Service accounts (a.k.a. robots) in `quay.io` are forcably namespaced
to the user or orginization under which they are created. Therefore,
it is impossible to use a common login/password to push images for
both `skopeo` and `containers` namespaces. Worse, because the
authentication is recorded against `quay.io`, multiple login sessions
are required.
Fix this by adding a function definition which verifies non-empty
username/password arguments, before logging in. Call this function
as needed from relevant targets, prior to pushing images.
Signed-off-by: Chris Evich <cevich@redhat.com>
This replicates the --all copy flag to sync to perform the same
behavior. Namely, the default is CopySystemImage unless --all is passed
which changes the behavior to CopyAllImages. While it is probably
desirable for --all to be the default as there is no option to override
ones architecture with the sync command, --all can potentially break
existing sync incantations depending on registry support. Hence
CopySystemImage remains the default.
Signed-off-by: Andrew DeMaria <ademaria@cloudflare.com>
Travis is used, as it has native hardware to run the build for many
architectures (amd64, s390x, ppc64le). Docker is used as build and
manifest tool. `quay.io/skopeo/upstream:master`, `quay.io/skopeo/stable:v1.2.0`
and `quay.io/containers/skopeo:v1.2.0` are specified as target multi-arch
upstream image.
Travis config file has 3 stages:
- local-build to do the local test for linux/amd64 and osx, as it was in
the initial code
- image-build-push to build and push images for specific architectures
(amd64, s390x, ppc64le)
- manifest-multiarch-push to create and push manifest for multi-arch
image - `quay.io/skopeo/upstream:master`, `quay.io/skopeo/stable:v1.2.0`
and `quay.io/containers/skopeo:v1.2.0`
last stage amnd image push step are not done for pull request.
2 env variables specified in Travis settings are expected - QUAY_USERNAME and
QUAY_PASSWORD to push the images to quay.io.
As a result multi-arch images for 3 architectures are published.
README about build setup id prepared
Signed-off-by: Yulia Gaponenko <yulia.gaponenko1@de.ibm.com>
For yet unknown reasons, Travis throws permission errors when trying to
recursively list the contents of a temp directory. It passes locally,
so disable the logs to unblock CI. Note, the reasons for the error are
yet to be revealed.
Related-issue: https://github.com/containers/skopeo/issues/1093
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
We now use the osusergo build tag to not use the glibc functions which
occur in the warnings but them from golang the os/user package.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
By default we should build bin/skopeo locally
and build docs locally.
Show output when doing make docs.
Add description in `make help` to explain default
behaviour.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Go 1.15 deprecates checking CN; this broke gating tests:
Get "https://localhost:5000/v2/": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0
Easy two-line solution in the 'openssl' invocation. Huge
thanks to Nalin for tracking down and fixing while I was
still getting started:
https://github.com/containers/buildah/pull/2595
Copied from 0f2892a5b021de3b1cf273f5679fda8298b57c02 in buildah
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add a make target that cross-compiles for a handful of the possible
targets that `go tool dist list` can tell us about.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
