Add logic to determine when to build and push images. Add registry vars. Remove old registry vars

Author: thejsj

ansible/delta-hosts/variables

@@ -176,12 +176,13 @@ pg_pass=59a5524e-a772-11e5-bedc-1bdc0db458b3
 pg_user=astral
 rabbit_password=wKK7g7NWKpQXEeSzyWB7mIpxZIL8H2mDSf3Q6czR3Vk
 rabbit_username=o2mdLh9N9Ke2GzhoK8xsruYPhIQFN7iEL44dQJoq7OM
-registry_host=10.8.4.126
 user_content_domain=runnableapp.com
 vault_auth_token=578c9767-5af8-8490-0954-5d330f27b088
 vault_token_01=0d324dc7d4cbd94790fd08809d06fb1e28e21e185910081c7646e3e49924f6ed01
 vault_token_02=42dc8a69df174e77eb47a63b6ef4709bec57101cb1bff11a71c91b73b8bc046102
 vault_token_03=47f3cb74f5374fa3c51c90fd25e3d4cc851034de97584995fce5fc5382342f1f03
+registry_username=runnable+deltapush
+registry_token=4PX2AU9QIJSCDLZEXILYX6ZP2RCXY1HR10WVZKWVR0JW8DS5IIY87D96V0RACMK5
 
 [ec2:vars]
 aws_custid=437258487404

ansible/group_vars/alpha-shiva.yml

@@ -21,7 +21,6 @@ container_envs: >
   -e AWS_ACCESS_KEY_ID={{ aws_access_key_id }}
   -e AWS_SECRET_ACCESS_KEY={{ aws_secret_access_key }}
   -e NODE_ENV={{ node_env }}
-  -e REGISTRY_HOST={{ registry_host }}
   -e ROLLBAR_KEY={{ shiva_rollbar_token }}
   -e DOCKER_PORT={{ docker_port }}
 

ansible/roles/builder/tasks/main.yml

@@ -1,37 +1,81 @@
 ---
 # commands to build an image
-#
+- name: check if image is a tag and check environment
+  tags: deploy
+  set_fact:
+    is_image_tag: '{{ git_branch | match("^v([0-9]+)\.([0-9]+)\.([0-9]+)$") }}'
+    is_production_delta: '{{  node_env is defined and node_env=="production-delta" }}'
+
 - name: Ensure Tag Deploy For Prod
   tags: deploy
-  when: node_env is defined and node_env=="production-delta" and not git_branch | match("^v([0-9]+)\.([0-9]+)\.([0-9]+)$")
-  fail: msg="only tag can be deployed on prod not {{ git_branch }}"
+  when: (is_production_delta and not is_image_tag)
+  fail: msg="only tag can be deployed on prod not {{ container_tag }}"
+
+- name: set if is image tag and production delta
+  tags: deploy
+  set_fact:
+    is_prod_and_tag: "{{ is_image_tag and is_production_delta }}"
+
+- name: query registry for tag
+  tags: deploy
+  uri:
+    # Overwrite the name of the image repository (`runnable-angular`, big-poppa-http) with `repository_name`
+    url: https://quay.io/api/v1/repository/runnable/{{ repository_name | default(name) }}/tag/?limit=1&specificTag={{ container_tag }}
+    method: GET
+    headers:
+      Authorization: 'Bearer QB9UzzNhwClqMgRyMgNGrSGLdUYZPJLJALdcpKRa'
+  register: currently_built_tags
+
+- name: set number of images built
+  tags: deploy
+  set_fact:
+    no_images_found: "{{ currently_built_tags|json_query('json.tags')|length == 0  }}"
+
+- name: set number of images built
+  tags: deploy
+  set_fact:
+    # Only build the image if no images are found
+    # Use built images in staging/gamma unless forced
+    build_image: '{{ no_images_found or (force_image_push is defined and force_image_push) }}'
+    # Only push the image if on prod environment
+    # Also, only push image if and no images are found or image push is forced
+    # Use `-e "force_push_image=true"` in the command line to force image push
+    push_image: '{{ is_prod_and_tag and (no_images_found or (force_image_push is defined and force_image_push)) }}'
+
+- name: debug
+  debug:
+    msg: 'build_image: {{ build_image }}, push_image: {{ push_image }}, no_images_found: {{ no_images_found }}, is_prod_and_tag: {{ is_prod_and_tag }}'
 
