Merge "docker: add ability to restrict repository names"

This commit is contained in:
Zuul 2019-01-21 18:15:29 +00:00 committed by Gerrit Code Review
commit cb54c59577
3 changed files with 24 additions and 1 deletions

View File

@ -54,7 +54,16 @@ using this role.
.. zuul:rolevar:: password
The Docker Hub password
The Docker Hub password.
.. zuul:rolevar:: repository
Optional; if supplied this is a regular expression which
restricts to what repositories the image may be uploaded. The
following example allows projects to upload images to
repositories within an organization based on their own names::
repository: "^myorgname/{{ zuul.project.short_name }}.*"
.. zuul:rolevar:: docker_images
:type: list

View File

@ -1,3 +1,10 @@
- name: Verify repository names
when: |
docker_credentials.repository is defined
and not item.repository | regex_search(docker_credentials.repository)
loop: "{{ docker_images }}"
fail:
msg: "{{ item.repository }} not permitted by {{ docker_credentials.repository }}"
# This is used by the delete tasks
- name: Get dockerhub JWT token
no_log: true

View File

@ -1,3 +1,10 @@
- name: Verify repository names
when: |
docker_credentials.repository is defined
and not item.repository | regex_search(docker_credentials.repository)
loop: "{{ docker_images }}"
fail:
msg: "{{ item.repository }} not permitted by {{ docker_credentials.repository }}"
- name: Log in to dockerhub
command: "docker login -u {{ docker_credentials.username }} -p {{ docker_credentials.password }}"
no_log: true