Migrate pipeline to ghcr.io

pst · pst · commit 3be48231c20e · 2024-12-09T07:40:16.000+01:00
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -20,12 +20,19 @@ jobs:
       with:
         install: true
 
-    - name: "Docker login"
+    - name: "Docker login docker.io"
       uses: docker/login-action@v3
       with:
         username: kbstci
         password: ${{ secrets.DOCKER_AUTH }}
 
+    - name: "Docker login ghcr.io"
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
     - name: "Build artifacts"
       env:
         DOCKER_PUSH: true
@@ -75,12 +82,19 @@ jobs:
       with:
         install: true
 
-    - name: "Docker login"
+    - name: "Docker login docker.io"
       uses: docker/login-action@v3
       with:
         username: kbstci
         password: ${{ secrets.DOCKER_AUTH }}
 
+    - name: "Docker login ghcr.io"
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
     - name: Build ${{ matrix.starter }} image
       env:
         DOCKER_PUSH: true
@@ -91,7 +105,7 @@ jobs:
       env:
         COSIGN_EXPERIMENTAL: true
       run: |
-        cosign sign --yes -a GIT_HASH=${{ github.sha }} -a GIT_REF=${{ github.ref }} kubestack/framework-dev:test-${{ github.sha }}-${{ matrix.starter }}
+        cosign sign --yes -a GIT_HASH=${{ github.sha }} -a GIT_REF=${{ github.ref }} ghcr.io/kbst/terraform-kubestack/dev:test-${{ github.sha }}-${{ matrix.starter }}
 
   test:
     runs-on: ubuntu-latest
@@ -112,12 +126,19 @@ jobs:
       run: |
         unzip quickstart/_dist/kubestack-starter-${{ matrix.starter }}-*.zip
 
-    - name: "Docker login"
+    - name: "Docker login docker.io"
       uses: docker/login-action@v3
       with:
         username: kbstci
         password: ${{ secrets.DOCKER_AUTH }}
 
+    - name: "Docker login ghcr.io"
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
     - name: "Docker build"
       env:
         DOCKER_BUILDKIT: 1
@@ -126,7 +147,7 @@ jobs:
       # to kubestack/framework after they have been tested
       # but the Dockerfiles in the artifact have the target image name
       run: |
-        SOURCE_IMAGE=kubestack/framework-dev:test-${{ github.sha }}-${{ matrix.starter }}
+        SOURCE_IMAGE=ghcr.io/kbst/terraform-kubestack/dev:test-${{ github.sha }}-${{ matrix.starter }}
         docker pull $SOURCE_IMAGE
         TARGET_IMAGE=$(cat Dockerfile | sed 's/FROM //')
         docker tag $SOURCE_IMAGE $TARGET_IMAGE
@@ -217,19 +238,26 @@ jobs:
     - name: Install Cosign
       uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 #v3.7.0
 
-    - name: "Docker login"
+    - name: "Docker login docker.io"
       uses: docker/login-action@v3
       with:
         username: kbstci
         password: ${{ secrets.DOCKER_AUTH }}
 
+    - name: "Docker login ghcr.io"
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
     - name: "Docker push"
       # cosign copy copies the images and the signature from one place to another
       # then we dont need to sign again the same image
       env:
         COSIGN_EXPERIMENTAL: true
       run: |
-        SOURCE_IMAGE=kubestack/framework-dev:test-${{ github.sha }}-${{ matrix.starter }}
+        SOURCE_IMAGE=ghcr.io/kbst/terraform-kubestack/dev:test-${{ github.sha }}-${{ matrix.starter }}
         TARGET_IMAGE=$(cat quickstart/_dist/kubestack-starter-${{ matrix.starter }}/Dockerfile | sed 's/FROM //')
         echo "Source image $SOURCE_IMAGE will be pushed to $TARGET_IMAGE"
         cosign copy $SOURCE_IMAGE $TARGET_IMAGE
diff --git a/Makefile b/Makefile
@@ -8,9 +8,9 @@ DOCKER_TARGET ?= multi-cloud
 
 ifeq ("${DOCKER_PUSH}", "true")
 BUILD_PLATFORM := --platform linux/arm64,linux/amd64
-BUILD_CACHE_DIST := --cache-to type=registry,mode=max,ref=kubestack/framework-dev:buildcache-dist-helper,push=${DOCKER_PUSH}
+BUILD_CACHE_DIST := --cache-to type=registry,mode=max,ref=ghcr.io/kbst/terraform-kubestack/dev:buildcache-dist-helper,push=${DOCKER_PUSH}
 BUILD_OUTPUT := --output type=registry,push=${DOCKER_PUSH}
-BUILD_CACHE := --cache-to type=registry,mode=max,ref=kubestack/framework-dev:buildcache-${DOCKER_TARGET},push=${DOCKER_PUSH}
+BUILD_CACHE := --cache-to type=registry,mode=max,ref=ghcr.io/kbst/terraform-kubestack/dev:buildcache-${DOCKER_TARGET},push=${DOCKER_PUSH}
 else
 BUILD_PLATFORM := 
 BUILD_OUTPUT := --output type=docker
@@ -24,7 +24,7 @@ dist:
 		--build-arg GIT_SHA=${GIT_SHA} \
 		--file oci/Dockerfile \
 		--output type=docker \
-		--cache-from type=registry,ref=kubestack/framework-dev:buildcache-dist-helper \
+		--cache-from type=registry,ref=ghcr.io/kbst/terraform-kubestack/dev:buildcache-dist-helper \
 		${BUILD_CACHE_DIST} \
 		--progress plain \
 		-t dist-helper:latest \
@@ -47,11 +47,11 @@ build:
 		--build-arg GIT_SHA=${GIT_SHA} \
 		--file oci/Dockerfile \
 		${BUILD_OUTPUT} \
-		--cache-from type=registry,ref=kubestack/framework-dev:buildcache-${DOCKER_TARGET} \
+		--cache-from type=registry,ref=ghcr.io/kbst/terraform-kubestack/dev:buildcache-${DOCKER_TARGET} \
 		${BUILD_CACHE} \
 		--progress plain \
 		--target ${DOCKER_TARGET} \
-		-t kubestack/framework-dev:test-$(GIT_SHA)-${DOCKER_TARGET} \
+		-t ghcr.io/kbst/terraform-kubestack/dev:test-$(GIT_SHA)-${DOCKER_TARGET} \
 		.
 
