Step: identitatem-ci-image-mirror

This workflow mirrors an image from the CI Registry to a given image ref.

Container image used for this step: open-cluster-management/builder:go1.16-linux

open-cluster-management/builder:go1.16-linux resolves to an image imported from the specified imagestream tag on the build farm (documentation).

Environment

In addition to the default environment, the step exposes the following:

Variable Name Type Variable Content
SOURCE_IMAGE_REF Dependency[?] Pull specification for src image
SECRETS_PATH Parameter[?] The directory where credentials will be mounted. (default: /secrets)
REGISTRY_SECRET Parameter[?] The name of the kube secret that contains the registry token file. (default: idp-quay-push)
REGISTRY_SECRET_FILE Parameter[?] The name of the file in REGISTRY_SECRET with the contents of the .docker/config.json file encoded in base64. (default: token)
RELEASE_VERSION Parameter[?] The current release version for the product. (default: 0.1)
REGISTRY_HOST Parameter[?] The hostname (and port) of the destination registry. (default: quay.io)
REGISTRY_ORG Parameter[?] The organization of the destination image reference. (default: identitatem)
IMAGE_REPO Parameter[?] The repository name of the destination image reference. If blank, the COMPONENT_NAME file will be used.
IMAGE_TAG Parameter[?] The tag for the destination image reference. If blank, the tag for a presubmit will be <version>-PR<pull_num>-<commit_sha> and for a postsubmit will be <version>-<commit_sha>.

Source Code

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!/bin/bash

export HOME=/tmp/home
mkdir -p "$HOME/.docker"
cd "$HOME" || exit 1

# log function
log_file="${ARTIFACT_DIR}/mirror.log"
log() {
    local ts
    ts=$(date --iso-8601=seconds)
    echo "$ts" "$@" | tee -a "$log_file"
}

COMPONENT_REPO="github.com/${REPO_OWNER}/${REPO_NAME}"
component_url="https://${COMPONENT_REPO}.git"

# Clone repos
component_dir="$HOME/component"

git clone "$component_url" "$component_dir" || {
    log "ERROR Could not clone component repo $component_url"
    exit 1
}

release="$RELEASE_VERSION"
log "INFO Z-stream version is $release"

# Get IMAGE_REPO if not provided
if [[ -z "$IMAGE_REPO" ]]; then
    log "INFO Getting destination image repo name from COMPONENT_NAME"
    IMAGE_REPO=$(cat "${component_dir}/COMPONENT_NAME")
    log "     Image repo from COMPONENT_NAME is $IMAGE_REPO"
fi
log "INFO Image repo is $IMAGE_REPO"

# Get IMAGE_TAG if not provided
if [[ -z "$IMAGE_TAG" ]]; then
    case "$JOB_TYPE" in
        presubmit)
            log "INFO Building default image tag for a $JOB_TYPE job"
            IMAGE_TAG="${release}-PR${PULL_NUMBER}-${PULL_PULL_SHA}"
            ;;
        postsubmit)
            log "INFO Building default image tag for a $JOB_TYPE job"
            IMAGE_TAG="${release}-${PULL_BASE_SHA}"
            ;;
        *)
            log "ERROR Cannot publish an image from a $JOB_TYPE job"
            exit 1
            ;;
    esac
fi
log "INFO Image tag is $IMAGE_TAG"

# Setup registry credentials
REGISTRY_TOKEN_FILE="$SECRETS_PATH/$REGISTRY_SECRET/$REGISTRY_SECRET_FILE"

if [[ ! -r "$REGISTRY_TOKEN_FILE" ]]; then
    log "ERROR Registry secret file not found: $REGISTRY_TOKEN_FILE"
    exit 1
fi

config_file="$HOME/.docker/config.json"
base64 -d < "$REGISTRY_TOKEN_FILE" > "$config_file" || {
    log "ERROR Could not base64 decode registry secret file"
    log "      From: $REGISTRY_TOKEN_FILE"
    log "      To  : $config_file"
    exit 1
}

# Build destination image reference
DESTINATION_IMAGE_REF="$REGISTRY_HOST/$REGISTRY_ORG/$IMAGE_REPO:$IMAGE_TAG"

log "INFO Mirroring Image"
log "     From: $SOURCE_IMAGE_REF"
log "     To  : $DESTINATION_IMAGE_REF"
oc image mirror "$SOURCE_IMAGE_REF" "$DESTINATION_IMAGE_REF" || {
    log "ERROR Unable to mirror image"
    exit 1
}

log "INFO Mirroring complete."

Properties

Property Value Description
Resource requests (cpu) 100m Used in .resources.requests of the pod running this step.
Resource requests (memory) 100Mi Used in .resources.requests of the pod running this step.

GitHub Link:

https://github.com/openshift/release/blob/master/ci-operator/step-registry/identitatem/ci/image-mirror/identitatem-ci-image-mirror-ref.yaml

Owners:

Approvers:

Source code for this page located on GitHub