refac(back): #1364 simplify deploy container

docs/src/api/builtins/deploy.md

@@ -134,33 +134,25 @@ before sending the job to Batch.
 
 ## deployContainer
 
-Deploy a set of container images
-in [OCI Format](https://github.com/opencontainers/image-spec)
-to the specified container registries.
+Deploy a container image
+in [OCI Format](https://github.com/opencontainers/image-spec).
 
-For details on how to build container images in OCI Format
-please read the `makeContainerImage` reference.
+For details on how to build container images in OCI format,
+please see [makeContainerImage](/api/extensions/containers#makecontainerimage).
 
 Types:
 
-- deployContainer:
-    - images (`attrsOf imageType`): Optional.
-        Definitions of container images to deploy.
-        Defaults to `{ }`.
-- imageType (`submodule`):
-    - attempts (`ints.positive`): Optional.
-        If the value of attempts is greater than one,
-        the job is retried on failure the same number of attempts as the value.
-        Defaults to `1`.
+- deployContainer (`attrsOf targetType`):
+- targetType (`submodule`):
     - credentials:
         - token (`str`):
             Name of the environment variable
             that stores the value of the registry token.
         - user (`str`):
             Name of the environment variable
             that stores the value of the registry user.
-    - registry (`str`):
-        Registry in which the image will be copied to.
+    - image (`str`):
+        Container registry path to which the image will be copied to.
     - setup (`listOf package`): Optional.
         [Makes Environment][makes_environment]
         or [Makes Secrets][makes_secrets]
@@ -175,58 +167,31 @@ Types:
         Defaults to `false`.
     - src (`package`):
         Derivation that contains the container image in OCI Format.
-    - tag (`str`):
-        The tag under which the image will be stored in the registry.
 
 Example:
 
 === "makes.nix"
 
     ```nix
-    {
-      inputs,
-      outputs,
-      ...
-    }: {
-      inputs = {
-        nixpkgs = fetchNixpkgs {
-          rev = "f88fc7a04249cf230377dd11e04bf125d45e9abe";
-          sha256 = "1dkwcsgwyi76s1dqbrxll83a232h9ljwn4cps88w9fam68rf8qv3";
-        };
-      };
-
+    { outputs, ... }: {
       deployContainer = {
-        images = {
-          nginxDockerHub = {
-            credentials = {
-              token = "DOCKER_HUB_PASS";
-              user = "DOCKER_HUB_USER";
-            };
-            src = inputs.nixpkgs.dockerTools.examples.nginx;
-            sign = false;
-            registry = "docker.io";
-            tag = "fluidattacks/nginx:latest";
-          };
-          redisGitHub = {
-            credentials = {
-              token = "GITHUB_TOKEN";
-              user = "GITHUB_ACTOR";
-            };
-            src = inputs.nixpkgs.dockerTools.examples.redis;
-            sign = true;
-            registry = "ghcr.io";
-            tag = "fluidattacks/redis:$(date +%Y.%m)"; # Tag from command
+        makesAmd64 = {
+          credentials = {
+            token = "GITHUB_TOKEN";
+            user = "GITHUB_ACTOR";
           };
-          makesGitLab = {
-            credentials = {
-              token = "CI_REGISTRY_PASSWORD";
-              user = "CI_REGISTRY_USER";
-            };
-            src = outputs."/containerImage";
-            sign = false;
-            registry = "registry.gitlab.com";
-            tag = "fluidattacks/product/makes:$MY_VAR"; # Tag from env var
+          image = "ghcr.io/fluidattacks/makes:amd64";
+          src = outputs."/container-image";
+          sign = true;
+        };
+        makesArm64 = {
+          credentials = {
+            token = "GITHUB_TOKEN";
+            user = "GITHUB_ACTOR";
           };
+          image = "ghcr.io/fluidattacks/makes:arm64";
+          src = outputs."/container-image";
+          sign = true;
         };
       };
     }
@@ -235,19 +200,19 @@ Example:
 === "Invocation DockerHub"
 
     ```bash
-    DOCKER_HUB_USER=user DOCKER_HUB_PASS=123 m . /deployContainer/nginxDockerHub
+    DOCKER_HUB_USER=user DOCKER_HUB_PASS=123 m . /deployContainer/makesAmd64
     ```
 
 === "Invocation GitHub"
 
     ```bash
-    GITHUB_ACTOR=user GITHUB_TOKEN=123 m . /deployContainer/makesLatest
+    GITHUB_ACTOR=user GITHUB_TOKEN=123 m . /deployContainer/makesAmd64
     ```
 
 === "Invocation GitLab"
 
     ```bash
-    CI_REGISTRY_USER=user CI_REGISTRY_PASSWORD=123 m . /deployContainer/makesGitLab
+    CI_REGISTRY_USER=user CI_REGISTRY_PASSWORD=123 m . /deployContainer/makesAmd64
     ```
 
 ## deployContainerManifest
@@ -302,33 +267,7 @@ Example:
 === "makes.nix"
 
     ```nix
-    {
-      deployContainer = {
-        images = {
-          makesAmd64 = {
-            attempts = 3;
-            credentials = {
-              token = "GITHUB_TOKEN";
-              user = "GITHUB_ACTOR";
-            };
-            registry = "ghcr.io";
-            src = outputs."/container-image";
-            sign = true;
-            tag = "fluidattacks/makes:amd64";
-          };
-          makesArm64 = {
-            attempts = 3;
-            credentials = {
-              token = "GITHUB_TOKEN";
-              user = "GITHUB_ACTOR";
-            };
-            registry = "ghcr.io";
-            src = outputs."/container-image";
-            sign = true;
-            tag = "fluidattacks/makes:arm64";
-          };
-        };
-      };
+    { outputs, ... }: {
       deployContainerManifest = {
         makes = {
           credentials = {

makes.nix

@@ -19,29 +19,23 @@
     target = "github.com/fluidattacks/makes";
   };
   deployContainer = {
-    images = {
-      makesAmd64 = {
-        attempts = 3;
-        credentials = {
-          token = "GITHUB_TOKEN";
-          user = "GITHUB_ACTOR";
-        };
-        registry = "ghcr.io";
-        src = outputs."/container-image";
-        sign = true;
-        tag = "fluidattacks/makes:amd64";
+    makesAmd64 = {
+      credentials = {
+        token = "GITHUB_TOKEN";
+        user = "GITHUB_ACTOR";
       };
-      makesArm64 = {
-        attempts = 3;
-        credentials = {
-          token = "GITHUB_TOKEN";
-          user = "GITHUB_ACTOR";
-        };
-        registry = "ghcr.io";
-        src = outputs."/container-image";
-        sign = true;
-        tag = "fluidattacks/makes:arm64";
+      image = "ghcr.io/fluidattacks/makes:amd64";
+      src = outputs."/container-image";
+      sign = true;
+    };
+    makesArm64 = {
+      credentials = {
+        token = "GITHUB_TOKEN";
+        user = "GITHUB_ACTOR";
       };
+      image = "ghcr.io/fluidattacks/makes:arm64";
+      src = outputs."/container-image";
+      sign = true;
     };
   };
   deployContainerManifest = {

src/args/deploy-container/default.nix

@@ -1,15 +1,12 @@
 { __nixpkgs__, makeScript, ... }:
-{ attempts ? 1, containerImage, credentials, name, registry, setup, sign, tag,
-}:
+{ credentials, image, name, setup, sign, src }:
 makeScript {
   replace = {
-    __argAttempts__ = attempts;
-    __argContainerImage__ = containerImage;
     __argCredentialsToken__ = credentials.token;
     __argCredentialsUser__ = credentials.user;
-    __argRegistry__ = registry;
+    __argImage__ = image;
     __argSign__ = sign;
-    __argTag__ = "${registry}/${tag}";
+    __argSrc__ = src;
   };
   entrypoint = ./entrypoint.sh;
   inherit name;

src/args/deploy-container/entrypoint.sh

@@ -1,75 +1,55 @@
 # shellcheck shell=bash
 
 function deploy {
-  local attempts="${1}"
-  local container_image="${2}"
-  local credentials_token="${3}"
-  local credentials_user="${4}"
-  local tag="${5}"
+  local credentials_token="${1}"
+  local credentials_user="${2}"
+  local image="${3}"
+  local src="${4}"
 
-  : && info Syncing container image: "${tag}" \
-    && command=(
-      skopeo
-      --insecure-policy
-      copy
-      --dest-creds "${credentials_user}:${credentials_token}"
-      "docker-archive://${container_image}"
-      "docker://${tag}"
-    ) \
-    && temp="$(mktemp)" \
-    && seq 1 "${attempts}" > "${temp}" \
-    && mapfile -t nums < "${temp}" \
-    && for num in "${nums[@]}"; do
-      if "${command[@]}"; then
-        return 0
-      else
-        info Retrying number "${num}" ...
-      fi
-    done \
-    && return 1 \
-    || return 1
+  : && info Syncing container image: "${image}" \
+    && skopeo \
+      --insecure-policy \
+      copy \
+      --dest-creds "${credentials_user}:${credentials_token}" \
+      "docker-archive://${src}" \
+      "docker://${image}"
 }
 
 function sign {
   local credentials_token="${1}"
   local credentials_user="${2}"
-  local registry="${3}"
+  local image="${3}"
   local sign="${4}"
-  local tag="${5}"
 
   if [ "${sign}" = "1" ]; then
-    : && info "Signing container image: ${tag}" \
+    : && info "Signing container image: ${image}" \
       && cosign sign \
         --yes=true \
         --registry-username="${credentials_user}" \
         --registry-password="${credentials_token}" \
-        "${tag}"
+        "${image}"
   else
-    : && info "Skipping signing container ${tag}"
+    : && info "Skipping signing container ${image}"
   fi
 }
 
 function main {
-  local attempts="__argAttempts__"
-  local container_image="__argContainerImage__"
   local credentials_token="${__argCredentialsToken__}"
   local credentials_user="${__argCredentialsUser__}"
-  local registry="__argRegistry__"
+  local image="__argImage__"
   local sign="__argSign__"
-  local tag="__argTag__"
+  local src="__argSrc__"
 
   : && deploy \
-    "${attempts}" \
-    "${container_image}" \
     "${credentials_token}" \
     "${credentials_user}" \
-    "${tag}" \
+    "${image}" \
+    "${src}" \
     && sign \
       "${credentials_token}" \
       "${credentials_user}" \
-      "${registry}" \
-      "${sign}" \
-      "${tag}"
+      "${image}" \
+      "${sign}"
 }
 
 main "${@}"