From 306e5ec8643eb03ff2b8769959bff5785306648b Mon Sep 17 00:00:00 2001 From: Jon Date: Mon, 13 May 2024 10:15:02 -0500 Subject: [PATCH] [ci] Refactor docker login (#183278) Originally `docker login` was localized to a single step and was managed only in that step. Over time, this has expanded most pipelines and steps. This changes the pattern to authenticate once during pre command. --- .buildkite/scripts/build_kibana.sh | 2 -- .buildkite/scripts/common/setup_job_env.sh | 4 +--- .../create_periodic_test_docker_image.sh | 5 ----- .../security_solution_quality_gate/upload_image_metadata.sh | 1 - .buildkite/scripts/steps/artifacts/cloud.sh | 5 ----- .buildkite/scripts/steps/artifacts/docker_image.sh | 5 ----- .buildkite/scripts/steps/artifacts/publish.sh | 2 -- .buildkite/scripts/steps/cloud/build_and_deploy.sh | 3 --- .../steps/es_serverless/promote_es_serverless_image.sh | 3 --- .buildkite/scripts/steps/es_snapshots/build.sh | 2 -- .buildkite/scripts/steps/fips/build.sh | 3 --- .buildkite/scripts/steps/functional/common.sh | 3 --- .buildkite/scripts/steps/test/jest_integration.sh | 4 ---- 13 files changed, 1 insertion(+), 41 deletions(-) diff --git a/.buildkite/scripts/build_kibana.sh b/.buildkite/scripts/build_kibana.sh index 537bee3a290a29..da709ee6eb08c3 100755 --- a/.buildkite/scripts/build_kibana.sh +++ b/.buildkite/scripts/build_kibana.sh @@ -20,7 +20,6 @@ echo "> node scripts/build" "${BUILD_ARGS[@]}" node scripts/build "${BUILD_ARGS[@]}" if is_pr_with_label "ci:build-cloud-image"; then - echo "$KIBANA_DOCKER_PASSWORD" | docker login -u "$KIBANA_DOCKER_USERNAME" --password-stdin docker.elastic.co node scripts/build \ --skip-initialize \ --skip-generic-folders \ @@ -35,7 +34,6 @@ if is_pr_with_label "ci:build-cloud-image"; then --skip-docker-ubuntu \ --skip-docker-serverless \ --skip-docker-contexts - docker logout docker.elastic.co CLOUD_IMAGE=$(docker images --format "{{.Repository}}:{{.Tag}}" docker.elastic.co/kibana-ci/kibana-cloud) cat << EOF | buildkite-agent annotate --style "info" --context kibana-cloud-image diff --git a/.buildkite/scripts/common/setup_job_env.sh b/.buildkite/scripts/common/setup_job_env.sh index 6b07beebcfa9cd..3d85acd1620440 100644 --- a/.buildkite/scripts/common/setup_job_env.sh +++ b/.buildkite/scripts/common/setup_job_env.sh @@ -20,10 +20,8 @@ fi export KIBANA_CI_GITHUB_TOKEN KIBANA_DOCKER_USERNAME="$(vault_get container-registry username)" - export KIBANA_DOCKER_USERNAME - KIBANA_DOCKER_PASSWORD="$(vault_get container-registry password)" - export KIBANA_DOCKER_PASSWORD + echo "$KIBANA_DOCKER_PASSWORD" | docker login -u "$KIBANA_DOCKER_USERNAME" --password-stdin docker.elastic.co } # Set up a custom ES Snapshot Manifest if one has been specified for this build diff --git a/.buildkite/scripts/pipelines/security_solution_quality_gate/create_periodic_test_docker_image.sh b/.buildkite/scripts/pipelines/security_solution_quality_gate/create_periodic_test_docker_image.sh index 4e459e23ce25b3..968938a629ae6e 100644 --- a/.buildkite/scripts/pipelines/security_solution_quality_gate/create_periodic_test_docker_image.sh +++ b/.buildkite/scripts/pipelines/security_solution_quality_gate/create_periodic_test_docker_image.sh @@ -17,9 +17,6 @@ KIBANA_BASE_IMAGE="docker.elastic.co/kibana-ci/kibana-serverless" export KIBANA_IMAGE="$KIBANA_BASE_IMAGE:$KIBANA_IMAGE_TAG" echo "--- Verify manifest does not already exist" -echo "$KIBANA_DOCKER_PASSWORD" | docker login -u "$KIBANA_DOCKER_USERNAME" --password-stdin docker.elastic.co -trap 'docker logout docker.elastic.co' EXIT - echo "Checking manifest for $KIBANA_IMAGE" if docker manifest inspect $KIBANA_IMAGE &> /dev/null; then echo "Manifest already exists, exiting" @@ -70,8 +67,6 @@ if [[ "$BUILDKITE_BRANCH" == "$KIBANA_BASE_BRANCH" ]] && [[ "${BUILDKITE_PULL_RE docker manifest push "$KIBANA_BASE_IMAGE:latest" fi -docker logout docker.elastic.co - cat << EOF | buildkite-agent annotate --style "info" --context image ### Serverless Images diff --git a/.buildkite/scripts/pipelines/security_solution_quality_gate/upload_image_metadata.sh b/.buildkite/scripts/pipelines/security_solution_quality_gate/upload_image_metadata.sh index a39c51c07a47c0..f47f5d4a41bdfb 100644 --- a/.buildkite/scripts/pipelines/security_solution_quality_gate/upload_image_metadata.sh +++ b/.buildkite/scripts/pipelines/security_solution_quality_gate/upload_image_metadata.sh @@ -1,5 +1,4 @@ #!/bin/bash -echo "$KIBANA_DOCKER_PASSWORD" | docker login -u "$KIBANA_DOCKER_USERNAME" --password-stdin docker.elastic.co KIBANA_BASE_IMAGE="docker.elastic.co/kibana-ci/kibana-serverless" KIBANA_LATEST=${KIBANA_BASE_IMAGE}:latest diff --git a/.buildkite/scripts/steps/artifacts/cloud.sh b/.buildkite/scripts/steps/artifacts/cloud.sh index 2faf5175b97b77..e12cf7958c86ec 100644 --- a/.buildkite/scripts/steps/artifacts/cloud.sh +++ b/.buildkite/scripts/steps/artifacts/cloud.sh @@ -20,17 +20,12 @@ KIBANA_TEST_IMAGE="docker.elastic.co/kibana-ci/kibana-cloud:$TAG" # docker.elastic.co/kibana-ci/kibana-cloud:$FULL_VERSION -> :$FULL_VERSION-$GIT_COMMIT docker tag "$KIBANA_BASE_IMAGE" "$KIBANA_TEST_IMAGE" -echo "$KIBANA_DOCKER_PASSWORD" | docker login -u "$KIBANA_DOCKER_USERNAME" --password-stdin docker.elastic.co -trap 'docker logout docker.elastic.co' EXIT - if docker manifest inspect $KIBANA_TEST_IMAGE &> /dev/null; then echo "Cloud image already exists, skipping docker push" else docker image push "$KIBANA_TEST_IMAGE" fi -docker logout docker.elastic.co - echo "--- Create deployment" CLOUD_DEPLOYMENT_NAME="kibana-artifacts-$TAG" diff --git a/.buildkite/scripts/steps/artifacts/docker_image.sh b/.buildkite/scripts/steps/artifacts/docker_image.sh index beb6f04e6e9d80..8a482a341867fb 100755 --- a/.buildkite/scripts/steps/artifacts/docker_image.sh +++ b/.buildkite/scripts/steps/artifacts/docker_image.sh @@ -17,9 +17,6 @@ KIBANA_BASE_IMAGE="docker.elastic.co/kibana-ci/kibana-serverless" export KIBANA_IMAGE="$KIBANA_BASE_IMAGE:$KIBANA_IMAGE_TAG" echo "--- Verify manifest does not already exist" -echo "$KIBANA_DOCKER_PASSWORD" | docker login -u "$KIBANA_DOCKER_USERNAME" --password-stdin docker.elastic.co -trap 'docker logout docker.elastic.co' EXIT - echo "Checking manifest for $KIBANA_IMAGE" if docker manifest inspect $KIBANA_IMAGE &> /dev/null; then echo "Manifest already exists, exiting" @@ -68,8 +65,6 @@ if [[ "$BUILDKITE_BRANCH" == "$KIBANA_BASE_BRANCH" ]] && [[ "${BUILDKITE_PULL_RE docker manifest push "$KIBANA_BASE_IMAGE:latest" fi -docker logout docker.elastic.co - cat << EOF | buildkite-agent annotate --style "info" --context image ### Serverless Images diff --git a/.buildkite/scripts/steps/artifacts/publish.sh b/.buildkite/scripts/steps/artifacts/publish.sh index 2621242fe0aa7e..8aba9e941e3c05 100644 --- a/.buildkite/scripts/steps/artifacts/publish.sh +++ b/.buildkite/scripts/steps/artifacts/publish.sh @@ -49,8 +49,6 @@ chmod -R a+r target/* chmod -R a+w target echo "--- Pull latest Release Manager CLI" -echo "$KIBANA_DOCKER_PASSWORD" | docker login -u "$KIBANA_DOCKER_USERNAME" --password-stdin docker.elastic.co -trap 'docker logout docker.elastic.co' EXIT docker pull docker.elastic.co/infra/release-manager:latest echo "--- Publish artifacts" diff --git a/.buildkite/scripts/steps/cloud/build_and_deploy.sh b/.buildkite/scripts/steps/cloud/build_and_deploy.sh index 6a7a95f8eaf10c..8b269e24389778 100755 --- a/.buildkite/scripts/steps/cloud/build_and_deploy.sh +++ b/.buildkite/scripts/steps/cloud/build_and_deploy.sh @@ -24,7 +24,6 @@ ELASTICSEARCH_CLOUD_IMAGE="docker.elastic.co/kibana-ci/elasticsearch-cloud:$VERS KIBANA_CLOUD_IMAGE="docker.elastic.co/kibana-ci/kibana-cloud:$VERSION-$GIT_COMMIT" CLOUD_DEPLOYMENT_NAME="kibana-pr-$BUILDKITE_PULL_REQUEST" -echo "$KIBANA_DOCKER_PASSWORD" | docker login -u "$KIBANA_DOCKER_USERNAME" --password-stdin docker.elastic.co set +e DISTRIBUTION_EXISTS=$(docker manifest inspect $KIBANA_CLOUD_IMAGE &> /dev/null; echo $?) set -e @@ -48,8 +47,6 @@ else --skip-docker-contexts fi -docker logout docker.elastic.co - if is_pr_with_label "ci:cloud-redeploy"; then echo "--- Shutdown Previous Deployment" CLOUD_DEPLOYMENT_ID=$(ecctl deployment list --output json | jq -r '.deployments[] | select(.name == "'$CLOUD_DEPLOYMENT_NAME'") | .id') diff --git a/.buildkite/scripts/steps/es_serverless/promote_es_serverless_image.sh b/.buildkite/scripts/steps/es_serverless/promote_es_serverless_image.sh index 6a59959ea6fed1..6ff62e7cdc1bdf 100755 --- a/.buildkite/scripts/steps/es_serverless/promote_es_serverless_image.sh +++ b/.buildkite/scripts/steps/es_serverless/promote_es_serverless_image.sh @@ -25,8 +25,6 @@ fi echo "Re-tagging $SOURCE_IMAGE -> $TARGET_IMAGE" -echo "$KIBANA_DOCKER_PASSWORD" | docker login -u "$KIBANA_DOCKER_USERNAME" --password-stdin docker.elastic.co - docker manifest inspect "$SOURCE_IMAGE" | tee manifests.json ARM_64_DIGEST=$(jq -r '.manifests[] | select(.platform.architecture == "arm64") | .digest' manifests.json) @@ -59,7 +57,6 @@ docker manifest inspect "$TARGET_IMAGE" ORIG_IMG_DATA=$(docker inspect "$SOURCE_IMAGE@$ARM_64_DIGEST") ELASTIC_COMMIT_HASH=$(echo $ORIG_IMG_DATA | jq -r '.