Merging upstream version 1.44.3.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 52 insertions, 0 deletions

diff --git a/fluent-bit/packaging/skopeo-sync.sh b/fluent-bit/packaging/skopeo-sync.sh
new file mode 100755
index 000000000..0008925dd
--- /dev/null
+++ b/fluent-bit/packaging/skopeo-sync.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+set -eu
+
+# Simple script to handle skopeo copying of images from staging to release registries.
+# Simplifies usage in actions and handles any GPG set up.
+#
+# Optional variables:
+# GPG_KEY - the name/fingerprint of a locally installed GPG key to use for signing images on release.
+#
+# Required to be set prior to calling this:
+# VERSION - the tag we are releasing, e.g. 1.9.1
+# RELEASE_CREDS - the credentials required to push images to the release registry
+# STAGING_IMAGE_NAME - the source image to pull from staging
+# RELEASE_IMAGE_NAME - the destination image for pushing to release
+
+# We do it tag-by-tag as Cosign signatures cause problems for Skopeo plus
+# this prevents us releasing the wrong subset of images in staging if we use `sync`
+declare -a TAGS_TO_SYNC=("$VERSION" "latest" "$VERSION-debug" "latest-debug")
+
+for TAG in "${TAGS_TO_SYNC[@]}" ; do
+    # Copy all architectures
+    # Use the skopeo image as it is not available until Ubuntu 20.10
+    if [[ -z "$GPG_KEY" ]]; then
+        docker run --rm  \
+            quay.io/skopeo/stable:latest \
+            copy \
+            --all \
+            --src-no-creds \
+            --dest-creds "$RELEASE_CREDS" \
+            "docker://$STAGING_IMAGE_NAME:$TAG" \
+            "docker://$RELEASE_IMAGE_NAME:$TAG"
+    else
+        # We first need to import the key then copy over the image all in the same container.
+        rm -rf /tmp/skopeo-gpg/
+        mkdir -p /tmp/skopeo-gpg/
+        gpg --output /tmp/skopeo-gpg/private.gpg --export-secret-key --armor --export "$GPG_KEY"
+        # There's no good way to import the key into the container currenty so we hijack the entrypoint.
+        docker run --rm  \
+            -v /tmp/skopeo-gpg:/skopeo-gpg \
+            --entrypoint=/bin/bash \
+            quay.io/skopeo/stable:latest -c "\
+                gpg --import /skopeo-gpg/private.gpg && \
+                skopeo \
+                copy \
+                --all --remove-signatures \
+                --sign-by $GPG_KEY \
+                --src-no-creds \
+                --dest-creds $RELEASE_CREDS \
+                docker://$STAGING_IMAGE_NAME:$TAG \
+                docker://$RELEASE_IMAGE_NAME:$TAG "
+    fi
+done
\ No newline at end of file