use fixed docker versions where possible (#97)

* use fixed docker versions where possible

* set VERSION to TRAVIS_COMMIT

* push all tagged images instead of onyl latest

* no PULL_FLAG in travis

* always build all images in travis

Co-authored-by: Frederik Berg <[email protected]>
Co-authored-by: Krispin Schulz <[email protected]>

Author: frederik-b

.travis.yml

@@ -19,7 +19,17 @@ before_script:
   - git remote set-branches --add origin master
   - git fetch
   # See issue: https://graysonkoonce.com/getting-the-current-branch-name-during-a-pull-request-in-travis-ci/
-  - export BRANCH=$(if [ "$TRAVIS_PULL_REQUEST" == "false" ]; then echo $TRAVIS_BRANCH; else echo $TRAVIS_PULL_REQUEST_BRANCH; fi)
+  - BRANCH=$(if [ "$TRAVIS_PULL_REQUEST" == "false" ]; then echo $TRAVIS_BRANCH; else echo $TRAVIS_PULL_REQUEST_BRANCH; fi)
+  - export BRANCH
+  # commit hashes as tags is broken, use something reliable
+  - export VERSION="${TRAVIS_COMMIT}"
+  # always build everything locally
+  - export PULL_FLAG=""
+  # it's okay to use the cache
+  - export CACHE_FLAG=""
+  # always bind all images, so that all images get synchronzide versions
+  - IMAGES="$(find * -maxdepth 0 -type d)"
+  - export IMAGES
 
 script:
   # stop immediately if there's a failure

Makefile

@@ -23,6 +23,7 @@ help:
 
 # TODO Add make traps for docker-compose
 
+.PHONY: build
 build:  ## Builds all changed images. `-e IMAGES="name"` builds single image.
 	@docker-compose -f docker-compose.ops.yml build \
 		${CACHE_FLAG} \
@@ -52,6 +53,7 @@ test: ## Tests all changed images where tests exist. `-e IMAGES="name"` runs tes
 		test-images || make clean
 	@make clean
 
+.PHONY: push
 push: ## Pushes all changed images. `-e IMAGES="name"` pushes a single image.
 	@docker-compose -f docker-compose.ops.yml build \
 		${CACHE_FLAG} \

docker-build/Dockerfile

@@ -1,14 +1,16 @@
+ARG IMAGE_PREFIX="avenga/"
+ARG VERSION="latest"
+
 FROM koalaman/shellcheck-alpine:v0.6.0 as test
 COPY *.sh ./
 RUN find . -name "*.sh" | xargs shellcheck
 
-FROM avenga/docker AS release
+FROM ${IMAGE_PREFIX}docker:${VERSION} AS release
 #
 # DEFAULTS
 #
 ENV IMAGE_PREFIX=""
 ENV IMAGES=""
-ENV IMAGE_TAG="latest"
 ENV TARGET="release"
 ENV LABEL_VENDOR=""
 ENV LABEL_VCS_URL=""

docker-build/run.sh

@@ -1,4 +1,5 @@
-#!/bin/bash -eu
+#!/usr/bin/env bash
+set -eu
 
 IMAGES="${IMAGES:-}"
 DRY_RUN="${DRY_RUN:-}"
@@ -32,28 +33,23 @@ else
         then
             DOCKERFILE="$WORKDIR/$IMAGE_NAME/Dockerfile"
             CONTEXT="$WORKDIR/$IMAGE_NAME"
-            TAG=$IMAGE_PREFIX$IMAGE_NAME:$IMAGE_TAG
-            COMMIT_TAG=$IMAGE_PREFIX$IMAGE_NAME:$VERSION
             DOCKERFILE_FLAG=""
-            if [ -e "$DOCKERFILE" ]
-            then
+            if [ -e "$DOCKERFILE" ]; then
                 DOCKERFILE_FLAG="--file $DOCKERFILE"
             fi
             CACHE_FLAG="--no-cache"
-            if [[ -n "$CACHE" ]]
-            then
+            if [[ -n "$CACHE" ]]; then
                 CACHE_FLAG=""
             fi
             PULL_FLAG="--pull"
-            if [[ -n "$NO_PULL" ]]
-            then
+            if [[ -n "$NO_PULL" ]]; then
                 PULL_FLAG=""
             fi
 
