Stacks building & publishing

smecalculus · Feb 23, 2024 · 8ce4301 · 8ce4301
1 parent 61ee684
commit 8ce4301
Show file tree

Hide file tree

Showing 27 changed files with 140 additions and 136 deletions.
diff --git a/.github/workflows/beyond-doubt.yaml b/.github/workflows/beyond-doubt.yaml
@@ -9,8 +9,6 @@ on:
 
 env:
   IMAGE_NAME: stack/gear
-  BINARY_REPO: maven.pkg.github.com
-  IMAGE_REPO: ghcr.io
 
 jobs:
   up-to-images:
@@ -57,8 +55,7 @@ jobs:
           ${{ env.IMAGE_NAME }}:${{ matrix.env.dev }}
           ansible-playbook images.yaml -v
           -e devenv=${{ matrix.env.dev }}
-          -e binary_repo=${{ env.BINARY_REPO }}
-          -e image_repo=${{ env.IMAGE_REPO }}
+          -e repo_mode=rw
       - uses: mikepenz/[email protected]
         if: ${{ !cancelled() && (steps.images.outcome == 'success' || steps.images.outcome == 'failure') }}
         with:
@@ -108,7 +105,6 @@ jobs:
           --workdir $(pwd)/baker/ansible
           ${{ env.IMAGE_NAME }}:${{ matrix.env.dev }}
           ansible-playbook stacks.yaml -t build
-          -e image_repo=${{ env.IMAGE_REPO }}
           -e devenv=${{ matrix.env.dev }}
           -e purpose=${{ matrix.purpose }}
           -e opsenv=${{ matrix.env.ops }}
@@ -149,7 +145,7 @@ jobs:
         with:
           name: product-${{ matrix.purpose }}-${{ matrix.env.ops }}
           path: stack/product/target/image-context
-      - name: Run ansible-playbook stacks.yaml -t test
+      - name: Run ansible-playbook stacks.yaml -t check
         run: >-
           docker run --rm
           --network gear
@@ -158,8 +154,7 @@ jobs:
           --volume /var/run/docker.sock:/var/run/docker.sock
           --workdir $(pwd)/baker/ansible
           ${{ env.IMAGE_NAME }}:${{ matrix.env.dev }}
-          ansible-playbook stacks.yaml -t test
-          -e image_repo=${{ env.IMAGE_REPO }}
+          ansible-playbook stacks.yaml -t check
           -e devenv=${{ matrix.env.dev }}
           -e purpose=${{ matrix.purpose }}
           -e opsenv=${{ matrix.env.ops }}
@@ -204,19 +199,19 @@ jobs:
         with:
           name: product-${{ matrix.purpose }}-${{ matrix.env.ops }}
           path: stack/product/target/image-context
-      - name: Run ansible-playbook stacks.yaml -t package
+      - name: Run ansible-playbook stacks.yaml -t publish
         run: >-
           docker run --rm
           --volume $(pwd):$(pwd)
           --volume /var/run/docker.sock:/var/run/docker.sock
           --volume ~/.docker/config.json:/root/.docker/config.json:ro
           --workdir $(pwd)/baker/ansible
           ${{ env.IMAGE_NAME }}:${{ matrix.env.dev }}
-          ansible-playbook stacks.yaml -t package -v
-          -e image_repo=${{ env.IMAGE_REPO }}
+          ansible-playbook stacks.yaml -t publish -v
           -e devenv=${{ matrix.env.dev }}
           -e purpose=${{ matrix.purpose }}
           -e opsenv=${{ matrix.env.ops }}
+          -e repo_mode=rw
 
   stack-reporting:
     name: Stack reporting

diff --git a/.github/workflows/convincing.yaml b/.github/workflows/convincing.yaml
@@ -53,8 +53,7 @@ jobs:
           ${{ env.IMAGE_NAME }}:${{ matrix.env.dev }}
           ansible-playbook images.yaml -v
           -e devenv=${{ matrix.env.dev }}
-          -e binary_repo=maven.pkg.github.com
-          -e image_repo=ghcr.io
+          -e repo_mode=rw
       - uses: mikepenz/[email protected]
         if: ${{ !cancelled() && (steps.images.outcome == 'success' || steps.images.outcome == 'failure') }}
         with:

diff --git a/baker/ansible/binaries.yaml b/baker/ansible/binaries.yaml
@@ -1,5 +1,5 @@
 ---
-- name: Binaries
+- name: Building & Checking
   hosts: app
   run_once: true
   tasks:

diff --git a/baker/ansible/images.yaml b/baker/ansible/images.yaml
@@ -4,7 +4,7 @@
   run_once: true
   tasks:
     - ansible.builtin.import_tasks:  # noqa: name[missing]
-        file: tasks/db/status.yaml
+        file: tasks/db/capture.yaml
       tags: [always]
     - ansible.builtin.import_role:  # noqa: name[missing]
         name: image
@@ -26,7 +26,7 @@
   run_once: true
   tasks:
     - ansible.builtin.import_tasks:  # noqa: name[missing]
-        file: tasks/app/status.yaml
+        file: tasks/app/capture.yaml
       tags: [always]
     - ansible.builtin.import_role:  # noqa: name[missing]
         name: image
@@ -42,7 +42,7 @@
     - ansible.builtin.import_tasks:  # noqa: name[missing]
         file: tasks/app/build-and-check.yaml
       vars:
-        maven_phase: "{{ 'install' if binary_repo == 'local' else 'deploy' }}"
+        maven_phase: "{{ 'deploy' if repo_mode == 'rw' else 'install' }}"
       when: image_status is changed
 
 - name: Publishing

diff --git a/baker/ansible/inventory/aliases.yaml b/baker/ansible/inventory/aliases.yaml
@@ -4,14 +4,14 @@ sources:
     java:
     ansible:
     github:
-stack:
-  hosts:
-    gear:
-    product:
 image:
   hosts:
     db:
     app:
+stack:
+  hosts:
+    gear:
+    product:
 all:
   vars:
     ansible_connection: local
diff --git a/baker/ansible/inventory/group_vars/all/all.yaml b/baker/ansible/inventory/group_vars/all/all.yaml
@@ -4,9 +4,10 @@ project:
   org: smecalculus
   dir: "{{ playbook_dir }}/../.."
 
-binary_repo: local
-image_repo: local
+binary_repo: maven.pkg.github.com
+image_repo: ghcr.io
+repo_mode: n/a  # values: rw, ro, n/a
 
 image_ns: "{{ image_repo }}/{{ project.org }}/{{ project.name }}"
 
-docker_entity: "{{ 'image' if image_repo == 'local' else 'manifest' }}"
+docker_entity: "{{ 'image' if repo_mode == 'n/a' else 'manifest' }}"
diff --git a/baker/ansible/roles/image/defaults/main.yaml b/baker/ansible/roles/image/defaults/main.yaml
@@ -1,5 +1,3 @@
 ---
-image_tag: latest
 image_context: .
-image_push: false
 image_args: {}
diff --git a/baker/ansible/roles/image/tasks/main.yaml → baker/ansible/roles/image/tasks/build.yaml b/baker/ansible/roles/image/tasks/main.yaml → baker/ansible/roles/image/tasks/build.yaml
@@ -1,21 +1,22 @@
 ---
-- name: Enforce variables
+- name: Check inputs
   ansible.builtin.assert:
     quiet: true
     that:
-      - image_name is defined
       - image_home is defined
       - image_key is defined
+      - image_tag is defined
 
 - name: Build image
   ansible.builtin.command:
     cmd: >-
       docker build {{ image_context }}
-      --file {{ image_home }}/Dockerfile
+      --file Dockerfile
       --label image.key={{ image_key }}
-      --tag {{ image_name }}:{{ image_tag }}
+      --tag {{ image_tag }}
       {% for key, value in image_args.items() %}
       --build-arg {{ key }}={{ value }}
       {% endfor %}
     strip_empty_ends: false
+    chdir: "{{ image_home }}"
   changed_when: true
diff --git a/baker/ansible/roles/image/tasks/clean.yaml b/baker/ansible/roles/image/tasks/clean.yaml
@@ -1,5 +1,5 @@
 ---
-- name: Enforce variables
+- name: Check inputs
   ansible.builtin.assert:
     quiet: true
     that:

diff --git a/baker/ansible/roles/image/tasks/publish.yaml b/baker/ansible/roles/image/tasks/publish.yaml
@@ -0,0 +1,20 @@
+---
+- name: Check inputs
+  ansible.builtin.assert:
+    quiet: true
+    that:
+      - source_tag is defined
+      - target_tags is defined
+
+- name: Tag images
+  ansible.builtin.command:
+    cmd: docker tag {{ source_tag }} {{ item }}
+    strip_empty_ends: false
+  loop: "{{ target_tags }}"
+
+- name: Push images
+  ansible.builtin.command:
+    cmd: docker push {{ item }}
+    strip_empty_ends: false
+  loop: "{{ target_tags }}"
+  tags: [push, never]
diff --git a/baker/ansible/sources.yaml b/baker/ansible/sources.yaml
@@ -1,5 +1,5 @@
 ---
-- name: Sources
+- name: Checking
   hosts: java
   run_once: true
   tasks:
@@ -19,11 +19,11 @@
         strip_empty_ends: false
       changed_when: false
 
-- name: Sources
+- name: Checking
   hosts: ansible
   run_once: true
   tasks:
-    - name: Analyze
+    - name: Linting
       ansible.builtin.command:
         # list all top level playbooks
         cmd: >-
@@ -33,11 +33,11 @@
         strip_empty_ends: false
       changed_when: false
 
-- name: Sources
+- name: Checking
   hosts: github
   run_once: true
   tasks:
-    - name: Analyze
+    - name: Linting
       ansible.builtin.command:
         cmd: yamllint {{ project.dir }}/.github
         strip_empty_ends: false

diff --git a/baker/ansible/stacks.yaml b/baker/ansible/stacks.yaml
@@ -7,19 +7,23 @@
   run_once: true
   tasks:
     - ansible.builtin.import_tasks:  # noqa: name[missing]
-        file: tasks/product/status.yaml
+        file: tasks/product/capture.yaml
       tags: [always]
 
-- name: Capturing
+- name: Capturing & Building
   hosts: gear
   run_once: true
   tasks:
     - ansible.builtin.import_tasks:  # noqa: name[missing]
-        file: tasks/gear/status.yaml
+        file: tasks/gear/capture.yaml
       tags: [always]
+    - ansible.builtin.import_tasks:  # noqa: name[missing]
+        file: tasks/gear/build.yaml
+      tags: [build]
+      when: hostvars.gear.stack_status is changed
 
 - name: Building & Checking
-  hosts: stack
+  hosts: product
   run_once: true
   vars:
     stack_dir: "{{ project.dir }}/stack/product"
@@ -31,8 +35,8 @@
         hostvars.product.stack_status is changed or
         hostvars.gear.stack_status is changed
     - ansible.builtin.import_tasks:  # noqa: name[missing]
-        file: tasks/product/test.yaml
-      tags: [test]
+        file: tasks/product/check.yaml
+      tags: [check]
       when: >-
         hostvars.product.stack_status is changed or
         hostvars.gear.stack_status is changed
@@ -42,15 +46,15 @@
   run_once: true
   tasks:
     - ansible.builtin.import_tasks:  # noqa: name[missing]
-        file: tasks/product/package.yaml
-      tags: [package]
-      when: stack_status is changed
+        file: tasks/product/publish.yaml
+      tags: [publish]
+      when: hostvars.product.stack_status is changed
 
