Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migrate to GHCR #6478

Merged
merged 21 commits into from
Oct 17, 2023
Merged
Show file tree
Hide file tree
Changes from 19 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 9 additions & 13 deletions .github/scripts/publish-recipes.sh
Original file line number Diff line number Diff line change
Expand Up @@ -16,32 +16,28 @@
# limitations under the License.
# ------------------------------------------------------------

# Fail immedietly if any command fails
# Fail immediately if any command fails
set -e

# Get command line arguments
BICEP_PATH=$1
DIRECTORY=$2
REGISTRY_PATH=$3
RECIPE_VERSION=$4

BICEP_EXECUTABLE="$BICEP_PATH/rad-bicep"
DIRECTORY=$1
REGISTRY_PATH=$2
RECIPE_VERSION=$3

# Print usage information
function print_usage() {
echo "Usage: $0 <BICEP_PATH> <DIRECTORY> <REGISTRY_PATH> <RECIPE_VERSION>"
echo "Usage: $0 <DIRECTORY> <REGISTRY_PATH> <RECIPE_VERSION>"
echo ""
echo " Publishes all recipes in the repository to the Azure Container Registry. Requires you to be logged into Azure via az login."
echo " Publishes all recipes in the repository to a container registry."
echo ""
echo " BICEP_PATH: Path to directory containing the bicep executable. For example, ~/.rad/bin"
echo " DIRECTORY: Directory containing the recipes to publish. For example, ./test/functional/testdata/recipes"
echo " REGISTRY_PATH: Registry hostname and path prefix. For example, myregistry.azurecr.io/tests/recipes."
echo " REGISTRY_PATH: Registry hostname and path prefix. For example, ghcr.io/radius-project/dev/test/recipes"
echo " RECIPE_VERSION: Version of the recipe to publish. For example, pr-19293"
echo ""
}

# Verify that the required arguments are present
if [[ $# -ne 4 ]]; then
if [[ $# -ne 3 ]]; then
echo "Error: Missing required arguments"
echo ""
print_usage
Expand Down Expand Up @@ -69,5 +65,5 @@ do

echo "Publishing $RECIPE to $PUBLISH_REF"
echo "- $PUBLISH_REF" >> $GITHUB_STEP_SUMMARY
$BICEP_EXECUTABLE publish $RECIPE --target "br:$PUBLISH_REF"
rad bicep publish --file $RECIPE --target "br:$PUBLISH_REF"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

using the bicep executable directly did not seem to work with GHCR.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep this known behavior. The Bicep executable and our fork can only talk to ACR. We had to bring in the ability to talk to any OCI registry to the rad CLI directly.

done
6 changes: 3 additions & 3 deletions .github/scripts/release-verification.sh
Original file line number Diff line number Diff line change
Expand Up @@ -59,9 +59,9 @@ fi
kind create cluster
./rad install kubernetes

EXPECTED_APPCORE_RP_IMAGE="radius.azurecr.io/applications-rp:${EXPECTED_TAG_VERSION}"
EXPECTED_UCP_IMAGE="radius.azurecr.io/ucpd:${EXPECTED_TAG_VERSION}"
EXPECTED_DE_IMAGE="radius.azurecr.io/deployment-engine:${EXPECTED_TAG_VERSION}"
EXPECTED_APPCORE_RP_IMAGE="ghcr.io/radius-project/applications-rp:${EXPECTED_TAG_VERSION}"
EXPECTED_UCP_IMAGE="ghcr.io/radius-project/ucpd:${EXPECTED_TAG_VERSION}"
EXPECTED_DE_IMAGE="ghcr.io/radius-project/deployment-engine:${EXPECTED_TAG_VERSION}"

