdir -p /go/reprepro/teleport/conf /go/reprepro/teleport/public
|
|
# we have to keep listing "arm" even though it's not a real debian arch
|
|
# because we have released packages for it that are currently in the
|
|
# repo bucket, and reprepro will error out if it's told to includedeb a
|
|
# package for an architecture that's not in its configuration
|
|
cat << EOF > /go/reprepro/teleport/conf/distributions
|
|
Origin: teleport
|
|
Label: teleport
|
|
Codename: stable
|
|
Architectures: i386 amd64 arm armhf arm64
|
|
Components: main
|
|
Description: apt repository for teleport
|
|
SignWith: 6282C411
|
|
EOF
|
|
cat << EOF > /go/reprepro/teleport/conf/options
|
|
verbose
|
|
basedir /go/reprepro/teleport
|
|
EOF
|
|
- |
|
|
# extract signing key
|
|
mkdir -m0700 $GNUPGHOME
|
|
echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME
|
|
chown -R root:root $GNUPGHOME
|
|
- |
|
|
# create repo
|
|
cd /go/reprepro/teleport
|
|
reprepro --outdir /go/reprepro/teleport/public includedeb stable /go/artifacts/teleport*.deb
|
|
- |
|
|
# clean up gnupg
|
|
rm -rf $GNUPGHOME
|
|
- |
|
|
# copy artifacts to PVC
|
|
cp -r /go/reprepro/teleport /debrepo/
|
|
|
|
- name: Sync DEB repo changes to S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: DEBREPO_AWS_S3_BUCKET
|
|
volumes:
|
|
- name: debrepo
|
|
path: /debrepo
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
commands:
|
|
- aws s3 sync /debrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
|
|
volumes:
|
|
- name: awsconfig
|
|
temp: {}
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
# these persistent volumes cache RPMs/DEBs near Drone so that we don't need to download the
|
|
# entire repo contents from S3 every time to build the repo, we just sync any differences
|
|
- name: rpmrepo
|
|
claim:
|
|
name: drone-s3-rpmrepo-pvc
|
|
- name: debrepo
|
|
claim:
|
|
name: drone-s3-debrepo-pvc
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/mac.go (main.newDarwinPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: exec
|
|
name: build-darwin-amd64-connect
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /tmp/build-darwin-amd64-connect
|
|
platform:
|
|
os: darwin
|
|
arch: amd64
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-darwin-amd64-pkg-tsh
|
|
concurrency:
|
|
limit: 1
|
|
steps:
|
|
- name: Set up exec runner storage
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
|
|
- name: Check out code
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
|
|
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
|
|
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- git clone https://github.com/gravitational/webapps.git .
|
|
- git checkout $($WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh)
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init packages/webapps.e
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init e
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init --recursive webassets || true
|
|
- rm -rf $WORKSPACE_DIR/.ssh
|
|
- mkdir -p $WORKSPACE_DIR/go/cache
|
|
- mkdir -p $WORKSPACE_DIR/go/artifacts
|
|
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
|
|
- cat $WORKSPACE_DIR/go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
|
|
- name: Install Node Toolchain
|
|
commands:
|
|
- set -u
|
|
- export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-node-version)
|
|
- export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- export NODE_DIR=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64
|
|
- mkdir -p $TOOLCHAIN_DIR
|
|
- curl --silent -O https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-darwin-x64.tar.gz
|
|
- tar -C $TOOLCHAIN_DIR -xzf node-v$NODE_VERSION-darwin-x64.tar.gz
|
|
- rm -f node-v$NODE_VERSION-darwin-x64.tar.gz
|
|
- export PATH=$NODE_DIR/bin:$PATH
|
|
- corepack enable yarn
|
|
- echo Node reporting version $(node --version)
|
|
- echo Yarn reporting version $(yarn --version)
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
|
|
- name: Assume AWS Role
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /tmp/build-darwin-amd64-connect/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-connect/credentials
|
|
- name: Download tsh.pkg artifact from S3
|
|
commands:
|
|
- set -u
|
|
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
|
|
- export S3_PATH="tag/$${DRONE_TAG##v}/"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}tsh-$${VERSION}.pkg $WORKSPACE_DIR/go/src/github.com/gravitational/
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-connect/credentials
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
|
|
- name: Build Mac artifacts (Teleport Connect)
|
|
commands:
|
|
- set -u
|
|
- export HOME=/Users/$(whoami)
|
|
- export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-node-version)
|
|
- export NODE_HOME=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64
|
|
- export PATH=$NODE_HOME/bin:$PATH
|
|
- export VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
print-version)
|
|
- export BUILD_NUMBER=$DRONE_BUILD_NUMBER
|
|
- security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain
|
|
- security find-identity -v
|
|
- export CSC_NAME=0FFD3E3413AB4C599C53FBB1D8CA690915E33D83
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational
|
|
- pkgutil --expand-full tsh-$${VERSION}.pkg tsh
|
|
- export CONNECT_TSH_APP_PATH=$WORKSPACE_DIR/go/src/github.com/gravitational/tsh/Payload/tsh.app
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- yarn install && yarn build-term && yarn package-term -c.extraMetadata.version=$VERSION
|
|
environment:
|
|
APPLE_PASSWORD:
|
|
from_secret: APPLE_PASSWORD
|
|
APPLE_USERNAME:
|
|
from_secret: APPLE_USERNAME
|
|
ARCH: amd64
|
|
BUILDBOX_PASSWORD:
|
|
from_secret: BUILDBOX_PASSWORD
|
|
GOCACHE: /tmp/build-darwin-amd64-connect/go/cache
|
|
GOPATH: /tmp/build-darwin-amd64-connect/go
|
|
OS: darwin
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
|
|
- name: Copy dmg artifact
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps/packages/teleterm/build/release
|
|
- cp *.dmg $WORKSPACE_DIR/go/artifacts
|
|
- cd $WORKSPACE_DIR/go/artifacts && for FILE in *.dmg; do shasum -a 256 "$FILE"
|
|
> "$FILE.sha256"; done && ls -l
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
|
|
- name: Upload to S3
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/artifacts
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SHARED_CREDENTIALS_FILE: /tmp/build-darwin-amd64-connect/credentials
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
|
|
- name: Register artifact
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-prod.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="MacOS Intel"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
release_params="" # List of "-F releaseId=XXX" parameters to curl
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
|
|
release_params="$release_params -F releaseId=$product@$VERSION"
|
|
done
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
|
|
- name: Clean up toolchains (post)
|
|
commands:
|
|
- set -u
|
|
- rm -rf /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
|
|
when:
|
|
status:
|
|
- success
|
|
- failure
|
|
- name: Clean up exec runner storage (post)
|
|
commands:
|
|
- set -u
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: teleport-container-images-branch-tag
|
|
environment:
|
|
DEBIAN_FRONTEND: noninteractive
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- clean-up-previous-build
|
|
steps:
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Wait for docker registry
|
|
image: alpine
|
|
commands:
|
|
- apk add curl
|
|
- timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)"
|
|
!= "200" ]; do sleep 1; done'
|
|
- name: Check out code
|
|
image: alpine/git:latest
|
|
commands:
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport"
|
|
- cd "/go/src/github.com/gravitational/teleport"
|
|
- git init
|
|
- git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin --tags
|
|
- git checkout -qf "$DRONE_TAG"
|
|
- name: Build full semver
|
|
image: alpine
|
|
commands:
|
|
- mkdir -pv $(dirname "/go/var/full-version")
|
|
- echo $DRONE_TAG | sed 's/v//' > "/go/var/full-version"
|
|
- echo $(cat "/go/var/full-version")
|
|
- name: Assume ECR - staging AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile ecr-staging
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
|
|
AWS_ROLE:
|
|
from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Assume ECR - authenticated-pull AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile ecr-authenticated-pull
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
|
|
AWS_ROLE:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume ECR - staging AWS Role
|
|
- name: Assume S3 Download AWS Role for teleport
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile s3-download-teleport
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build full semver
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
|
|
image: alpine
|
|
commands:
|
|
- apk add curl
|
|
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport")
|
|
- curl -Ls -o "/go/build/Dockerfile-teleport" "https://raw.githubusercontent.com/gravitational/teleport/$DRONE_TAG/build.assets/charts/Dockerfile"
|
|
depends_on:
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build full semver
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- name: Download "teleport_v11-tag_amd64.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
|
|
"/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
|
|
- name: Build teleport image "teleport:v11-amd64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-v11-amd64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-amd64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-v11-amd64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-v11-amd64-builder" --config "/tmp/teleport-v11-amd64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-v11-amd64-builder" --target "teleport"
|
|
--platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb
|
|
/go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-v11-amd64-builder"
|
|
- rm -rf "/tmp/teleport-v11-amd64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport_v11-tag_amd64.deb" artifacts from S3
|
|
- name: Download "teleport_v11-tag_arm.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
|
|
"/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
|
|
- name: Build teleport image "teleport:v11-arm"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-v11-arm-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-arm-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-v11-arm-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-v11-arm-builder" --config "/tmp/teleport-v11-arm-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-v11-arm-builder" --target "teleport"
|
|
--platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb
|
|
/go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-v11-arm-builder"
|
|
- rm -rf "/tmp/teleport-v11-arm-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport_v11-tag_arm.deb" artifacts from S3
|
|
- name: Download "teleport_v11-tag_arm64.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
|
|
"/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
|
|
- name: Build teleport image "teleport:v11-arm64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-v11-arm64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-arm64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-v11-arm64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-v11-arm64-builder" --config "/tmp/teleport-v11-arm64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-v11-arm64-builder" --target "teleport"
|
|
--platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb
|
|
/go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-v11-arm64-builder"
|
|
- rm -rf "/tmp/teleport-v11-arm64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport_v11-tag_arm64.deb" artifacts from S3
|
|
- name: Tag and push image "teleport:v11-amd64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-amd64
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-amd64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v11-amd64"
|
|
- name: Tag and push image "teleport:v11-arm" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping'
|
|
|| (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-arm)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v11-arm"
|
|
- name: Tag and push image "teleport:v11-arm64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-arm64
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-arm64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v11-arm64"
|
|
- name: Create manifest and push "teleport:full" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping'
|
|
|| (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version") --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version"))
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v11-amd64" to ECR - staging
|
|
- Tag and push image "teleport:v11-arm" to ECR - staging
|
|
- Tag and push image "teleport:v11-arm64" to ECR - staging
|
|
- name: Assume S3 Download AWS Role for teleport-ent
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile s3-download-teleport-ent
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build full semver
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
|
|
image: alpine
|
|
commands:
|
|
- apk add curl
|
|
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent")
|
|
- curl -Ls -o "/go/build/Dockerfile-teleport-ent" "https://raw.githubusercontent.com/gravitational/teleport/$DRONE_TAG/build.assets/charts/Dockerfile"
|
|
depends_on:
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build full semver
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- name: Download "teleport-ent_v11-tag_amd64.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
|
|
"/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport-ent
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport-ent
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
|
|
- name: Build teleport-ent image "teleport-ent:v11-amd64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-ent-v11-amd64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-ent-v11-amd64-builder" --config "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-ent-v11-amd64-builder" --target
|
|
"teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
|
|
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-ent-v11-amd64-builder"
|
|
- rm -rf "/tmp/teleport-ent-v11-amd64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport-ent_v11-tag_amd64.deb" artifacts from S3
|
|
- name: Download "teleport-ent_v11-tag_arm.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
|
|
"/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport-ent
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport-ent
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
|
|
- name: Build teleport-ent image "teleport-ent:v11-arm"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-ent-v11-arm-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-ent-v11-arm-builder" --config "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-ent-v11-arm-builder" --target "teleport"
|
|
--platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
--file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat
|
|
"/go/var/full-version")_arm.deb /go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-ent-v11-arm-builder"
|
|
- rm -rf "/tmp/teleport-ent-v11-arm-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport-ent_v11-tag_arm.deb" artifacts from S3
|
|
- name: Download "teleport-ent_v11-tag_arm64.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
|
|
"/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport-ent
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport-ent
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
|
|
- name: Build teleport-ent image "teleport-ent:v11-arm64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-ent-v11-arm64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-ent-v11-arm64-builder" --config "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-ent-v11-arm64-builder" --target
|
|
"teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
|
|
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-ent-v11-arm64-builder"
|
|
- rm -rf "/tmp/teleport-ent-v11-arm64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport-ent_v11-tag_arm64.deb" artifacts from S3
