Just pushing instead of copying
This commit is contained in:
parent
e3ed1e3b13
commit
3b7d64638e
@ -11,31 +11,44 @@ steps:
|
|||||||
- -lc
|
- -lc
|
||||||
- |
|
- |
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
if [ "${PROMOTE:-}" != "prod" ]; then echo "⏭ Skipping (PROMOTE=$PROMOTE)"; exit 0; fi
|
if [ "${PROMOTE:-}" != "prod" ]; then echo "⏭ Skipping (PROMOTE=$PROMOTE)"; exit 0; fi
|
||||||
|
|
||||||
# Dev is the single source of truth for IMG_TAG
|
|
||||||
IMG_TAG="$(gcloud secrets versions access latest --secret=IMG_TAG --project=aptivaai-dev)"
|
IMG_TAG="$(gcloud secrets versions access latest --secret=IMG_TAG --project=aptivaai-dev)"
|
||||||
SRC="us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo"
|
SRC="us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo"
|
||||||
DST="us-central1-docker.pkg.dev/aptivaai-prod/aptiva-repo"
|
DST="us-central1-docker.pkg.dev/aptivaai-prod/aptiva-repo"
|
||||||
|
[ -n "$IMG_TAG" ] || { echo "❌ IMG_TAG empty"; exit 2; }
|
||||||
|
|
||||||
[ -n "$IMG_TAG" ] || { echo "❌ IMG_TAG is empty"; exit 2; }
|
apt-get update -qq && apt-get install -y -qq skopeo
|
||||||
|
|
||||||
apt-get update -qq
|
|
||||||
apt-get install -y -qq skopeo
|
|
||||||
TOKEN="$(gcloud auth print-access-token)"
|
TOKEN="$(gcloud auth print-access-token)"
|
||||||
|
|
||||||
|
# check which images are missing in PROD
|
||||||
|
missing=()
|
||||||
for s in server1 server2 server3 nginx; do
|
for s in server1 server2 server3 nginx; do
|
||||||
SRC_REF="docker://$SRC/$s:$IMG_TAG"
|
REF="docker://$DST/$s:$IMG_TAG"
|
||||||
DST_REF="docker://$DST/$s:$IMG_TAG"
|
if ! skopeo inspect --creds "oauth2accesstoken:$TOKEN" "$REF" >/dev/null 2>&1; then
|
||||||
echo "🔁 copy $SRC_REF → $DST_REF"
|
missing+=("$s")
|
||||||
skopeo copy --insecure-policy \
|
fi
|
||||||
--src-creds "oauth2accesstoken:$TOKEN" \
|
|
||||||
--dest-creds "oauth2accesstoken:$TOKEN" \
|
|
||||||
"$SRC_REF" "$DST_REF"
|
|
||||||
done
|
done
|
||||||
|
|
||||||
|
if [ ${#missing[@]} -eq 0 ]; then
|
||||||
|
echo "✅ All images already present in PROD for :$IMG_TAG — skipping mirror"
|
||||||
|
else
|
||||||
|
echo "🔁 Mirroring ${missing[*]} to PROD…"
|
||||||
|
for s in "${missing[@]}"; do
|
||||||
|
SRC_REF="docker://$SRC/$s:$IMG_TAG"
|
||||||
|
DST_REF="docker://$DST/$s:$IMG_TAG"
|
||||||
|
echo "copy $SRC_REF → $DST_REF"
|
||||||
|
skopeo copy --insecure-policy \
|
||||||
|
--src-creds "oauth2accesstoken:$TOKEN" \
|
||||||
|
--dest-creds "oauth2accesstoken:$TOKEN" \
|
||||||
|
"$SRC_REF" "$DST_REF"
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
|
# publish tag to prod SM regardless
|
||||||
printf '%s' "$IMG_TAG" | gcloud secrets versions add IMG_TAG --data-file=- --project=aptivaai-prod >/dev/null
|
printf '%s' "$IMG_TAG" | gcloud secrets versions add IMG_TAG --data-file=- --project=aptivaai-prod >/dev/null
|
||||||
echo "🏷 Promoted IMG_TAG=$IMG_TAG → aptivaai-prod"
|
echo "🏷 promoted IMG_TAG=$IMG_TAG"
|
||||||
|
|
||||||
|
|
||||||
- name: verify-sync
|
- name: verify-sync
|
||||||
depends_on: [promote-tag-and-mirror]
|
depends_on: [promote-tag-and-mirror]
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user