diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4238fffbd0..cc5788a9ba 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -55,9 +55,10 @@ fossa: .sign-docker: stage: sign-image script: - - source image.env - - echo $TARGET - - artifact-ci sign docker $TARGET + - echo "listing images to be signed" + - cat $CI_PROJECT_DIR/tags_to_sign + - cat $CI_PROJECT_DIR/tags_to_sign | xargs -L1 artifact-ci sign docker + .get-artifactory-stage: &get-artifactory-stage - | @@ -616,14 +617,13 @@ push-linux-image: echo "Tagging and pushing ${IMAGE_NAME}:${ARCH_TAG}" docker tag otelcol:${arch} ${IMAGE_NAME}:${ARCH_TAG} docker push ${IMAGE_NAME}:${ARCH_TAG} - echo "TARGET=${IMAGE_NAME}:${ARCH_TAG}" >> image.env + echo "${IMAGE_NAME}:${ARCH_TAG}" >> $CI_PROJECT_DIR/tags_to_sign if [[ "${CI_COMMIT_BRANCH:-}" = "main" ]] || [[ "${CI_COMMIT_TAG:-}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - # only push latest tag for main and stable releases + # only push latest tag for main and stable releases; no need to sign them as signing is made for digest LATEST_TAG="latest-${arch}" echo "Tagging and pushing ${IMAGE_NAME}:${LATEST_TAG}" docker tag ${IMAGE_NAME}:${ARCH_TAG} ${IMAGE_NAME}:${LATEST_TAG} docker push ${IMAGE_NAME}:${LATEST_TAG} - echo "TARGET=${IMAGE_NAME}:${LATEST_TAG}" >> image.env fi done - | @@ -649,7 +649,7 @@ push-linux-image: - dist/linux_arm64_digest.txt - dist/linux_ppc64le_digest.txt - dist/manifest_digest.txt - - image.env + - $CI_PROJECT_DIR/tags_to_sign sign-linux-image: extends: .sign-docker @@ -684,13 +684,12 @@ build-push-windows-image: docker build -t ${IMAGE_NAME}:${IMAGE_TAG} --build-arg BASE_IMAGE=mcr.microsoft.com/windows/servercore:1809 --build-arg JMX_METRIC_GATHERER_RELEASE=${JMX_METRIC_GATHERER_RELEASE} -f .\cmd\otelcol\Dockerfile.windows .\cmd\otelcol\ echo "Pushing ${IMAGE_NAME}:${IMAGE_TAG}" docker push ${IMAGE_NAME}:${IMAGE_TAG} - echo "TARGET=${IMAGE_NAME}:${IMAGE_TAG}" >> image.env + echo "${IMAGE_NAME}:${IMAGE_TAG}" >> $CI_PROJECT_DIR/tags_to_sign if ($env:CI_COMMIT_BRANCH -eq "main" -or $env:CI_COMMIT_TAG -match '^v\d+\.\d+\.\d+$') { - # only push latest tag for main and stable releases + # only push latest tag for main and stable releases; no need to sign them as signing is made for digest echo "Tagging and pushing ${IMAGE_NAME}:latest" docker tag ${IMAGE_NAME}:${IMAGE_TAG} ${IMAGE_NAME}:latest docker push ${IMAGE_NAME}:latest - echo "TARGET=${IMAGE_NAME}:latest" >> image.env } - docker inspect --format='{{.RepoDigests}}' ${IMAGE_NAME}:${IMAGE_TAG} | Tee-Object -FilePath dist/windows_digest.txt after_script: @@ -698,7 +697,7 @@ build-push-windows-image: artifacts: paths: - dist/windows_digest.txt - - image.env + - $CI_PROJECT_DIR/tags_to_sign sign-windows-image: extends: .sign-docker @@ -734,13 +733,12 @@ build-push-windows2022-image: docker build -t ${IMAGE_NAME}:${IMAGE_TAG} --build-arg BASE_IMAGE=mcr.microsoft.com/windows/servercore:ltsc2022 --build-arg JMX_METRIC_GATHERER_RELEASE=${JMX_METRIC_GATHERER_RELEASE} -f .\cmd\otelcol\Dockerfile.windows .\cmd\otelcol\ echo "Pushing ${IMAGE_NAME}:${IMAGE_TAG}" docker push ${IMAGE_NAME}:${IMAGE_TAG} - echo "TARGET=${IMAGE_NAME}:${IMAGE_TAG}" >> image.env + echo "${IMAGE_NAME}:${IMAGE_TAG}" >> $CI_PROJECT_DIR/tags_to_sign if ($env:CI_COMMIT_BRANCH -eq "main" -or $env:CI_COMMIT_TAG -match '^v\d+\.\d+\.\d+$') { - # only push latest tag for main and stable releases + # only push latest tag for main and stable releases; no need to sign them as signing is made for digest echo "Tagging and pushing ${IMAGE_NAME}:latest-2022" docker tag ${IMAGE_NAME}:${IMAGE_TAG} ${IMAGE_NAME}:latest-2022 docker push ${IMAGE_NAME}:latest-2022 - echo "TARGET=${IMAGE_NAME}:latest-2022" >> image.env } - docker inspect --format='{{.RepoDigests}}' ${IMAGE_NAME}:${IMAGE_TAG} | Tee-Object -FilePath dist/windows_2022_digest.txt after_script: @@ -749,7 +747,7 @@ build-push-windows2022-image: artifacts: paths: - dist/windows_2022_digest.txt - - image.env + - $CI_PROJECT_DIR/tags_to_sign sign-windows2022-image: extends: .sign-docker