Integrate push-docker.sh into the release script
This also makes sure that we get the Docker images from the same Hydra eval, rather than the latest build from job/nix/.../dockerImage, which may not be the same.
This commit is contained in:
parent
50e3840f14
commit
9bc03adbba
2 changed files with 72 additions and 75 deletions
|
@ -1,71 +0,0 @@
|
||||||
#/usr/bin/env bash
|
|
||||||
|
|
||||||
# TODO: parse from .version
|
|
||||||
MAINTENANCE_VERSION="2.6"
|
|
||||||
VERSION="$MAINTENANCE_VERSION.1"
|
|
||||||
|
|
||||||
# Should be override `latest` tag, default true
|
|
||||||
PUSH_AS_LATEST=1
|
|
||||||
|
|
||||||
PLATFORMS="x86_64-linux aarch64-linux"
|
|
||||||
|
|
||||||
# ensure we are logged to docker hub
|
|
||||||
docker login
|
|
||||||
|
|
||||||
DOCKER_MANIFEST=""
|
|
||||||
DOCKER_MANIFEST_LATEST=""
|
|
||||||
|
|
||||||
for PLATFORM in $PLATFORMS;
|
|
||||||
do
|
|
||||||
if [ "$PLATFORM" = "x86_64-linux" ]; then DOCKER_PLATFORM="amd64"
|
|
||||||
elif [ "$PLATFORM" = "aarch64-linux" ]; then DOCKER_PLATFORM="arm64"
|
|
||||||
else
|
|
||||||
echo "EROROR: No docker platform found for $PLATFORM platform"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "=> Loading docker image for $PLATFORM platform ..."
|
|
||||||
|
|
||||||
DOCKER_IMAGE_TMP_FILE="$PWD/image-$PLATFORM.tar.gz"
|
|
||||||
if [ ! -f "$DOCKER_IMAGE_TMP_FILE" ]; then
|
|
||||||
curl -L https://hydra.nixos.org/job/nix/maintenance-$MAINTENANCE_VERSION/dockerImage.$PLATFORM/latest/download/1 > $DOCKER_IMAGE_TMP_FILE
|
|
||||||
fi
|
|
||||||
docker load -i $DOCKER_IMAGE_TMP_FILE
|
|
||||||
|
|
||||||
echo "=> Tagging docker image of version $VERSION for $PLATFORM platform ..."
|
|
||||||
|
|
||||||
docker tag nix:$VERSION nixos/nix:$VERSION-$DOCKER_PLATFORM
|
|
||||||
if [ $PUSH_AS_LATEST -eq 1 ]; then
|
|
||||||
echo "=> Tagging docker image of version latest for $PLATFORM platform ..."
|
|
||||||
docker tag nix:$VERSION nixos/nix:latest-$DOCKER_PLATFORM
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "=> Pushing docker image of version $VERSION for $PLATFORM platform ..."
|
|
||||||
|
|
||||||
docker push nixos/nix:$VERSION-$DOCKER_PLATFORM
|
|
||||||
if [ $PUSH_AS_LATEST -eq 1 ]; then
|
|
||||||
echo "=> Pushing docker image of version latest for $PLATFORM platform ..."
|
|
||||||
docker push nixos/nix:latest-$DOCKER_PLATFORM
|
|
||||||
fi
|
|
||||||
|
|
||||||
DOCKER_MANIFEST="$DOCKER_MANIFEST --amend nixos/nix:$VERSION-$DOCKER_PLATFORM"
|
|
||||||
DOCKER_MANIFEST_LATEST="$DOCKER_MANIFEST_LATEST --amend nixos/nix:latest-$DOCKER_PLATFORM"
|
|
||||||
|
|
||||||
echo
|
|
||||||
done
|
|
||||||
|
|
||||||
echo "=> Creating $VERSION multi platform docker manifest for the following platforms: $PLATFORMS ..."
|
|
||||||
docker manifest rm nixos/nix:$VERSION $DOCKER_MANIFEST
|
|
||||||
docker manifest create nixos/nix:$VERSION $DOCKER_MANIFEST
|
|
||||||
if [ $PUSH_AS_LATEST -eq 1 ]; then
|
|
||||||
echo "=> Creating latest multi platform docker manifest for the following platforms: $PLATFORMS ..."
|
|
||||||
docker manifest rm nixos/nix:latest $DOCKER_MANIFEST_LATEST
|
|
||||||
docker manifest create nixos/nix:latest $DOCKER_MANIFEST_LATEST
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "=> Pushing $VERSION multi platform docker manifest ..."
