mirror of
https://github.com/goharbor/harbor.git
synced 2025-01-10 18:07:42 +01:00
345b5e545d
Signed-off-by: guoguangwu <guoguangwu@magic-shield.com> Co-authored-by: Shengwen YU <yshengwen@vmware.com>
225 lines
8.9 KiB
Bash
Executable File
225 lines
8.9 KiB
Bash
Executable File
#!/bin/bash
|
|
# Copyright Project Harbor Authors
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
set -x
|
|
gsutil version -l
|
|
set +x
|
|
|
|
docker-compose version
|
|
|
|
## -------------------------------------------- Pre-condition --------------------------------------------
|
|
if [[ $DRONE_REPO != "goharbor/harbor" ]]; then
|
|
echo "Only run tests again Harbor Repo."
|
|
exit 1
|
|
fi
|
|
# It won't package an new harbor build against tag, just pick up a build which passed CI and push to release.
|
|
if [[ $DRONE_BUILD_EVENT == "tag" || $DRONE_BUILD_EVENT == "pull_request" ]]; then
|
|
echo "We do nothing against 'tag' and 'pull request'."
|
|
exit 0
|
|
fi
|
|
|
|
## --------------------------------------------- Init Env -------------------------------------------------
|
|
dpkg -l > package.list
|
|
# Start Xvfb for Chrome headlesss
|
|
Xvfb -ac :99 -screen 0 1280x1024x16 & export DISPLAY=:99
|
|
|
|
export DRONE_SERVER=$DRONE_SERVER
|
|
export DRONE_TOKEN=$DRONE_TOKEN
|
|
|
|
upload_build=false
|
|
nightly_run=false
|
|
upload_latest_build=false
|
|
upload_bundle_success=false
|
|
latest_build_file='latest.build'
|
|
publish_npm=true
|
|
|
|
harbor_offline_build_bundle=""
|
|
harbor_online_build_bundle=""
|
|
harbor_logs_bucket="harbor-ci-logs"
|
|
harbor_builds_bucket="harbor-builds"
|
|
harbor_releases_bucket="harbor-releases"
|
|
harbor_ci_pipeline_store_bucket="harbor-ci-pipeline-store/latest"
|
|
harbor_target_bucket=""
|
|
if [[ $DRONE_BRANCH == "master" ]]; then
|
|
harbor_target_bucket=$harbor_builds_bucket
|
|
else
|
|
harbor_target_bucket=$harbor_releases_bucket/$DRONE_BRANCH
|
|
fi
|
|
|
|
# GC credentials
|
|
keyfile="/root/harbor-ci-logs.key"
|
|
botofile="/root/.boto"
|
|
echo -n $GS_PRIVATE_KEY > $keyfile
|
|
chmod 400 $keyfile
|
|
echo "[Credentials]" >> $botofile
|
|
echo "gs_service_key_file = $keyfile" >> $botofile
|
|
echo "gs_service_client_id = $GS_CLIENT_EMAIL" >> $botofile
|
|
echo "[GSUtil]" >> $botofile
|
|
echo "content_language = en" >> $botofile
|
|
echo "default_project_id = $GS_PROJECT_ID" >> $botofile
|
|
container_ip=`ip addr s eth0 |grep "inet "|awk '{print $2}' |awk -F "/" '{print $1}'`
|
|
echo $container_ip
|
|
|
|
## --------------------------------------------- Init Version -----------------------------------------------
|
|
buildinfo=$(drone build info goharbor/harbor $DRONE_BUILD_NUMBER)
|
|
echo $buildinfo
|
|
# the target release version is the version of next release(RC or GA). It needs to be updated on creating new release branch.
|
|
target_release_version=$(cat ./VERSION)
|
|
# the harbor package version is for both online and offline installer.
|
|
# harbor-offline-installer-v1.5.2-build.8.tgz
|
|
Harbor_Package_Version=$target_release_version-'build.'$DRONE_BUILD_NUMBER
|
|
# the harbor assets version is for tag of harbor images:
|
|
# 1, On master branch, it's same as package version.
|
|
# 2, On release branch(others), it would set to the target realese version so that we can rename the latest passed CI build to publish.