|
|
- name: Tag and push image "teleport-ent:v11-amd64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v11-amd64"
|
|
- name: Tag and push image "teleport-ent:v11-arm" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping'
|
|
|| (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v11-arm"
|
|
- name: Tag and push image "teleport-ent:v11-arm64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v11-arm64"
|
|
- name: Create manifest and push "teleport-ent:full" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping'
|
|
|| (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version") --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version"))
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-amd64" to ECR - staging
|
|
- Tag and push image "teleport-ent:v11-arm" to ECR - staging
|
|
- Tag and push image "teleport-ent:v11-arm64" to ECR - staging
|
|
- name: Assume S3 Download AWS Role for teleport-ent-fips
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile s3-download-teleport-ent-fips
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build full semver
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for
|
|
teleport-ent-fips
|
|
image: alpine
|
|
commands:
|
|
- apk add curl
|
|
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips")
|
|
- curl -Ls -o "/go/build/Dockerfile-teleport-ent-fips" "https://raw.githubusercontent.com/gravitational/teleport/$DRONE_TAG/build.assets/charts/Dockerfile"
|
|
depends_on:
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build full semver
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- name: Download "teleport-ent_v11-tag-fips_amd64.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
|
|
"/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport-ent-fips
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport-ent-fips
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips
|
|
- name: Build teleport-ent-fips image "teleport-ent:v11-fips-amd64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-ent-v11-fips-amd64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-ent-v11-fips-amd64-builder" --config "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-ent-v11-fips-amd64-builder" --target
|
|
"teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips"
|
|
--build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
|
|
/go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-ent-v11-fips-amd64-builder"
|
|
- rm -rf "/tmp/teleport-ent-v11-fips-amd64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport-ent_v11-tag-fips_amd64.deb" artifacts from S3
|
|
- name: Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent-fips image "teleport-ent:v11-fips-amd64"
|
|
- name: Create manifest and push "teleport-ent:full-fips" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips > /dev/null 2>&1 && echo 'Found existing image, skipping'
|
|
|| (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging
|
|
- name: Build teleport-operator image "teleport-operator:v11-amd64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
|
|
- mkdir -pv "/tmp/teleport-operator-v11-amd64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-operator-v11-amd64-builder" --config "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-operator-v11-amd64-builder" --platform
|
|
"linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
--file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg
|
|
BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport12 --build-arg
|
|
COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-operator-v11-amd64-builder"
|
|
- rm -rf "/tmp/teleport-operator-v11-amd64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build full semver
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- name: Build teleport-operator image "teleport-operator:v11-arm"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
|
|
- mkdir -pv "/tmp/teleport-operator-v11-arm-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-operator-v11-arm-builder" --config "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-operator-v11-arm-builder" --platform
|
|
"linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
--file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg
|
|
BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport12 --build-arg
|
|
COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-operator-v11-arm-builder"
|
|
- rm -rf "/tmp/teleport-operator-v11-arm-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build full semver
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- name: Build teleport-operator image "teleport-operator:v11-arm64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
|
|
- mkdir -pv "/tmp/teleport-operator-v11-arm64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-operator-v11-arm64-builder" --config "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-operator-v11-arm64-builder" --platform
|
|
"linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
--file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg
|
|
BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport12 --build-arg
|
|
COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-operator-v11-arm64-builder"
|
|
- rm -rf "/tmp/teleport-operator-v11-arm64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build full semver
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- name: Tag and push image "teleport-operator:v11-amd64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64 > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v11-amd64"
|
|
- name: Tag and push image "teleport-operator:v11-arm" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm > /dev/null 2>&1 && echo 'Found existing image, skipping'
|
|
|| (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v11-arm"
|
|
- name: Tag and push image "teleport-operator:v11-arm64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64 > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v11-arm64"
|
|
- name: Create manifest and push "teleport-operator:full" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version") > /dev/null 2>&1 && echo 'Found existing image, skipping'
|
|
|| (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version") --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version"))
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v11-amd64" to ECR - staging
|
|
- Tag and push image "teleport-operator:v11-arm" to ECR - staging
|
|
- Tag and push image "teleport-operator:v11-arm64" to ECR - staging
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: drone-docker-registry
|
|
image: registry:2
|
|
privileged: false
|
|
volumes: []
|
|
volumes:
|
|
- name: awsconfig
|
|
temp: {}
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: teleport-container-images-branch-promote
|
|
environment:
|
|
DEBIAN_FRONTEND: noninteractive
|
|
trigger:
|
|
event:
|
|
include:
|
|
- promote
|
|
target:
|
|
include:
|
|
- production
|
|
- promote-docker
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Verify build is tagged
|
|
image: alpine:latest
|
|
commands:
|
|
- '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?''
|
|
&& exit 1)'
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Verify build is tagged
|
|
- name: Wait for docker registry
|
|
image: alpine
|
|
commands:
|
|
- apk add curl
|
|
- timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)"
|
|
!= "200" ]; do sleep 1; done'
|
|
depends_on:
|
|
- Verify build is tagged
|
|
- name: Check out code
|
|
image: alpine/git:latest
|
|
commands:
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport"
|
|
- cd "/go/src/github.com/gravitational/teleport"
|
|
- git init
|
|
- git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin --tags
|
|
- git checkout -qf "$DRONE_TAG"
|
|
depends_on:
|
|
- Verify build is tagged
|
|
- name: Build major, minor, and full semvers
|
|
image: alpine
|
|
commands:
|
|
- mkdir -pv $(dirname "/go/var/major-version")
|
|
- echo $DRONE_TAG | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version"
|
|
- echo $(cat "/go/var/major-version")
|
|
- mkdir -pv $(dirname "/go/var/minor-version")
|
|
- echo $DRONE_TAG | sed 's/v//' | cut -d'.' -f "1,2" > "/go/var/minor-version"
|
|
- echo $(cat "/go/var/minor-version")
|
|
- mkdir -pv $(dirname "/go/var/full-version")
|
|
- echo $DRONE_TAG | sed 's/v//' > "/go/var/full-version"
|
|
- echo $(cat "/go/var/full-version")
|
|
depends_on:
|
|
- Verify build is tagged
|
|
- name: Assume ECR - staging AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile ecr-staging
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
|
|
AWS_ROLE:
|
|
from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Verify build is tagged
|
|
- name: Assume ECR - production AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile ecr-production
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
|
|
AWS_ROLE:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume ECR - staging AWS Role
|
|
- Verify build is tagged
|
|
- name: Pull teleport:v11-amd64 and push it to Local Registry
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-amd64
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-amd64 drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
- docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Verify build is tagged
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Pull teleport:v11-arm and push it to Local Registry
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-arm
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-arm drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
- docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Verify build is tagged
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Pull teleport:v11-arm64 and push it to Local Registry
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-arm64
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-arm64 drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
- docker push drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Verify build is tagged
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Tag and push image "teleport:v11-amd64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64
|
|
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Pull teleport:v11-amd64 and push it to Local Registry
|
|
- name: Tag and push image "teleport:v11-arm" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Pull teleport:v11-arm and push it to Local Registry
|
|
- name: Tag and push image "teleport:v11-arm64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64
|
|
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Pull teleport:v11-arm64 and push it to Local Registry
|
|
- name: Create manifest and push "teleport:major" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version")
|
|
--amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend
|
|
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v11-amd64" to Quay
|
|
- Tag and push image "teleport:v11-arm" to Quay
|
|
- Tag and push image "teleport:v11-arm64" to Quay
|
|
- name: Create manifest and push "teleport:minor" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version")
|
|
--amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend
|
|
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v11-amd64" to Quay
|
|
- Tag and push image "teleport:v11-arm" to Quay
|
|
- Tag and push image "teleport:v11-arm64" to Quay
|
|
- name: Create manifest and push "teleport:full" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
--amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 &&
|
|
docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version"))
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v11-amd64" to Quay
|
|
- Tag and push image "teleport:v11-arm" to Quay
|
|
- Tag and push image "teleport:v11-arm64" to Quay
|
|
- name: Tag and push image "teleport:v11-amd64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
|
|
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Pull teleport:v11-amd64 and push it to Local Registry
|
|
- name: Tag and push image "teleport:v11-arm" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Pull teleport:v11-arm and push it to Local Registry
|
|
- name: Tag and push image "teleport:v11-arm64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
|
|
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Pull teleport:v11-arm64 and push it to Local Registry
|
|
- name: Create manifest and push "teleport:major" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v11-amd64" to ECR - production
|
|
- Tag and push image "teleport:v11-arm" to ECR - production
|
|
- Tag and push image "teleport:v11-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport:minor" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v11-amd64" to ECR - production
|
|
- Tag and push image "teleport:v11-arm" to ECR - production
|
|
- Tag and push image "teleport:v11-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport:full" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker
|
|
manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version"))
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v11-amd64" to ECR - production
|
|
- Tag and push image "teleport:v11-arm" to ECR - production
|
|
- Tag and push image "teleport:v11-arm64" to ECR - production
|
|
- name: Pull teleport-ent:v11-amd64 and push it to Local Registry
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
- docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Verify build is tagged
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Pull teleport-ent:v11-arm and push it to Local Registry
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
- docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Verify build is tagged
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Pull teleport-ent:v11-arm64 and push it to Local Registry
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
- docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Verify build is tagged
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Tag and push image "teleport-ent:v11-amd64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Pull teleport-ent:v11-amd64 and push it to Local Registry
|
|
- name: Tag and push image "teleport-ent:v11-arm" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Pull teleport-ent:v11-arm and push it to Local Registry
|
|
- name: Tag and push image "teleport-ent:v11-arm64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Pull teleport-ent:v11-arm64 and push it to Local Registry
|
|
- name: Create manifest and push "teleport-ent:major" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-amd64" to Quay
|
|
- Tag and push image "teleport-ent:v11-arm" to Quay
|
|
- Tag and push image "teleport-ent:v11-arm64" to Quay
|
|
- name: Create manifest and push "teleport-ent:minor" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-amd64" to Quay
|
|
- Tag and push image "teleport-ent:v11-arm" to Quay
|
|
- Tag and push image "teleport-ent:v11-arm64" to Quay
|
|
- name: Create manifest and push "teleport-ent:full" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version"))
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-amd64" to Quay
|
|
- Tag and push image "teleport-ent:v11-arm" to Quay
|
|
- Tag and push image "teleport-ent:v11-arm64" to Quay
|
|
- name: Tag and push image "teleport-ent:v11-amd64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Pull teleport-ent:v11-amd64 and push it to Local Registry
|
|
- name: Tag and push image "teleport-ent:v11-arm" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
&& docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Pull teleport-ent:v11-arm and push it to Local Registry
|
|
- name: Tag and push image "teleport-ent:v11-arm64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Pull teleport-ent:v11-arm64 and push it to Local Registry
|
|
- name: Create manifest and push "teleport-ent:major" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-amd64" to ECR - production
|
|
- Tag and push image "teleport-ent:v11-arm" to ECR - production
|
|
- Tag and push image "teleport-ent:v11-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport-ent:minor" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-amd64" to ECR - production
|
|
- Tag and push image "teleport-ent:v11-arm" to ECR - production
|
|
