Hello,
I would like to build and push container images to quay.io for every PR merge but that would require the usage of quay.io credentials and those need to be stored somewhere.
How can I do that in a zuul job?
@lrossett there is a solution in Zuul for this.
CC @fbo what are the best docs for this process now?
Metadata Update from @mvadkert: - Issue assigned to fbo - Issue tagged with: Zuul CI
Hey all, any updates on this? All I need is some code sample or docs :-)
Sorry for the delay.
Yes that's possible to handle that workflow with Zuul.
You will need a publish-on-quay job triggered in the post pipeline and a secret stored in you Git repository.
First create the secret:
pip install --user zuul-client zuul-client --zuul-url https://fedora.softwarefactory-project.io/zuul encrypt --tenant fedora --project fedora-infra/mbbox --infile quay.secret --outfile quay-secret.yaml
Make sure to set the name of your project in the command. Also you need to edit quay-secret.yaml to set the name of the secret. Then the secret need to be pushed to your repository in the zuul.d directory.
Secondly: Create a publish-on-quay job. Here is an example of a job that use a secret (https://pagure.io/fedora-zuul-jobs-config/blob/master/f/zuul.d/jobs.yaml#_550) and here is the role used by the job (https://pagure.io/fedora-zuul-jobs/blob/master/f/roles/testing-farm-run-test/tasks/main.yml#_9) where you see how the secret is used. Once the job playbook/(roles) is ready it should be published to your repository.
Third: Finally in your project pipeline definition you should set something like:
- project: check: jobs: - ... - ... post: jobs: - publish-on-quay
Let's continue the discussion here until your post job is functional.
The first command which creates the secret gave me the following error:
Unknown error code 404: "404 Client Error: Not Found for url: https://fedora.softwarefactory-project.io/zuul/api/tenant/fedora/key/kube-sig/koji-operator.pub" Traceback (most recent call last): File "/usr/lib/python3.9/site-packages/zuulclient/api/__init__.py", line 71, in _check_request_status req.raise_for_status() File "/usr/lib/python3.9/site-packages/requests/models.py", line 943, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 404 Client Error: Not Found for url: https://fedora.softwarefactory-project.io/zuul/api/tenant/fedora/key/kube-sig/koji-operator.pub
Do I need to push the project to https://pagure.io/fedora-zuul-jobs/blob/master/f/roles/testing-farm-run-test/tasks/main.yml#_9 before doing that?
Ah could you retry with the following URL: https://softwarefactory-project.io/zuul ?
Thanks, that worked.
I will add the job definition in the ansible role now.
@fbo Should I add it here manually: https://pagure.io/fedora-zuul-jobs-config/blob/master/f/zuul.d/jobs.yaml? There is a message atthe top of the file that says that this file is auto generated.
No, everything must be self contained in the koji-operator repo. https://pagure.io/kube-sig/koji-operator/blob/main/f/.zuul.yaml
The file on fedora-zuul-jobs-config defines common jobs for the rpms/ namespace
I've created a pull request with the modified .zuul file: https://pagure.io/kube-sig/koji-operator/pull-request/10 - I assumed the generated secret file should not be there as well, am I correct on this one?
Login to comment on this ticket.