             COMMAND="docker build $PULL_FLAG $CACHE_FLAG \\
             --build-arg IMAGE_PREFIX=$IMAGE_PREFIX \\
-            --tag $TAG \\
-            --tag $COMMIT_TAG \\
+            --tag $IMAGE_PREFIX$IMAGE_NAME:latest \\
+            --tag $IMAGE_PREFIX$IMAGE_NAME:$VERSION \\
             --target $TARGET \\
             --label org.opencontainers.image.created=\"$BUILD_DATE\" \\
             --label org.opencontainers.image.revision=\"$VERSION\" \\

docker-compose.ops.yml

@@ -37,6 +37,7 @@ services:
       - CI_REGISTRY_USER
       - CI_REGISTRY
       - IMAGES
+      - VERSION
     volumes:
       - .:/work
       - /var/run/docker.sock:/var/run/docker.sock

docker-push/Dockerfile

@@ -1,8 +1,11 @@
+ARG IMAGE_PREFIX="avenga/"
+ARG VERSION="latest"
+
 FROM koalaman/shellcheck-alpine:v0.6.0 as test
 COPY *.sh ./
 RUN find . -name "*.sh" | xargs shellcheck
 
-FROM avenga/docker AS release
+FROM ${IMAGE_PREFIX}docker:${VERSION} AS release
 #
 # DEFAULTS
 #

docker-push/run.sh

@@ -1,4 +1,5 @@
-#!/bin/bash -eu
+#!/usr/bin/env bash
+set -eu
 
 IMAGES="${IMAGES:-}"
 DRY_RUN="${DRY_RUN:-}"
@@ -12,26 +13,33 @@ if [[ -z $IMAGES ]] ; then
     )
 fi
 
-if [[ -z $IMAGES ]]
-then
+if [[ -z $IMAGES ]]; then
     echo "Nothing to push."
     exit 0
 fi
 
-if [[ -n "$DRY_RUN" ]]; then
-    echo "$IMAGES"
+# only push images if specific branch and not dry run
+if [[ -n "$DRY_RUN" ]] || [[ "$CURRENT_BRANCH" != "$ONLY_BRANCH" ]]; then
+    [[ "$CURRENT_BRANCH" != "$ONLY_BRANCH" ]] && echo "Skipping push since CURRENT_BRANCH $CURRENT_BRANCH is not equal to ONLY_BRANCH $ONLY_BRANCH"
+    # for all images
+    for image in $IMAGES; do
+        # for all tags that are equal to latest
+        for tagged_image in $(docker image inspect --format $'{{range .RepoTags}}{{.}} {{end}}' "$IMAGE_PREFIX$image:latest"); do
+            # print it
+            echo "$tagged_image"
+        done
+    done
     exit 0
-else
-    # only push images if specific branch
-    if [[ "$CURRENT_BRANCH" == "$ONLY_BRANCH" ]]
-    then
-        echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin
-        while IFS= read -r IMAGE_NAME
-        do
-            # push all tags:
-            docker push "$IMAGE_PREFIX$IMAGE_NAME"
-        done < <(echo "$IMAGES" | tr " " "\n")
-    else
-        echo "Skipping since not on ONLY_BRANCH $ONLY_BRANCH"
-    fi
 fi
+  
+
+echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin
+
+# for all images
+for image in $IMAGES; do
+    # for all tags that are equal to latest
+    for tagged_image in $(docker image inspect --format $'{{range .RepoTags}}{{.}} {{end}}' "$IMAGE_PREFIX$image"); do
+        # push it
+        docker push "$tagged_image"
+    done
+done