 - name: Publishing
   hosts: gear
   run_once: true
   tasks:
     - ansible.builtin.import_tasks:  # noqa: name[missing]
-        file: tasks/gear/package.yaml
-      tags: [package]
-      when: stack_status is changed
+        file: tasks/gear/publish.yaml
+      tags: [publish]
+      when: hostvars.gear.stack_status is changed
diff --git a/baker/ansible/tasks/app/status.yaml → baker/ansible/tasks/app/capture.yaml b/baker/ansible/tasks/app/status.yaml → baker/ansible/tasks/app/capture.yaml
@@ -1,5 +1,5 @@
 ---
-- name: Capture cids
+- name: Capture CID's
   ansible.builtin.command:
     cmd: git hash-object --stdin
     stdin: |
@@ -16,11 +16,11 @@
   ansible.builtin.set_fact:
     image_tags: >-
       {{ dict(image_cid.results
-        |map(attribute='stdout')
-        |map('truncate', 7, True, '')
-        |map('regex_replace', '^', devenv ~ '-')
-        |zip(image_cid.results|map(attribute='app.binary'))
-        |map('reverse'))
+        | map(attribute='stdout')
+        | map('truncate', 7, True, '')
+        | map('regex_replace', '^', devenv ~ '-')
+        | zip(image_cid.results|map(attribute='app.binary'))
+        | map('reverse'))
       }}
 
 - name: Capture statuses
@@ -33,9 +33,4 @@
   loop: "{{ product.apps.values()|flatten }}"
   loop_control:
     loop_var: app
-    label: "{{ app.image }}"
-
-- name: Status commands
-  ansible.builtin.debug:
-    msg: "{{ image_status.results|map(attribute='cmd')|map('join', ' ') }}"
-  when: image_status is changed
+    label: "{{ app.image }}:{{ image_tags[app.binary] }}"
diff --git a/baker/ansible/tasks/app/publish.yaml b/baker/ansible/tasks/app/publish.yaml
@@ -1,22 +1,12 @@
 ---
-- name: Tag images
-  ansible.builtin.command:
-    cmd: >-
-      docker tag
-      {{ app.image }}:{{ devenv }}
-      {{ image_ns }}/{{ app.image }}:{{ image_tags[app.binary] }}
-    strip_empty_ends: false
-  loop: "{{ image_status.results|select('changed')|map(attribute='app') }}"
+- ansible.builtin.include_role:  # noqa: name[missing]
+    name: image
+    tasks_from: publish
+  vars:
+    source_tag: "{{ app.image }}:{{ devenv }}"
+    target_tags:
+      - "{{ image_ns }}/{{ app.image }}:{{ hostvars.app.image_tags[app.binary] }}"
+  loop: "{{ hostvars.app.image_status.results|select('changed')|map(attribute='app') }}"
   loop_control:
     loop_var: app
     label: "{{ app.image }}"
-
-- name: Push images
-  ansible.builtin.command:
-    cmd: docker push {{ image_ns }}/{{ app.image }}:{{ image_tags[app.binary] }}
-    strip_empty_ends: false
-  loop: "{{ image_status.results|select('changed')|map(attribute='app') }}"
-  loop_control:
-    loop_var: app
-    label: "{{ app.image }}"
-  tags: [push, never]
diff --git a/baker/ansible/tasks/db/build.yaml b/baker/ansible/tasks/db/build.yaml
@@ -1,13 +1,12 @@
 ---
-- name: Build images
-  ansible.builtin.include_role:
+- ansible.builtin.include_role:  # noqa: name[missing]
     name: image
+    tasks_from: build
   vars:
     image_home: "{{ project.dir }}/{{ db.image }}"
-    image_name: "{{ db.image }}"
     image_key: "{{ db.image }}/{{ devenv }}"
-    image_tag: "{{ devenv }}"
-  loop: "{{ image_status.results|select('changed')|map(attribute='db') }}"
+    image_tag: "{{ db.image }}:{{ devenv }}"
+  loop: "{{ hostvars.db.image_status.results|select('changed')|map(attribute='db') }}"
   loop_control:
     loop_var: db
     label: "{{ db.image }}"
diff --git a/baker/ansible/tasks/db/status.yaml → baker/ansible/tasks/db/capture.yaml b/baker/ansible/tasks/db/status.yaml → baker/ansible/tasks/db/capture.yaml
@@ -8,9 +8,4 @@
   loop: "{{ product.databases.values() }}"
   loop_control:
     loop_var: db
-    label: "{{ db.image }}"
-
-- name: Status commands
-  ansible.builtin.debug:
-    msg: "{{ image_status.results|map(attribute='cmd')|map('join', ' ') }}"
-  when: image_status is changed
+    label: "{{ db.image }}:{{ db.cid }}"