[].Config.Labels["org.opencontainers.image.revision"]') -docker logout docker.elastic.co echo "Image push to $TARGET_IMAGE successful." echo "Promotion successful! Henceforth, thou shall be named Sir $TARGET_IMAGE" diff --git a/.buildkite/scripts/steps/es_snapshots/build.sh b/.buildkite/scripts/steps/es_snapshots/build.sh index 9eab0fb62e1a05..8e239e476c62ff 100755 --- a/.buildkite/scripts/steps/es_snapshots/build.sh +++ b/.buildkite/scripts/steps/es_snapshots/build.sh @@ -93,8 +93,6 @@ set +e echo $ES_CLOUD_ID $ES_CLOUD_VERSION $KIBANA_ES_CLOUD_VERSION $KIBANA_ES_CLOUD_IMAGE docker tag "$ES_CLOUD_ID" "$KIBANA_ES_CLOUD_IMAGE" - echo "$KIBANA_DOCKER_PASSWORD" | docker login -u "$KIBANA_DOCKER_USERNAME" --password-stdin docker.elastic.co - trap 'docker logout docker.elastic.co' EXIT docker image push "$KIBANA_ES_CLOUD_IMAGE" export ELASTICSEARCH_CLOUD_IMAGE="$KIBANA_ES_CLOUD_IMAGE" diff --git a/.buildkite/scripts/steps/fips/build.sh b/.buildkite/scripts/steps/fips/build.sh index c54e16053b0381..e7d359b1cc2ae8 100755 --- a/.buildkite/scripts/steps/fips/build.sh +++ b/.buildkite/scripts/steps/fips/build.sh @@ -7,7 +7,6 @@ set -euo pipefail source .buildkite/scripts/common/util.sh source .buildkite/scripts/steps/artifacts/env.sh -echo "$KIBANA_DOCKER_PASSWORD" | docker login -u "$KIBANA_DOCKER_USERNAME" --password-stdin docker.elastic.co mkdir -p target download_artifact "kibana-$FULL_VERSION-linux-x86_64.tar.gz" ./target --build "${KIBANA_BUILD_ID:-$BUILDKITE_BUILD_ID}" @@ -28,8 +27,6 @@ node scripts/build \ --skip-docker-serverless \ --skip-docker-contexts -docker logout docker.elastic.co - # Moving to `target/` first will keep `buildkite-agent` from including directories in the artifact name cd "$KIBANA_DIR/target" buildkite-agent artifact upload "./*docker-image*.tar.gz" diff --git a/.buildkite/scripts/steps/functional/common.sh b/.buildkite/scripts/steps/functional/common.sh index e6d13190b32cb0..edb618f6920939 100755 --- a/.buildkite/scripts/steps/functional/common.sh +++ b/.buildkite/scripts/steps/functional/common.sh @@ -22,6 +22,3 @@ fi is_test_execution_step -# logins into docker as a common step for functional tests -echo "$KIBANA_DOCKER_PASSWORD" | docker login -u "$KIBANA_DOCKER_USERNAME" --password-stdin docker.elastic.co -trap 'docker logout docker.elastic.co' EXIT diff --git a/.buildkite/scripts/steps/test/jest_integration.sh b/.buildkite/scripts/steps/test/jest_integration.sh index 6ebff3ae984b84..fd7b9a1d6ad54f 100755 --- a/.buildkite/scripts/steps/test/jest_integration.sh +++ b/.buildkite/scripts/steps/test/jest_integration.sh @@ -8,9 +8,5 @@ is_test_execution_step .buildkite/scripts/bootstrap.sh -echo '--- Docker login' -echo "$KIBANA_DOCKER_PASSWORD" | docker login -u "$KIBANA_DOCKER_USERNAME" --password-stdin docker.elastic.co -trap 'docker logout docker.elastic.co' EXIT - echo '--- Jest Integration Tests' .buildkite/scripts/steps/test/jest_parallel.sh jest.integration.config.js