Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🌱 publish docker images to GitHub Container Registry #1453

Merged
merged 2 commits into from
Nov 13, 2024
Merged

🌱 publish docker images to GitHub Container Registry #1453

merged 2 commits into from
Nov 13, 2024

Conversation

spencerschrock
Copy link
Member

@spencerschrock spencerschrock commented Oct 7, 2024
edited
Loading

The goal is to use GHCR to replace Google Container Registry (GCR) for future Scorecard Action releases to reduce network egress costs. These workflows will build two types of images:

  1. Release images, which are tagged following a v1.2.3 pattern. These container images will be retained indefinitely.
  2. Per-commit images for each push to main. These images are used when testing the action, and will be removed after a week.

The workflow was primarily based on GitHub's example workflow. You can see this working in my fork:

  • A normal push to main, generating a latest image, with no attestation workflow
  • A tagged image, generating a release image, with an attestation. workflow
  • The cleanup workflow, deleting untagged images on schedule, or on dispatch.

@spencerschrock
publish docker images to GitHub Container Registry
c55135e 
The goal is to use GHCR to replace Google Container Registry (GCR) for
future versions of Scorecard Action releases. These workflows will build
two types of images:

  1. Release images, which are tagged following a v1.2.3 pattern. These
  container images will be retained indefinitely.
  2. Per-commit images for each push to main. These images are used when
     testing the action, and will be removed after a week.

Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock spencerschrock requested review from a team, naveensrinivasan and justaugustus and removed request for a team October 7, 2024 17:56
raghavkaul
raghavkaul reviewed Nov 13, 2024
View reviewed changes
Copy link

@raghavkaul raghavkaul left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the network egress cost and why does it not apply with GHCR?

.github/workflows/ghcr-retention.yml Show resolved Hide resolved
@spencerschrock
Copy link
Member Author

What is the network egress cost

When someone runs the action, it pulls our gcr.io image, which has pricing associated with it

General network usage applies for any data read from your Cloud Storage bucket that does not fall into one of the above categories or the Always Free usage limits. For example, general network usage applies when data moves from a Cloud Storage bucket to the Internet.

Monthly Usage Data transfer to Worldwide Destinations (excluding Asia & Australia)(per GB) Data transfer to Asia Destinations (excluding China, but including Hong Kong)(per GB) Data transfer to China Destinations (excluding Hong Kong)(per GB) Data transfer to Australia Destinations and Data transfer from Cloud Storage regions located in Australia(per GB) Inbound data transfer
0-1 TB $0.12 $0.12 $0.23 $0.19 Free
1-10 TB $0.11 $0.11 $0.22 $0.18 Free
10+ TB $0.08 $0.08 $0.20 $0.15 Free

why does it not apply with GHCR?

GHCR is free for public packages. And also has a section later on about GitHub Actions

All data transferred out, when triggered by GitHub Actions, and data transferred in from any source is free. We determine you are downloading packages using GitHub Actions when you log in to GitHub Packages using a GITHUB_TOKEN.

@spencerschrock spencerschrock enabled auto-merge (squash) November 13, 2024 17:03
@spencerschrock spencerschrock merged commit 3a26553 into ossf:main Nov 13, 2024
9 checks passed
spencerschrock added a commit to spencerschrock/scorecard-webapp that referenced this pull request Nov 13, 2024
@spencerschrock
allow ghcr docker image
eef6abb 
With the switch to GHCR we'll need to support both images for e2e testing.
Eventually we can remove the gcr.io case if needed.

ossf/scorecard-action#1453

Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock spencerschrock mentioned this pull request Nov 13, 2024
Merged
spencerschrock added a commit to ossf/scorecard-webapp that referenced this pull request Nov 13, 2024
@spencerschrock
allow ghcr docker image (#707)
7415c7a 
With the switch to GHCR we'll need to support both images for e2e testing.
Eventually we can remove the gcr.io case if needed.

ossf/scorecard-action#1453

Signed-off-by: Spencer Schrock <[email protected]>
spencerschrock added a commit to ossf-tests/scorecard-action that referenced this pull request Nov 13, 2024
@spencerschrock
use GitHub Container Registry images for e2e tests
ba2309c 
ossf#1453
Signed-off-by: Spencer Schrock <[email protected]>
@spencerschrock spencerschrock mentioned this pull request Nov 13, 2024
Merged
spencerschrock added a commit to ossf-tests/scorecard-action that referenced this pull request Nov 13, 2024
@spencerschrock
use GitHub Container Registry images for e2e tests (#12)
dc0f8da 
ossf#1453

Signed-off-by: Spencer Schrock <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@raghavkaul raghavkaul raghavkaul approved these changes

@naveensrinivasan naveensrinivasan Awaiting requested review from naveensrinivasan naveensrinivasan was automatically assigned from ossf/scorecard-maintainers

@justaugustus justaugustus Awaiting requested review from justaugustus justaugustus was automatically assigned from ossf/scorecard-maintainers

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@spencerschrock @raghavkaul