From e8564dc44f54b15dc34c9cce17d5e302c618d58e Mon Sep 17 00:00:00 2001
From: Chris Evich <cevich@redhat.com>
Date: Fri, 14 Jun 2019 13:28:47 -0400
Subject: Cirrus: Print images that should be pruned

Over time unless they're removed, the project could grow quite a large
collection of VM images.  While generally cheap (less than a penny each,
per month), these will become a significant cost item if not kept
in-check.

Add a specialized container for handling image-pruning, but limit
it to only finding and printing (not actually deleting) images.

Also update the image-building workflow so that base-images used to
compose cache-images are also labeled with metadata.

N/B: As an additional safeguard, the service account which
     executes the new container in production *DOES NOT*
     have access to delete images.  This can be enabled
     by adding the GCE IAM role: CustomComputeImagePrune

Signed-off-by: Chris Evich <cevich@redhat.com>
---
 contrib/imgts/lib_entrypoint.sh | 44 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 contrib/imgts/lib_entrypoint.sh

(limited to 'contrib/imgts/lib_entrypoint.sh')

diff --git a/contrib/imgts/lib_entrypoint.sh b/contrib/imgts/lib_entrypoint.sh
new file mode 100644
index 000000000..7b76c823f
--- /dev/null
+++ b/contrib/imgts/lib_entrypoint.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+set -e
+
+RED="\e[1;36;41m"
+YEL="\e[1;33;44m"
+NOR="\e[0m"
+SENTINEL="__unknown__"  # default set in dockerfile
+# Disable all input prompts
+# https://cloud.google.com/sdk/docs/scripting-gcloud
+GCLOUD="gcloud --quiet"
+
+die() {
+    EXIT=$1
+    PFX=$2
+    shift 2
+    MSG="$@"
+    echo -e "${RED}${PFX}:${NOR} ${YEL}$MSG${NOR}"
+    [[ "$EXIT" -eq "0" ]] || exit "$EXIT"
+}
+
+# Pass in a list of one or more envariable names; exit non-zero with
+# helpful error message if any value is empty
+req_env_var() {
+    for i; do
+        if [[ -z "${!i}" ]]
+        then
+            die 1 FATAL entrypoint.sh requires \$$i to be non-empty.
+        elif [[ "${!i}" == "$SENTINEL" ]]
+        then
+            die 2 FATAL entrypoint.sh requires \$$i to be explicitly set.
+        fi
+    done
+}
+
+gcloud_init() {
+    set +xe
+    TMPF=$(mktemp -p '' .$(uuidgen)XXXX)
+    trap "rm -f $TMPF" EXIT
+    echo "$GCPJSON" > $TMPF  && \
+    $GCLOUD auth activate-service-account --project "$GCPPROJECT" --key-file=$TMPF || \
+        die 5 FATAL auth
+    rm -f $TMPF
+}
-- 
cgit v1.2.3-54-g00ecf