Merge branch '267-release-images-txt-does-not-include-explicit-synker-images' into 'master'

Resolve "bug: `images.txt` doesn't include manually specified images in `synker.yaml`" Uses yq to strip the image list out of the synker file to create `images.txt` - previously only images that were run in the cluster appeared in this list. I also lumped in one small change to remove the use of sed to add images to synker which was "stupid and hacky". Now uses yq and explicitly populates those images to the proper yaml block. Closes #230 See merge request platform-one/big-bang/bigbang!335

Merge branch '267-release-images-txt-does-not-include-explicit-synker-images' into 'master'
178bc310 · joshwolf · 646fd3af · 415ba957 · 178bc310 · 178bc310
Commit 178bc310 authored 4 years ago by joshwolf
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -322,9 +322,13 @@ package:
  script:
    - cp ./scripts/package/synker.yaml ./synker.yaml
    # Populate images list in synker config
-    # NOTE: This is stupid and hacky, use yq or something better to do this
-    - cat images.txt | sed -e 's/^/    - /' >> synker.yaml
+    - |
+      for image in $(cat images.txt); do
+        yq -i e "(.source.images |= . + \"${image}\")" "./synker.yaml"
+      done
    - synker pull -b=1
+    # Create image list from synker, overwrite since ./synker.yaml contains everything at this point
+    - yq e '.source.images | .[] | ... comments=""' "./synker.yaml" > images.txt
    # Tar up synker as well?
    - cp /usr/local/bin/synker synker.yaml /var/lib/registry/
    - tar -C /var/lib/registry -czvf $IMAGE_PKG .

--- a/scripts/package/synker.yaml
+++ b/scripts/package/synker.yaml
@@ -6,14 +6,12 @@ transport:
    port: 25000
    osChoice: linux
    disablePolicyChecks: true
-
 options:
  # TODO: Turn this off for now until parallel syncing is more "production" ready
  # NOTE: Finding some bugs (even with retry) in pushing images to the airgapped registry that trace back to paralell syncing
  parallelSync: false
  quiet: false
  debug: info
-
 # NOTE: destination configurations below are environment specific and should be modified to match your environment.
 destination:
  registry:
@@ -21,18 +19,15 @@ destination:
    hostname: p1-registry
    # Port of the destination registry to push to
    port: 5000
-
    #
    osChoice: linux
    disablePolicyChecks: true
-
 source:
  authFile: /root/.docker/config.json
  images:
    - registry1.dso.mil/ironbank/twistlock/defender/defender:20.12.531
    - registry1.dso.mil/ironbank/anchore/enterprise/enterprise:3.0.1
    - registry1.dso.mil/ironbank/anchore/enterpriseui/enterpriseui:3.0.1
-
    # Images used by pipeline-templates
    # NOTE: These are __not__ fully inclusive yet, see this issue for updates: https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/145
    - registry.il2.dso.mil/platform-one/devops/pipeline-templates/pipeline-job/sonar-scanner-dotnet31:4.10
@@ -43,10 +38,8 @@ source:
    - registry.il2.dso.mil/platform-one/devops/pipeline-templates/pipeline-job/anchore:0.8.2
    - registry.il2.dso.mil/platform-one/devops/pipeline-templates/pipeline-job/test:gcc
    - registry.il2.dso.mil/platform-one/devops/pipeline-templates/pipeline-job/dependency-check611-sonar-scanner45-dotnet-31:021921
-
    # Gitlab Runner images
    - registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner:v13.2.2
    - registry.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner/gitlab-runner-helper:ib-v13.2.2
-
-      # Don't include until fortify is supported
-#    - registry.il2.dso.mil/platform-one/devops/pipeline-templates/pipeline-job/dotnet-fortify:20.2.0
+    # Don't include until fortify is supported
+    #- registry.il2.dso.mil/platform-one/devops/pipeline-templates/pipeline-job/dotnet-fortify:20.2.0