Add GCP flavor of the Docker image (#11)

---------

Signed-off-by: peterdeme <snypox@gmail.com>

Author: peterdeme

.github/workflows/build.yml

@@ -16,7 +16,7 @@ jobs:
       fail-fast: false
       max-parallel: 2 # ECR has pretty aggressive rate limiting 😪
       matrix:
-        folder: [base, aws]
+        folder: [base, aws, gcp]
         arch: [amd64, arm64]
     env:
       IMAGE_NAME: ansible-test-${{ matrix.folder }}-${{ matrix.arch }}:${{ github.sha }}
@@ -25,16 +25,16 @@ jobs:
         uses: actions/checkout@main
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
         if: matrix.arch == 'arm64'
         with:
           platforms: linux/arm64
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Build the ${{ matrix.folder }} image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           context: ${{ matrix.folder }}
           build-args: |
@@ -54,3 +54,7 @@ jobs:
           if [ "${{ matrix.folder }}" == "aws" ]; then
             docker run --rm ${{ env.IMAGE_NAME }} sh -c "python3 -c \"import boto3; print(boto3.__version__)\""
           fi
+          
+          if [ "${{ matrix.folder }}" == "gcp" ]; then
+            docker run --rm ${{ env.IMAGE_NAME }} sh -c "python3 -c \"import google.auth; print(google.auth.__version__)\""
+          fi

.github/workflows/deploy.yml

@@ -25,12 +25,12 @@ jobs:
         uses: actions/checkout@main
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
         with:
           platforms: linux/arm64
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-region: ${{ env.AWS_REGION }}
           role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
@@ -46,17 +46,17 @@ jobs:
           REPOSITORY_PATH: ${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL }}
 
       - name: Log in to GitHub registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Build and push the image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           context: base
           platforms: linux/amd64,linux/arm64
@@ -74,15 +74,12 @@ jobs:
         uses: actions/checkout@main
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
         with:
           platforms: linux/arm64
 
-      - name: Set env
-        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
-
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-region: ${{ env.AWS_REGION }}
           role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
@@ -98,10 +95,10 @@ jobs:
           REPOSITORY_PATH: ${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL_AWS }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Build and push the image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           build-args: |
             REPOSITORY_BASE_PATH=${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL }}
@@ -110,3 +107,47 @@ jobs:
           push: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/future' }}
           tags: |
             ${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL_AWS }}:${{ github.ref == 'refs/heads/main' && 'latest' || 'future' }}
+
+  gcp:
+    needs: base
+    name: Build and deploy the alpine base GCP image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@main
+    
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: linux/arm64
+    
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ env.AWS_REGION }}
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          role-duration-seconds: 900
+    
+      - name: Install latest AWS CLI
+        id: install-aws-cli
+        uses: unfor19/install-aws-cli-action@v1
+    
+      - name: Login to Amazon ECR
+        run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${REPOSITORY_PATH}
+        env:
+          REPOSITORY_PATH: ${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL_GCP }}
+    
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+    
+      - name: Build and push the image
+        uses: docker/build-push-action@v5
+        with:
+          build-args: |
+            REPOSITORY_BASE_PATH=${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL }}
+          context: aws
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/future' }}
+          tags: |
+            ${{ secrets.PUBLIC_RUNNER_ANSIBLE_ECR_REPOSITORY_URL_GCP }}:${{ github.ref == 'refs/heads/main' && 'latest' || 'future' }}
+    

README.md

@@ -12,14 +12,20 @@ to use `public.ecr.aws/spacelift/runner-ansible` as the runner image for the sta
 The image is pushed to the `public.ecr.aws/spacelift/runner-ansible` public repository. It is also pushed to the
 `ghcr.io/spacelift-io/runner-ansible` repository as a backup in case of issues with ECR.
 
+Altogether we have 3 flavors of the image:
+
+- `public.ecr.aws/spacelift/runner-ansible` - built on top of the [Spacelift Terraform runner image](https://github.com/spacelift-io/runner-terraform), with Ansible installed.
+- `public.ecr.aws/spacelift/runner-ansible-aws` - built on top of `runner-ansible`, with `boto3` installed.
+- `public.ecr.aws/spacelift/runner-ansible-gcp` - built on top of `runner-ansible`, with `google-auth` installed.
+
 ## Branch Model
 
 This repository uses two main branches:
 
 - `main` - contains the production version of the runner image.
 - `future` - used to test development changes.
 
-Pushes to main deploy to the latest tag, whereas pushes to future deploy to the future tag. This
+Pushes to main deploy to the `latest` tag, whereas pushes to future deploy to the `future` tag. This
 means that to use the development version you can use the `public.ecr.aws/spacelift/runner-ansible:future` image.
 
 ## Development

gcp/Dockerfile

@@ -0,0 +1,5 @@
+ARG REPOSITORY_BASE_PATH
+
+FROM ${REPOSITORY_BASE_PATH}:latest
+
+RUN pip install requests google-auth