bin/publish
#!/bin/bash
set -e
. bin/build_utils
function print_help() {
echo "Internal Release Usage: $0 --internal"
echo "External Release Usage: $0 --edge"
echo "Promote Usage: $0 --promote --source <VERSION> --target <VERSION>"
echo " --internal: publish images to registry.tld"
echo " --edge: publish docker images to docker hub"
echo " --source <VERSION>: specify version number of local image"
echo " --target <VERSION>: specify version number of remote image"
}
# Fail if no arguments are given.
if [[ $# -lt 1 ]]; then
print_help
exit 1
fi
PUBLISH_INTERNAL=false
PUBLISH_EDGE=false
PROMOTE=false
while [[ $# -gt 0 ]]; do
case "$1" in
--internal)
PUBLISH_INTERNAL=true
;;
--edge)
PUBLISH_EDGE=true
;;
--promote)
PROMOTE=true
;;
--source)
SOURCE_ARG="$2"
shift
;;
--target)
TARGET_ARG="$2"
shift
;;
--help)
print_help
exit 1
;;
*)
echo "Unknown option: ${1}"
print_help
exit 1
;;
esac
shift
done
readonly REGISTRY="cyberark"
readonly LOCAL_REGISTRY="registry.tld"
# Version derived from CHANGLEOG and automated release library
VERSION=$(<VERSION)
FULL_VERSION_TAG="$(full_version_tag)"
readonly VERSION
readonly FULL_VERSION_TAG
readonly REDHAT_REGISTRY="quay.io"
readonly REDHAT_CERT_PID="5e61546e2c5f183d03415962"
readonly REDHAT_LOCAL_IMAGE="secretless-broker-redhat"
readonly REDHAT_IMAGE="${REDHAT_REGISTRY}/redhat-isv-containers/${REDHAT_CERT_PID}"
readonly REDHAT_USER="redhat-isv-containers+${REDHAT_CERT_PID}-robot"
readonly IMAGES=(
"secretless-broker"
"secretless-broker-quickstart"
)
if [[ ${PUBLISH_INTERNAL} = true ]]; then
echo "Publishing built images internally to registry.tld."
SOURCE_TAG=$FULL_VERSION_TAG
REMOTE_TAG=$VERSION
for IMAGE_NAME in "${IMAGES[@]}"; do
tag_and_push "${IMAGE_NAME}:${SOURCE_TAG}" "${LOCAL_REGISTRY}/${IMAGE_NAME}:${REMOTE_TAG}"
done
tag_and_push "${REDHAT_LOCAL_IMAGE}:${SOURCE_TAG}" "${LOCAL_REGISTRY}/${REDHAT_LOCAL_IMAGE}:${REMOTE_TAG}"
fi
if [[ ${PUBLISH_EDGE} = true ]]; then
echo "Performing edge release."
SOURCE_TAG=$FULL_VERSION_TAG
REMOTE_TAG=edge
readonly TAGS=(
"$VERSION"
"$REMOTE_TAG"
)
for IMAGE_NAME in "${IMAGES[@]}"; do
for tag in "${TAGS[@]}"; do
tag_and_push "$IMAGE_NAME:$SOURCE_TAG" "$REGISTRY/$IMAGE_NAME:$tag"
done
done
fi
if [[ ${PROMOTE} = true ]]; then
if [[ -z ${SOURCE_ARG:-} || -z ${TARGET_ARG:-} ]]; then
echo "When promoting, --source and --target flags are required."
print_help
exit 1
fi
# Update vars to utilize build_utils
SOURCE_TAG=$SOURCE_ARG
REMOTE_TAG=$TARGET_ARG
echo "Promoting image to $REMOTE_TAG"
readonly TAGS=(
"$REMOTE_TAG"
"latest"
)
for IMAGE_NAME in "${IMAGES[@]}"; do
for tag in "${TAGS[@]}" $(gen_versions "$REMOTE_TAG"); do
echo "Tagging and pushing $REGISTRY/$IMAGE_NAME:$tag"
tag_and_push "${LOCAL_REGISTRY}/$IMAGE_NAME:$SOURCE_TAG" "$REGISTRY/$IMAGE_NAME:$tag"
done
done
# Publish only latest to Redhat Registries
echo "Tagging and pushing ${REDHAT_IMAGE} with tag ${REMOTE_TAG}"
docker tag "${LOCAL_REGISTRY}/${REDHAT_LOCAL_IMAGE}:${SOURCE_TAG}" "${REDHAT_IMAGE}:${REMOTE_TAG}"
# Publish RedHat image to RedHat Registry
if docker login "${REDHAT_REGISTRY}" -u "${REDHAT_USER}" -p "${REDHAT_API_KEY}"; then
# you can't push the same tag twice to redhat registry, so ignore errors
if ! docker push "${REDHAT_IMAGE}:${REMOTE_TAG}"; then
echo 'RedHat push FAILED! (maybe the image was pushed already?)'
exit 0
fi
# scan image with preflight tool
scan_redhat_image "${REDHAT_IMAGE}:${REMOTE_TAG}" "${REDHAT_CERT_PID}"
# Publish latest tag to Redhat Registry
echo "Tagging and pushing ${REDHAT_IMAGE} with tag latest"
docker tag "${LOCAL_REGISTRY}/${REDHAT_LOCAL_IMAGE}:${SOURCE_TAG}" "${REDHAT_IMAGE}:latest"
docker push "${REDHAT_IMAGE}:latest"
else
echo "Failed to log in to ${REDHAT_REGISTRY}"
exit 1
fi
fi