Merge pull request #1367 from dsalaza4/dsalazaratfluid

refac(back): #1364 simplify deploy container

docs/src/api/builtins/deploy.md

@@ -134,33 +134,25 @@ before sending the job to Batch.
 
 ## deployContainer
 
-Deploy a set of container images
-in [OCI Format](https://github.com/opencontainers/image-spec)
-to the specified container registries.
+Deploy a container image
+in [OCI Format](https://github.com/opencontainers/image-spec).
 
-For details on how to build container images in OCI Format
-please read the `makeContainerImage` reference.
+For details on how to build container images in OCI format,
+please see [makeContainerImage](/api/extensions/containers#makecontainerimage).
 
 Types:
 
-- deployContainer:
- - images (`attrsOf imageType`): Optional.
- Definitions of container images to deploy.
- Defaults to `{ }`.
-- imageType (`submodule`):
- - attempts (`ints.positive`): Optional.
- If the value of attempts is greater than one,
- the job is retried on failure the same number of attempts as the value.
- Defaults to `1`.
+- deployContainer (`attrsOf targetType`):
+- targetType (`submodule`):
  - credentials:
  - token (`str`):
  Name of the environment variable
  that stores the value of the registry token.
  - user (`str`):
  Name of the environment variable
  that stores the value of the registry user.
- - registry (`str`):
- Registry in which the image will be copied to.
+ - image (`str`):
+ Container registry path to which the image will be copied to.
  - setup (`listOf package`): Optional.
  [Makes Environment][makes_environment]
  or [Makes Secrets][makes_secrets]
@@ -175,58 +167,31 @@ Types:
  Defaults to `false`.
  - src (`package`):
  Derivation that contains the container image in OCI Format.
- - tag (`str`):
- The tag under which the image will be stored in the registry.
 
 Example:
 
 === "makes.nix"
 
  ```nix
- {
-  inputs,
-  outputs,
-  ...
- }: {
-  inputs = {
-  nixpkgs = fetchNixpkgs {
-  rev = "f88fc7a04249cf230377dd11e04bf125d45e9abe";
-  sha256 = "1dkwcsgwyi76s1dqbrxll83a232h9ljwn4cps88w9fam68rf8qv3";
-  };
-  };
-
+ { outputs, ... }: {
   deployContainer = {
-  images = {
-  nginxDockerHub = {
-  credentials = {
-  token = "DOCKER_HUB_PASS";
-  user = "DOCKER_HUB_USER";
-  };
-  src = inputs.nixpkgs.dockerTools.examples.nginx;
-  sign = false;
-  registry = "docker.io";
-  tag = "fluidattacks/nginx:latest";
-  };
-  redisGitHub = {
-  credentials = {
-  token = "GITHUB_TOKEN";
-  user = "GITHUB_ACTOR";
-  };
-  src = inputs.nixpkgs.dockerTools.examples.redis;
-  sign = true;
-  registry = "ghcr.io";
-  tag = "fluidattacks/redis:$(date +%Y.%m)"; # Tag from command
+  makesAmd64 = {
+  credentials = {
+  token = "GITHUB_TOKEN";
+  user = "GITHUB_ACTOR";
   };
-  makesGitLab = {
-  credentials = {
-  token = "CI_REGISTRY_PASSWORD";
-  user = "CI_REGISTRY_USER";
-  };
-  src = outputs."/containerImage";
-  sign = false;
-  registry = "registry.gitlab.com";
-  tag = "fluidattacks/product/makes:$MY_VAR"; # Tag from env var
+  image = "ghcr.io/fluidattacks/makes:amd64";
+  src = outputs."/container-image";
+  sign = true;
+  };
+  makesArm64 = {
+  credentials = {
+  token = "GITHUB_TOKEN";
+  user = "GITHUB_ACTOR";
   };
+  image = "ghcr.io/fluidattacks/makes:arm64";
+  src = outputs."/container-image";
+  sign = true;
   };
   };
  }
@@ -235,19 +200,19 @@ Example:
 === "Invocation DockerHub"
 
  ```bash
- DOCKER_HUB_USER=user DOCKER_HUB_PASS=123 m . /deployContainer/nginxDockerHub
+ DOCKER_HUB_USER=user DOCKER_HUB_PASS=123 m . /deployContainer/makesAmd64
  ```
 
 === "Invocation GitHub"
 
  ```bash
- GITHUB_ACTOR=user GITHUB_TOKEN=123 m . /deployContainer/makesLatest
+ GITHUB_ACTOR=user GITHUB_TOKEN=123 m . /deployContainer/makesAmd64
  ```
 
 === "Invocation GitLab"
 
  ```bash
- CI_REGISTRY_USER=user CI_REGISTRY_PASSWORD=123 m . /deployContainer/makesGitLab
+ CI_REGISTRY_USER=user CI_REGISTRY_PASSWORD=123 m . /deployContainer/makesAmd64
  ```
 
 ## deployContainerManifest
@@ -302,33 +267,7 @@ Example:
 === "makes.nix"
 
  ```nix
- {
-  deployContainer = {
-  images = {
-  makesAmd64 = {
-  attempts = 3;
-  credentials = {
-  token = "GITHUB_TOKEN";
-  user = "GITHUB_ACTOR";
-  };
-  registry = "ghcr.io";
-  src = outputs."/container-image";
-  sign = true;
-  tag = "fluidattacks/makes:amd64";
-  };
-  makesArm64 = {
-  attempts = 3;
-  credentials = {
-  token = "GITHUB_TOKEN";
-  user = "GITHUB_ACTOR";
-  };
-  registry = "ghcr.io";
-  src = outputs."/container-image";
-  sign = true;
-  tag = "fluidattacks/makes:arm64";
-  };
-  };
-  };
+ { outputs, ... }: {
   deployContainerManifest = {
   makes = {
   credentials = {