APPCORE_RP_IMAGE=$(kubectl describe pods -n radius-system -l control-plane=applications-rp | awk '/^.*Image:/ {print $2}')
UCP_IMAGE=$(kubectl describe pods -n radius-system -l control-plane=ucp | awk '/^.*Image:/ {print $2}')
Expand Down
191 changes: 32 additions & 159 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -36,26 +36,27 @@ concurrency:
env:
# Go version to install
GOVER: '^1.21'
GOPROXY: https://proxy.golang.org

# gotestsum version - see: https://github.com/gotestyourself/gotestsum
GOTESTSUMVERSION: 1.10.0

# Use radiusdev.azurecr.io for PR build. Otherwise, use radius.azurecr.io.
# TODO_LAUNCH: Remove this variable when we opensource the repo - https://github.com/radius-project/radius/issues/5892
DOCKER_REGISTRY: ${{ github.event_name == 'pull_request' && 'radiusdev.azurecr.io' || 'radius.azurecr.io' }}

# GitHub Actor for pushing images to GHCR
GHCR_ACTOR: rad-ci-bot

# Container registry url for GitHub container registry.
CONTAINER_REGISTRY: ${{ github.event_name == 'pull_request' && 'ghcr.io/radius-project/dev' || 'ghcr.io/radius-project/radius' }}
CONTAINER_REGISTRY: ${{ github.event_name == 'pull_request' && 'ghcr.io/radius-project/dev' || 'ghcr.io/radius-project' }}

# Local file path to the release binaries.
RELEASE_PATH: ./release

# ORAS (OCI Registry As Storage) CLI version
ORAS_VERSION: 1.1.0

# URL to get source code for building the image
IMAGE_SRC: https://github.com/radius-project/radius

jobs:
build:
build-and-push-cli:
name: Build ${{ matrix.target_os }}_${{ matrix.target_arch }} binaries
runs-on: ubuntu-latest
env:
Expand Down Expand Up @@ -126,7 +127,6 @@ jobs:
with:
name: rad_cli_release
path: ${{ env.RELEASE_PATH }}
# TOOD_LAUNCH: Remove this step when we opensource the repo - https://github.com/radius-project/radius/issues/5892
- name: Upload CLI binary
uses: actions/upload-artifact@v3
with:
Expand Down Expand Up @@ -204,64 +204,25 @@ jobs:
with:
path: ./dist/cache
key: radius-coverage-${{ github.sha }}-${{ github.run_number }}

# Logic here:
# - always do a docker build for validation
# - tag the image as latest and with a version if the trigger was a tag
# - tag the image with the PR version if the trigger was a PR
# - push the image for pushes to master, or to a tag

# TODO_LAUNCH: Remove 'image' job when we opensource the repo - https://github.com/radius-project/radius/issues/5892
images:
name: Container image build
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Parse release version and set environment variables
run: python ./.github/scripts/get_release_version.py
- name: Set up Go ${{ env.GOVER }}
uses: actions/setup-go@v4
with:
go-version: ${{ env.GOVER }}
- uses: azure/docker-login@v1
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
login-server: ${{ env.DOCKER_REGISTRY }}
username: '${{ secrets.DOCKER_USERNAME }}'
password: '${{ secrets.DOCKER_PASSWORD }}'
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: oras-project/setup-oras@v1
with:
platforms: linux/amd64,linux/arm64,linux/arm/v7
- name: Push container images (latest)
version: ${{ env.ORAS_VERSION }}
- name: Push latest rad cli binary to GHCR (unix-like)
if: github.ref == 'refs/heads/main' && matrix.target_os != 'windows'
run: |
make docker-test-image-build && make docker-test-image-push
make docker-multi-arch-push
if: (github.ref == 'refs/heads/main') # push image to latest on merge to main
env:
DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
DOCKER_TAG_VERSION: latest
- name: Push container images (PR)
run: |
make docker-test-image-build && make docker-test-image-push
make docker-multi-arch-push
if: github.event_name == 'pull_request'
env:
DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
DOCKER_TAG_VERSION: ${{ env.REL_VERSION }} # includes PR number
- name: Push container images (release)
oras push ${{ env.CONTAINER_REGISTRY }}/rad/${{ matrix.target_os }}-${{ matrix.target_arch }}:latest ./dist/${{ matrix.target_os}}_${{ matrix.target_arch}}/release/rad --annotation "org.opencontainers.image.source=${{ env.IMAGE_SRC }}"
- name: Copy cli binaries to release (windows)
if: github.ref == 'refs/heads/main' && matrix.target_os == 'windows'
run: |
make docker-test-image-build && make docker-test-image-push
make docker-multi-arch-push
if: startsWith(github.ref, 'refs/tags/v') # push image on tag
env:
DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}
DOCKER_TAG_VERSION: ${{ env.REL_CHANNEL }}
oras push ${{ env.CONTAINER_REGISTRY }}/rad/${{ matrix.target_os }}-${{ matrix.target_arch }}:latest ./dist/${{ matrix.target_os}}_${{ matrix.target_arch}}/release/rad.exe --annotation "org.opencontainers.image.source=${{ env.IMAGE_SRC }}"

