Fix up nightly release-automation (#10)

leifmadsen · web-flow · commit 5c34be0b6108 · 2023-10-13T10:27:20.000-04:00
* Login to the infrawatch quay registry

Created organization secrets in GitHub with the
infrawatch+release_automation robot account so that the release
automation script (for nightly builds) can now push to the infrawatch
registry.

Previously the release automation script only needed to access the
infrawatch-operators registry to push the bundles and index image, but
with the recent changes to tag and push the latest into the nightly
builds, access to the infrawatch repo is also necessary.

Related: STF-1559

* Add access to new secrets

Add access to the new secrets to the releaser.sh script in GitHub
Actions.

* Move container registry logins around

It looks like docker login might be getting overridden so move the
logins around so that login to infrawatch repo happens, followed by
appropriate actions, and then login to infrawatch-operators prior to the
bundle and index image operations.
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
@@ -58,6 +58,8 @@ jobs:
           GITHUB_WORKSPACE: ${{ github.workspace }}
           QUAY_INFRAWATCH_OPERATORS_USERNAME: ${{ secrets.QUAY_INFRAWATCH_OPERATORS_USERNAME }}
           QUAY_INFRAWATCH_OPERATORS_PASSWORD: ${{ secrets.QUAY_INFRAWATCH_OPERATORS_PASSWORD }}
+          QUAY_INFRAWATCH_USERNAME: ${{ secrets.QUAY_INFRAWATCH_USERNAME }}
+          QUAY_INFRAWATCH_PASSWORD: ${{ secrets.QUAY_INFRAWATCH_PASSWORD }}
 
   periodic_release_1_5:
     name: Periodic Release for STF 1.5
@@ -114,6 +116,8 @@ jobs:
           GITHUB_WORKSPACE: ${{ github.workspace }}
           QUAY_INFRAWATCH_OPERATORS_USERNAME: ${{ secrets.QUAY_INFRAWATCH_OPERATORS_USERNAME }}
           QUAY_INFRAWATCH_OPERATORS_PASSWORD: ${{ secrets.QUAY_INFRAWATCH_OPERATORS_PASSWORD }}
+          QUAY_INFRAWATCH_USERNAME: ${{ secrets.QUAY_INFRAWATCH_USERNAME }}
+          QUAY_INFRAWATCH_PASSWORD: ${{ secrets.QUAY_INFRAWATCH_PASSWORD }}
           BUNDLE_TAG: "stable-1.5"
           INSPECTION_TAG: "stable-1.5"
           INDEX_IMAGE_TAG: "nightly-1.5"
diff --git a/releaser.sh b/releaser.sh
@@ -18,14 +18,17 @@ ARTIFACT_IMAGES=${ARTIFACT_IMAGES:-"sg-core sg-bridge prometheus-webhook-snmp se
 echo "SGO result dir: ${SGO_BUNDLE_RESULT_DIR}"
 echo "STO result dir: ${STO_BUNDLE_RESULT_DIR}"
 
-# login to quay.io registry so we can push bundles to infrawatch-operators organization
-echo "${QUAY_INFRAWATCH_OPERATORS_PASSWORD}" | docker login -u="${QUAY_INFRAWATCH_OPERATORS_USERNAME}" --password-stdin quay.io || exit
+# login to quay.io registry so we can push bundles to infrawatch organization
+echo "${QUAY_INFRAWATCH_PASSWORD}" | docker login -u="${QUAY_INFRAWATCH_USERNAME}" --password-stdin quay.io || exit
 
 # tag existing artifacts for nightly reference
 for IMAGE in ${ARTIFACT_IMAGES}; do
     skopeo copy "docker://quay.io/infrawatch/${IMAGE}:${IMAGE_TAG}" "docker://quay.io/infrawatch/${IMAGE}:${INSPECTION_TAG}"
 done
 
+# login to quay.io registry so we can push bundles to infrawatch-operators organization
+echo "${QUAY_INFRAWATCH_OPERATORS_PASSWORD}" | docker login -u="${QUAY_INFRAWATCH_OPERATORS_USERNAME}" --password-stdin quay.io || exit
+
 # Smart Gateway Operator bundle creation
 
 # -- Get hashes for images so they can be replaced in the bundle manifest for relatedImages
@@ -39,7 +42,7 @@ echo "## sg-core image hash: ${SG_CORE_IMAGE_HASH}"
 
 echo "-- Get sg-bridge image hash"
 SG_BRIDGE_IMAGE_HASH=$(skopeo inspect docker://quay.io/infrawatch/sg-bridge:"${INSPECTION_TAG}" | jq -c '.Digest' | sed -e 's/^"//' -e 's/"$//' -)
-echo "## sg-bridge image hhash: ${SG_BRIDGE_IMAGE_HASH}"
+echo "## sg-bridge image hash: ${SG_BRIDGE_IMAGE_HASH}"
 
 echo "-- Create Smart Gateway Operator bundle"
 pushd "${GITHUB_WORKSPACE}/smart-gateway-operator/" || exit