- Tag and push image "teleport-ent:v11-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport-ent:full" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version"))
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-amd64" to ECR - production
|
|
- Tag and push image "teleport-ent:v11-arm" to ECR - production
|
|
- Tag and push image "teleport-ent:v11-arm64" to ECR - production
|
|
- name: Pull teleport-ent:v11-fips-amd64 and push it to Local Registry
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64
|
|
- docker push drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Verify build is tagged
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Tag and push image "teleport-ent:v11-fips-amd64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Pull teleport-ent:v11-fips-amd64 and push it to Local Registry
|
|
- name: Create manifest and push "teleport-ent:major-fips" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-fips-amd64" to Quay
|
|
- name: Create manifest and push "teleport-ent:minor-fips" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-fips-amd64" to Quay
|
|
- name: Create manifest and push "teleport-ent:full-fips" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 &&
|
|
docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips)
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-fips-amd64" to Quay
|
|
- name: Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Pull teleport-ent:v11-fips-amd64 and push it to Local Registry
|
|
- name: Create manifest and push "teleport-ent:major-fips" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production
|
|
- name: Create manifest and push "teleport-ent:minor-fips" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production
|
|
- name: Create manifest and push "teleport-ent:full-fips" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips)
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production
|
|
- name: Pull teleport-operator:v11-amd64 and push it to Local Registry
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64 drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64
|
|
- docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Verify build is tagged
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Pull teleport-operator:v11-arm and push it to Local Registry
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm
|
|
- docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Verify build is tagged
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Pull teleport-operator:v11-arm64 and push it to Local Registry
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64 drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64
|
|
- docker push drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Verify build is tagged
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Tag and push image "teleport-operator:v11-amd64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
&& docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
|
|
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
|
|
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Pull teleport-operator:v11-amd64 and push it to Local Registry
|
|
- name: Tag and push image "teleport-operator:v11-arm" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
&& docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
|
|
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
|
|
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Pull teleport-operator:v11-arm and push it to Local Registry
|
|
- name: Tag and push image "teleport-operator:v11-arm64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
&& docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
|
|
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
|
|
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Pull teleport-operator:v11-arm64 and push it to Local Registry
|
|
- name: Create manifest and push "teleport-operator:major" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")
|
|
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
|
|
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
|
|
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v11-amd64" to Quay
|
|
- Tag and push image "teleport-operator:v11-arm" to Quay
|
|
- Tag and push image "teleport-operator:v11-arm64" to Quay
|
|
- name: Create manifest and push "teleport-operator:minor" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")
|
|
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
|
|
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
|
|
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v11-amd64" to Quay
|
|
- Tag and push image "teleport-operator:v11-arm" to Quay
|
|
- Tag and push image "teleport-operator:v11-arm64" to Quay
|
|
- name: Create manifest and push "teleport-operator:full" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 &&
|
|
docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version"))
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v11-amd64" to Quay
|
|
- Tag and push image "teleport-operator:v11-arm" to Quay
|
|
- Tag and push image "teleport-operator:v11-arm64" to Quay
|
|
- name: Tag and push image "teleport-operator:v11-amd64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Pull teleport-operator:v11-amd64 and push it to Local Registry
|
|
- name: Tag and push image "teleport-operator:v11-arm" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Pull teleport-operator:v11-arm and push it to Local Registry
|
|
- name: Tag and push image "teleport-operator:v11-arm64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Pull teleport-operator:v11-arm64 and push it to Local Registry
|
|
- name: Create manifest and push "teleport-operator:major" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v11-amd64" to ECR - production
|
|
- Tag and push image "teleport-operator:v11-arm" to ECR - production
|
|
- Tag and push image "teleport-operator:v11-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport-operator:minor" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v11-amd64" to ECR - production
|
|
- Tag and push image "teleport-operator:v11-arm" to ECR - production
|
|
- Tag and push image "teleport-operator:v11-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport-operator:full" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
&& docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version"))
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v11-amd64" to ECR - production
|
|
- Tag and push image "teleport-operator:v11-arm" to ECR - production
|
|
- Tag and push image "teleport-operator:v11-arm64" to ECR - production
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: drone-docker-registry
|
|
image: registry:2
|
|
privileged: false
|
|
volumes: []
|
|
volumes:
|
|
- name: awsconfig
|
|
temp: {}
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: teleport-container-images-current-version-cron
|
|
environment:
|
|
DEBIAN_FRONTEND: noninteractive
|
|
trigger:
|
|
cron:
|
|
include:
|
|
- teleport-container-images-cron
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Find the latest available semver for v11
|
|
image: golang:1.18
|
|
commands:
|
|
- mkdir -pv "/tmp/teleport"
|
|
- cd "/tmp/teleport"
|
|
- git init
|
|
- git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin --tags
|
|
- git checkout -qf "branch/v11"
|
|
- mkdir -pv $(dirname "/go/vars/full-version-v11")
|
|
- cd "/tmp/teleport/build.assets/tooling/cmd/query-latest"
|
|
- go run . "v11" | sed 's/v//' > "/go/vars/full-version-v11"
|
|
- echo Found full semver "$(cat "/go/vars/full-version-v11")" for major version
|
|
"v11"
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Find the latest available semver for v11
|
|
- name: Wait for docker registry
|
|
image: alpine
|
|
commands:
|
|
- apk add curl
|
|
- timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)"
|
|
!= "200" ]; do sleep 1; done'
|
|
depends_on:
|
|
- Find the latest available semver for v11
|
|
- name: Check out code
|
|
image: alpine/git:latest
|
|
commands:
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport"
|
|
- cd "/go/src/github.com/gravitational/teleport"
|
|
- git init
|
|
- git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin --tags
|
|
- git checkout -qf "v$(cat '/go/vars/full-version-v11')"
|
|
depends_on:
|
|
- Find the latest available semver for v11
|
|
- name: Build major, minor, and full semvers
|
|
image: alpine
|
|
commands:
|
|
- mkdir -pv $(dirname "/go/var/major-version")
|
|
- echo v$(cat '/go/vars/full-version-v11') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version"
|
|
- echo $(cat "/go/var/major-version")
|
|
- mkdir -pv $(dirname "/go/var/minor-version")
|
|
- echo v$(cat '/go/vars/full-version-v11') | sed 's/v//' | cut -d'.' -f "1,2" >
|
|
"/go/var/minor-version"
|
|
- echo $(cat "/go/var/minor-version")
|
|
- mkdir -pv $(dirname "/go/var/full-version")
|
|
- echo v$(cat '/go/vars/full-version-v11') | sed 's/v//' > "/go/var/full-version"
|
|
- echo $(cat "/go/var/full-version")
|
|
depends_on:
|
|
- Find the latest available semver for v11
|
|
- name: Assume ECR - staging AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile ecr-staging
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
|
|
AWS_ROLE:
|
|
from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Find the latest available semver for v11
|
|
- name: Assume ECR - authenticated-pull AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile ecr-authenticated-pull
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
|
|
AWS_ROLE:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume ECR - staging AWS Role
|
|
- Find the latest available semver for v11
|
|
- name: Assume ECR - production AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile ecr-production
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
|
|
AWS_ROLE:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Find the latest available semver for v11
|
|
- name: Assume S3 Download AWS Role for teleport
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile s3-download-teleport
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Find the latest available semver for v11
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
|
|
image: alpine
|
|
commands:
|
|
- apk add curl
|
|
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport")
|
|
- curl -Ls -o "/go/build/Dockerfile-teleport" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat
|
|
'/go/vars/full-version-v11')/build.assets/charts/Dockerfile"
|
|
depends_on:
|
|
- Find the latest available semver for v11
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Download "teleport_v11-tag_amd64.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
|
|
"/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
|
|
- name: Build teleport image "teleport:v11-amd64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-v11-amd64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-amd64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-v11-amd64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-v11-amd64-builder" --config "/tmp/teleport-v11-amd64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-v11-amd64-builder" --target "teleport"
|
|
--platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb
|
|
/go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-v11-amd64-builder"
|
|
- rm -rf "/tmp/teleport-v11-amd64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport_v11-tag_amd64.deb" artifacts from S3
|
|
- name: Download "teleport_v11-tag_arm.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
|
|
"/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
|
|
- name: Build teleport image "teleport:v11-arm"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-v11-arm-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-arm-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-v11-arm-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-v11-arm-builder" --config "/tmp/teleport-v11-arm-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-v11-arm-builder" --target "teleport"
|
|
--platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb
|
|
/go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-v11-arm-builder"
|
|
- rm -rf "/tmp/teleport-v11-arm-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport_v11-tag_arm.deb" artifacts from S3
|
|
- name: Download "teleport_v11-tag_arm64.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
|
|
"/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
|
|
- name: Build teleport image "teleport:v11-arm64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-v11-arm64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v11-arm64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-v11-arm64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-v11-arm64-builder" --config "/tmp/teleport-v11-arm64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-v11-arm64-builder" --target "teleport"
|
|
--platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb
|
|
/go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-v11-arm64-builder"
|
|
- rm -rf "/tmp/teleport-v11-arm64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport_v11-tag_arm64.deb" artifacts from S3
|
|
- name: Tag and push image "teleport:v11-amd64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v11-amd64"
|
|
- name: Tag and push image "teleport:v11-arm" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v11-arm"
|
|
- name: Tag and push image "teleport:v11-arm64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v11-arm64"
|
|
- name: Create manifest and push "teleport:major-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v11-amd64" to ECR - staging
|
|
- Tag and push image "teleport:v11-arm" to ECR - staging
|
|
- Tag and push image "teleport:v11-arm64" to ECR - staging
|
|
- name: Create manifest and push "teleport:minor-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v11-amd64" to ECR - staging
|
|
- Tag and push image "teleport:v11-arm" to ECR - staging
|
|
- Tag and push image "teleport:v11-arm64" to ECR - staging
|
|
- name: Create manifest and push "teleport:full-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v11-amd64" to ECR - staging
|
|
- Tag and push image "teleport:v11-arm" to ECR - staging
|
|
- Tag and push image "teleport:v11-arm64" to ECR - staging
|
|
- name: Tag and push image "teleport:v11-amd64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64
|
|
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v11-amd64"
|
|
- name: Tag and push image "teleport:v11-arm" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v11-arm"
|
|
- name: Tag and push image "teleport:v11-arm64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64
|
|
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v11-arm64"
|
|
- name: Create manifest and push "teleport:major" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version")
|
|
--amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend
|
|
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v11-amd64" to Quay
|
|
- Tag and push image "teleport:v11-arm" to Quay
|
|
- Tag and push image "teleport:v11-arm64" to Quay
|
|
- name: Create manifest and push "teleport:minor" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version")
|
|
--amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend
|
|
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v11-amd64" to Quay
|
|
- Tag and push image "teleport:v11-arm" to Quay
|
|
- Tag and push image "teleport:v11-arm64" to Quay
|
|
- name: Create manifest and push "teleport:full" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
--amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 &&
|
|
docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version"))
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v11-amd64" to Quay
|
|
- Tag and push image "teleport:v11-arm" to Quay
|
|
- Tag and push image "teleport:v11-arm64" to Quay
|
|
- name: Tag and push image "teleport:v11-amd64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
|
|
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v11-amd64"
|
|
- name: Tag and push image "teleport:v11-arm" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v11-arm"
|
|
- name: Tag and push image "teleport:v11-arm64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
|
|
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v11-arm64"
|
|
- name: Create manifest and push "teleport:major" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v11-amd64" to ECR - production