# publish_image is building and publishing images to GHCR.
publish_images:
build-and-push-images:
name: Build and publish container images
runs-on: ubuntu-latest
steps:
Expand All @@ -277,8 +238,8 @@ jobs:
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ env.GHCR_ACTOR }}
password: ${{ secrets.GH_RAD_CI_BOT_PAT }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
Expand Down Expand Up @@ -309,9 +270,10 @@ jobs:
env:
DOCKER_REGISTRY: ${{ env.CONTAINER_REGISTRY }}
DOCKER_TAG_VERSION: ${{ env.REL_CHANNEL }}
helm:

build-and-push-helm-chart:
name: Helm chart build
needs: ['images', 'publish_images']
rynowak marked this conversation as resolved.
Show resolved Hide resolved
needs: ['build-and-push-images']
runs-on: ubuntu-latest
env:
ARTIFACT_DIR: ./dist/Charts
Expand Down Expand Up @@ -343,16 +305,14 @@ jobs:
--username ${{ secrets.AZURE_SP_TESTS_APPID }} \
--password ${{ secrets.AZURE_SP_TESTS_PASSWORD }} \
--tenant ${{ secrets.AZURE_SP_TESTS_TENANTID }}
- name: Push helm chart to ACR
run: |
az acr helm push --name radius ${{ env.ARTIFACT_DIR }}/${{ env.HELM_PACKAGE_DIR }}/radius-${{ env.CHART_VERSION }}.tgz --force
- name: Push helm chart to GHCR
run: |
echo ${{ secrets.GITHUB_TOKEN }} | helm registry login -u ${{ github.actor }} --password-stdin ${{ env.OCI_REGISTRY }}
helm push ${{ env.ARTIFACT_DIR }}/${{ env.HELM_PACKAGE_DIR }}/radius-${{ env.CHART_VERSION }}.tgz oci://${{ env.OCI_REGISTRY }}/${{ env.OCI_REPOSITORY }}
publish_release:

publish-release:
name: Publish GitHub Release
needs: [ 'build' ]
needs: ['build-and-push-cli']
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/v')
steps:
Expand All @@ -376,8 +336,6 @@ jobs:
--generate-notes \
--verify-tag \
--prerelease
env:
GITHUB_TOKEN: ${{ secrets.GH_RAD_CI_BOT_PAT }}
- name: Create GitHub Official Release
if: ${{ !contains(env.REL_VERSION, 'rc') }}
run: |
Expand All @@ -386,96 +344,11 @@ jobs:
--title "Project Radius v${{ env.REL_VERSION }}" \
--notes-file docs/release-notes/v${{ env.REL_VERSION }}.md \
--verify-tag
env:
GITHUB_TOKEN: ${{ secrets.GH_RAD_CI_BOT_PAT }}
# TODO_LAUNCH: Remove this job once we opensource - https://github.com/radius-project/radius/issues/5892
publish:
name: Publish rad CLI binaries
needs: [ 'build' ]
runs-on: ubuntu-latest
if: (github.ref == 'refs/heads/main') || startsWith(github.ref, 'refs/tags/v') # upload on push to main or tag
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Parse release version and set environment variables
run: python ./.github/scripts/get_release_version.py
- name: Download release artifacts
uses: actions/download-artifact@v3
with:
name: rad_cli_darwin_arm64
path: rad_cli_darwin_arm64
- name: Download release artifacts
uses: actions/download-artifact@v3
with:
name: rad_cli_darwin_amd64
path: rad_cli_darwin_amd64
- name: Download release artifacts
uses: actions/download-artifact@v3
with:
name: rad_cli_linux_arm
path: rad_cli_linux_arm
- name: Download release artifacts
uses: actions/download-artifact@v3
with:
name: rad_cli_linux_arm64
path: rad_cli_linux_arm64
- name: Download release artifacts
uses: actions/download-artifact@v3
with:
name: rad_cli_linux_amd64
path: rad_cli_linux_amd64
- name: Download release artifacts
uses: actions/download-artifact@v3
with:
name: rad_cli_windows_amd64
path: rad_cli_windows_amd64
- uses: bacongobbler/[email protected]
with:
source_dir: rad_cli_darwin_amd64
container_name: 'tools'
connection_string: ${{ secrets.ASSETS_STORAGE_CONNECTION_STRING }}
overwrite: 'true'
extra_args: '--destination-path rad/${{ env.REL_CHANNEL }}/macos-x64/ --pattern rad --timeout 300'
- uses: bacongobbler/[email protected]
with:
source_dir: rad_cli_darwin_arm64
container_name: 'tools'
connection_string: ${{ secrets.ASSETS_STORAGE_CONNECTION_STRING }}
overwrite: 'true'
extra_args: '--destination-path rad/${{ env.REL_CHANNEL }}/macos-arm64/ --pattern rad --timeout 300'
- uses: bacongobbler/[email protected]
with:
source_dir: rad_cli_linux_amd64
container_name: 'tools'
connection_string: ${{ secrets.ASSETS_STORAGE_CONNECTION_STRING }}
overwrite: 'true'
extra_args: '--destination-path rad/${{ env.REL_CHANNEL }}/linux-x64/ --pattern rad --timeout 300'
- uses: bacongobbler/[email protected]
with:
source_dir: rad_cli_linux_arm
container_name: 'tools'
connection_string: ${{ secrets.ASSETS_STORAGE_CONNECTION_STRING }}
overwrite: 'true'
extra_args: '--destination-path rad/${{ env.REL_CHANNEL }}/linux-arm/ --pattern rad --timeout 300'
- uses: bacongobbler/[email protected]
with:
source_dir: rad_cli_linux_arm64
container_name: 'tools'
connection_string: ${{ secrets.ASSETS_STORAGE_CONNECTION_STRING }}
overwrite: 'true'
extra_args: '--destination-path rad/${{ env.REL_CHANNEL }}/linux-arm64/ --pattern rad --timeout 300'
- uses: bacongobbler/[email protected]
with:
source_dir: rad_cli_windows_amd64
container_name: 'tools'
connection_string: ${{ secrets.ASSETS_STORAGE_CONNECTION_STRING }}
overwrite: 'true'
extra_args: '--destination-path rad/${{ env.REL_CHANNEL }}/windows-x64/ --pattern rad.exe --timeout 300'

delete_artifacts:
name: Delete artifacts
needs: [ 'build', 'publish' ]
if: ${{ always() && !contains(needs.build.result, 'failure') }}
needs: ['build-and-push-cli']
if: ${{ always() && !contains(needs.build-and-push-cli.result, 'failure') }}
runs-on: ubuntu-latest
steps:
- name: Delete release artifacts
Expand Down
Loading
Loading