Make sure we always log out of the docker registry, as not to allow
other playbooks to use the session.
Change-Id: I65fb71884b08802b5537ecef7304129cdeb952c3
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
If we build multi-arch images with buildx we also need to push to
dockerhub using buildx, because otherwise we're just pushing
the single-arch image we fetched back from the buildset registry
for the local cache.
Change-Id: If8b95a708e4f0d24e959317b803f5c9379a8b62b
We have to be careful about avoiding outer loop loop_var conflicts in
ansible. Because the zuul-jobs roles are meant to be reconsumed
elsewhere we should not use 'item' loopvars and instead set them to
something a bit more unique.
We use a zj_ prefix to try and be unique to this repo and document this
convention.
Change-Id: I20b9327a914890e9eafcb2b36dc8c23fb472bc8f
So that users can specify two docker image builds for the same
repository, but with different tags, ensure that the temporary
change_ tag attached to the image also includes the final tag
name.
This allows this configuration to work:
docker_images:
- repository: foo/image
context: opensuse
tags:
- opensuse-latest
- repository: foo/image
context: ubuntu
tags:
- ubuntu-latest
Change-Id: I917dcf8a74fc864ea06dc70bdb3e212dc170eb48
This allows us to construct a job which allows users to pass in a
secret (via pass-to-parent) which includes not only the user/pass,
but also a restriction for what docker image repositories may be
accessed using that user/pass. This allows an operator to create
one credential, and then use that credential in multiple secrets
for multiple projects, each with a distinct restriction on where
images may be uploaded.
Change-Id: I7a3cf97a16d34c76df8601990954e1f2b0e498f5
These probably should have been prefixed to start with. The roles
are brand new, not publicised, and likely not widely used. I think
we can merge this without announcement or deprecation.
Change-Id: I7825ef6fee1325b6d4fcc179032652eb5530d016