From 275546eea028eb0f6196d90be2c8ca312df8b308 Mon Sep 17 00:00:00 2001
From: Nolan Brubaker <brubakern@vmware.com>
Date: Thu, 5 Sep 2019 13:16:23 -0400
Subject: [PATCH] Add script for pushing container images via Travis (#1800)

* Add script for pushing container images via Travis

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* Explain the latest tag logic

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* Add travis integration to deployment

* ensure $BRANCH is always the same value (borrowed from Sonobuoy)
* get gcloud SDK installed (borrowed from Sonobuoy)
* use deploy step to run GCR push script (borrowed from Sonobuoy)
* use gcloud's docker to do the image building/pushing
* placeholders for secure values
* rename $LATEST to $HIGHEST to more accurately reflect what it is

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* Add encrypted GCR creds

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* Remove unused env section

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* Rearrange logic so that there's only one make call

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* Review feedback

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* Update gcloud and OS for Travis environment

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* Remove redundant make dependencies

verify and test targets already run on the ci target, which must pass
before deploy.

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>

* Re-encrypt file after testing

Signed-off-by: Nolan Brubaker <brubakern@vmware.com>
---
 .travis.yml                         |  22 ++++++++-
 Makefile                            |   2 +-
 hack/gcr-push.sh                    |  74 ++++++++++++++++++++++++++++
 heptio-images-fac92d2303ac.json.enc | Bin 0 -> 2320 bytes
 4 files changed, 96 insertions(+), 2 deletions(-)
 create mode 100755 hack/gcr-push.sh
 create mode 100644 heptio-images-fac92d2303ac.json.enc

diff --git a/.travis.yml b/.travis.yml
index b26a5417a..0398606d5 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,3 +1,4 @@
+dist: xenial
 language: go
 
 go:
@@ -8,4 +9,23 @@ sudo: required
 services:
   - docker
 
-script: hack/ci-check.sh
+script:
+  - export BRANCH=$(if [ "$TRAVIS_PULL_REQUEST" == "false" ]; then echo $TRAVIS_BRANCH; else echo $TRAVIS_PULL_REQUEST_BRANCH; fi)
+  - echo "TRAVIS_BRANCH=$TRAVIS_BRANCH, PR=$TRAVIS_PULL_REQUEST, BRANCH=$BRANCH"
+  - hack/ci-check.sh
+
+# gcloud sdk is needed to upload docker images, but we want an updated version
+# Do this outside our script so that it's clearly separated in the logs
+before_deploy:
+  - sudo apt-get remove google-cloud-sdk
+  - if [ ! -d ${HOME}/google-cloud-sdk ]; then curl https://sdk.cloud.google.com | bash
+    /dev/stdin --disable-prompts; fi
+  - export PATH=${HOME}/google-cloud-sdk/bin:$PATH && echo "$PATH"
+
+deploy:
+  - provider: script
+    skip_cleanup: true
+    script: hack/gcr-push.sh
+    on:
+      repo: heptio/velero
+      all_branches: true
diff --git a/Makefile b/Makefile
index 51f4f4b69..e3bfa6c14 100644
--- a/Makefile
+++ b/Makefile
@@ -152,7 +152,7 @@ all-containers:
 	$(MAKE) container BIN=velero-restic-restore-helper
 	$(MAKE) build-fsfreeze
 