 - name: create build folder
   become: true
+  when: build_image
   file:
     path: "{{ build_dir }}/{{ name }}"
     state: directory
 
 - name: pull the git repository
   tags: deploy
+  when: build_image
   become: true
   git:
     repo: "{{ repo }}"
     dest: "{{ build_dir }}/{{ name }}/repo"
-    version: "{{ git_branch }}"
+    version: "{{ container_tag }}"
     update: yes
     accept_hostkey: yes
     force: yes
 
 - name: get new tags from remote
   tags: deploy
+  when: build_image
   become: true
   shell: "git fetch --tags"
   args:
     chdir: "{{ build_dir }}/{{ name }}/repo"
 
 - name: get latest tag name
   tags: deploy
+  when: build_image
   become: true
   shell: "git describe --tags `git rev-list --tags --max-count=1`"
   args:
@@ -40,26 +84,28 @@
 
 - name: ensure latest tag is deployed
   tags: deploy
-  fail: msg="Cannot deploy -{{ git_branch }}- because latest is -{{latest_tag.stdout}}-. Bypass with `-t i_am_deploying_an_old_tag`"
-  when: (node_env is not defined or node_env is defined and node_env=="production-delta") and
-        (latest_tag.stdout != git_branch and i_am_deploying_an_old_tag is not defined)
+  fail: msg="Cannot deploy {{ container_tag}} because latest is {{latest_tag.stdout}}. Bypass with `-t i_am_deploying_an_old_tag`"
+  when: build_image and is_production_delta and (latest_tag.stdout != container_tag and i_am_deploying_an_old_tag is not defined)
 
 - name: copy dockerfile to build folder
   tags: deploy
+  when: build_image
   become: true
   template:
     src: "{{ dockerfile }}"
     dest: "{{ build_dir }}/{{ name }}"
 
 - name: copy .dockerignore file into build folder
   tags: deploy
+  when: build_image
   become: true
   template:
     src: ".dockerignore"
     dest: "{{ build_dir }}/{{ name }}"
 
 - name: copy secrets into build dir
   tags: [ deploy ]
+  when: build_image
   become: true
   copy:
     src=./secrets/docker-client/{{ file_name_item }}
@@ -75,11 +121,13 @@
 
 - name: build docker image and tag
   tags: deploy
+  when: build_image
   become: yes
   command: docker build {{ build_args | default("") }} --tag="{{ container_image }}:{{ container_tag }}" "{{ build_dir }}/{{ name }}"
 
 - name: remove secrets from build dir
   tags: [ deploy ]
+  when: build_image
   become: true
   file:
     path: "{{ build_dir }}/{{ name }}/{{ file_name_item }}"
@@ -90,22 +138,20 @@
   loop_control:
     loop_var: file_name_item
 
-- name: set whether image will be pushed
-  when: git_branch | match("^v([0-9]+)\.([0-9]+)\.([0-9]+)$") and ((node_env is defined and node_env=='production-delta') or force_push_image)
-  set_fact:
-    push_image: true
-
-- name: login to docker hub
+- name: login to registry
+  tags: deploy
   become: yes
-  when: push_image is defined
-  command: docker login -u {{ docker_hub_username }} -p {{ docker_hub_password }}
+  when: build_image and push_image
+  command: docker login -u {{ registry_username }} -p {{ registry_token }} {{ registry_host }}
 
 - name: push docker image
+  tags: deploy
   become: yes
-  when: push_image is defined
+  when: build_image and push_image
   command: docker push {{ container_image }}:{{ container_tag }}
 
-- name: logout of docker hub
+- name: logout of registry
+  tags: deploy
   become: yes
-  when: push_image is defined
+  when: build_image and push_image
   command: docker logout