|
|
- Tag and push image "teleport:v11-arm" to ECR - production
|
|
- Tag and push image "teleport:v11-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport:minor" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v11-amd64" to ECR - production
|
|
- Tag and push image "teleport:v11-arm" to ECR - production
|
|
- Tag and push image "teleport:v11-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport:full" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker
|
|
manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version"))
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v11-amd64" to ECR - production
|
|
- Tag and push image "teleport:v11-arm" to ECR - production
|
|
- Tag and push image "teleport:v11-arm64" to ECR - production
|
|
- name: Assume S3 Download AWS Role for teleport-ent
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile s3-download-teleport-ent
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Find the latest available semver for v11
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
|
|
image: alpine
|
|
commands:
|
|
- apk add curl
|
|
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent")
|
|
- curl -Ls -o "/go/build/Dockerfile-teleport-ent" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat
|
|
'/go/vars/full-version-v11')/build.assets/charts/Dockerfile"
|
|
depends_on:
|
|
- Find the latest available semver for v11
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Download "teleport-ent_v11-tag_amd64.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
|
|
"/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport-ent
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport-ent
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
|
|
- name: Build teleport-ent image "teleport-ent:v11-amd64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-ent-v11-amd64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-ent-v11-amd64-builder" --config "/tmp/teleport-ent-v11-amd64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-ent-v11-amd64-builder" --target
|
|
"teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
|
|
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-ent-v11-amd64-builder"
|
|
- rm -rf "/tmp/teleport-ent-v11-amd64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport-ent_v11-tag_amd64.deb" artifacts from S3
|
|
- name: Download "teleport-ent_v11-tag_arm.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
|
|
"/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport-ent
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport-ent
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
|
|
- name: Build teleport-ent image "teleport-ent:v11-arm"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-ent-v11-arm-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-ent-v11-arm-builder" --config "/tmp/teleport-ent-v11-arm-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-ent-v11-arm-builder" --target "teleport"
|
|
--platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
--file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat
|
|
"/go/var/full-version")_arm.deb /go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-ent-v11-arm-builder"
|
|
- rm -rf "/tmp/teleport-ent-v11-arm-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport-ent_v11-tag_arm.deb" artifacts from S3
|
|
- name: Download "teleport-ent_v11-tag_arm64.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
|
|
"/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport-ent
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport-ent
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
|
|
- name: Build teleport-ent image "teleport-ent:v11-arm64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-ent-v11-arm64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-ent-v11-arm64-builder" --config "/tmp/teleport-ent-v11-arm64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-ent-v11-arm64-builder" --target
|
|
"teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
|
|
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-ent-v11-arm64-builder"
|
|
- rm -rf "/tmp/teleport-ent-v11-arm64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport-ent_v11-tag_arm64.deb" artifacts from S3
|
|
- name: Tag and push image "teleport-ent:v11-amd64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v11-amd64"
|
|
- name: Tag and push image "teleport-ent:v11-arm" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v11-arm"
|
|
- name: Tag and push image "teleport-ent:v11-arm64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v11-arm64"
|
|
- name: Create manifest and push "teleport-ent:major-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-amd64" to ECR - staging
|
|
- Tag and push image "teleport-ent:v11-arm" to ECR - staging
|
|
- Tag and push image "teleport-ent:v11-arm64" to ECR - staging
|
|
- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-amd64" to ECR - staging
|
|
- Tag and push image "teleport-ent:v11-arm" to ECR - staging
|
|
- Tag and push image "teleport-ent:v11-arm64" to ECR - staging
|
|
- name: Create manifest and push "teleport-ent:full-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-amd64" to ECR - staging
|
|
- Tag and push image "teleport-ent:v11-arm" to ECR - staging
|
|
- Tag and push image "teleport-ent:v11-arm64" to ECR - staging
|
|
- name: Tag and push image "teleport-ent:v11-amd64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v11-amd64"
|
|
- name: Tag and push image "teleport-ent:v11-arm" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v11-arm"
|
|
- name: Tag and push image "teleport-ent:v11-arm64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v11-arm64"
|
|
- name: Create manifest and push "teleport-ent:major" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-amd64" to Quay
|
|
- Tag and push image "teleport-ent:v11-arm" to Quay
|
|
- Tag and push image "teleport-ent:v11-arm64" to Quay
|
|
- name: Create manifest and push "teleport-ent:minor" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-amd64" to Quay
|
|
- Tag and push image "teleport-ent:v11-arm" to Quay
|
|
- Tag and push image "teleport-ent:v11-arm64" to Quay
|
|
- name: Create manifest and push "teleport-ent:full" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version"))
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-amd64" to Quay
|
|
- Tag and push image "teleport-ent:v11-arm" to Quay
|
|
- Tag and push image "teleport-ent:v11-arm64" to Quay
|
|
- name: Tag and push image "teleport-ent:v11-amd64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v11-amd64"
|
|
- name: Tag and push image "teleport-ent:v11-arm" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
&& docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v11-arm"
|
|
- name: Tag and push image "teleport-ent:v11-arm64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v11-arm64"
|
|
- name: Create manifest and push "teleport-ent:major" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-amd64" to ECR - production
|
|
- Tag and push image "teleport-ent:v11-arm" to ECR - production
|
|
- Tag and push image "teleport-ent:v11-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport-ent:minor" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-amd64" to ECR - production
|
|
- Tag and push image "teleport-ent:v11-arm" to ECR - production
|
|
- Tag and push image "teleport-ent:v11-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport-ent:full" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version"))
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-amd64" to ECR - production
|
|
- Tag and push image "teleport-ent:v11-arm" to ECR - production
|
|
- Tag and push image "teleport-ent:v11-arm64" to ECR - production
|
|
- name: Assume S3 Download AWS Role for teleport-ent-fips
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile s3-download-teleport-ent-fips
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Find the latest available semver for v11
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for
|
|
teleport-ent-fips
|
|
image: alpine
|
|
commands:
|
|
- apk add curl
|
|
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips")
|
|
- curl -Ls -o "/go/build/Dockerfile-teleport-ent-fips" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat
|
|
'/go/vars/full-version-v11')/build.assets/charts/Dockerfile"
|
|
depends_on:
|
|
- Find the latest available semver for v11
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Download "teleport-ent_v11-tag-fips_amd64.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
|
|
"/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport-ent-fips
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport-ent-fips
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips
|
|
- name: Build teleport-ent-fips image "teleport-ent:v11-fips-amd64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-ent-v11-fips-amd64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-ent-v11-fips-amd64-builder" --config "/tmp/teleport-ent-v11-fips-amd64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-ent-v11-fips-amd64-builder" --target
|
|
"teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips"
|
|
--build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
|
|
/go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-ent-v11-fips-amd64-builder"
|
|
- rm -rf "/tmp/teleport-ent-v11-fips-amd64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport-ent_v11-tag-fips_amd64.deb" artifacts from S3
|
|
- name: Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
|
|
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
|
|
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
|
|
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips-amd64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent-fips image "teleport-ent:v11-fips-amd64"
|
|
- name: Create manifest and push "teleport-ent:major-$TIMESTAMP-fips" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging
|
|
- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP-fips" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging
|
|
- name: Create manifest and push "teleport-ent:full-$TIMESTAMP-fips" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - staging
|
|
- name: Tag and push image "teleport-ent:v11-fips-amd64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent-fips image "teleport-ent:v11-fips-amd64"
|
|
- name: Create manifest and push "teleport-ent:major-fips" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-fips-amd64" to Quay
|
|
- name: Create manifest and push "teleport-ent:minor-fips" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-fips-amd64" to Quay
|
|
- name: Create manifest and push "teleport-ent:full-fips" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 &&
|
|
docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips)
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-fips-amd64" to Quay
|
|
- name: Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent-fips image "teleport-ent:v11-fips-amd64"
|
|
- name: Create manifest and push "teleport-ent:major-fips" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production
|
|
- name: Create manifest and push "teleport-ent:minor-fips" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production
|
|
- name: Create manifest and push "teleport-ent:full-fips" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips)
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v11-fips-amd64" to ECR - production
|
|
- name: Build teleport-operator image "teleport-operator:v11-amd64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
|
|
- mkdir -pv "/tmp/teleport-operator-v11-amd64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-operator-v11-amd64-builder" --config "/tmp/teleport-operator-v11-amd64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-operator-v11-amd64-builder" --platform
|
|
"linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
--file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg
|
|
BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport12 --build-arg
|
|
COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-operator-v11-amd64-builder"
|
|
- rm -rf "/tmp/teleport-operator-v11-amd64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Find the latest available semver for v11
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Build teleport-operator image "teleport-operator:v11-arm"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
|
|
- mkdir -pv "/tmp/teleport-operator-v11-arm-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-operator-v11-arm-builder" --config "/tmp/teleport-operator-v11-arm-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-operator-v11-arm-builder" --platform
|
|
"linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
--file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg
|
|
BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport12 --build-arg
|
|
COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-operator-v11-arm-builder"
|
|
- rm -rf "/tmp/teleport-operator-v11-arm-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Find the latest available semver for v11
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Build teleport-operator image "teleport-operator:v11-arm64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
|
|
- mkdir -pv "/tmp/teleport-operator-v11-arm64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-operator-v11-arm64-builder" --config "/tmp/teleport-operator-v11-arm64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-operator-v11-arm64-builder" --platform
|
|
"linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
--file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg
|
|
BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport12 --build-arg
|
|
COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-operator-v11-arm64-builder"
|
|
- rm -rf "/tmp/teleport-operator-v11-arm64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Find the latest available semver for v11
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Tag and push image "teleport-operator:v11-amd64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v11-amd64"
|
|
- name: Tag and push image "teleport-operator:v11-arm" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v11-arm"
|
|
- name: Tag and push image "teleport-operator:v11-arm64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v11-arm64"
|
|
- name: Create manifest and push "teleport-operator:major-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v11-amd64" to ECR - staging
|
|
- Tag and push image "teleport-operator:v11-arm" to ECR - staging
|
|
- Tag and push image "teleport-operator:v11-arm64" to ECR - staging
|
|
- name: Create manifest and push "teleport-operator:minor-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v11-amd64" to ECR - staging
|
|
- Tag and push image "teleport-operator:v11-arm" to ECR - staging
|
|
- Tag and push image "teleport-operator:v11-arm64" to ECR - staging
|
|
- name: Create manifest and push "teleport-operator:full-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v11-amd64" to ECR - staging
|
|
- Tag and push image "teleport-operator:v11-arm" to ECR - staging
|
|
- Tag and push image "teleport-operator:v11-arm64" to ECR - staging
|
|
- name: Tag and push image "teleport-operator:v11-amd64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
&& docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
|
|
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
|
|
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v11-amd64"
|
|
- name: Tag and push image "teleport-operator:v11-arm" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
&& docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
|
|
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
|
|
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v11-arm"
|
|
- name: Tag and push image "teleport-operator:v11-arm64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
&& docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
|
|
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
|
|
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v11-arm64"
|
|
- name: Create manifest and push "teleport-operator:major" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")
|
|
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
|
|
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
|
|