|
|
||||||
docker manifest push nixos/nix:$VERSION
|
|
||||||
if [ $PUSH_AS_LATEST -eq 1 ]; then
|
|
||||||
echo "=> Pushing latest multi platform docker manifest ..."
|
|
||||||
docker manifest push nixos/nix:latest
|
|
||||||
fi
|
|
|
@ -55,6 +55,11 @@ my $releaseDir = "nix/$releaseName";
|
||||||
my $tmpDir = "$TMPDIR/nix-release/$releaseName";
|
my $tmpDir = "$TMPDIR/nix-release/$releaseName";
|
||||||
File::Path::make_path($tmpDir);
|
File::Path::make_path($tmpDir);
|
||||||
|
|
||||||
|
my $narCache = "$TMPDIR/nar-cache";
|
||||||
|
File::Path::make_path($narCache);
|
||||||
|
|
||||||
|
my $binaryCache = "https://cache.nixos.org/?local-nar-cache=$narCache";
|
||||||
|
|
||||||
# S3 setup.
|
# S3 setup.
|
||||||
my $aws_access_key_id = $ENV{'AWS_ACCESS_KEY_ID'} or die "No AWS_ACCESS_KEY_ID given.";
|
my $aws_access_key_id = $ENV{'AWS_ACCESS_KEY_ID'} or die "No AWS_ACCESS_KEY_ID given.";
|
||||||
my $aws_secret_access_key = $ENV{'AWS_SECRET_ACCESS_KEY'} or die "No AWS_SECRET_ACCESS_KEY given.";
|
my $aws_secret_access_key = $ENV{'AWS_SECRET_ACCESS_KEY'} or die "No AWS_SECRET_ACCESS_KEY given.";
|
||||||
|
@ -80,6 +85,7 @@ sub downloadFile {
|
||||||
my ($jobName, $productNr, $dstName) = @_;
|
my ($jobName, $productNr, $dstName) = @_;
|
||||||
|
|
||||||
my $buildInfo = decode_json(fetch("$evalUrl/job/$jobName", 'application/json'));
|
my $buildInfo = decode_json(fetch("$evalUrl/job/$jobName", 'application/json'));
|
||||||
|
#print STDERR "$jobName: ", Dumper($buildInfo), "\n";
|
||||||
|
|
||||||
my $srcFile = $buildInfo->{buildproducts}->{$productNr}->{path} or die "job '$jobName' lacks product $productNr\n";
|
my $srcFile = $buildInfo->{buildproducts}->{$productNr}->{path} or die "job '$jobName' lacks product $productNr\n";
|
||||||
$dstName //= basename($srcFile);
|
$dstName //= basename($srcFile);
|
||||||
|
@ -87,19 +93,27 @@ sub downloadFile {
|
||||||
|
|
||||||
if (!-e $tmpFile) {
|
if (!-e $tmpFile) {
|
||||||
print STDERR "downloading $srcFile to $tmpFile...\n";
|
print STDERR "downloading $srcFile to $tmpFile...\n";
|
||||||
system("NIX_REMOTE=https://cache.nixos.org/ nix store cat '$srcFile' > '$tmpFile'") == 0
|
|
||||||
|
my $fileInfo = decode_json(`NIX_REMOTE=$binaryCache nix store ls --json '$srcFile'`);
|
||||||
|
|
||||||
|
$srcFile = $fileInfo->{target} if $fileInfo->{type} eq 'symlink';
|
||||||
|
|
||||||
|
#print STDERR $srcFile, " ", Dumper($fileInfo), "\n";
|
||||||
|
|
||||||
|
system("NIX_REMOTE=$binaryCache nix store cat '$srcFile' > '$tmpFile'.tmp") == 0
|
||||||
or die "unable to fetch $srcFile\n";
|
or die "unable to fetch $srcFile\n";
|
||||||
|
rename("$tmpFile.tmp", $tmpFile) or die;
|
||||||
}
|
}
|
||||||
|
|
||||||
my $sha256_expected = $buildInfo->{buildproducts}->{$productNr}->{sha256hash} or die;
|
my $sha256_expected = $buildInfo->{buildproducts}->{$productNr}->{sha256hash};
|
||||||
my $sha256_actual = `nix hash file --base16 --type sha256 '$tmpFile'`;
|
my $sha256_actual = `nix hash file --base16 --type sha256 '$tmpFile'`;
|
||||||
chomp $sha256_actual;
|
chomp $sha256_actual;
|
||||||
if ($sha256_expected ne $sha256_actual) {
|
if (defined($sha256_expected) && $sha256_expected ne $sha256_actual) {
|
||||||
print STDERR "file $tmpFile is corrupt, got $sha256_actual, expected $sha256_expected\n";
|
print STDERR "file $tmpFile is corrupt, got $sha256_actual, expected $sha256_expected\n";
|
||||||
exit 1;
|
exit 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
write_file("$tmpFile.sha256", $sha256_expected);
|
write_file("$tmpFile.sha256", $sha256_actual);
|
||||||
|
|
||||||
if (! -e "$tmpFile.asc") {
|
if (! -e "$tmpFile.asc") {
|
||||||
system("gpg2 --detach-sign --armor $tmpFile") == 0 or die "unable to sign $tmpFile\n";
|
system("gpg2 --detach-sign --armor $tmpFile") == 0 or die "unable to sign $tmpFile\n";
|
||||||
|
@ -117,6 +131,60 @@ downloadFile("binaryTarballCross.x86_64-linux.armv6l-linux", "1");
|
||||||
downloadFile("binaryTarballCross.x86_64-linux.armv7l-linux", "1");
|
downloadFile("binaryTarballCross.x86_64-linux.armv7l-linux", "1");
|
||||||
downloadFile("installerScript", "1");
|
downloadFile("installerScript", "1");
