link container registry to builds with build tokens

Description

Gitlab 8.12 introduced a system of temporary build tokens.

When browsing builds in the container registry, it would be nice to have links to the pipelines/builds which caused those builds to exist. Likewise, it would be nice to have links from a build/pipeline to the docker images which got pushed for that build, and for docker tags to automatically exist based on build IDs, pipeline IDs, etc. For users using the temporary build tokens for authentication, it should be possible to use the build token to associate a docker image with a build.

I currently use a shell script to partially implement this idea. One limitation of my approach is that it does not neatly handle the case where there are multiple docker builds from a single project. It's quite common to have different tags generated from a single code repository, either representing different services which are built from the same repository (e.g. 2 tightly coupled docker images which are maintained in the same repository), or different ways of building the same repository (e.g. a debian-based build of nginx as well as an alpine-based build of nginx).

Links / references

https://gitlab.com/DanielDent/docker-postgres-replication/blob/fb5a55c8706fa3b44389e97a8c9e5bdc1c9997de/.gitlab-ci.yml

My gitlab-ci-docker-retag.sh script:

#!/bin/bash

if [  $# != 5 ]; then
	echo ""
	echo "Usage: $0 [existing tag name] [new tag base name] [automatically push tags] [delete local image after build] [latest ref name]"
	echo ""
    echo "Example #1: $0 some-image-name docker.io/myusername/myprojectname 1 1 master"
    echo "Example #2: $0 some-image-name:with-a-tag docker.io/myusername/myprojectname 0 1 stable"
    echo ""
    echo "Note: images are only deleted after a successful push. The script will abort prior to deletion if push is not successful."
	echo ""
    exit 1
fi

if [ -z "${GITLAB_CI}" ]; then
    echo "This script requires the environment variables set by Gitlab CI."
    echo "Required environment variables: GITLAB_CI, CI_BUILD_ID, CI_BUILD_REF, CI_BUILD_REF_NAME"
    echo "Optonal environment variable: CI_BUILD_TAG"
    echo "For more information about the expected environment, see http://doc.gitlab.com/ce/ci/variables/README.html"
    exit 1
fi

existing_tag=$1
new_tag_base=$2
push_tags=$3
auto_delete=$4
latest_ref_name=$5

set -o errexit
set -o verbose

docker tag ${existing_tag} ${new_tag_base}:build-${CI_BUILD_ID}
docker tag ${existing_tag} ${new_tag_base}:sha-${CI_BUILD_REF}
docker tag ${existing_tag} ${new_tag_base}:ref-${CI_BUILD_REF_NAME}
[ "${CI_BUILD_REF_NAME}" == "$latest_ref_name" ] && docker tag ${existing_tag} ${new_tag_base}:latest
[ -n "${CI_BUILD_TAG}" ] && docker tag ${existing_tag} ${new_tag_base}:tag-${CI_BUILD_TAG}

set +o verbose

if [ "$push_tags" == "1" ]; then
    set -o verbose
    docker push ${new_tag_base}:build-${CI_BUILD_ID}
    docker push ${new_tag_base}:sha-${CI_BUILD_REF}
    docker push ${new_tag_base}:ref-${CI_BUILD_REF_NAME}
    [ "${CI_BUILD_REF_NAME}" == "$latest_ref_name" ] && docker push ${new_tag_base}:latest
    [ -n "${CI_BUILD_TAG}" ] && docker push ${new_tag_base}:tag-${CI_BUILD_TAG}
else
    echo "Images tagged. Push not requested."
fi

if [ "$auto_delete" == "1" ]; then
    docker rmi -f $(docker images -q ${existing_tag})
fi