Fixed issue where prerelease container image tags can overwrite produ…

…ction container image tags (#32699)

.drone.yml

@@ -8560,9 +8560,17 @@ steps:
     > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
     "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64
     && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-amd64)
+  - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
+    printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
+    ] && echo "skipping" || echo "continuing"
+  - '[ -f /go/vars/release-is-prerelease ] && exit 0'
   - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
     public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
   - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-amd64
+  - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
+    printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
+    ] && echo "skipping" || echo "continuing"
+  - '[ -f /go/vars/release-is-prerelease ] && exit 0'
   - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-amd64
     public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
   - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-amd64
@@ -8592,9 +8600,17 @@ steps:
     > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
     "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm
     && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm)
+  - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
+    printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
+    ] && echo "skipping" || echo "continuing"
+  - '[ -f /go/vars/release-is-prerelease ] && exit 0'
   - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
     public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
   - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm
+  - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
+    printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
+    ] && echo "skipping" || echo "continuing"
+  - '[ -f /go/vars/release-is-prerelease ] && exit 0'
   - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm
     public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
   - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm
@@ -8625,9 +8641,17 @@ steps:
     > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport:$(cat
     "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64
     && docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/full-version")-arm64)
+  - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
+    printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
+    ] && echo "skipping" || echo "continuing"
+  - '[ -f /go/vars/release-is-prerelease ] && exit 0'
   - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
     public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
   - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/major-version")-arm64
+  - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
+    printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
+    ] && echo "skipping" || echo "continuing"
+  - '[ -f /go/vars/release-is-prerelease ] && exit 0'
   - docker tag drone-docker-registry:5000/teleport:$(cat "/go/var/full-version")-arm64
     public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
   - docker push public.ecr.aws/gravitational/teleport:$(cat "/go/var/minor-version")-arm64
@@ -8852,9 +8876,17 @@ steps:
     "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
     "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
     "/go/var/full-version")-amd64)
+  - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
+    printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
+    ] && echo "skipping" || echo "continuing"
+  - '[ -f /go/vars/release-is-prerelease ] && exit 0'
   - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
     public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
   - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-amd64
+  - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
+    printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
+    ] && echo "skipping" || echo "continuing"
+  - '[ -f /go/vars/release-is-prerelease ] && exit 0'
   - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-amd64
     public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
   - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-amd64
@@ -8885,9 +8917,17 @@ steps:
     > /dev/null 2>&1 && echo 'Found existing image, skipping' || (docker tag drone-docker-registry:5000/teleport-ent:$(cat
     "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm
     && docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/full-version")-arm)
+  - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
+    printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
+    ] && echo "skipping" || echo "continuing"
+  - '[ -f /go/vars/release-is-prerelease ] && exit 0'
   - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
     public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
   - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm
+  - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
+    printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
+    ] && echo "skipping" || echo "continuing"
+  - '[ -f /go/vars/release-is-prerelease ] && exit 0'
   - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm
     public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
   - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm
@@ -8919,9 +8959,17 @@ steps:
     "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-ent:$(cat
     "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
     "/go/var/full-version")-arm64)
+  - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
+    printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
+    ] && echo "skipping" || echo "continuing"
+  - '[ -f /go/vars/release-is-prerelease ] && exit 0'
   - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
     public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
   - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-arm64
+  - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
+    printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
+    ] && echo "skipping" || echo "continuing"
+  - '[ -f /go/vars/release-is-prerelease ] && exit 0'
   - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-arm64
     public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
   - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-arm64
@@ -9081,9 +9129,17 @@ steps:
     "/go/var/full-version")-fips-amd64 public.ecr.aws/gravitational/teleport-ent:$(cat
     "/go/var/full-version")-fips-amd64 && docker push public.ecr.aws/gravitational/teleport-ent:$(cat
     "/go/var/full-version")-fips-amd64)
+  - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
+    printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
+    ] && echo "skipping" || echo "continuing"
+  - '[ -f /go/vars/release-is-prerelease ] && exit 0'
   - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
     public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
   - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/major-version")-fips-amd64
+  - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
+    printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
+    ] && echo "skipping" || echo "continuing"
+  - '[ -f /go/vars/release-is-prerelease ] && exit 0'
   - docker tag drone-docker-registry:5000/teleport-ent:$(cat "/go/var/full-version")-fips-amd64
     public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
   - docker push public.ecr.aws/gravitational/teleport-ent:$(cat "/go/var/minor-version")-fips-amd64
@@ -9299,9 +9355,17 @@ steps:
     "/go/var/full-version")-amd64 public.ecr.aws/gravitational/teleport-operator:$(cat
     "/go/var/full-version")-amd64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
     "/go/var/full-version")-amd64)
+  - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
+    printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
+    ] && echo "skipping" || echo "continuing"
+  - '[ -f /go/vars/release-is-prerelease ] && exit 0'
   - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
     public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
   - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-amd64
+  - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
+    printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
+    ] && echo "skipping" || echo "continuing"
+  - '[ -f /go/vars/release-is-prerelease ] && exit 0'
   - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-amd64
     public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
   - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-amd64
@@ -9333,9 +9397,17 @@ steps:
     "/go/var/full-version")-arm public.ecr.aws/gravitational/teleport-operator:$(cat
     "/go/var/full-version")-arm && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
     "/go/var/full-version")-arm)
+  - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
+    printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
+    ] && echo "skipping" || echo "continuing"
+  - '[ -f /go/vars/release-is-prerelease ] && exit 0'
   - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
     public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
   - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm
+  - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
+    printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
+    ] && echo "skipping" || echo "continuing"
+  - '[ -f /go/vars/release-is-prerelease ] && exit 0'
   - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm
     public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
   - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm
@@ -9367,9 +9439,17 @@ steps:
     "/go/var/full-version")-arm64 public.ecr.aws/gravitational/teleport-operator:$(cat
     "/go/var/full-version")-arm64 && docker push public.ecr.aws/gravitational/teleport-operator:$(cat
     "/go/var/full-version")-arm64)
+  - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
+    printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
+    ] && echo "skipping" || echo "continuing"
+  - '[ -f /go/vars/release-is-prerelease ] && exit 0'
   - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
     public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
   - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/major-version")-arm64
+  - printf "Prerelease "; ! [ -f /go/vars/release-is-prerelease ] && printf "not ";
+    printf "detected for version $DRONE_TAG, "; [ -f /go/vars/release-is-prerelease
+    ] && echo "skipping" || echo "continuing"
+  - '[ -f /go/vars/release-is-prerelease ] && exit 0'
   - docker tag drone-docker-registry:5000/teleport-operator:$(cat "/go/var/full-version")-arm64
     public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
   - docker push public.ecr.aws/gravitational/teleport-operator:$(cat "/go/var/minor-version")-arm64
@@ -16896,6 +16976,6 @@ image_pull_secrets:
 - DOCKERHUB_CREDENTIALS
 ---
 kind: signature
-hmac: 26860e1b07cd9776b845bea867e4a97db26a25c72c3a5210414d384c812b5405
+hmac: 463dcdf335d99bd282f6ddfa30f7a09c67f93d2359e3f4d3a213ce6c59b99a8a
 