|
||||||
|
|
||||||
|
# Upload docker images to dockerhub.
|
||||||
|
my $dockerManifest = "";
|
||||||
|
my $dockerManifestLatest = "";
|
||||||
|
|
||||||
|
for my $platforms (["x86_64-linux", "amd64"], ["aarch64-linux", "arm64"]) {
|
||||||
|
my $system = $platforms->[0];
|
||||||
|
my $dockerPlatform = $platforms->[1];
|
||||||
|
my $fn = "nix-$version-docker-image-$dockerPlatform.tar.gz";
|
||||||
|
downloadFile("dockerImage.$system", "1", $fn);
|
||||||
|
|
||||||
|
print STDERR "loading docker image for $dockerPlatform...\n";
|
||||||
|
system("docker load -i $tmpDir/$fn") == 0 or die;
|
||||||
|
|
||||||
|
my $tag = "nixos/nix:$version-$dockerPlatform";
|
||||||
|
my $latestTag = "nixos/nix:latest-$dockerPlatform";
|
||||||
|
|
||||||
|
print STDERR "tagging $version docker image for $dockerPlatform...\n";
|
||||||
|
system("docker tag nix:$version $tag") == 0 or die;
|
||||||
|
|
||||||
|
if ($isLatest) {
|
||||||
|
print STDERR "tagging latest docker image for $dockerPlatform...\n";
|
||||||
|
system("docker tag nix:$version $latestTag") == 0 or die;
|
||||||
|
}
|
||||||
|
|
||||||
|
print STDERR "pushing $version docker image for $dockerPlatform...\n";
|
||||||
|
system("docker push -q $tag") == 0 or die;
|
||||||
|
|
||||||
|
if ($isLatest) {
|
||||||
|
print STDERR "pushing latest docker image for $dockerPlatform...\n";
|
||||||
|
system("docker push -q $latestTag") == 0 or die;
|
||||||
|
}
|
||||||
|
|
||||||
|
$dockerManifest .= " --amend $tag";
|
||||||
|
$dockerManifestLatest .= " --amend $latestTag"
|
||||||
|
}
|
||||||
|
|
||||||
|
print STDERR "creating multi-platform docker manifest...\n";
|
||||||
|
system("docker manifest rm nixos/nix:$version");
|
||||||
|
system("docker manifest create nixos/nix:$version $dockerManifest") == 0 or die;
|
||||||
|
if ($isLatest) {
|
||||||
|
print STDERR "creating latest multi-platform docker manifest...\n";
|
||||||
|
system("docker manifest rm nixos/nix:latest");
|
||||||
|
system("docker manifest create nixos/nix:latest $dockerManifestLatest") == 0 or die;
|
||||||
|
}
|
||||||
|
|
||||||
|
print STDERR "pushing multi-platform docker manifest...\n";
|
||||||
|
system("docker manifest push nixos/nix:$version") == 0 or die;
|
||||||
|
|
||||||
|
if ($isLatest) {
|
||||||
|
print STDERR "pushing latest multi-platform docker manifest...\n";
|
||||||
|
system("docker manifest push nixos/nix:latest") == 0 or die;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Upload release files to S3.
|
||||||
for my $fn (glob "$tmpDir/*") {
|
for my $fn (glob "$tmpDir/*") {
|
||||||
my $name = basename($fn);
|
my $name = basename($fn);
|
||||||
my $dstKey = "$releaseDir/" . $name;
|
my $dstKey = "$releaseDir/" . $name;
|
||||||
|
|
Loading…
Reference in a new issue