Changed to manual 'deploy' of docker image

Thomas Goodwin · Thomas Goodwin · commit 64043fec1cec · 2018-06-25T10:38:45.000-04:00
DockerHub does not support deploy keys or anything quite like it,
only short-lived tokens returned once you log in with a user/pass
combination, which means the CI setup would have to expose those
keys for an actual user on their site that has write access to the
image in question.  The work-around right now is to make the deploy
create the tagged image and push it to the local repo.  "Someone"
will need to set their notifications to hear successful pipeline
completions and do the work of then pushing it to the public repo
and cleaning the internal registry.

Also changed the 'clean' script since the variables aren't expanding
quite as expected.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -3,7 +3,9 @@
 variables:
   CONTAINER_TEST_IMAGE:    $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
   CONTAINER_RELEASE_IMAGE: $CI_REGISTRY_IMAGE:latest
+  CONTAINER_TAGGED_IMAGE:  $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
   DOCKERHUB_IMAGE:         geontech/redhawk-webserver
+  REDHAWK_VERSION:         2.0.8
 
 stages:
   - build
@@ -46,10 +48,10 @@ test:
   script:
     # Install docker-compose
     - apk add --no-cache py2-pip && pip install docker-compose
-
     # Pull the test image and start the stack without rebuilding it.
     - cd tests
     - docker pull ${CONTAINER_TEST_IMAGE}
+    - export REDHAWK_VERSION=$REDHAWK_VERSION
     - export CONTAINER_TEST_IMAGE=$CONTAINER_TEST_IMAGE
     - docker-compose -p ${CI_COMMIT_SHA} up -d --no-build
     - docker-compose -p ${CI_COMMIT_SHA} images
@@ -77,26 +79,18 @@ release:
     - docker push $CONTAINER_RELEASE_IMAGE
     - docker rmi $CONTAINER_TEST_IMAGE $CONTAINER_RELEASE_IMAGE
 
-# Push the released image to DockerHub on tags
+# Deploy internally, tagged.
 deploy-image:
   stage: deploy
   only:
     - tags
   <<: *container_registry
-  variables:
-    dockerhub_image_tag:    geontech/redhawk-webserver:$CI_COMMIT_TAG
-    dockerhub_image_latest: geontech/redhawk-webserver:latest
   script:
-    # Use JQ to patch in our dockerhub credentials for the public push
-    - apk add --no-cache jq
-    - "jq --arg token \"$DOCKERHUB_TOKEN\" '.auths[\"https://index.docker.io/v1\"] = { auth: $token }' ~/.docker/config.json > ~/.docker/config.json"
     # Pull the release image, re-tag it to the dockerhub name and push it.
     - docker pull $CONTAINER_RELEASE_IMAGE
-    - docker tag $CONTAINER_RELEASE_IMAGE ${dockerhub_image_tag}
-    - docker tag $CONTAINER_RELEASE_IMAGE ${dockerhub_image_latest}
-    - docker push ${dockerhub_image_tag}
-    - docker push ${dockerhub_image_latest}
-    - docker rmi ${CONTAINER_RELEASE_IMAGE} ${dockerhub_image_tag} ${dockerhub_image_latest}
+    - docker tag $CONTAINER_RELEASE_IMAGE $CONTAINER_TAGGED_IMAGE
+    - docker push $CONTAINER_TAGGED_IMAGE
+    - docker rmi $CONTAINER_RELEASE_IMAGE $CONTAINER_TAGGED_IMAGE
 
 # Push to GitHub
 deploy-github:
@@ -105,9 +99,9 @@ deploy-github:
     - tags
   image: alpine
   script:
-    - apk add --no-cache openssh-client git
+    - apk add --no-cache openssh-client git bash
     - eval $(ssh-agent -s)
-    - echo "$GITHUB_TOKEN" | ssh-add -
+    - bash -c 'ssh-add <(echo "$GITHUB_TOKEN")'
     - mkdir -p ~/.ssh
     - echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
     # Configure git and push w/ tag(s)
@@ -116,29 +110,28 @@ deploy-github:
     - git remote set-url origin ${GITHUB_REPO}
     - git push origin ${GITHUB_BRANCH} --follow-tags
 
-# Template for cleaning the image registry
-.clean-image: &clean-image
-  stage: cleanup
-  <<: *container_registry
-  script:
-    - apk add --no-cache git bash curl
-    - git clone ${DOCKER_UTILS} docker-util
-    - docker-util/delete-image.sh $clean_target_image
-
 # Clean dev/test images not on master branch
 clean-dev:
+  stage: cleanup
+  <<: *container_registry
   when: always
-  variables:
-    clean_target_image: $CONTAINER_TEST_IMAGE
   except:
     - master
     - tags
-  <<: *clean-image
+  script:
+    - apk add --no-cache git bash curl
+    - git clone ${DOCKER_UTILS} docker-util
+    - docker-util/delete-image.sh $CONTAINER_TEST_IMAGE
 
 # Cleanup the locally stored image after tagging and pushing to public
+# This has to be manual since deploying to Dockerhub is manual too.
 clean-internal:
-  variables:
-    clean_target_image: $CONTAINER_RELEASE_IMAGE
+  stage: cleanup
+  <<: *container_registry
+  when: manual
   only:
     - tags
-  <<: *clean-image
+  script:
+    - apk add --no-cache git bash curl
+    - git clone ${DOCKER_UTILS} docker-util
+    - docker-util/delete-image.sh $CONTAINER_RELEASE_IMAGE