makes.nix

@@ -19,29 +19,23 @@
  target = "github.com/fluidattacks/makes";
  };
  deployContainer = {
- images = {
- makesAmd64 = {
- attempts = 3;
- credentials = {
- token = "GITHUB_TOKEN";
- user = "GITHUB_ACTOR";
- };
- registry = "ghcr.io";
- src = outputs."/container-image";
- sign = true;
- tag = "fluidattacks/makes:amd64";
+ makesAmd64 = {
+ credentials = {
+ token = "GITHUB_TOKEN";
+ user = "GITHUB_ACTOR";
  };
- makesArm64 = {
- attempts = 3;
- credentials = {
- token = "GITHUB_TOKEN";
- user = "GITHUB_ACTOR";
- };
- registry = "ghcr.io";
- src = outputs."/container-image";
- sign = true;
- tag = "fluidattacks/makes:arm64";
+ image = "ghcr.io/fluidattacks/makes:amd64";
+ src = outputs."/container-image";
+ sign = true;
+ };
+ makesArm64 = {
+ credentials = {
+ token = "GITHUB_TOKEN";
+ user = "GITHUB_ACTOR";
  };
+ image = "ghcr.io/fluidattacks/makes:arm64";
+ src = outputs."/container-image";
+ sign = true;
  };
  };
  deployContainerManifest = {

src/args/deploy-container/default.nix

@@ -1,15 +1,12 @@
 { __nixpkgs__, makeScript, ... }:
-{ attempts ? 1, containerImage, credentials, name, registry, setup, sign, tag,
-}:
+{ credentials, image, name, setup, sign, src }:
 makeScript {
  replace = {
- __argAttempts__ = attempts;
- __argContainerImage__ = containerImage;
  __argCredentialsToken__ = credentials.token;
  __argCredentialsUser__ = credentials.user;
- __argRegistry__ = registry;
+ __argImage__ = image;
  __argSign__ = sign;
- __argTag__ = "${registry}/${tag}";
+ __argSrc__ = src;
  };
  entrypoint = ./entrypoint.sh;
  inherit name;

src/args/deploy-container/entrypoint.sh

@@ -1,75 +1,55 @@
 # shellcheck shell=bash
 
 function deploy {
- local attempts="${1}"
- local container_image="${2}"
- local credentials_token="${3}"
- local credentials_user="${4}"
- local tag="${5}"
+ local credentials_token="${1}"
+ local credentials_user="${2}"
+ local image="${3}"
+ local src="${4}"
 
- : && info Syncing container image: "${tag}" \
- && command=(
- skopeo
- --insecure-policy
- copy
- --dest-creds "${credentials_user}:${credentials_token}"
- "docker-archive://${container_image}"
- "docker://${tag}"
- ) \
- && temp="$(mktemp)" \
- && seq 1 "${attempts}" > "${temp}" \
- && mapfile -t nums < "${temp}" \
- && for num in "${nums[@]}"; do
- if "${command[@]}"; then
- return 0
- else
- info Retrying number "${num}" ...
- fi
- done \
- && return 1 \
- || return 1
+ : && info Syncing container image: "${image}" \
+ && skopeo \
+ --insecure-policy \
+ copy \
+ --dest-creds "${credentials_user}:${credentials_token}" \
+ "docker-archive://${src}" \
+ "docker://${image}"
 }
 
 function sign {
  local credentials_token="${1}"
  local credentials_user="${2}"
- local registry="${3}"
+ local image="${3}"
  local sign="${4}"
- local tag="${5}"
 
  if [ "${sign}" = "1" ]; then
- : && info "Signing container image: ${tag}" \
+ : && info "Signing container image: ${image}" \
  && cosign sign \
  --yes=true \
  --registry-username="${credentials_user}" \
  --registry-password="${credentials_token}" \
- "${tag}"
+ "${image}"
  else
- : && info "Skipping signing container ${tag}"
+ : && info "Skipping signing container ${image}"
  fi
 }
 
 function main {
- local attempts="__argAttempts__"
- local container_image="__argContainerImage__"
  local credentials_token="${__argCredentialsToken__}"
  local credentials_user="${__argCredentialsUser__}"
- local registry="__argRegistry__"
+ local image="__argImage__"
  local sign="__argSign__"
- local tag="__argTag__"
+ local src="__argSrc__"
 
  : && deploy \
- "${attempts}" \
- "${container_image}" \
  "${credentials_token}" \
  "${credentials_user}" \
- "${tag}" \
+ "${image}" \
+ "${src}" \
  && sign \
  "${credentials_token}" \
  "${credentials_user}" \
- "${registry}" \
- "${sign}" \
- "${tag}"
+ "${image}" \
+ "${sign}"
 }
 
 main "${@}"