|
|
if [[ $DRONE_BRANCH == "master" ]]; then
|
|
Harbor_Assets_Version=$Harbor_Package_Version
|
|
else
|
|
Harbor_Assets_Version=$target_release_version
|
|
fi
|
|
export Harbor_Assets_Version=$Harbor_Assets_Version
|
|
# the env is for online and offline package.
|
|
export Harbor_Package_Version=$Harbor_Package_Version
|
|
export NPM_REGISTRY=$NPM_REGISTRY
|
|
# release branch must have their own base image with branch name, master and others will use the dev as base.
|
|
if [[ $DRONE_BRANCH == "release-"* ]]; then
|
|
Harbor_Build_Base_Tag=$target_release_version
|
|
else
|
|
Harbor_Build_Base_Tag=dev
|
|
fi
|
|
export Harbor_Build_Base_Tag=$Harbor_Build_Base_Tag
|
|
|
|
echo "--------------------------------------------------"
|
|
echo "Harbor Package version: $Harbor_Package_Version"
|
|
echo "Harbor Assets version: $Harbor_Assets_Version"
|
|
echo "Harbor Build Base tag: $Harbor_Build_Base_Tag"
|
|
echo "--------------------------------------------------"
|
|
|
|
# GS util
|
|
function uploader {
|
|
gsutil cp $1 gs://$2/$1
|
|
gsutil -D setacl public-read gs://$2/$1 &> /dev/null
|
|
}
|
|
|
|
function package_installer {
|
|
echo "Package Harbor offline installer."
|
|
robot --removekeywords TAG:secret --include Bundle tests/robot-cases/Group0-Distro-Harbor
|
|
harbor_offline_build_bundle=$(basename harbor-offline-installer-*.tgz)
|
|
harbor_online_build_bundle=$(basename harbor-online-installer-*.tgz)
|
|
upload_build=true
|
|
echo "Package name is: $harbor_offline_build_bundle"
|
|
du -ks $harbor_offline_build_bundle | awk '{print $1 / 1024}' | { read x; echo $x MB; }
|
|
}
|
|
|
|
# publish images to Docker Hub
|
|
function publishImage {
|
|
echo "Publishing images to Docker Hub..."
|
|
echo "The images on the host:"
|
|
# for master, will use 'dev' as the tag name
|
|
# for release-*, will use 'release-*-dev' as the tag name, like release-v1.8.0-dev
|
|
if [[ $DRONE_BRANCH == "master" ]]; then
|
|
image_tag=dev
|
|
fi
|
|
if [[ $DRONE_BRANCH == "release-"* ]]; then
|
|
image_tag=$Harbor_Assets_Version-dev
|
|
fi
|
|
# rename the images with tag "dev" and push to Docker Hub
|
|
docker images
|
|
docker login -u $DOCKER_HUB_USERNAME -p $DOCKER_HUB_PASSWORD
|
|
docker images | grep goharbor | grep -v "\-base" | sed -n "s|\(goharbor/[-._a-z0-9]*\)\s*\(.*$Harbor_Assets_Version\).*|docker tag \1:\2 \1:$image_tag;docker push \1:$image_tag|p" | bash
|
|
echo "Images are published successfully"
|
|
docker images
|
|
}
|
|
|
|
echo "--------------------------------------------------"
|
|
echo "Running CI for $DRONE_BUILD_EVENT on $DRONE_BRANCH"
|
|
echo "--------------------------------------------------"