docker-push/tests/push.bats

@@ -1,15 +1,16 @@
 #!/usr/bin/env bats
 
 @test "dry run" {
-    run docker run --rm -e IMAGES=gitlab-job -e DRY_RUN=1  "avenga/docker-push:$VERSION"
+    run docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -e IMAGES="$IMAGE_PREFIX/gitlab-job" -e DRY_RUN=1 "avenga/docker-push:$VERSION"
     echo "$output"
     [[ $status -eq 0 ]]
-    [[ $output == "gitlab-job" ]]
+    [[ $output =~ "gitlab-job:latest" ]]
+    [[ $output =~ "gitlab-job:${VERSION}" ]]
 }
 @test "make dry run" {
     cd ..
     run make push -e IMAGES=gitlab-job -e CURRENT_BRANCH=push-test "avenga/docker-push:$VERSION"
     echo "$output"
     [[ $status -eq 2 ]]
-    [[ $output =~ "Skipping since not on ONLY_BRANCH master" ]]
+    [[ $output =~ "Skipping push" ]]
 }

docker-test/Dockerfile

@@ -1,4 +1,6 @@
-FROM avenga/docker AS release
+ARG IMAGE_PREFIX="avenga/"
+ARG VERSION="latest"
+FROM ${IMAGE_PREFIX}docker:${VERSION} AS release
 
 # Install bats-core and other requirements
 COPY --from=bats/bats:latest /opt/bats /opt/bats

docker-test/run.sh

@@ -1,5 +1,4 @@
-#!/bin/bash
-
+#!/usr/bin/env bash
 set -euo pipefail
 
 CHANGES=$(git diff --name-only "$GIT_DIFF" | \
@@ -15,17 +14,19 @@ if [[ -z $IMAGES ]] ; then
     exit 0
 fi
 
-while IFS= read -r IMAGE_NAME
-do
-    ( cd "$IMAGE_NAME"
-    if [[ -d ./tests ]] ; then
-        echo "Running test for $IMAGE_NAME"
-        if [[ -f tests/test.sh ]] ; then
-            ./tests/test.sh
-        else
-            bats --tap ./tests
-        fi
+# for all images
+for image in $IMAGES; do
+    if [[ ! -d "$image/tests" ]] ; then
+        echo "No tests found for $image"
+        continue
+    fi
+    
+    echo "Running test for $image"
+    pushd "$image"
+    if [[ -f tests/test.sh ]] ; then
+        ./tests/test.sh
     else
-        echo "No tests found for $IMAGE_NAME"
-    fi )
-done < <(echo "$IMAGES" | tr " " "\n")
+        bats --tap ./tests
+    fi
+    popd
+done

gitlab-job/Dockerfile

@@ -1,4 +1,6 @@
-FROM avenga/docker AS release
+ARG IMAGE_PREFIX="avenga/"
+ARG VERSION="latest"
+FROM ${IMAGE_PREFIX}docker:${VERSION} AS release
 RUN apk --quiet --no-progress --no-cache add make coreutils curl jq docker-compose \
     && sed -i 's|ash$|bash|g' /etc/passwd
 RUN docker-compose --version

gitlab-runner/Dockerfile

@@ -1,11 +1,13 @@
 ARG GITLAB_RUNNER_IMAGE_TAG=alpine
 FROM gitlab/gitlab-runner:${GITLAB_RUNNER_IMAGE_TAG} AS release
+ARG IMAGE_PREFIX="avenga/"
+ARG VERSION="latest"
 
 # Defaults:
 ENV RUNNER_LIMIT="1"
 ENV RUNNER_REQUEST_CONCURRENCY="1"
 ENV RUNNER_EXECUTOR="docker"
-ENV DOCKER_IMAGE="avenga/gitlab-job:latest"
+ENV DOCKER_IMAGE="${IMAGE_PREFIX}/gitlab-job:${VERSION}"
 
