Use buildset registry for collection builds (#1369)
Signed-off-by: Mohammed Naser <mnaser@vexxhost.com>
diff --git a/zuul.d/playbooks/build-collection/pre.yml b/zuul.d/playbooks/build-collection/pre.yml
index d60ccee..a9e076c 100644
--- a/zuul.d/playbooks/build-collection/pre.yml
+++ b/zuul.d/playbooks/build-collection/pre.yml
@@ -12,6 +12,9 @@
# License for the specific language governing permissions and limitations
# under the License.
+- name: Configure Buildset Registry
+ ansible.builtin.import_playbook: ../common/configure-buildset-registry.yml
+
- name: Prepare for collection build
hosts: all
tasks:
diff --git a/zuul.d/playbooks/common/configure-buildset-registry.yml b/zuul.d/playbooks/common/configure-buildset-registry.yml
new file mode 100644
index 0000000..7ab8e75
--- /dev/null
+++ b/zuul.d/playbooks/common/configure-buildset-registry.yml
@@ -0,0 +1,49 @@
+# SPDX-License-Identifier: Apache-2.0
+
+- name: Configure Buildset Registry
+ hosts: all
+ tasks:
+ # NOTE(mnaser): This can be removed once the following merges
+ # https://review.opendev.org/c/zuul/zuul-jobs/+/915025
+ - name: Load "buildset_registry" fact
+ block:
+ - name: Check for results.json
+ stat:
+ path: "{{ zuul.executor.result_data_file }}"
+ register: result_json_stat
+ delegate_to: localhost
+ - name: Load information from zuul_return
+ no_log: true
+ set_fact:
+ buildset_registry: "{{ (lookup('file', zuul.executor.result_data_file) | from_json)['secret_data']['buildset_registry'] }}"
+ when:
+ - buildset_registry is not defined
+ - result_json_stat.stat.exists
+ - result_json_stat.stat.size > 0
+ - "'buildset_registry' in (lookup('file', zuul.executor.result_data_file) | from_json).get('secret_data')"
+
+ - name: Configure buildset registry
+ when: buildset_registry is defined
+ block:
+ - name: Install CA certificate for the registry
+ become: true
+ ansible.builtin.copy:
+ content: "{{ buildset_registry.cert }}"
+ dest: /usr/local/share/ca-certificates/registry.crt
+ - name: Update CA certificates
+ become: true
+ ansible.builtin.shell: update-ca-certificates
+ - name: Replace the registry in image manifest
+ ansible.builtin.replace:
+ path: "{{ zuul.project.src_dir }}/roles/defaults/vars/main.yml"
+ regexp: "{{ repo }}:"
+ replace: '{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ repo }}:'
+ loop: "{{ zuul.artifacts | default([]) }}"
+ loop_control:
+ loop_var: zj_zuul_artifact
+ when: "'metadata' in zj_zuul_artifact and zj_zuul_artifact.metadata.type | default('') == 'container_image'"
+ vars:
+ repo: "{{ zj_zuul_artifact.metadata.repository }}"
+ - name: Print out the new image manifest file
+ ansible.builtin.command: |
+ cat {{ zuul.project.src_dir }}/roles/defaults/vars/main.yml
diff --git a/zuul.d/playbooks/molecule/pre.yml b/zuul.d/playbooks/molecule/pre.yml
index 9e10180..0c6cbfc 100644
--- a/zuul.d/playbooks/molecule/pre.yml
+++ b/zuul.d/playbooks/molecule/pre.yml
@@ -26,48 +26,6 @@
args:
chdir: "{{ zuul.project.src_dir }}"
- # NOTE(mnaser): This can be removed once the following merges
- # https://review.opendev.org/c/zuul/zuul-jobs/+/915025
- - name: Load "buildset_registry" fact
- block:
- - name: Check for results.json
- stat:
- path: "{{ zuul.executor.result_data_file }}"
- register: result_json_stat
- delegate_to: localhost
- - name: Load information from zuul_return
- no_log: true
- set_fact:
- buildset_registry: "{{ (lookup('file', zuul.executor.result_data_file) | from_json)['secret_data']['buildset_registry'] }}"
- when:
- - buildset_registry is not defined
- - result_json_stat.stat.exists
- - result_json_stat.stat.size > 0
- - "'buildset_registry' in (lookup('file', zuul.executor.result_data_file) | from_json).get('secret_data')"
-
- - name: Configure buildset registry
- when: buildset_registry is defined
- block:
- - name: Install CA certificate for the registry
- become: true
- ansible.builtin.copy:
- content: "{{ buildset_registry.cert }}"
- dest: /usr/local/share/ca-certificates/registry.crt
- - name: Update CA certificates
- become: true
- ansible.builtin.shell: update-ca-certificates
- - name: Replace the registry in image manifest
- ansible.builtin.replace:
- path: "{{ zuul.project.src_dir }}/roles/defaults/vars/main.yml"
- regexp: "{{ repo }}:"
- replace: '{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ repo }}:'
- loop: "{{ zuul.artifacts | default([]) }}"
- loop_control:
- loop_var: zj_zuul_artifact
- when: "'metadata' in zj_zuul_artifact and zj_zuul_artifact.metadata.type | default('') == 'container_image'"
- vars:
- repo: "{{ zj_zuul_artifact.metadata.repository }}"
-
# TODO(mnaser): Drop this when we move to PBR
- name: Add current folder to Git's safe directories
become: true
@@ -75,3 +33,6 @@
git config --global --add safe.directory $(pwd)
args:
chdir: "{{ zuul.project.src_dir }}"
+
+- name: Configure Buildset Registry
+ ansible.builtin.import_playbook: ../common/configure-buildset-registry.yml
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index 147d6a7..6afe8ac 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -17,8 +17,7 @@
check:
jobs:
- atmosphere-linters
- - atmosphere-build-collection
- - atmosphere-molecule-aio-keycloak:
+ - atmosphere-build-collection:
dependencies: &molecule_check_dependencies
- name: atmosphere-build-container-image-barbican
soft: true
@@ -70,6 +69,8 @@
soft: true
- name: atmosphere-build-container-image-tempest
soft: true
+ - atmosphere-molecule-aio-keycloak:
+ dependencies: *molecule_check_dependencies
- atmosphere-molecule-aio-openvswitch:
dependencies: *molecule_check_dependencies
- atmosphere-molecule-aio-ovn:
@@ -81,8 +82,7 @@
gate:
jobs:
- atmosphere-linters
- - atmosphere-build-collection
- - atmosphere-molecule-aio-keycloak:
+ - atmosphere-build-collection:
dependencies: &molecule_gate_dependencies
- name: atmosphere-upload-container-image-barbican
soft: true
@@ -134,6 +134,8 @@
soft: true
- name: atmosphere-upload-container-image-tempest
soft: true
+ - atmosphere-molecule-aio-keycloak:
+ dependencies: *molecule_gate_dependencies
- atmosphere-molecule-aio-openvswitch:
dependencies: *molecule_gate_dependencies
- atmosphere-molecule-aio-ovn: