From 616076fef8e454e001b6ac25d2a8ac0606f7d6f7 Mon Sep 17 00:00:00 2001 From: Dylan MacKenzie Date: Tue, 16 Jul 2019 11:52:01 -0700 Subject: [PATCH 1/3] Use Azure Pipelines for Windows instead of AppVeyor This removes the AppVeyor configuration and adapts it for use on Azure Pipelines. For deployment, the maintainer must create a `docker-creds` variable group containing `DockerUsername` and `DockerPassword`. `DockerPassword` should be secret. This variable group must be linked to the particular build. Secrets are not visible to PR builds by default, which mitigates some of the security risks here. Still, it would be better to opt in to deployment as opposed to opting out of it with a `condition`. --- appveyor.yml | 22 ---------------------- azure-pipelines.yml | 18 ++++++++++++++++++ windows/ci/build.ps1 | 6 ++---- windows/ci/publish.ps1 | 14 ++++---------- 4 files changed, 24 insertions(+), 36 deletions(-) delete mode 100644 appveyor.yml create mode 100644 azure-pipelines.yml diff --git a/appveyor.yml b/appveyor.yml deleted file mode 100644 index 13976c3..0000000 --- a/appveyor.yml +++ /dev/null @@ -1,22 +0,0 @@ -version: 1.0.{build} -image: Visual Studio 2017 - -platform: - - x86 - -environment: - PUSH_IMAGE: 'rustops/crates-build-env-windows' - -# If Docker is currently configured to run Linux containers, we need to switch -# to running Windows containers. -# -# https://github.com/docker/cli/issues/1042 -init: - # - ps: $env:ProgramFiles/Docker/Docker/DockerCli.exe -SwitchDaemon - -build_script: - - ps: ./windows/ci/build.ps1 - -deploy_script: - - ps: if ($env:APPVEYOR_REPO_BRANCH -eq "master") { ./windows/ci/publish.ps1 } - diff --git a/azure-pipelines.yml b/azure-pipelines.yml new file mode 100644 index 0000000..77afcfe --- /dev/null +++ b/azure-pipelines.yml @@ -0,0 +1,18 @@ +jobs: +- job: Windows + pool: + vmImage: win1803 + variables: + group: docker-creds + IMAGE_NAME: 'crates-build-env-windows' + steps: + - pwsh: ./windows/ci/build.ps1 + displayName: Build Docker image + - pwsh: ./windows/ci/publish.ps1 + displayName: Publish image to Docker Hub + # FIXME: Using condition for this seems brittle, maybe there's a better way? + condition: | + and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/master'), ne(variables['Build.Reason'], 'PullRequest')) + env: + DOCKER_PASSWORD: $(DockerPassword) + DOCKER_USERNAME: $(DockerUsername) diff --git a/windows/ci/build.ps1 b/windows/ci/build.ps1 index 59ccf41..33a02b9 100644 --- a/windows/ci/build.ps1 +++ b/windows/ci/build.ps1 @@ -1,8 +1,6 @@ -$ErrorActionPreference = "Stop" - -$ContainerBase = '@sha256:c06b4bfaf634215ea194e6005450740f3a230b27c510cf8facab1e9c678f3a99' +$ContainerBase = ':1803' docker build ` - -t "$env:PUSH_IMAGE" ` + -t "$env:IMAGE_NAME" ` --build-arg "BASE_IMAGE_VER=$ContainerBase" ` windows diff --git a/windows/ci/publish.ps1 b/windows/ci/publish.ps1 index 581d8c4..4f21918 100644 --- a/windows/ci/publish.ps1 +++ b/windows/ci/publish.ps1 @@ -1,8 +1,3 @@ -$ErrorActionPreference = "Stop" - -# Build the image -./windows/ci/build.ps1 - foreach ($var in "DOCKER_USERNAME", "DOCKER_PASSWORD") { if (-not (Test-Path "env:$var")) { echo "Environment variable \"$var\" not set" @@ -10,8 +5,7 @@ foreach ($var in "DOCKER_USERNAME", "DOCKER_PASSWORD") { } } -# Log in to dockerhub -[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Env:DOCKER_PASSWORD)).Trim() ` - | docker login --username "$Env:DOCKER_USERNAME" --password-stdin - -docker push "$env:PUSH_IMAGE" +Write-Host "Publishing to hub.docker.com/$env:DOCKER_USERNAME" +docker login --username "$env:DOCKER_USERNAME" --password "$env:DOCKER_PASSWORD" +docker tag "$env:IMAGE_NAME" "$env:DOCKER_USERNAME/$env:IMAGE_NAME" +docker push "$env:DOCKER_USERNAME/$env:IMAGE_NAME" From 5f9967a5231ad6569f082825eaf683e753a5667e Mon Sep 17 00:00:00 2001 From: Dylan MacKenzie Date: Fri, 19 Jul 2019 10:05:18 -0700 Subject: [PATCH 2/3] Incorporate suggestions --- azure-pipelines.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 77afcfe..d90a59e 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -1,18 +1,21 @@ +variables: + group: docker-creds + jobs: - job: Windows pool: vmImage: win1803 variables: - group: docker-creds IMAGE_NAME: 'crates-build-env-windows' steps: - pwsh: ./windows/ci/build.ps1 displayName: Build Docker image - pwsh: ./windows/ci/publish.ps1 displayName: Publish image to Docker Hub - # FIXME: Using condition for this seems brittle, maybe there's a better way? condition: | - and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/master'), ne(variables['Build.Reason'], 'PullRequest')) + and(succeeded(), + eq(variables['Build.SourceBranch'], 'refs/heads/master'), + ne(variables['Build.Reason'], 'PullRequest')) env: - DOCKER_PASSWORD: $(DockerPassword) - DOCKER_USERNAME: $(DockerUsername) + DOCKER_PASSWORD: $(DOCKER_PASSWORD) + DOCKER_USERNAME: $(DOCKER_USERNAME) From a0bcddb69cbcd63aa58c3a71476ac6840c292d87 Mon Sep 17 00:00:00 2001 From: ecstatic-morse Date: Sat, 20 Jul 2019 11:24:27 -0700 Subject: [PATCH 3/3] Link to `docker-creds` variable group correctly Co-Authored-By: Pietro Albini --- azure-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines.yml b/azure-pipelines.yml index d90a59e..705737e 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -1,5 +1,5 @@ variables: - group: docker-creds + - group: docker-creds jobs: - job: Windows