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v11-amd64" to Quay
|
|
- Tag and push image "teleport-operator:v11-arm" to Quay
|
|
- Tag and push image "teleport-operator:v11-arm64" to Quay
|
|
- name: Create manifest and push "teleport-operator:minor" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")
|
|
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
|
|
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
|
|
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v11-amd64" to Quay
|
|
- Tag and push image "teleport-operator:v11-arm" to Quay
|
|
- Tag and push image "teleport-operator:v11-arm64" to Quay
|
|
- name: Create manifest and push "teleport-operator:full" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 &&
|
|
docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version"))
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v11-amd64" to Quay
|
|
- Tag and push image "teleport-operator:v11-arm" to Quay
|
|
- Tag and push image "teleport-operator:v11-arm64" to Quay
|
|
- name: Tag and push image "teleport-operator:v11-amd64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v11-amd64"
|
|
- name: Tag and push image "teleport-operator:v11-arm" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v11-arm"
|
|
- name: Tag and push image "teleport-operator:v11-arm64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v11-arm64"
|
|
- name: Create manifest and push "teleport-operator:major" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v11-amd64" to ECR - production
|
|
- Tag and push image "teleport-operator:v11-arm" to ECR - production
|
|
- Tag and push image "teleport-operator:v11-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport-operator:minor" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v11-amd64" to ECR - production
|
|
- Tag and push image "teleport-operator:v11-arm" to ECR - production
|
|
- Tag and push image "teleport-operator:v11-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport-operator:full" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
&& docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version"))
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v11-amd64" to ECR - production
|
|
- Tag and push image "teleport-operator:v11-arm" to ECR - production
|
|
- Tag and push image "teleport-operator:v11-arm64" to ECR - production
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: drone-docker-registry
|
|
image: registry:2
|
|
privileged: false
|
|
volumes: []
|
|
volumes:
|
|
- name: awsconfig
|
|
temp: {}
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: teleport-container-images-previous-version-1-cron
|
|
environment:
|
|
DEBIAN_FRONTEND: noninteractive
|
|
trigger:
|
|
cron:
|
|
include:
|
|
- teleport-container-images-cron
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Find the latest available semver for v10
|
|
image: golang:1.18
|
|
commands:
|
|
- mkdir -pv "/tmp/teleport"
|
|
- cd "/tmp/teleport"
|
|
- git init
|
|
- git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin --tags
|
|
- git checkout -qf "branch/v10"
|
|
- mkdir -pv $(dirname "/go/vars/full-version-v10")
|
|
- cd "/tmp/teleport/build.assets/tooling/cmd/query-latest"
|
|
- go run . "v10" | sed 's/v//' > "/go/vars/full-version-v10"
|
|
- echo Found full semver "$(cat "/go/vars/full-version-v10")" for major version
|
|
"v10"
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Find the latest available semver for v10
|
|
- name: Wait for docker registry
|
|
image: alpine
|
|
commands:
|
|
- apk add curl
|
|
- timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)"
|
|
!= "200" ]; do sleep 1; done'
|
|
depends_on:
|
|
- Find the latest available semver for v10
|
|
- name: Check out code
|
|
image: alpine/git:latest
|
|
commands:
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport"
|
|
- cd "/go/src/github.com/gravitational/teleport"
|
|
- git init
|
|
- git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin --tags
|
|
- git checkout -qf "v$(cat '/go/vars/full-version-v10')"
|
|
depends_on:
|
|
- Find the latest available semver for v10
|
|
- name: Build major, minor, and full semvers
|
|
image: alpine
|
|
commands:
|
|
- mkdir -pv $(dirname "/go/var/major-version")
|
|
- echo v$(cat '/go/vars/full-version-v10') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version"
|
|
- echo $(cat "/go/var/major-version")
|
|
- mkdir -pv $(dirname "/go/var/minor-version")
|
|
- echo v$(cat '/go/vars/full-version-v10') | sed 's/v//' | cut -d'.' -f "1,2" >
|
|
"/go/var/minor-version"
|
|
- echo $(cat "/go/var/minor-version")
|
|
- mkdir -pv $(dirname "/go/var/full-version")
|
|
- echo v$(cat '/go/vars/full-version-v10') | sed 's/v//' > "/go/var/full-version"
|
|
- echo $(cat "/go/var/full-version")
|
|
depends_on:
|
|
- Find the latest available semver for v10
|
|
- name: Assume ECR - staging AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile ecr-staging
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
|
|
AWS_ROLE:
|
|
from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Find the latest available semver for v10
|
|
- name: Assume ECR - authenticated-pull AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile ecr-authenticated-pull
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
|
|
AWS_ROLE:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume ECR - staging AWS Role
|
|
- Find the latest available semver for v10
|
|
- name: Assume ECR - production AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile ecr-production
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
|
|
AWS_ROLE:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Find the latest available semver for v10
|
|
- name: Assume S3 Download AWS Role for teleport
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile s3-download-teleport
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Find the latest available semver for v10
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
|
|
image: alpine
|
|
commands:
|
|
- apk add curl
|
|
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport")
|
|
- curl -Ls -o "/go/build/Dockerfile-teleport" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat
|
|
'/go/vars/full-version-v10')/build.assets/charts/Dockerfile"
|
|
depends_on:
|
|
- Find the latest available semver for v10
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Download "teleport_v10-tag_amd64.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
|
|
"/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
|
|
- name: Build teleport image "teleport:v10-amd64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-v10-amd64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v10-amd64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-v10-amd64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-v10-amd64-builder" --config "/tmp/teleport-v10-amd64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-v10-amd64-builder" --target "teleport"
|
|
--platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb
|
|
/go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-v10-amd64-builder"
|
|
- rm -rf "/tmp/teleport-v10-amd64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport_v10-tag_amd64.deb" artifacts from S3
|
|
- name: Download "teleport_v10-tag_arm.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
|
|
"/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
|
|
- name: Build teleport image "teleport:v10-arm"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-v10-arm-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v10-arm-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-v10-arm-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-v10-arm-builder" --config "/tmp/teleport-v10-arm-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-v10-arm-builder" --target "teleport"
|
|
--platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb
|
|
/go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-v10-arm-builder"
|
|
- rm -rf "/tmp/teleport-v10-arm-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport_v10-tag_arm.deb" artifacts from S3
|
|
- name: Download "teleport_v10-tag_arm64.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
|
|
"/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
|
|
- name: Build teleport image "teleport:v10-arm64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-v10-arm64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v10-arm64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-v10-arm64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-v10-arm64-builder" --config "/tmp/teleport-v10-arm64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-v10-arm64-builder" --target "teleport"
|
|
--platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb
|
|
/go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-v10-arm64-builder"
|
|
- rm -rf "/tmp/teleport-v10-arm64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport_v10-tag_arm64.deb" artifacts from S3
|
|
- name: Tag and push image "teleport:v10-amd64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v10-amd64"
|
|
- name: Tag and push image "teleport:v10-arm" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v10-arm"
|
|
- name: Tag and push image "teleport:v10-arm64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v10-arm64"
|
|
- name: Create manifest and push "teleport:major-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v10-amd64" to ECR - staging
|
|
- Tag and push image "teleport:v10-arm" to ECR - staging
|
|
- Tag and push image "teleport:v10-arm64" to ECR - staging
|
|
- name: Create manifest and push "teleport:minor-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v10-amd64" to ECR - staging
|
|
- Tag and push image "teleport:v10-arm" to ECR - staging
|
|
- Tag and push image "teleport:v10-arm64" to ECR - staging
|
|
- name: Create manifest and push "teleport:full-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v10-amd64" to ECR - staging
|
|
- Tag and push image "teleport:v10-arm" to ECR - staging
|
|
- Tag and push image "teleport:v10-arm64" to ECR - staging
|
|
- name: Tag and push image "teleport:v10-amd64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64
|
|
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v10-amd64"
|
|
- name: Tag and push image "teleport:v10-arm" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v10-arm"
|
|
- name: Tag and push image "teleport:v10-arm64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64
|
|
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v10-arm64"
|
|
- name: Create manifest and push "teleport:major" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version")
|
|
--amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend
|
|
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v10-amd64" to Quay
|
|
- Tag and push image "teleport:v10-arm" to Quay
|
|
- Tag and push image "teleport:v10-arm64" to Quay
|
|
- name: Create manifest and push "teleport:minor" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version")
|
|
--amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend
|
|
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v10-amd64" to Quay
|
|
- Tag and push image "teleport:v10-arm" to Quay
|
|
- Tag and push image "teleport:v10-arm64" to Quay
|
|
- name: Create manifest and push "teleport:full" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
--amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 &&
|
|
docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version"))
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v10-amd64" to Quay
|
|
- Tag and push image "teleport:v10-arm" to Quay
|
|
- Tag and push image "teleport:v10-arm64" to Quay
|
|
- name: Tag and push image "teleport:v10-amd64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
|
|
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v10-amd64"
|
|
- name: Tag and push image "teleport:v10-arm" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v10-arm"
|
|
- name: Tag and push image "teleport:v10-arm64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
|
|
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v10-arm64"
|
|
- name: Create manifest and push "teleport:major" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v10-amd64" to ECR - production
|
|
- Tag and push image "teleport:v10-arm" to ECR - production
|
|
- Tag and push image "teleport:v10-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport:minor" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v10-amd64" to ECR - production
|
|
- Tag and push image "teleport:v10-arm" to ECR - production
|
|
- Tag and push image "teleport:v10-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport:full" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker
|
|
manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version"))
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v10-amd64" to ECR - production
|
|
- Tag and push image "teleport:v10-arm" to ECR - production
|
|
- Tag and push image "teleport:v10-arm64" to ECR - production
|
|
- name: Assume S3 Download AWS Role for teleport-ent
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile s3-download-teleport-ent
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Find the latest available semver for v10
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
|
|
image: alpine
|
|
commands:
|
|
- apk add curl
|
|
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent")
|
|
- curl -Ls -o "/go/build/Dockerfile-teleport-ent" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat
|
|
'/go/vars/full-version-v10')/build.assets/charts/Dockerfile"
|
|
depends_on:
|
|
- Find the latest available semver for v10
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Download "teleport-ent_v10-tag_amd64.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
|
|
"/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport-ent
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport-ent
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
|
|
- name: Build teleport-ent image "teleport-ent:v10-amd64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-ent-v10-amd64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-amd64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-ent-v10-amd64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-ent-v10-amd64-builder" --config "/tmp/teleport-ent-v10-amd64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-ent-v10-amd64-builder" --target
|
|
"teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
|
|
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-ent-v10-amd64-builder"
|
|
- rm -rf "/tmp/teleport-ent-v10-amd64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport-ent_v10-tag_amd64.deb" artifacts from S3
|
|
- name: Download "teleport-ent_v10-tag_arm.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
|
|
"/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport-ent
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport-ent
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
|
|
- name: Build teleport-ent image "teleport-ent:v10-arm"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-ent-v10-arm-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-arm-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-ent-v10-arm-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-ent-v10-arm-builder" --config "/tmp/teleport-ent-v10-arm-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-ent-v10-arm-builder" --target "teleport"
|
|
--platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
--file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat
|
|
"/go/var/full-version")_arm.deb /go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-ent-v10-arm-builder"
|
|
- rm -rf "/tmp/teleport-ent-v10-arm-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport-ent_v10-tag_arm.deb" artifacts from S3
|
|
- name: Download "teleport-ent_v10-tag_arm64.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
|
|
"/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport-ent
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport-ent
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
|
|
- name: Build teleport-ent image "teleport-ent:v10-arm64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-ent-v10-arm64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-arm64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-ent-v10-arm64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-ent-v10-arm64-builder" --config "/tmp/teleport-ent-v10-arm64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-ent-v10-arm64-builder" --target