 ...

dronegen/container_images_repos.go

@@ -262,10 +262,17 @@ func (cr *ContainerRepo) tagAndPushStep(buildStepDetails *buildStepOutput, image
 		archImage := archImageMap[archImageKey]
 
 		// Skip pushing images if the tag or container registry is immutable
-		tagAndPushCommands = append(tagAndPushCommands, buildImmutableSafeCommands(archImageKey.IsImmutable || cr.IsImmutable, archImage.GetShellName(), []string{
+		archImageCommands := buildImmutableSafeCommands(archImageKey.IsImmutable || cr.IsImmutable, archImage.GetShellName(), []string{
 			fmt.Sprintf("docker tag %s %s", buildStepDetails.BuiltImage.GetShellName(), archImage.GetShellName()),
 			fmt.Sprintf("docker push %s", archImage.GetShellName()),
-		})...)
+		})
+
+		// Only create and push images for major and minor versions if the release version is not a prerelease
+		if !archImageKey.IsForFullSemver {
+			archImageCommands = buildPrereleaseExclusionaryCommands(buildStepDetails.Version, archImageCommands)
+		}
+
+		tagAndPushCommands = append(tagAndPushCommands, archImageCommands...)
 	}
 	tagAndPushCommands = cr.buildCommandsWithLogin(tagAndPushCommands)