From 849939aca4f8a480838b8bc93e4f1ef5547d398b Mon Sep 17 00:00:00 2001 From: Pierre Smeyers Date: Tue, 19 Apr 2022 09:36:11 +0200 Subject: [PATCH 1/2] feat: tag normalization --- README.md | 19 +++++++++++++++++-- kicker.json | 2 +- templates/gitlab-ci-docker.yml | 27 +++++++++++++++++++++++++-- 3 files changed, 43 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 7740eeb..fd0d417 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ The **snapshot** and **release** images are defined by the following variables: | Name | description | default value | | ------------------------- | --------------------- | ------------------------------------------------- | -| `DOCKER_SNAPSHOT_IMAGE` | Docker snapshot image | `$CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG` | +| `DOCKER_SNAPSHOT_IMAGE` | Docker snapshot image | `$CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_NAME` | | `DOCKER_RELEASE_IMAGE` | Docker release image | `$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME` | As you can see, the Docker template is configured by default to use the GitLab container registry. @@ -77,9 +77,24 @@ You may perfectly override this and use another Docker registry, but be aware of * the `DOCKER_SNAPSHOT_IMAGE` requires a Docker registry that allows tag overwrite, * the `DOCKER_RELEASE_IMAGE` _may_ use a Docker registry that doesn't allow tag overwrite, but: - 1. you should avoid overwriting a Git tag (at it will obviously fail while trying to (re)push the Docker image), + 1. you should avoid overwriting a Git tag (as it will obviously fail while trying to (re)push the Docker image), 2. you have to deactivate publish on `master` branch by setting the `$PUBLISH_ON_PROD` variable to `false` (as it would lead to the `master` tag being overwritten). +#### Which tag to use? + +By default, the Docker template uses `$CI_COMMIT_REF_NAME` as image tags. +It has advantages (the tag is meaningful to you, especially when releasing via a Git tag) and drawbacks (compels using a Docker registry that allows tag overwrite; when continuously deploying the image, it may be tough to force redeploying the container when the image +name didn't change). + +Depending on your context, you may prefer using another tagging policy. +For instance `$CI_COMMIT_TIMESTAMP` might be a good alternative. + +Whichever your choice, the Docker template normalizes the tag value so that it complies to the [standard syntax](https://docs.docker.com/engine/reference/commandline/tag/#extended-description): + +> A tag name must be valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. A tag name may not start with a period or a dash and may contain a maximum of 128 characters. + +The Docker template simply replaces any forbidden character with a dash (`-`). + ### Registries and credentials As seen in the previous chapter, the Docker template uses by default the GitLab registry to push snapshot and release images. diff --git a/kicker.json b/kicker.json index 5c16d5a..052581b 100644 --- a/kicker.json +++ b/kicker.json @@ -37,7 +37,7 @@ { "name": "DOCKER_SNAPSHOT_IMAGE", "description": "Docker snapshot image", - "default": "$CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG" + "default": "$CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_NAME" }, { "name": "DOCKER_RELEASE_IMAGE", diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml index 1b55cbb..7255313 100644 --- a/templates/gitlab-ci-docker.yml +++ b/templates/gitlab-ci-docker.yml @@ -29,7 +29,7 @@ variables: DOCKER_HEALTHCHECK_TIMEOUT: "60" # Default Docker config uses the internal GitLab registry - DOCKER_SNAPSHOT_IMAGE: "$CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG" + DOCKER_SNAPSHOT_IMAGE: "$CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_NAME" DOCKER_RELEASE_IMAGE: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME" DOCKER_KANIKO_VERBOSITY: "info" @@ -269,6 +269,29 @@ stages: done } + function normalize_image() { + imgprefix=${1%%:*} + tagonly=${1#*:} + normtag=${tagonly//[^a-zA-Z0-9_\.-]/-} + echo "$imgprefix:$normtag" + } + + function normalize_images() { + norm_snapshot_img=$(normalize_image "$DOCKER_SNAPSHOT_IMAGE") + if [[ "$norm_snapshot_img" != "$DOCKER_SNAPSHOT_IMAGE" ]] + then + export DOCKER_SNAPSHOT_IMAGE="$norm_snapshot_img" + log_info "Normalized snapshot image: $DOCKER_SNAPSHOT_IMAGE" + fi + + norm_release_img=$(normalize_image "$DOCKER_RELEASE_IMAGE") + if [[ "$norm_release_img" != "$DOCKER_RELEASE_IMAGE" ]] + then + export DOCKER_RELEASE_IMAGE="$norm_release_img" + log_info "Normalized release image: $DOCKER_RELEASE_IMAGE" + fi + } + function is_runner_dind_capable() { docker info > /dev/null 2>&1 } @@ -277,7 +300,6 @@ stages: docker_snapshot_authent_token=$(echo -n "${DOCKER_REGISTRY_SNAPSHOT_USER:-${DOCKER_REGISTRY_USER:-$CI_REGISTRY_USER}}:${DOCKER_REGISTRY_SNAPSHOT_PASSWORD:-${DOCKER_REGISTRY_PASSWORD:-$CI_REGISTRY_PASSWORD}}" | base64 | tr -d '\n') docker_snapshot_registry_host=$(echo "$DOCKER_SNAPSHOT_IMAGE" | cut -d/ -f1) - docker_release_authent_token=$(echo -n "${DOCKER_REGISTRY_RELEASE_USER:-${DOCKER_REGISTRY_USER:-$CI_REGISTRY_USER}}:${DOCKER_REGISTRY_RELEASE_PASSWORD:-${DOCKER_REGISTRY_PASSWORD:-$CI_REGISTRY_PASSWORD}}" | base64 | tr -d '\n') docker_release_registry_host=$(echo "$DOCKER_RELEASE_IMAGE" | cut -d/ -f1) @@ -321,6 +343,7 @@ stages: install_custom_ca_certs unscope_variables eval_all_secrets + normalize_images configure_registries_auth if is_runner_dind_capable -- GitLab From 7a1f2c245b1b5da0946bf3e81e89339c73a39ee2 Mon Sep 17 00:00:00 2001 From: Guilhem Bonnefille Date: Fri, 29 Apr 2022 15:42:26 +0000 Subject: [PATCH 2/2] doc: add comment --- templates/gitlab-ci-docker.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml index 7255313..fd47783 100644 --- a/templates/gitlab-ci-docker.yml +++ b/templates/gitlab-ci-docker.yml @@ -269,6 +269,9 @@ stages: done } + # Cf https://docs.docker.com/engine/reference/commandline/tag/ + # > A tag name must be valid ASCII and may contain lowercase and uppercase letters, digits, underscores, periods and dashes. + # > A tag name may not start with a period or a dash and may contain a maximum of 128 characters. function normalize_image() { imgprefix=${1%%:*} tagonly=${1#*:} -- GitLab