ci: push to harbor via dockerconfig secret

2025-12-17 01:52:53 -03:00 · 2025-12-17 01:52:53 -03:00 · ba9e754868
commit ba9e754868
parent def986a218
1 changed files with 32 additions and 25 deletions
--- a/29
+++ b/29
@ -7,8 +7,6 @@ pipeline {
 apiVersion: v1
 kind: Pod
 spec:
-  securityContext:
-    runAsUser: 0
  containers:
  - name: dind
    image: docker:27-dind
@ -19,7 +17,6 @@ spec:
      value: ""
    args:
    - --mtu=1400
-    - --insecure-registry=registry.bstein.dev
    volumeMounts:
    - name: dind-storage
      mountPath: /var/lib/docker
@ -37,7 +34,15 @@ spec:
      mountPath: /home/jenkins/agent
    - name: dind-storage
      mountPath: /var/lib/docker
+    - name: docker-config
+      mountPath: /root/.docker
  volumes:
+  - name: docker-config
+    secret:
+      secretName: harbor-robot-pipeline
+      items:
+      - key: .dockerconfigjson
+        path: config.json
  - name: workspace-volume
    emptyDir: {}
  - name: dind-storage
@ -91,35 +96,37 @@ spec:
      }
      steps {
        container('builder') {
-          withCredentials([usernamePassword(credentialsId: 'harbor-robot', passwordVariable: 'HPASS', usernameVariable: 'HUSER')]) {
          sh '''
            set -euo pipefail
+
            SRC_DIR=$(find harbor-src -maxdepth 1 -type d -name "harbor-*" | head -n1)
            cd "${SRC_DIR}"

-              docker login -u "${HUSER}" -p "${HPASS}" "$(echo "${REGISTRY}" | cut -d/ -f1)"
-
            export VERSIONTAG="${VERSIONTAG}"
            export BASEIMAGETAG="${VERSIONTAG}"
            export IMAGENAMESPACE="${REGISTRY}"
            export BASEIMAGENAMESPACE="${REGISTRY}"
            export PULL_BASE_FROM_DOCKERHUB=false
            export BUILD_BASE=true
-              export PUSHBASEIMAGE=true
            export BUILDTRIVYADP=false
            export BUILD_INSTALLER=false
-              export REGISTRYUSER="${HUSER}"
-              export REGISTRYPASSWORD="${HPASS}"

            make compile
            make build
-              make pushimage
+
+            # Push every image we just built for this tag under our namespace.
+            docker images --format '{{.Repository}}:{{.Tag}}' \
+              | awk -v ns="${REGISTRY}/" -v tag="${VERSIONTAG}" 'index($0, ns)==1 && $0 ~ ":"tag"$"' \
+              | sort -u \
+              | while read -r img; do
+                  echo "Pushing ${img}"
+                  docker push "${img}"
+                done
          '''
        }
      }
    }
  }
-  }
  post {
    always {
      cleanWs()