Add a containers tag role

Author: rlandy

roles/build_containers/README.md

@@ -35,6 +35,9 @@ become - Required to install and execute tcib
 * `cifmw_build_containers_hotfix_tag`: (String) The tag of the container image.
 * `cifmw_build_containers_run_hotfix`: (boolean) conditional variable for executing build_containers.
 * `cifmw_build_containers_install_from_source`: (boolean) Install tcib from RPM.
+* `cifmw_build_containers_tag_string`: (String) Human readable string to tag containers
+* `cifmw_build_containers_retag_images`: (Boolean) Whether to tag images again after pushing with hash tag. Default to `false`
+* `cifmw_build_containers_retag_string`: (String) Human readable string to re-tag containers
 
 ### Parameters used in meta-content-provider
 

roles/build_containers/defaults/main.yml

@@ -41,6 +41,9 @@ cifmw_build_containers_repo_dir: "{{ cifmw_build_containers_basedir }}/artifacts
 cifmw_build_containers_image_tag: current-podified
 cifmw_build_containers_containers_base_image: quay.io/centos/centos:stream9
 cifmw_build_containers_cleanup: false
+cifmw_build_containers_tag_string: current
+cifmw_build_containers_retag_images: false
+cifmw_build_containers_retag_string: current
 
 # Install tcib from source
 cifmw_build_containers_install_from_source: false

roles/build_containers/tasks/main.yml

@@ -90,6 +90,15 @@
     - cifmw_build_containers_buildah_push | default ('false') | bool
     - not cifmw_build_containers_push_containers | bool
 
+- name: "Retag each image and push to registry: {{ item }}"
+  become: true
+  ansible.builtin.command: >
+    buildah push --format v2s2 --all {{ item }}:{{ cifmw_build_containers_image_tag }} docker://{{ item }}:{{ cifmw_build_containers_retag_string }}
+  loop: "{{ built_images.stdout_lines }}"
+  when:
+    - cifmw_build_containers_retag_images | default(false) | bool
+    - cifmw_build_containers_tag_string != cifmw_build_containers_retag_string
+
 - name: Cleanup tcib directories after container build
   ansible.builtin.import_tasks: cleanup.yml
   when: cifmw_build_containers_cleanup | bool

roles/build_containers/tasks/tag.yml

@@ -0,0 +1,99 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Ensure directories are present
+  ansible.builtin.file:
+    path: "{{ cifmw_build_containers_basedir }}/{{ item }}"
+    state: directory
+    mode: "0755"
+  loop:
+    - tmp
+    - artifacts
+    - logs
+
+- name: Make sure authfile exists
+  when:
+    - cifmw_build_containers_authfile_path != None
+    - cifmw_build_containers_push_containers | bool
+  block:
+    - name: Check for authfile
+      ansible.builtin.stat:
+        path: '{{ cifmw_build_containers_authfile_path }}'
+      register: authfile_exist
+
+    - name: Make sure authfile exists
+      ansible.builtin.assert:
+        that:
+          - authfile_exist.stat.exists | bool
+
+- name: Retrieve the log file from container build job
+  ansible.builtin.get_url:
+    url: "{{ containers_built_artifacts_url }}/ci-framework-data/logs/containers-built.log"
+    dest: "{{ cifmw_build_containers_basedir }}/logs/containers-built.log"
+    mode: "0644"
+    force: true
+  register: result
+  until:
+    - result.status_code is defined
+    - result.status_code == 200
+  retries: 6
+  delay: 50
+
+- name: Get built_images from the log file
+  ansible.builtin.shell:
+    cmd: >-
+      set -o pipefail;
+      cat {{ cifmw_build_containers_basedir }}/logs/containers-built.log |
+      grep {{ cifmw_build_containers_container_name_prefix }} |
+      awk '{ print $1 }'
+  register: built_images_from_file
+
+- name: Get the hash tag from the log file
+  ansible.builtin.shell:
+    cmd: >-
+      set -o pipefail;
+      cat {{ cifmw_build_containers_basedir }}/logs/containers-built.log |
+      grep {{ cifmw_build_containers_container_name_prefix }} |
+      awk '{ print $2 }' |  head -n 1
+  register: images_tag_from_file
+
+- name: Set variables for looping
+  ansible.builtin.set_fact:
+    built_images: "{{ built_images_from_file.stdout_lines }}"
+    images_tag: "{{ images_tag_from_file.stdout_lines[0] }}"
+
+- name: Pull images returned in built_images
+  containers.podman.podman_image:
+    name: "{{ item }}"
+    tag: "{{ images_tag }}"
+  loop: "{{ built_images }}"
+
+- name: Retag the images with new tag
+  containers.podman.podman_tag:
+    image: "{{ item }}:{{ images_tag }}"
+    target_names:
+      - "{{ item }}:{{ cifmw_build_containers_tag_string }}"
+  loop: "{{ built_images }}"
+
+- name: Push images to registry with new tag
+  containers.podman.podman_image:
+    name: "{{ item }}"
+    push_args:
+      dest: "{{ cifmw_build_containers_push_registry }}/{{ cifmw_build_containers_registry_namespace }}"
+    tag: "{{ cifmw_build_containers_tag_string }}"
+    pull: false
+    push: true
+  loop: "{{ built_images }}"