|
|
|
|
##
|
|
# Any merge code(PUSH) on branch master, release-* will trigger package offline installer.
|
|
#
|
|
# Put code here is because that it needs clean code to build installer.
|
|
##
|
|
if [[ $DRONE_BRANCH == "master" || $DRONE_BRANCH == *"refs/tags"* || $DRONE_BRANCH == "release-"* ]]; then
|
|
if [[ $DRONE_BUILD_EVENT == "push" ]]; then
|
|
package_installer
|
|
upload_latest_build=true
|
|
echo -en "$HARBOR_SIGN_KEY" | gpg --import
|
|
gpg -v -ab -u $HARBOR_SIGN_KEY_ID $harbor_offline_build_bundle
|
|
gpg -v -ab -u $HARBOR_SIGN_KEY_ID $harbor_online_build_bundle
|
|
fi
|
|
fi
|
|
|
|
## --------------------------------------------- Upload Harbor Bundle File ---------------------------------------
|
|
#
|
|
# Build storage structure:
|
|
#
|
|
# 1(master), harbor-builds/harbor-offline-installer-*.tgz
|
|
# latest.build
|
|
# harbor-offline-installer-latest.tgz
|
|
|
|
# 2(others), harbor-releases/${branch}/harbor-offline-installer-*.tgz
|
|
# latest.build
|
|
# harbor-offline-installer-latest.tgz
|
|
#
|
|
set -e
|
|
if [ $upload_build == true ]; then
|
|
cp ${harbor_offline_build_bundle} harbor-offline-installer-latest.tgz
|
|
cp ${harbor_offline_build_bundle}.asc harbor-offline-installer-latest.tgz.asc
|
|
uploader ${harbor_offline_build_bundle} $harbor_target_bucket
|
|
uploader ${harbor_offline_build_bundle}.asc $harbor_target_bucket
|
|
uploader ${harbor_online_build_bundle} $harbor_target_bucket
|
|
uploader ${harbor_online_build_bundle}.asc $harbor_target_bucket
|
|
uploader harbor-offline-installer-latest.tgz $harbor_target_bucket
|
|
uploader harbor-offline-installer-latest.tgz.asc $harbor_target_bucket
|
|
upload_bundle_success=true
|
|
fi
|
|
|
|
|
|
## --------------------------------------------- Upload Harbor Dev Images ---------------------------------------
|
|
#
|
|
# Any merge code(PUSH) on branch master, release-* will trigger push dev images.
|
|
#
|
|
##
|
|
if [[ $DRONE_BRANCH == "master" || $DRONE_BRANCH == "release-"* ]]; then
|
|
if [[ $DRONE_BUILD_EVENT == "push" ]]; then
|
|
publishImage
|
|
fi
|
|
fi
|
|
|
|
## --------------------------------------------- Upload Harbor Latest Build File ----------------------------------
|
|
#
|
|
# latest.build file holds the latest offline installer url, it must be sure that the installer has been uploaded successfully.
|
|
#
|
|
if [ $upload_latest_build == true ] && [ $upload_bundle_success == true ]; then
|
|
echo 'https://storage.googleapis.com/'$harbor_target_bucket/$harbor_offline_build_bundle > $latest_build_file
|
|
uploader $latest_build_file $harbor_target_bucket
|
|
fi
|
|
|
|
## --------------------------------------------- Upload securego results ------------------------------------------
|
|
#if [ $DRONE_BUILD_EVENT == "push" ]; then
|
|
# go get github.com/securego/gosec/cmd/gosec
|
|
# go get github.com/dghubble/sling
|
|
# make gosec -e GOSECRESULTS=harbor-gosec-results-latest.json
|
|
# echo $git_commit > ./harbor-gosec-results-latest-version
|
|
# uploader harbor-gosec-results-latest.json $harbor_target_bucket
|
|
# uploader harbor-gosec-results-latest-version $harbor_target_bucket
|
|
#fi
|
|
|
|
## ------------------------------------------------ Tear Down -----------------------------------------------------
|
|
if [ -f "$keyfile" ]; then
|
|
rm -f $keyfile
|
|
fi
|
|
|