WIP: Pulp container remove quay

ansible/playbooks/oci-define-repository.yaml

@@ -0,0 +1,61 @@
+- name: Create Quay Repository
+  gather_facts: no
+  hosts: localhost
+  vars:
+    path_publisher: /var/secrets/publisher/.dockerconfigjson
+  tasks:
+    - name: Assert Extra Variables are Defined
+      ansible.builtin.assert:
+        fail_msg: >
+          Make sure the following extra variables are defined before running this playbook:
+            - oci_image_path_output_file
+            - oci_namespace_name
+            - oci_repository_name
+        that:
+          - oci_image_path_output_file is defined
+          - oci_namespace_name is defined
+          - oci_repository_name is defined
+
+    - name: Make Sure Secrets are Properly Mounted
+      ansible.builtin.stat:
+        follow: yes
+        get_checksum: no
+        get_mime: no
+        path: "{{ path_publisher }}"
+      register: stat_results
+
+    - name: Make Sure Paths Exist
+      ansible.builtin.assert:
+        that:
+          - stat_results.stat.exists is defined
+          - stat_results.stat.readable is defined
+          - stat_results.stat.exists == true
+          - stat_results.stat.readable == true
+
+    - name: Read .dockerconfigjson From Publisher Secret
+      ansible.builtin.set_fact:
+        publisher_dcj: "{{ lookup('file', path_publisher) }}"
+
+    - name: Assert Only One Registry Exists in .dockerconfigjson
+      ansible.builtin.assert:
+        that:
+          - publisher_dcj.auths is defined
+          - publisher_dcj.auths | count == 1
+
+    - name: Define Registry Endpoint
+      ansible.builtin.set_fact:
+        oci_endpoint: "{{ publisher_dcj.auths.keys() | first }}"
+
+    - name: Define Registry Auth
+      ansible.builtin.set_fact:
+        oci_auth: "{{ publisher_dcj['auths'][oci_endpoint].auth | b64decode }}"
+
+    - name: Define OCI Registry Robot Credentials
+      ansible.builtin.set_fact:
+        oci_username: "{{ oci_auth.split(':')[0] }}"
+        oci_password: "{{ oci_auth.split(':')[1] }}"
+
+    - name: Save OCI Image Path to File
+      ansible.builtin.copy:
+        content: "{{ oci_endpoint }}/{{ oci_namespace_name }}/{{ oci_repository_name }}"
+        dest: "{{ oci_image_path_output_file }}"

ansible/roles/oci-publish-content/tasks/main.yaml

@@ -3,24 +3,24 @@
     fail_msg: >
       Make sure the following extra variables are defined before running this role:
         - content_path_output_file
-        - quay_image_path
-        - quay_image_tag
+        - oci_image_path
+        - oci_image_tag
     that:
       - content_path_output_file is defined
-      - quay_image_path is defined
-      - quay_image_tag is defined
+      - oci_image_path is defined
+      - oci_image_tag is defined
 
-- name: Set Quay Image Path Basename
+- name: Set OCI Image Path Basename
   ansible.builtin.set_fact:
-    quay_image_path_basename: "{{ quay_image_path | basename }}"
+    oci_image_path_basename: "{{ oci_image_path | basename }}"
 
 - name: Set Remote Repository Path
   ansible.builtin.set_fact:
-    repo_remote_path: "{{ httpd_web_root }}/{{ quay_image_path_basename }}/{{ quay_image_tag }}"
+    repo_remote_path: "{{ httpd_web_root }}/{{ oci_image_path_basename }}/{{ oci_image_tag }}"
 
 - name: Wait for Stage Deployment
   ansible.builtin.uri:
-    url: "http://{{ quay_image_path_basename }}-{{ quay_image_tag }}-httpd.rfe.svc.cluster.local/repo/config"
+    url: "http://{{ oci_image_path_basename }}-{{ oci_image_tag }}-httpd.rfe.svc.cluster.local/repo/config"
   delay: 10
   retries: 60
 
