commit 1bd9d0b29b31874aa76edd59c0ee247133747045
author Mohammed Naser <mnaser@vexxhost.com> Thu Apr 04 09:05:56 2024 -0400
committer GitHub <noreply@github.com> Thu Apr 04 09:05:56 2024 -0400
tree 457c848cf95f6867f008c3346e5751f7c1908b5c
parent 27971162b1d2667a03a98ac2965855306cdf69fe

ci: use buildset registry (#1062)

zuul.d/playbooks/molecule/pre.yml

diff --git a/zuul.d/playbooks/molecule/pre.yml b/zuul.d/playbooks/molecule/pre.yml
index ef5bc95..f9f2213 100644
--- a/zuul.d/playbooks/molecule/pre.yml
+++ b/zuul.d/playbooks/molecule/pre.yml
@@ -22,10 +22,46 @@
     # TODO(mnaser): Drop this when we can use https://github.com/vexxhost/atmosphere/pull/977
     - name: Prefix all images for the job to point to mirror
       ansible.builtin.shell: |
-        sed -i 's/  \(.*\): \(.*\)$/  \1: registry.atmosphere.dev\/\2/' roles/defaults/vars/main.yml
+        sed -i '/registry.atmosphere.dev/!s/  \(.*\): \(.*\)$/  \1: registry.atmosphere.dev\/\2/' roles/defaults/vars/main.yml
       args:
         chdir: "{{ zuul.project.src_dir }}"
 
+    # NOTE(mnaser): This can be removed once the following merges
+    #               https://review.opendev.org/c/zuul/zuul-jobs/+/915025
+    - name: Load "buildset_registry" fact
+      block:
+        - name: Check for results.json
+          stat:
+            path: "{{ zuul.executor.result_data_file }}"
+          register: result_json_stat
+          delegate_to: localhost
+        - name: Load information from zuul_return
+          no_log: true
+          set_fact:
+            buildset_registry: "{{ (lookup('file', zuul.executor.result_data_file) | from_json)['secret_data']['buildset_registry'] }}"
+          when:
+            - buildset_registry is not defined
+            - result_json_stat.stat.exists
+            - result_json_stat.stat.size > 0
+            - "'buildset_registry' in (lookup('file', zuul.executor.result_data_file) | from_json).get('secret_data')"
+
+    - name: Configure buildset registry
+      when: buildset_registry is defined
+      block:
+        - name: Install CA certificate for the registry
+          become: true
+          ansible.builtin.copy:
+            content: "{{ buildset_registry.cert }}"
+            dest: /usr/local/share/ca-certificates/registry.crt
+        - name: Update CA certificates
+          become: true
+          ansible.builtin.shell: update-ca-certificates
+        - name: Replace the registry in image manifest
+          ansible.builtin.replace:
+            path: "{{ zuul.project.src_dir }}/roles/defaults/vars/main.yml"
+            regexp: "registry.atmosphere.dev/library/([^@]*)@sha256:[a-fA-F0-9]{64}"
+            replace: '{{ buildset_registry.host }}:{{ buildset_registry.port }}/library/\1'
+
     # TODO(mnaser): Drop this when we move to PBR
     - name: Add current folder to Git's safe directories
       become: true