-container: verify test .container-$(DOTFILE_IMAGE) container-name
+container: .container-$(DOTFILE_IMAGE) container-name
 .container-$(DOTFILE_IMAGE): _output/bin/$(GOOS)/$(GOARCH)/$(BIN) $(DOCKERFILE)
 	@cp $(DOCKERFILE) _output/.dockerfile-$(BIN)-$(GOOS)-$(GOARCH)
 	@docker build --pull -t $(IMAGE):$(VERSION) -f _output/.dockerfile-$(BIN)-$(GOOS)-$(GOARCH) _output
diff --git a/hack/gcr-push.sh b/hack/gcr-push.sh
new file mode 100755
index 000000000..5a6f85429
--- /dev/null
+++ b/hack/gcr-push.sh
@@ -0,0 +1,74 @@
+#!/bin/bash
+
+# Copyright 2019 the Velero contributors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# gcr-push is invoked by the CI/CD system to deploy docker images to Google Container Registry.
+# It will build images for all commits to master and all git tags.
+# The highest, non-prerelease semantic version will also be given the `latest` tag.
+
+set +x
+
+if [[ -z "$TRAVIS" ]]; then
+    echo "This script is intended to be run only on Travis." >&2
+    exit 1
+fi
+
+# Return value is written into HIGHEST
+HIGHEST=""
+function highest_release() {
+    # Loop through the tags since pre-release versions come before the actual versions.
+    # Iterate til we find the first non-pre-release
+
+    # This is not necessarily the most recently made tag; instead, we want it to be the highest semantic version.
+    # The most recent tag could potentially be a lower semantic version, made as a point release for a previous series.
+    # As an example, if v1.3.0 exists and we create v1.2.2, v1.3.0 should still be `latest`.
+    # `git describe --tags $(git rev-list --tags --max-count=1)` would return the most recently made tag.
+
+    for t in $(git tag -l --sort=-v:refname);
+    do
+        # If the tag has alpha, beta or rc in it, it's not "latest"
+        if [[ "$t" == *"beta"* || "$t" == *"alpha"* || "$t" == *"rc"* ]]; then
+            continue
+        fi
+        HIGHEST="$t"
+        break
+    done
+}
+
+if [ "$BRANCH" == "master" ]; then
+    VERSION="$BRANCH"
+elif [ ! -z "$TRAVIS_TAG" ]; then
+    VERSION="$TRAVIS_TAG"
+else
+    # If we're not on master and we're not building a tag, exit early.
+    exit 0
+fi
+
+# Calculate the latest release
+highest_release
+
+# Assume we're not tagging `latest` by default.
+TAG_LATEST=false
+if [[ "$TRAVIS_TAG" == "$HIGHEST" ]]; then
+    TAG_LATEST=true
+fi
+
+openssl aes-256-cbc -K $encrypted_f58ab4413c21_key -iv $encrypted_f58ab4413c21_iv -in heptio-images-fac92d2303ac.json.enc -out heptio-images-fac92d2303ac.json -d
+gcloud auth activate-service-account --key-file heptio-images-fac92d2303ac.json
+unset GIT_HTTP_USER_AGENT
+
+echo "Building and pushing container images."
+
+VERSION="$VERSION" TAG_LATEST="$TAG_LATEST" make all-containers all-push
diff --git a/heptio-images-fac92d2303ac.json.enc b/heptio-images-fac92d2303ac.json.enc
new file mode 100644
index 0000000000000000000000000000000000000000..78a4f9c4623d79653ff79ea4ee45f3a20d07bc16
GIT binary patch
literal 2320
