From 83ed8547fe20122516b2b6bd42bf6f9ee5bdeac3 Mon Sep 17 00:00:00 2001 From: Ben Hearsum Date: Wed, 23 Jul 2025 10:44:08 -0400 Subject: [PATCH 1/2] feat: add new script for pushing images to a GAR repository --- taskcluster/docker/skopeo/push_image_gar.sh | 44 +++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100755 taskcluster/docker/skopeo/push_image_gar.sh diff --git a/taskcluster/docker/skopeo/push_image_gar.sh b/taskcluster/docker/skopeo/push_image_gar.sh new file mode 100755 index 000000000..6d6696a32 --- /dev/null +++ b/taskcluster/docker/skopeo/push_image_gar.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env bash +set -e +# Set pipefail so curl failures are caught before the pipe to jq +set -o pipefail # This will fail on sh / only works on bash + +test $APP +test $DOCKER_TAG +test $DOCKER_REPO +test $MOZ_FETCHES_DIR +test $TASKCLUSTER_ROOT_URL +test $TASK_ID +test $VCS_HEAD_REPOSITORY +test $VCS_HEAD_REV + +echo "=== Generating dockercfg ===" +PASSWORD_URL=http://taskcluster/secrets/v1/secret/project/releng/scriptworker-scripts/deploy +mkdir -m 700 $HOME/.docker +# curl --fail forces curl to return a non-zero exit code if the response isn't HTTP 200 (i.e.: HTTP 403 Unauthorized) +curl --fail -v $PASSWORD_URL | jq '.secret.gar.dockercfg' > $HOME/.docker/config.json +chmod 600 $HOME/.docker/config.json + +cd $MOZ_FETCHES_DIR +unzstd image.tar.zst + +echo "=== Inserting version.json into image ===" +# Create an OCI copy of image in order umoci can patch it +skopeo copy docker-archive:image.tar oci:${APP}:final + +cat > version.json < Date: Mon, 21 Jul 2025 15:33:43 -0400 Subject: [PATCH 2/2] feat: push docker images to GAR repository This is to support the migration to Mozcloud. We'll do this in parallel with pushes to dockerhub to avoid one pipeline busting the other. I've dropped support for the archive tags here, because as far as I know we've never made use of them. --- taskcluster/kinds/push-image-gar/kind.yml | 73 +++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 taskcluster/kinds/push-image-gar/kind.yml diff --git a/taskcluster/kinds/push-image-gar/kind.yml b/taskcluster/kinds/push-image-gar/kind.yml new file mode 100644 index 000000000..bc8e65c90 --- /dev/null +++ b/taskcluster/kinds/push-image-gar/kind.yml @@ -0,0 +1,73 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +--- + +loader: taskgraph.loader.transform:loader + +kind-dependencies: + - docker-image + +transforms: + - taskgraph.transforms.task_context + - taskgraph.transforms.run + - taskgraph.transforms.task + +task-defaults: + description: Push {name} {docker_tag} docker image to GAR + worker-type: images + task-context: + from-parameters: + head_rev: head_rev + head_repo: head_repository + docker_tag: docker_tag + moz_build_date: moz_build_date + substitution-fields: + - description + - dependencies.image + - worker.env + - run-on-git-branches + dependencies: + image: docker-image-{name} + worker: + taskcluster-proxy: true + docker-image: {in-tree: skopeo} + max-run-time: 1800 + env: + VCS_HEAD_REPOSITORY: "{head_repo}" + APP: "{name}" + DOCKER_REPO: "{name}" + VCS_HEAD_REV: "{head_rev}" + DOCKER_TAG: "{docker_tag}" + run-on-tasks-for: [github-push] + run-on-git-branches: + - ^dev$ + - ^production$ + - ^dev-{name}$ + - ^production-{name}$ + run: + using: run-task + checkout: false + command: + - /usr/local/bin/push_image_gar.sh + fetches: + image: + - artifact: image.tar.zst + extract: false + scopes: + - secrets:get:project/releng/scriptworker-scripts/deploy + +tasks: + addonscript: {} + balrogscript: {} + bitrisescript: {} + beetmoverscript: {} + bouncerscript: {} + githubscript: {} + landoscript: {} + pushapkscript: {} + pushflatpakscript: {} + pushmsixscript: {} + shipitscript: {} + signingscript: {} + treescript: {}