|
|
"teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
|
|
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-ent-v10-arm64-builder"
|
|
- rm -rf "/tmp/teleport-ent-v10-arm64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport-ent_v10-tag_arm64.deb" artifacts from S3
|
|
- name: Tag and push image "teleport-ent:v10-amd64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v10-amd64"
|
|
- name: Tag and push image "teleport-ent:v10-arm" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v10-arm"
|
|
- name: Tag and push image "teleport-ent:v10-arm64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v10-arm64"
|
|
- name: Create manifest and push "teleport-ent:major-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v10-amd64" to ECR - staging
|
|
- Tag and push image "teleport-ent:v10-arm" to ECR - staging
|
|
- Tag and push image "teleport-ent:v10-arm64" to ECR - staging
|
|
- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v10-amd64" to ECR - staging
|
|
- Tag and push image "teleport-ent:v10-arm" to ECR - staging
|
|
- Tag and push image "teleport-ent:v10-arm64" to ECR - staging
|
|
- name: Create manifest and push "teleport-ent:full-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v10-amd64" to ECR - staging
|
|
- Tag and push image "teleport-ent:v10-arm" to ECR - staging
|
|
- Tag and push image "teleport-ent:v10-arm64" to ECR - staging
|
|
- name: Tag and push image "teleport-ent:v10-amd64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v10-amd64"
|
|
- name: Tag and push image "teleport-ent:v10-arm" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v10-arm"
|
|
- name: Tag and push image "teleport-ent:v10-arm64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v10-arm64"
|
|
- name: Create manifest and push "teleport-ent:major" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v10-amd64" to Quay
|
|
- Tag and push image "teleport-ent:v10-arm" to Quay
|
|
- Tag and push image "teleport-ent:v10-arm64" to Quay
|
|
- name: Create manifest and push "teleport-ent:minor" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v10-amd64" to Quay
|
|
- Tag and push image "teleport-ent:v10-arm" to Quay
|
|
- Tag and push image "teleport-ent:v10-arm64" to Quay
|
|
- name: Create manifest and push "teleport-ent:full" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version"))
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v10-amd64" to Quay
|
|
- Tag and push image "teleport-ent:v10-arm" to Quay
|
|
- Tag and push image "teleport-ent:v10-arm64" to Quay
|
|
- name: Tag and push image "teleport-ent:v10-amd64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v10-amd64"
|
|
- name: Tag and push image "teleport-ent:v10-arm" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
&& docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v10-arm"
|
|
- name: Tag and push image "teleport-ent:v10-arm64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v10-arm64"
|
|
- name: Create manifest and push "teleport-ent:major" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v10-amd64" to ECR - production
|
|
- Tag and push image "teleport-ent:v10-arm" to ECR - production
|
|
- Tag and push image "teleport-ent:v10-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport-ent:minor" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v10-amd64" to ECR - production
|
|
- Tag and push image "teleport-ent:v10-arm" to ECR - production
|
|
- Tag and push image "teleport-ent:v10-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport-ent:full" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version"))
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v10-amd64" to ECR - production
|
|
- Tag and push image "teleport-ent:v10-arm" to ECR - production
|
|
- Tag and push image "teleport-ent:v10-arm64" to ECR - production
|
|
- name: Assume S3 Download AWS Role for teleport-ent-fips
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile s3-download-teleport-ent-fips
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Find the latest available semver for v10
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for
|
|
teleport-ent-fips
|
|
image: alpine
|
|
commands:
|
|
- apk add curl
|
|
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips")
|
|
- curl -Ls -o "/go/build/Dockerfile-teleport-ent-fips" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat
|
|
'/go/vars/full-version-v10')/build.assets/charts/Dockerfile"
|
|
depends_on:
|
|
- Find the latest available semver for v10
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Download "teleport-ent_v10-tag-fips_amd64.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
|
|
"/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport-ent-fips
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport-ent-fips
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips
|
|
- name: Build teleport-ent-fips image "teleport-ent:v10-fips-amd64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-ent-v10-fips-amd64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v10-fips-amd64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-ent-v10-fips-amd64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-ent-v10-fips-amd64-builder" --config "/tmp/teleport-ent-v10-fips-amd64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-ent-v10-fips-amd64-builder" --target
|
|
"teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips"
|
|
--build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
|
|
/go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-ent-v10-fips-amd64-builder"
|
|
- rm -rf "/tmp/teleport-ent-v10-fips-amd64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport-ent_v10-tag-fips_amd64.deb" artifacts from S3
|
|
- name: Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
|
|
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
|
|
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
|
|
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips-amd64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent-fips image "teleport-ent:v10-fips-amd64"
|
|
- name: Create manifest and push "teleport-ent:major-$TIMESTAMP-fips" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging
|
|
- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP-fips" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging
|
|
- name: Create manifest and push "teleport-ent:full-$TIMESTAMP-fips" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v10-fips-amd64" to ECR - staging
|
|
- name: Tag and push image "teleport-ent:v10-fips-amd64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent-fips image "teleport-ent:v10-fips-amd64"
|
|
- name: Create manifest and push "teleport-ent:major-fips" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v10-fips-amd64" to Quay
|
|
- name: Create manifest and push "teleport-ent:minor-fips" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v10-fips-amd64" to Quay
|
|
- name: Create manifest and push "teleport-ent:full-fips" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 &&
|
|
docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips)
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v10-fips-amd64" to Quay
|
|
- name: Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent-fips image "teleport-ent:v10-fips-amd64"
|
|
- name: Create manifest and push "teleport-ent:major-fips" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production
|
|
- name: Create manifest and push "teleport-ent:minor-fips" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production
|
|
- name: Create manifest and push "teleport-ent:full-fips" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips)
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v10-fips-amd64" to ECR - production
|
|
- name: Build teleport-operator image "teleport-operator:v10-amd64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
|
|
- mkdir -pv "/tmp/teleport-operator-v10-amd64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-operator-v10-amd64-builder" --config "/tmp/teleport-operator-v10-amd64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-operator-v10-amd64-builder" --platform
|
|
"linux/amd64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
--file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg
|
|
BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox:teleport12 --build-arg
|
|
COMPILER_NAME=x86_64-linux-gnu-gcc /go/src/github.com/gravitational/teleport
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-operator-v10-amd64-builder"
|
|
- rm -rf "/tmp/teleport-operator-v10-amd64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Find the latest available semver for v10
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Build teleport-operator image "teleport-operator:v10-arm"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
|
|
- mkdir -pv "/tmp/teleport-operator-v10-arm-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-operator-v10-arm-builder" --config "/tmp/teleport-operator-v10-arm-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-operator-v10-arm-builder" --platform
|
|
"linux/arm" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
--file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg
|
|
BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport12 --build-arg
|
|
COMPILER_NAME=arm-linux-gnueabihf-gcc /go/src/github.com/gravitational/teleport
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-operator-v10-arm-builder"
|
|
- rm -rf "/tmp/teleport-operator-v10-arm-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Find the latest available semver for v10
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Build teleport-operator image "teleport-operator:v10-arm64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport" && cd "/go/src/github.com/gravitational/teleport"
|
|
- mkdir -pv "/tmp/teleport-operator-v10-arm64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-operator-v10-arm64-builder" --config "/tmp/teleport-operator-v10-arm64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-operator-v10-arm64-builder" --platform
|
|
"linux/arm64" --tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
--file "/go/src/github.com/gravitational/teleport/operator/Dockerfile" --build-arg
|
|
BUILDBOX=public.ecr.aws/gravitational/teleport-buildbox-arm:teleport12 --build-arg
|
|
COMPILER_NAME=aarch64-linux-gnu-gcc /go/src/github.com/gravitational/teleport
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-operator-v10-arm64-builder"
|
|
- rm -rf "/tmp/teleport-operator-v10-arm64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Find the latest available semver for v10
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Tag and push image "teleport-operator:v10-amd64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v10-amd64"
|
|
- name: Tag and push image "teleport-operator:v10-arm" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v10-arm"
|
|
- name: Tag and push image "teleport-operator:v10-arm64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v10-arm64"
|
|
- name: Create manifest and push "teleport-operator:major-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v10-amd64" to ECR - staging
|
|
- Tag and push image "teleport-operator:v10-arm" to ECR - staging
|
|
- Tag and push image "teleport-operator:v10-arm64" to ECR - staging
|
|
- name: Create manifest and push "teleport-operator:minor-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v10-amd64" to ECR - staging
|
|
- Tag and push image "teleport-operator:v10-arm" to ECR - staging
|
|
- Tag and push image "teleport-operator:v10-arm64" to ECR - staging
|
|
- name: Create manifest and push "teleport-operator:full-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v10-amd64" to ECR - staging
|
|
- Tag and push image "teleport-operator:v10-arm" to ECR - staging
|
|
- Tag and push image "teleport-operator:v10-arm64" to ECR - staging
|
|
- name: Tag and push image "teleport-operator:v10-amd64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
&& docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
|
|
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
|
|
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v10-amd64"
|
|
- name: Tag and push image "teleport-operator:v10-arm" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
&& docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
|
|
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
|
|
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v10-arm"
|
|
- name: Tag and push image "teleport-operator:v10-arm64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64 quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
&& docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
|
|
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
|
|
- docker push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v10-arm64"
|
|
- name: Create manifest and push "teleport-operator:major" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")
|
|
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
|
|
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
|
|
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/major-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v10-amd64" to Quay
|
|
- Tag and push image "teleport-operator:v10-arm" to Quay
|
|
- Tag and push image "teleport-operator:v10-arm64" to Quay
|
|
- name: Create manifest and push "teleport-operator:minor" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")
|
|
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
|
|
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
|
|
--amend quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/minor-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v10-amd64" to Quay
|
|
- Tag and push image "teleport-operator:v10-arm" to Quay
|
|
- Tag and push image "teleport-operator:v10-arm64" to Quay
|
|
- name: Create manifest and push "teleport-operator:full" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version") --amend
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64 --amend
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm --amend
|
|
quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64 &&
|
|
docker manifest push quay.io/gravitational/teleport-operator:$(cat "/go/var/full-version"))
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v10-amd64" to Quay
|
|
- Tag and push image "teleport-operator:v10-arm" to Quay
|
|
- Tag and push image "teleport-operator:v10-arm64" to Quay
|
|
- name: Tag and push image "teleport-operator:v10-amd64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v10-amd64"
|
|
- name: Tag and push image "teleport-operator:v10-arm" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v10-arm"
|
|
- name: Tag and push image "teleport-operator:v10-arm64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
|
|
"/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-operator image "teleport-operator:v10-arm64"
|
|
- name: Create manifest and push "teleport-operator:major" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v10-amd64" to ECR - production
|
|
- Tag and push image "teleport-operator:v10-arm" to ECR - production
|
|
- Tag and push image "teleport-operator:v10-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport-operator:minor" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v10-amd64" to ECR - production
|
|
- Tag and push image "teleport-operator:v10-arm" to ECR - production
|
|
- Tag and push image "teleport-operator:v10-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport-operator:full" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version")-arm64
|
|
&& docker manifest push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/full-version"))
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-operator:v10-amd64" to ECR - production
|
|
- Tag and push image "teleport-operator:v10-arm" to ECR - production
|
|
- Tag and push image "teleport-operator:v10-arm64" to ECR - production
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: drone-docker-registry
|
|
image: registry:2
|
|
privileged: false
|
|
volumes: []
|
|
volumes:
|
|
- name: awsconfig
|
|
temp: {}
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/container_images_release_version.go (main.(*ReleaseVersion).buildVersionPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: teleport-container-images-previous-version-2-cron