zcmV+r3Gepbi=lEmXnU9JQq=SUgfUB8{un_#R-lY_?<K0N*&O}FLEM~;cU-sY@PHJc
zu?l6UsXq6Rrd_Pag?w0GB-}!H=P17Au+G+91(79P_3LP~o7x}r<L!>&V5)H!_9#)2
zZpvTq>X*vG>XMp*q7gzZHS?k3GpAKkCp;JEbEqS1CQAS8E(5WhLBwF0;NT&1W*-C}
z!?_0rT+QOo_L?6}v!1w<Hzg>cm!}KVeYtdr0h!ffAI&Fp+ojT3no-~@(82EKg5Gah
z$q1~6Gi2$+=v<*XU@T_N^~fUg9T1E-`5GMX#2D?3ouY^%vm(vBlxX4zhI&j}q(~Pl
zfh2XWS>KYC?R-peClLijCevC55%m8of%R{YeNBF#$bNyd4{Kin>H}Y-qE-B;6)%AP
zWyrl?Gd*zP<!V@j@dwj(p^yI)iT5fbA=&>egFAzItVqS{4<0u<0tgTPa;ViP`w$6F
zS*naBASh#ZgmW~tvhTHJdOy>E_M6xh$ZKKdE9{;NrMluRR_ptqRoc25=%dhZ0Kyth
zJkNZvp3~9WnaqcekB^~K)Oc!Y7;vB*oD90#6Sj-jlC@gC>L1iS7KD9cm;Pav!zKaX
zGymbII+~vU=4`bmp6~nkeGG56MvVA(&WqP1FV_^xd3yLxB%vh6ebklBzUR|Nki~PM
z15$*}35@E{4@k?xQj1bvTOVW=po;9<?+pyIT|Qa&OkM|N^OO5e*JxMfuYFTWb3nTS
z5AtOp`S5&{wxXa)(*eBIu%9M*KnKqH_x$R)H!87DM1Lf~o*E`*6L|5s43fJ4KL*Fk
z*Qw9<f0M4A97+8Jn{{FD7&B1V1F8CmH3#}}*?lv6BI2!Xie@=vM_~u2Q9#R3+Dqbd
zE5D*;q)0A%#2tZRq?J$B(vom+6o}5M6Sr)zaxR&W`vZE$9*p5VWszP+^k?p{C?ZGY
z{Y^q$M?Q>x+%JZvET|kjW0KQb6L=fd6pJiE!BDIxlEZdb`1T7_v-vk1sPdC%C@2Xm
zp~sxQ{<HH~wxGYI`{r0J&m)q496Gh^oI|TfQr}p6k`&7HOzp8*8q6z8wM>7LK*r=Q
zG)S<K(fry8KW=|J(C^|(7k6;?`3(Kqauu`EZ$Rm2?k$SrauQd~q<34aqsyNm$XB!v
zmcBF`N^0ze!vS~nkG8hoWqXX7l}X0|j?yQ(k%h;sV-P(CY;v9L&J<u=L8{tS+y`2#
zvh<-H0_|p@9lg`!#06uoU$>B#FEuWzkItgx(5r>_$EuS4OFLP@l)l^)y*rJ`H+uB(
z*O~SyorHOtXKa4_6txSM%x0Uej8NP*y&`rttn-Ekcj*v^qFvQ=Xaf6`3KIz0D)R6&
zaY{C2r2t6*Cd`->6Nw*iM0h8-7xH%yp0L&8c`^fnXp`x_%e_=YfiE0mi79a!0WQ5e
zJ$&xVnA^psa^<<d$gH)5KDWIn#DGQFCg>CtpGUx$-LAmRAM^8kZwTWiS{-Y<F^|*@
zmJu~j6#k=VUt2Px>uWhwf}&v>GVX$4tGyi0P+?r+Uf}(Zh=#|*f0WP%diO#$%E#By
z{d82`fO;|%QHEg}Ku*79p@pURS1dhHLIU7;_jNy@#5RlW&p}6Yf0~ejf^`wL6I9p=
zS|~Qm4153}D#v8_V4{XpqVZX?gS&5SLX_%)DU<v~ptlYd1Dgz}p>jpL+vZG^Ch|Q^
zQfHQ|CT`*P3=KP#ldIG`5ljJj6mGW;{9kVOQL`X(wz#>B<J**(&c|C0J|#BGbRC$P
zjOSd5PCmx%gkING%OHr!?VM9H6K7JzqJr%ENITQ3zVv^nWxE#6Em<~R+CrEs)G^u8
zGXsYOx0G`p)L#R3GCOpsHby~m?}KN_mH4+!o`R%6+nwb$2|gR7av@3O+wPqPXuxO#
zy{cpNiI(?xzUFCd=vO$hb?-ofVB#H7HbLy)<kNwXulhHPg*txrs?aCTm*h#7t(o?@
zKDq?7qY)ACu3Fh23txXoU?k47(vJ&7#w?H0A9iJivEcbq-7d}=EP)|O#GlJ~++efb
zT-d$DojX%o^Ybt8QI)2-s3>)AEpBf%=$rK#CxE3Wi}7E{40r&Iv1;VA6(IS+Gv&a~
zqeZ`mVW|}e!#q-}{+<sJX|luX?c`ww&6jMQ(^`g-Tj(3R-EP_lM0ar7L#FFWkUt8F
z#Y4$WDuu<61;EVj<R`}<YbX5@!8y^;JhUUnlnU^ES(SjWD(G*@2Q8%Af?0|VhBQOp
zvzR)b6qNY03t4lH#IrlS0L<Zjv>WFe19~>1^xus5?B4K%RMP(*TO$`^hzyuoD=y10
zO(!l~0&NA&3_hK1*P3is_5%PG>!Y+7D!iQ+?dqg6bldHNCzenF%x6skj~(Fj=QG5G
zh_PA`KCgulDVjb|Z>#Yu3P6L9Zoq#^_o#Bg8(|d<jOjE!p@O4%l#Dlp^->TNaDZZb
z`DPl4LbHv)%L&pxr~q#ElH@GssC2@tAhs<IbkFyhj$?o-7G?2;i4Q}>4jAcecyH+V
zFZ&5rFS8a;>}R^JH;G@F+(niTr;M&7lWphrVyeS^ZLNxL;(7B1_I`j!1mf7pE!vzh
z56RKz9JirAOlGL?`N}w#APR_?rBoH1(T1rK#W@kBnWC6}FJ*NO*mDmdy<#X5<zRCS
z%Dw5e>ePpCn3p7e0yCcO-Lgch*UT(GbyMGoN2M@#kEpQimMg0mcPWRM=)yJ9oNZK`
zge4%XK^ki=_;GDY9TCo_TfkP6NP6N~U+J&ohJHJ<1eqnt`7$)1raW^IPV|F66V6@J
zJy$^M6&`6ODqrK$2se4{5Mh<sm6%68YRURNT>v1jidW-5-hk%+$m9rho2Iffy5b2L
zp4DJe>~+GJV9W3z>a;lqpxO`F0LFs;u=XtFy2oW8A_;lXw$&<^0328`$&4VTsizRE
z$Pft$l^gE{Pr^s1+k)N24Sp1@n!)hLhKlPq9ykv$R00|9JEX5VZoUg!51C9H2<*-f
q(FFv-8-NtQa<eQe$ft&xrmBF$j0u87*r&<3xugzMgm=LOO`db~v5r6h

literal 0
HcmV?d00001