 COPY register-runner.sh /
 ENTRYPOINT ["/usr/bin/dumb-init", "/register-runner.sh"]

gitlab-runner/tests/runner.bats

@@ -4,5 +4,5 @@
     run docker run --rm --entrypoint gitlab-runner "avenga/gitlab-runner:$VERSION" --version
     echo "$output"
     [[ $status -eq 0 ]]
-    [[ $output =~ Version:.*13.1.1 ]]
+    [[ $output =~ Version:.*13.5.0 ]]
 }

kubectl/tests/version.bats

@@ -1,7 +1,8 @@
-# test the version
+#!/usr/bin/env bats
+
 @test "test kubectl version" {
     run bash -c "docker run --rm -e CONFIGURE_KUBECTL=false avenga/kubectl version --client -o json | jq -r '.clientVersion.gitVersion'"
     echo "$output"
-    [[ $output =~ "v1.18" ]]
+    [[ $output =~ "v1.19" ]]
     [[ $status -eq 0 ]]
 }

nodejs-javascript-app/Dockerfile

@@ -1,5 +1,6 @@
-ARG  IMAGE_PREFIX="avenga/"
-FROM ${IMAGE_PREFIX}nodejs-runner:latest AS release
+ARG IMAGE_PREFIX="avenga/"
+ARG VERSION="latest"
+FROM ${IMAGE_PREFIX}nodejs-runner:${VERSION} AS release
 ONBUILD COPY --from=build /app/package.json ./
 ONBUILD COPY --from=build /app/src ./src
 ONBUILD COPY --from=build /prod_node_modules ./node_modules

nodejs-javascript-builder/Dockerfile

@@ -1,5 +1,6 @@
 ARG IMAGE_PREFIX="avenga/"
-FROM ${IMAGE_PREFIX}nodejs-runner:latest AS release
+ARG VERSION="latest"
+FROM ${IMAGE_PREFIX}nodejs-runner:${VERSION} AS release
 ENV YARN_VERSION="1.15.0"
 RUN wget -O /yarn.js https://github.com/yarnpkg/yarn/releases/download/v${YARN_VERSION}/yarn-${YARN_VERSION}.js
 COPY yarn /usr/bin

nodejs-javascript-hello/Dockerfile

@@ -1,3 +1,4 @@
-ARG  IMAGE_PREFIX="avenga/"
-FROM ${IMAGE_PREFIX}nodejs-javascript-builder:latest AS build
-FROM ${IMAGE_PREFIX}nodejs-javascript-app:latest AS release
+ARG IMAGE_PREFIX="avenga/"
+ARG VERSION="latest"
+FROM ${IMAGE_PREFIX}nodejs-javascript-builder:${VERSION} AS build
+FROM ${IMAGE_PREFIX}nodejs-javascript-app:${VERSION} AS release

sloppy-deployment/Dockerfile

@@ -1,4 +1,5 @@
-FROM avenga/sloppy:1.13.1 as release
+ARG IMAGE_PREFIX="avenga/"
+FROM ${IMAGE_PREFIX}sloppy:1.13.1 as release
 ARG SLOPPY_TEMPLATE_FILE="sloppy.tmpl.yml"
 ENV SLOPPY_TEMPLATE_FILE=${SLOPPY_TEMPLATE_FILE}
 ENV SLOPPY_APITOKEN=""

sloppy-rollout/Dockerfile

@@ -1,4 +1,6 @@
-FROM avenga/sloppy as release
+ARG IMAGE_PREFIX="avenga/"
+ARG VERSION="latest"
+FROM ${IMAGE_PREFIX}sloppy:${VERSION} AS release
 ENV SLOPPY_APITOKEN=""
 # If templating is used, files from this environment are used.
 ENV TEMPLATE_ENVIRONMENT=""

vault-pull/entrypoint.sh

@@ -1,4 +1,5 @@
-#!/bin/bash -eu
+#!/usr/bin/env bash
+set -eu
 
 ENVIRONMENTS=$(vault list -format=json "$VAULT_SECRETS_PATH/$PROJECT/environments" | jq -r 'join(",")')
 

vault-push/entrypoint.sh

@@ -1,4 +1,5 @@
-#!/bin/bash -eu
+#!/usr/bin/env bash
+set -eu
 
 ENVIRONMENTS_PATH=/environments
 ENVIRONMENTS=$(find $ENVIRONMENTS_PATH/* -type d -maxdepth 1 -print0 | xargs -0 -n 1 basename)