|
|
environment:
|
|
DEBIAN_FRONTEND: noninteractive
|
|
trigger:
|
|
cron:
|
|
include:
|
|
- teleport-container-images-cron
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Find the latest available semver for v9
|
|
image: golang:1.18
|
|
commands:
|
|
- mkdir -pv "/tmp/teleport"
|
|
- cd "/tmp/teleport"
|
|
- git init
|
|
- git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin --tags
|
|
- git checkout -qf "branch/v9"
|
|
- mkdir -pv $(dirname "/go/vars/full-version-v9")
|
|
- cd "/tmp/teleport/build.assets/tooling/cmd/query-latest"
|
|
- go run . "v9" | sed 's/v//' > "/go/vars/full-version-v9"
|
|
- echo Found full semver "$(cat "/go/vars/full-version-v9")" for major version "v9"
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Find the latest available semver for v9
|
|
- name: Wait for docker registry
|
|
image: alpine
|
|
commands:
|
|
- apk add curl
|
|
- timeout 30s /bin/sh -c 'while [ "$(curl -s -o /dev/null -w %{http_code} http://drone-docker-registry:5000/)"
|
|
!= "200" ]; do sleep 1; done'
|
|
depends_on:
|
|
- Find the latest available semver for v9
|
|
- name: Check out code
|
|
image: alpine/git:latest
|
|
commands:
|
|
- mkdir -pv "/go/src/github.com/gravitational/teleport"
|
|
- cd "/go/src/github.com/gravitational/teleport"
|
|
- git init
|
|
- git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin --tags
|
|
- git checkout -qf "v$(cat '/go/vars/full-version-v9')"
|
|
depends_on:
|
|
- Find the latest available semver for v9
|
|
- name: Build major, minor, and full semvers
|
|
image: alpine
|
|
commands:
|
|
- mkdir -pv $(dirname "/go/var/major-version")
|
|
- echo v$(cat '/go/vars/full-version-v9') | sed 's/v//' | cut -d'.' -f "1" > "/go/var/major-version"
|
|
- echo $(cat "/go/var/major-version")
|
|
- mkdir -pv $(dirname "/go/var/minor-version")
|
|
- echo v$(cat '/go/vars/full-version-v9') | sed 's/v//' | cut -d'.' -f "1,2" > "/go/var/minor-version"
|
|
- echo $(cat "/go/var/minor-version")
|
|
- mkdir -pv $(dirname "/go/var/full-version")
|
|
- echo v$(cat '/go/vars/full-version-v9') | sed 's/v//' > "/go/var/full-version"
|
|
- echo $(cat "/go/var/full-version")
|
|
depends_on:
|
|
- Find the latest available semver for v9
|
|
- name: Assume ECR - staging AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[ecr-staging]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile ecr-staging
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
|
|
AWS_ROLE:
|
|
from_secret: STAGING_TELEPORT_DRONE_ECR_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Find the latest available semver for v9
|
|
- name: Assume ECR - authenticated-pull AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[ecr-authenticated-pull]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile ecr-authenticated-pull
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
|
|
AWS_ROLE:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume ECR - staging AWS Role
|
|
- Find the latest available semver for v9
|
|
- name: Assume ECR - production AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[ecr-production]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile ecr-production
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
|
|
AWS_ROLE:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Find the latest available semver for v9
|
|
- name: Assume S3 Download AWS Role for teleport
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[s3-download-teleport]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile s3-download-teleport
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Find the latest available semver for v9
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
|
|
image: alpine
|
|
commands:
|
|
- apk add curl
|
|
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport")
|
|
- curl -Ls -o "/go/build/Dockerfile-teleport" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat
|
|
'/go/vars/full-version-v9')/build.assets/charts/Dockerfile"
|
|
depends_on:
|
|
- Find the latest available semver for v9
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Download "teleport_v9-tag_amd64.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_amd64.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
|
|
"/go/var/full-version")_amd64.deb /go/build/teleport_$(cat "/go/var/full-version")_amd64.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
|
|
- name: Build teleport image "teleport:v9-amd64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-v9-amd64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v9-amd64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-v9-amd64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-v9-amd64-builder" --config "/tmp/teleport-v9-amd64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-v9-amd64-builder" --target "teleport"
|
|
--platform "linux/amd64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_amd64.deb
|
|
/go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-v9-amd64-builder"
|
|
- rm -rf "/tmp/teleport-v9-amd64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport_v9-tag_amd64.deb" artifacts from S3
|
|
- name: Download "teleport_v9-tag_arm.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
|
|
"/go/var/full-version")_arm.deb /go/build/teleport_$(cat "/go/var/full-version")_arm.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
|
|
- name: Build teleport image "teleport:v9-arm"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-v9-arm-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v9-arm-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-v9-arm-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-v9-arm-builder" --config "/tmp/teleport-v9-arm-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-v9-arm-builder" --target "teleport"
|
|
--platform "linux/arm" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm.deb
|
|
/go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-v9-arm-builder"
|
|
- rm -rf "/tmp/teleport-v9-arm-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport_v9-tag_arm.deb" artifacts from S3
|
|
- name: Download "teleport_v9-tag_arm64.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport_$(cat "/go/var/full-version")_arm64.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport_$(cat
|
|
"/go/var/full-version")_arm64.deb /go/build/teleport_$(cat "/go/var/full-version")_arm64.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport" for teleport
|
|
- name: Build teleport image "teleport:v9-arm64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-v9-arm64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-v9-arm64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-v9-arm64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-v9-arm64-builder" --config "/tmp/teleport-v9-arm64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-v9-arm64-builder" --target "teleport"
|
|
--platform "linux/arm64" --tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
--file "/go/build/Dockerfile-teleport" --build-arg DEB_PATH=teleport_$(cat "/go/var/full-version")_arm64.deb
|
|
/go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-v9-arm64-builder"
|
|
- rm -rf "/tmp/teleport-v9-arm64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport_v9-tag_arm64.deb" artifacts from S3
|
|
- name: Tag and push image "teleport:v9-amd64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-amd64
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-amd64
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-amd64
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v9-amd64"
|
|
- name: Tag and push image "teleport:v9-arm" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v9-arm"
|
|
- name: Tag and push image "teleport:v9-arm64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/full-version")-$TIMESTAMP-arm64
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/major-version")-$TIMESTAMP-arm64
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat "/go/var/minor-version")-$TIMESTAMP-arm64
|
|
&& docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v9-arm64"
|
|
- name: Create manifest and push "teleport:major-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v9-amd64" to ECR - staging
|
|
- Tag and push image "teleport:v9-arm" to ECR - staging
|
|
- Tag and push image "teleport:v9-arm64" to ECR - staging
|
|
- name: Create manifest and push "teleport:minor-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v9-amd64" to ECR - staging
|
|
- Tag and push image "teleport:v9-arm" to ECR - staging
|
|
- Tag and push image "teleport:v9-arm64" to ECR - staging
|
|
- name: Create manifest and push "teleport:full-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v9-amd64" to ECR - staging
|
|
- Tag and push image "teleport:v9-arm" to ECR - staging
|
|
- Tag and push image "teleport:v9-arm64" to ECR - staging
|
|
- name: Tag and push image "teleport:v9-amd64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-amd64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64
|
|
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v9-amd64"
|
|
- name: Tag and push image "teleport:v9-arm" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-arm quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v9-arm"
|
|
- name: Tag and push image "teleport:v9-arm64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-arm64 quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64
|
|
&& docker push quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
|
|
- docker push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v9-arm64"
|
|
- name: Create manifest and push "teleport:major" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/major-version")
|
|
--amend quay.io/gravitational/teleport:$(cat "/go/var/major-version")-amd64 --amend
|
|
quay.io/gravitational/teleport:$(cat "/go/var/major-version")-arm --amend quay.io/gravitational/teleport:$(cat
|
|
"/go/var/major-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/major-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v9-amd64" to Quay
|
|
- Tag and push image "teleport:v9-arm" to Quay
|
|
- Tag and push image "teleport:v9-arm64" to Quay
|
|
- name: Create manifest and push "teleport:minor" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport:$(cat "/go/var/minor-version")
|
|
--amend quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-amd64 --amend
|
|
quay.io/gravitational/teleport:$(cat "/go/var/minor-version")-arm --amend quay.io/gravitational/teleport:$(cat
|
|
"/go/var/minor-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/minor-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v9-amd64" to Quay
|
|
- Tag and push image "teleport:v9-arm" to Quay
|
|
- Tag and push image "teleport:v9-arm64" to Quay
|
|
- name: Create manifest and push "teleport:full" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create quay.io/gravitational/teleport:$(cat "/go/var/full-version") --amend quay.io/gravitational/teleport:$(cat
|
|
"/go/var/full-version")-amd64 --amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
--amend quay.io/gravitational/teleport:$(cat "/go/var/full-version")-arm64 &&
|
|
docker manifest push quay.io/gravitational/teleport:$(cat "/go/var/full-version"))
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v9-amd64" to Quay
|
|
- Tag and push image "teleport:v9-arm" to Quay
|
|
- Tag and push image "teleport:v9-arm64" to Quay
|
|
- name: Tag and push image "teleport:v9-amd64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
|
|
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v9-amd64"
|
|
- name: Tag and push image "teleport:v9-arm" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
|
|
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v9-arm"
|
|
- name: Tag and push image "teleport:v9-arm64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
|
|
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
|
|
&& docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport image "teleport:v9-arm64"
|
|
- name: Create manifest and push "teleport:major" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v9-amd64" to ECR - production
|
|
- Tag and push image "teleport:v9-arm" to ECR - production
|
|
- Tag and push image "teleport:v9-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport:minor" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v9-amd64" to ECR - production
|
|
- Tag and push image "teleport:v9-arm" to ECR - production
|
|
- Tag and push image "teleport:v9-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport:full" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version") --amend
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64 --amend
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm --amend
|
|
public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64 && docker
|
|
manifest push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version"))
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport:v9-amd64" to ECR - production
|
|
- Tag and push image "teleport:v9-arm" to ECR - production
|
|
- Tag and push image "teleport:v9-arm64" to ECR - production
|
|
- name: Assume S3 Download AWS Role for teleport-ent
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[s3-download-teleport-ent]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile s3-download-teleport-ent
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Find the latest available semver for v9
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
|
|
image: alpine
|
|
commands:
|
|
- apk add curl
|
|
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent")
|
|
- curl -Ls -o "/go/build/Dockerfile-teleport-ent" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat
|
|
'/go/vars/full-version-v9')/build.assets/charts/Dockerfile"
|
|
depends_on:
|
|
- Find the latest available semver for v9
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Download "teleport-ent_v9-tag_amd64.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_amd64.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
|
|
"/go/var/full-version")_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_amd64.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport-ent
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport-ent
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
|
|
- name: Build teleport-ent image "teleport-ent:v9-amd64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-ent-v9-amd64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v9-amd64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-ent-v9-amd64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-ent-v9-amd64-builder" --config "/tmp/teleport-ent-v9-amd64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-ent-v9-amd64-builder" --target
|
|
"teleport" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
|
|
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_amd64.deb /go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-ent-v9-amd64-builder"
|
|
- rm -rf "/tmp/teleport-ent-v9-amd64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport-ent_v9-tag_amd64.deb" artifacts from S3
|
|
- name: Download "teleport-ent_v9-tag_arm.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
|
|
"/go/var/full-version")_arm.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport-ent
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport-ent
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
|
|
- name: Build teleport-ent image "teleport-ent:v9-arm"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-ent-v9-arm-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v9-arm-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-ent-v9-arm-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-ent-v9-arm-builder" --config "/tmp/teleport-ent-v9-arm-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-ent-v9-arm-builder" --target "teleport"
|
|
--platform "linux/arm" --tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
--file "/go/build/Dockerfile-teleport-ent" --build-arg DEB_PATH=teleport-ent_$(cat
|
|
"/go/var/full-version")_arm.deb /go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-ent-v9-arm-builder"
|
|
- rm -rf "/tmp/teleport-ent-v9-arm-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport-ent_v9-tag_arm.deb" artifacts from S3
|
|
- name: Download "teleport-ent_v9-tag_arm64.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")_arm64.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
|
|