 validate: .init
@@ -97,7 +97,7 @@ shell: .check-container
 		-e KBST_AUTH_GCLOUD \
 		-e HOME=/infra/tests/.user \
 		--workdir /infra/tests \
-		kubestack/framework-dev:test-$(GIT_SHA)-${DOCKER_TARGET} \
+		ghcr.io/kbst/terraform-kubestack/dev:test-$(GIT_SHA)-${DOCKER_TARGET} \
 		sleep infinity
 
 .stop-container:
diff --git a/quickstart/build_artifacts/dist.py b/quickstart/build_artifacts/dist.py
@@ -7,27 +7,27 @@
 
 from jinja2 import Environment, FileSystemLoader
 
-SRCDIR = '../src'
-DISTDIR = '../_dist'
-ARTIFACT_PREFIX = 'kubestack-starter-'
+SRCDIR = "../src"
+DISTDIR = "../_dist"
+ARTIFACT_PREFIX = "kubestack-starter-"
 
 
 def replace_template(dist_path, file_name, context):
     jinja = Environment(loader=FileSystemLoader(dist_path))
     template = jinja.get_template(file_name)
     data = template.render(context)
 
-    with open(f'{dist_path}/{file_name}', 'w') as f:
+    with open(f"{dist_path}/{file_name}", "w") as f:
         f.write(data)
         # always include newline at end of file
-        f.write('\n')
+        f.write("\n")
 
 
 def dist(version, image_name, configuration):
-    configuration_src = f'{SRCDIR}/configurations/{configuration}'
-    configuration_dist = f'{DISTDIR}/{ARTIFACT_PREFIX}{configuration}'
-    manifests_src = f'{SRCDIR}/manifests'
-    manifests_dist = f'{configuration_dist}/manifests'
+    configuration_src = f"{SRCDIR}/configurations/{configuration}"
+    configuration_dist = f"{DISTDIR}/{ARTIFACT_PREFIX}{configuration}"
+    manifests_src = f"{SRCDIR}/manifests"
+    manifests_dist = f"{configuration_dist}/manifests"
 
     # Clean DISTDIR
     if isdir(configuration_dist):
@@ -38,46 +38,47 @@ def dist(version, image_name, configuration):
     copytree(manifests_src, manifests_dist)
 
     # Replace templated version variables in *.tf files
-    for tf_file in [n for n in listdir(configuration_dist)
-                    if n.endswith('.tf')]:
-        replace_template(configuration_dist, tf_file,
-                         {'version': version})
+    for tf_file in [n for n in listdir(configuration_dist) if n.endswith(".tf")]:
+        replace_template(configuration_dist, tf_file, {"version": version})
 
     # Replace templated variables in Dockerfiles
-    dockerfiles = ['Dockerfile', 'Dockerfile.loc']
+    dockerfiles = ["Dockerfile", "Dockerfile.loc"]
     for dockerfile in dockerfiles:
         if exists(join(configuration_dist, dockerfile)):
-            replace_template(configuration_dist,
-                             dockerfile,
-                             {'image_name': image_name, 'image_tag': version})
+            replace_template(
+                configuration_dist,
+                dockerfile,
+                {"image_name": image_name, "image_tag": version},
+            )
 
 
 def compress(version, configuration):
-    starter = f'{ARTIFACT_PREFIX}{configuration}'
-    archive = f'{DISTDIR}/{starter}-{version}'
-    make_archive(archive, 'zip', DISTDIR, starter)
+    starter = f"{ARTIFACT_PREFIX}{configuration}"
+    archive = f"{DISTDIR}/{starter}-{version}"
+    make_archive(archive, "zip", DISTDIR, starter)
 
 
 if __name__ == "__main__":
     # Use tag as version, fallback to commit sha
-    version = environ.get('GIT_SHA')
+    version = environ.get("GIT_SHA")
     # Non tagged images go to a different image repository
-    image_name = 'kubestack/framework-dev'
+    image_name = "ghcr.io/kbst/terraform-kubestack/dev"
 
-    gitref = environ.get('GIT_REF')
-    if gitref.startswith('refs/tags/'):
-        version = gitref.replace('refs/tags/', '')
+    gitref = environ.get("GIT_REF")
+    if gitref.startswith("refs/tags/"):
+        version = gitref.replace("refs/tags/", "")
         # Tagged releases go to main image repository
-        image_name = 'kubestack/framework'
+        image_name = "kubestack/framework"
 
     try:
         target = argv[1]
     except IndexError:
         print("positional arg: 'target' missing:")
         exit("usage dist.py [dist | compress]")
 
-    configurations = [n for n in listdir(f'{SRCDIR}/configurations')
-                      if not n.startswith('_')]
+    configurations = [
+        n for n in listdir(f"{SRCDIR}/configurations") if not n.startswith("_")
+    ]
 
     if target not in ["dist", "compress"]:
         exit("usage dist.py [dist | compress]")