@@ -53,8 +53,8 @@
       - "remote"
       - "add"
       - "--no-gpg-verify"
-      - "{{ quay_image_path_basename }}-{{ quay_image_tag }}"
-      - "http://{{ quay_image_path_basename }}-{{ quay_image_tag }}-httpd.rfe.svc.cluster.local/repo"
+      - "{{ oci_image_path_basename }}-{{ oci_image_tag }}"
+      - "http://{{ oci_image_path_basename }}-{{ oci_image_tag }}-httpd.rfe.svc.cluster.local/repo"
   ignore_errors: yes
   register: ostree_remote_add
 
@@ -63,7 +63,7 @@
     msg: Add Remote OSTree Repository Failed"
   when:
     - (ostree_remote_add.failed | bool)
-    - '"Remote configuration for \"" + quay_image_path_basename + "-" + quay_image_tag + "\" already exists:" not in ostree_remote_add.stderr'
+    - '"Remote configuration for \"" + oci_image_path_basename + "-" + oci_image_tag + "\" already exists:" not in ostree_remote_add.stderr'
 
 - name: Mirror OStree Repository from Stage
   ansible.builtin.command:
@@ -72,7 +72,7 @@
       - "--repo={{ repo_remote_path }}"
       - "pull"
       - "--mirror"
-      - "{{ quay_image_path_basename }}-{{ quay_image_tag }}"
+      - "{{ oci_image_path_basename }}-{{ oci_image_tag }}"
       - "rhel/8/x86_64/edge"
 
 - name: Update OSTree Summary Data
@@ -98,6 +98,6 @@
 
 - name: Save OSTree Content Path to Output File
   ansible.builtin.copy:
-    content: "http://{{ httpd_route.resources[0].spec.host }}/{{ quay_image_path_basename }}/{{ quay_image_tag }}"
+    content: "http://{{ httpd_route.resources[0].spec.host }}/{{ oci_image_path_basename }}/{{ oci_image_tag }}"
     dest: "{{ content_path_output_file }}"
   delegate_to: localhost

ansible/roles/oci-push-image/tasks/main.yaml

@@ -5,12 +5,12 @@
         - blueprint_source_dir
         - build_commit_id
         - image_tags_output_file
-        - quay_image_path
+        - oci_image_path
     that:
       - blueprint_source_dir is defined
       - build_commit_id is defined
       - image_tags_output_file is defined
-      - quay_image_path is defined
+      - oci_image_path is defined
 
 - name: Validate Blueprint Directory and Blueprint file Exists
   ansible.builtin.stat:
@@ -93,16 +93,17 @@
     path: "{{ tar_directory }}"
     state: absent
 
-- name: Copy OCI Tar to Quay
+- name: Copy OCI Tar to OCI Registry
   ansible.builtin.command:
     argv:
       - "skopeo"
+      - "--debug"
       - "copy"
       - "--command-timeout=10m"
       - "--dest-authfile=/var/secrets/publisher/.dockerconfigjson"
       - "--dest-tls-verify=false"
       - "oci-archive:{{ find_results.files[0].path | quote }}"
-      - "docker://{{ quay_image_path | quote }}:latest"
+      - "docker://{{ oci_image_path | quote }}:latest"
   become: no
   delegate_to: localhost
   register: skopeo_results
@@ -119,8 +120,8 @@
       - "--src-tls-verify=false"
       - "--dest-authfile=/var/secrets/publisher/.dockerconfigjson"
       - "--dest-tls-verify=false"
-      - "docker://{{ quay_image_path | quote }}:latest"
-      - "docker://{{ quay_image_path | quote }}:{{ blueprint_version | quote }}"
+      - "docker://{{ oci_image_path | quote }}:latest"
+      - "docker://{{ oci_image_path | quote }}:{{ blueprint_version | quote }}"
   become: no
   delegate_to: localhost
   register: skopeo_results