"/go/var/full-version")_arm64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")_arm64.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport-ent
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport-ent
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent" for teleport-ent
|
|
- name: Build teleport-ent image "teleport-ent:v9-arm64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-ent-v9-arm64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v9-arm64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-ent-v9-arm64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-ent-v9-arm64-builder" --config "/tmp/teleport-ent-v9-arm64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-ent-v9-arm64-builder" --target
|
|
"teleport" --platform "linux/arm64" --tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 --file "/go/build/Dockerfile-teleport-ent" --build-arg
|
|
DEB_PATH=teleport-ent_$(cat "/go/var/full-version")_arm64.deb /go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-ent-v9-arm64-builder"
|
|
- rm -rf "/tmp/teleport-ent-v9-arm64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport-ent_v9-tag_arm64.deb" artifacts from S3
|
|
- name: Tag and push image "teleport-ent:v9-amd64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v9-amd64"
|
|
- name: Tag and push image "teleport-ent:v9-arm" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v9-arm"
|
|
- name: Tag and push image "teleport-ent:v9-arm64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v9-arm64"
|
|
- name: Create manifest and push "teleport-ent:major-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v9-amd64" to ECR - staging
|
|
- Tag and push image "teleport-ent:v9-arm" to ECR - staging
|
|
- Tag and push image "teleport-ent:v9-arm64" to ECR - staging
|
|
- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v9-amd64" to ECR - staging
|
|
- Tag and push image "teleport-ent:v9-arm" to ECR - staging
|
|
- Tag and push image "teleport-ent:v9-arm64" to ECR - staging
|
|
- name: Create manifest and push "teleport-ent:full-$TIMESTAMP" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP > /dev/null 2>&1 && echo 'Found existing image,
|
|
skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-amd64 --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-arm64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v9-amd64" to ECR - staging
|
|
- Tag and push image "teleport-ent:v9-arm" to ECR - staging
|
|
- Tag and push image "teleport-ent:v9-arm64" to ECR - staging
|
|
- name: Tag and push image "teleport-ent:v9-amd64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v9-amd64"
|
|
- name: Tag and push image "teleport-ent:v9-arm" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v9-arm"
|
|
- name: Tag and push image "teleport-ent:v9-arm64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v9-arm64"
|
|
- name: Create manifest and push "teleport-ent:major" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v9-amd64" to Quay
|
|
- Tag and push image "teleport-ent:v9-arm" to Quay
|
|
- Tag and push image "teleport-ent:v9-arm64" to Quay
|
|
- name: Create manifest and push "teleport-ent:minor" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v9-amd64" to Quay
|
|
- Tag and push image "teleport-ent:v9-arm" to Quay
|
|
- Tag and push image "teleport-ent:v9-arm64" to Quay
|
|
- name: Create manifest and push "teleport-ent:full" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version") --amend
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64 --amend
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm --amend quay.io/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 && docker manifest push quay.io/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version"))
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v9-amd64" to Quay
|
|
- Tag and push image "teleport-ent:v9-arm" to Quay
|
|
- Tag and push image "teleport-ent:v9-arm64" to Quay
|
|
- name: Tag and push image "teleport-ent:v9-amd64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v9-amd64"
|
|
- name: Tag and push image "teleport-ent:v9-arm" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
&& docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v9-arm"
|
|
- name: Tag and push image "teleport-ent:v9-arm64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-arm64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent image "teleport-ent:v9-arm64"
|
|
- name: Create manifest and push "teleport-ent:major" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v9-amd64" to ECR - production
|
|
- Tag and push image "teleport-ent:v9-arm" to ECR - production
|
|
- Tag and push image "teleport-ent:v9-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport-ent:minor" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v9-amd64" to ECR - production
|
|
- Tag and push image "teleport-ent:v9-arm" to ECR - production
|
|
- Tag and push image "teleport-ent:v9-arm64" to ECR - production
|
|
- name: Create manifest and push "teleport-ent:full" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-amd64
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm64
|
|
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version"))
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v9-amd64" to ECR - production
|
|
- Tag and push image "teleport-ent:v9-arm" to ECR - production
|
|
- Tag and push image "teleport-ent:v9-arm64" to ECR - production
|
|
- name: Assume S3 Download AWS Role for teleport-ent-fips
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[s3-download-teleport-ent-fips]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
>> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile s3-download-teleport-ent-fips
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_ROLE:
|
|
from_secret: AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Find the latest available semver for v9
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for
|
|
teleport-ent-fips
|
|
image: alpine
|
|
commands:
|
|
- apk add curl
|
|
- mkdir -pv $(dirname "/go/build/Dockerfile-teleport-ent-fips")
|
|
- curl -Ls -o "/go/build/Dockerfile-teleport-ent-fips" "https://raw.githubusercontent.com/gravitational/teleport/v$(cat
|
|
'/go/vars/full-version-v9')/build.assets/charts/Dockerfile"
|
|
depends_on:
|
|
- Find the latest available semver for v9
|
|
- Wait for docker
|
|
- Wait for docker registry
|
|
- Check out code
|
|
- Build major, minor, and full semvers
|
|
- Assume ECR - staging AWS Role
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Assume ECR - production AWS Role
|
|
- name: Download "teleport-ent_v9-tag-fips_amd64.deb" artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- END_TIME=$(( $(date +%s) + 3600 ))
|
|
- TIMED_OUT=true
|
|
- while [ $(date +%s) -lt $${END_TIME?} ]; do
|
|
- SUCCESS=true
|
|
- aws s3 ls s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/ | tr
|
|
-s ' ' | cut -d' ' -f 4 | grep -x teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
|
|
|| SUCCESS=false
|
|
- '[ "$SUCCESS" = "true" ] && TIMED_OUT=false && break;'
|
|
- echo 'Condition not met yet, waiting another 60 seconds...'
|
|
- sleep 60
|
|
- done
|
|
- '[ $${TIMED_OUT?} = true ] && echo ''Timed out while waiting for condition: [
|
|
"$SUCCESS" = "true" ]'' && exit 1'
|
|
- mkdir -pv "/go/build"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/tag/$(cat "/go/var/full-version")/teleport-ent_$(cat
|
|
"/go/var/full-version")-fips_amd64.deb /go/build/teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
|
|
environment:
|
|
AWS_PROFILE: s3-download-teleport-ent-fips
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
depends_on:
|
|
- Assume S3 Download AWS Role for teleport-ent-fips
|
|
- Download Teleport Dockerfile to "/go/build/Dockerfile-teleport-ent-fips" for teleport-ent-fips
|
|
- name: Build teleport-ent-fips image "teleport-ent:v9-fips-amd64"
|
|
image: docker
|
|
commands:
|
|
- docker run --privileged --rm tonistiigi/binfmt --install all
|
|
- mkdir -pv "/go/build" && cd "/go/build"
|
|
- mkdir -pv "/tmp/teleport-ent-v9-fips-amd64-builder"
|
|
- echo '[registry."drone-docker-registry:5000"]' > "/tmp/teleport-ent-v9-fips-amd64-builder/buildkitd.toml"
|
|
- echo ' http = true' >> "/tmp/teleport-ent-v9-fips-amd64-builder/buildkitd.toml"
|
|
- docker buildx create --driver "docker-container" --driver-opt "network=host" --name
|
|
"teleport-ent-v9-fips-amd64-builder" --config "/tmp/teleport-ent-v9-fips-amd64-builder/buildkitd.toml"
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker buildx build --push --builder "teleport-ent-v9-fips-amd64-builder" --target
|
|
"teleport-fips" --platform "linux/amd64" --tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 --file "/go/build/Dockerfile-teleport-ent-fips"
|
|
--build-arg DEB_PATH=teleport-ent_$(cat "/go/var/full-version")-fips_amd64.deb
|
|
/go/build
|
|
- docker logout "public.ecr.aws"
|
|
- docker buildx rm "teleport-ent-v9-fips-amd64-builder"
|
|
- rm -rf "/tmp/teleport-ent-v9-fips-amd64-builder"
|
|
environment:
|
|
AWS_PROFILE: ecr-authenticated-pull
|
|
DOCKER_BUILDKIT: "1"
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Assume ECR - authenticated-pull AWS Role
|
|
- Download "teleport-ent_v9-tag-fips_amd64.deb" artifacts from S3
|
|
- name: Tag and push image "teleport-ent:v9-fips-amd64" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
|
|
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
|
|
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips-amd64)
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 > /dev/null 2>&1 && echo 'Found
|
|
existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips-amd64)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent-fips image "teleport-ent:v9-fips-amd64"
|
|
- name: Create manifest and push "teleport-ent:major-$TIMESTAMP-fips" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/major-version")-$TIMESTAMP-fips)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v9-fips-amd64" to ECR - staging
|
|
- name: Create manifest and push "teleport-ent:minor-$TIMESTAMP-fips" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/minor-version")-$TIMESTAMP-fips)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v9-fips-amd64" to ECR - staging
|
|
- name: Create manifest and push "teleport-ent:full-$TIMESTAMP-fips" to ECR - staging
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- TIMESTAMP=$(date -d @"$DRONE_BUILD_CREATED" '+%Y%m%d%H%M')
|
|
- docker manifest inspect 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips > /dev/null 2>&1 && echo 'Found existing
|
|
image, skipping' || (docker manifest create 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips --amend 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips-amd64 && docker manifest push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-$TIMESTAMP-fips)
|
|
- docker logout "146628656107.dkr.ecr.us-west-2.amazonaws.com"
|
|
environment:
|
|
AWS_PROFILE: ecr-staging
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v9-fips-amd64" to ECR - staging
|
|
- name: Tag and push image "teleport-ent:v9-fips-amd64" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
&& docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent-fips image "teleport-ent:v9-fips-amd64"
|
|
- name: Create manifest and push "teleport-ent:major-fips" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v9-fips-amd64" to Quay
|
|
- name: Create manifest and push "teleport-ent:minor-fips" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest create quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
|
|
--amend quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v9-fips-amd64" to Quay
|
|
- name: Create manifest and push "teleport-ent:full-fips" to Quay
|
|
image: docker
|
|
commands:
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" "quay.io"
|
|
- docker manifest inspect quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips --amend
|
|
quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64 &&
|
|
docker manifest push quay.io/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips)
|
|
- docker logout "quay.io"
|
|
environment:
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v9-fips-amd64" to Quay
|
|
- name: Tag and push image "teleport-ent:v9-fips-amd64" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- docker pull drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
|
|
"/go/var/full-version")-fips-amd64)
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Build teleport-ent-fips image "teleport-ent:v9-fips-amd64"
|
|
- name: Create manifest and push "teleport-ent:major-fips" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v9-fips-amd64" to ECR - production
|
|
- name: Create manifest and push "teleport-ent:minor-fips" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
|
|
- docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v9-fips-amd64" to ECR - production
|
|
- name: Create manifest and push "teleport-ent:full-fips" to ECR - production
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker manifest inspect public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
|
|
> /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker manifest
|
|
create public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips
|
|
--amend public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
|
|
&& docker manifest push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-fips)
|
|
- docker logout "public.ecr.aws"
|
|
environment:
|
|
AWS_PROFILE: ecr-production
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: dockersock
|
|
path: /var/run
|
|
depends_on:
|
|
- Tag and push image "teleport-ent:v9-fips-amd64" to ECR - production
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: drone-docker-registry
|
|
image: registry:2
|
|
privileged: false
|
|
volumes: []
|
|
volumes:
|
|
- name: awsconfig
|
|
temp: {}
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/relcli.go (main.relcliPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: publish-rlz
|
|
environment:
|
|
RELCLI_IMAGE: 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/relcli:v1.1.76-35e77b7-20221117T1411084
|
|
trigger:
|
|
event:
|
|
include:
|
|
- promote
|
|
target:
|
|
include:
|
|
- production
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- promote-build
|
|
- teleport-container-images-branch-promote
|
|
- publish-apt-new-repos
|
|
- publish-yum-new-repos
|
|
steps:
|
|
- name: Check if commit is tagged
|
|
image: alpine
|
|
commands:
|
|
- '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?''
|
|
&& exit 1)'
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Assume AWS Role
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- aws sts get-caller-identity
|
|
- |-
|
|
printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \
|
|
$(aws sts assume-role \
|
|
--role-arn "$AWS_ROLE" \
|
|
--role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \
|
|
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
|
|
--output text) \
|
|
> /root/.aws/credentials
|
|
- unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
|
|
- aws sts get-caller-identity --profile default
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_ROLE:
|
|
from_secret: TELEPORT_BUILD_READ_ONLY_AWS_ROLE
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
volumes:
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Pull relcli
|
|
image: docker:cli
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker pull $RELCLI_IMAGE
|
|
environment:
|
|
AWS_DEFAULT_REGION: us-west-2
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
- name: Publish in Release API
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /tmpfs/creds
|
|
- echo "$RELEASES_CERT" | base64 -d > "$RELCLI_CERT"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$RELCLI_KEY"
|
|
- trap "rm -rf /tmpfs/creds" EXIT
|
|
- |-
|
|
docker run -i -v /tmpfs/creds:/tmpfs/creds \
|
|
-e DRONE_REPO -e DRONE_TAG -e RELCLI_BASE_URL -e RELCLI_CERT -e RELCLI_KEY \
|
|
$RELCLI_IMAGE relcli auto_publish -f -v 6
|
|
environment:
|
|
RELCLI_BASE_URL: https://releases-prod.platform.teleport.sh
|
|
RELCLI_CERT: /tmpfs/creds/releases.crt
|
|
RELCLI_KEY: /tmpfs/creds/releases.key
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: awsconfig
|
|
path: /root/.aws
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
- name: awsconfig
|
|
temp: {}
|
|
---
|
|
kind: signature
|
|
hmac: 88e09acfb6869d0ff016262f4beb5fbf66b791abcf6513565f6d3ca1eebb09c3
|
|
|
|
...
|