ci: push to harbor via dockerconfig secret

2025-12-17 01:52:53 -03:00 · 2025-12-17 01:52:53 -03:00 · ba9e754868
commit ba9e754868
parent def986a218
1 changed files with 32 additions and 25 deletions
--- a/57
+++ b/57
@ -7,8 +7,6 @@ pipeline {
 apiVersion: v1
 kind: Pod
 spec:
-  securityContext:
-    runAsUser: 0
  containers:
  - name: dind
    image: docker:27-dind
@ -19,7 +17,6 @@ spec:
      value: ""
    args:
    - --mtu=1400
-    - --insecure-registry=registry.bstein.dev
    volumeMounts:
    - name: dind-storage
      mountPath: /var/lib/docker
@ -37,7 +34,15 @@ spec:
      mountPath: /home/jenkins/agent
    - name: dind-storage
      mountPath: /var/lib/docker
+    - name: docker-config
+      mountPath: /root/.docker
  volumes:
+  - name: docker-config
+    secret:
+      secretName: harbor-robot-pipeline
+      items:
+      - key: .dockerconfigjson
+        path: config.json
  - name: workspace-volume
    emptyDir: {}
  - name: dind-storage
@ -91,31 +96,33 @@ spec:
      }
      steps {
        container('builder') {
-          withCredentials([usernamePassword(credentialsId: 'harbor-robot', passwordVariable: 'HPASS', usernameVariable: 'HUSER')]) {
-            sh '''
-              set -euo pipefail
-              SRC_DIR=$(find harbor-src -maxdepth 1 -type d -name "harbor-*" | head -n1)
-              cd "${SRC_DIR}"
+          sh '''
+            set -euo pipefail

-              docker login -u "${HUSER}" -p "${HPASS}" "$(echo "${REGISTRY}" | cut -d/ -f1)"
+            SRC_DIR=$(find harbor-src -maxdepth 1 -type d -name "harbor-*" | head -n1)
+            cd "${SRC_DIR}"

-              export VERSIONTAG="${VERSIONTAG}"
-              export BASEIMAGETAG="${VERSIONTAG}"
-              export IMAGENAMESPACE="${REGISTRY}"
-              export BASEIMAGENAMESPACE="${REGISTRY}"
-              export PULL_BASE_FROM_DOCKERHUB=false
-              export BUILD_BASE=true
-              export PUSHBASEIMAGE=true
-              export BUILDTRIVYADP=false
-              export BUILD_INSTALLER=false
-              export REGISTRYUSER="${HUSER}"
-              export REGISTRYPASSWORD="${HPASS}"
+            export VERSIONTAG="${VERSIONTAG}"
+            export BASEIMAGETAG="${VERSIONTAG}"
+            export IMAGENAMESPACE="${REGISTRY}"
+            export BASEIMAGENAMESPACE="${REGISTRY}"
+            export PULL_BASE_FROM_DOCKERHUB=false
+            export BUILD_BASE=true
+            export BUILDTRIVYADP=false
+            export BUILD_INSTALLER=false

-              make compile
-              make build
-              make pushimage
-            '''
-          }
+            make compile
+            make build
+
+            # Push every image we just built for this tag under our namespace.
+            docker images --format '{{.Repository}}:{{.Tag}}' \
+              | awk -v ns="${REGISTRY}/" -v tag="${VERSIONTAG}" 'index($0, ns)==1 && $0 ~ ":"tag"$"' \
+              | sort -u \
+              | while read -r img; do
+                  echo "Pushing ${img}"
+                  docker push "${img}"
+                done
+          '''
        }
      }
    }