| # SPDX-License-Identifier: Apache-2.0 |
| |
| - name: Configure Buildset Registry |
| hosts: all |
| tasks: |
| # NOTE(mnaser): This can be removed once the following merges |
| # https://review.opendev.org/c/zuul/zuul-jobs/+/915025 |
| - name: Load "buildset_registry" fact |
| block: |
| - name: Check for results.json |
| stat: |
| path: "{{ zuul.executor.result_data_file }}" |
| register: result_json_stat |
| delegate_to: localhost |
| - name: Load information from zuul_return |
| no_log: true |
| set_fact: |
| buildset_registry: "{{ (lookup('file', zuul.executor.result_data_file) | from_json)['secret_data']['buildset_registry'] }}" |
| when: |
| - buildset_registry is not defined |
| - result_json_stat.stat.exists |
| - result_json_stat.stat.size > 0 |
| - "'buildset_registry' in (lookup('file', zuul.executor.result_data_file) | from_json).get('secret_data')" |
| |
| - name: Configure buildset registry |
| when: buildset_registry is defined |
| block: |
| - name: Install CA certificate for the registry |
| become: true |
| ansible.builtin.copy: |
| content: "{{ buildset_registry.cert }}" |
| dest: /usr/local/share/ca-certificates/registry.crt |
| - name: Update CA certificates |
| become: true |
| ansible.builtin.shell: update-ca-certificates |
| - name: Replace the registry in image manifest |
| ansible.builtin.replace: |
| path: "{{ zuul.project.src_dir }}/roles/defaults/vars/main.yml" |
| regexp: "{{ repo }}:" |
| replace: '{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ repo }}:' |
| loop: "{{ zuul.artifacts | default([]) }}" |
| loop_control: |
| loop_var: zj_zuul_artifact |
| when: "'metadata' in zj_zuul_artifact and zj_zuul_artifact.metadata.type | default('') == 'container_image'" |
| vars: |
| repo: "{{ zj_zuul_artifact.metadata.repository }}" |
| - name: Print out the new image manifest file |
| ansible.builtin.command: | |
| cat {{ zuul.project.src_dir }}/roles/defaults/vars/main.yml |